Exercises

2.) ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at www.zonelabs.com and find the product specification for the IDPS features of ZoneAlarm. Which ZoneAlarm products offer these features?

With ZoneAlarmís three different antivirus software they all have some form of IDPS. The Free Antivirus has the least with only having antivirus software and firewalls, the pro Antivirus+Firewall has all the programs the basic software has plus web monitoring, anti-phishing, and threat extraction. Then the final product, which is the Extreme Security, has everything the other products have plus anti ransomware, and mobile security for you phone.†

4.) Use the internet to search for ďlive DVD security toolkit.Ē Read a few websites to learn about this class of tools and their capabilities. Write a brief description of a live DVD security toolkit.

So, what Iíve learned from looking up these ďlive DVD security toolkitsĒ was that they provide the network security administrator with a set of open source network security tools.

Discussion Questions

1.)  Do you think Miller is out of options as he pursues his vendetta? If you think he could take additional actions in his effort to damage the SLS network, what are they?

I think he could get one of his friends at the company to plant a zombie computer on the network or try have them get remote access, but that involves someone else helping which maybe highly unlikely.

 

2.)  Suppose a system administrator at SLS read the details of this case. What steps should he or she take to improve the companyís information security program?

Have a daily scan for zombie computers or look for other software that could be harmful for the companyís mainframe.†

 

3.)  Consider Millerís hacking attempt in light of the intrusion kill chain described earlier and shown in figure 7-1. At which phase in the kill chain has SLS countered his vendetta?

I think they killed his intrusion kill chain right at the being of the Command and control phase, because he had already installed malware on the computer by he was shut out before he could do anything.

Ethical Decision Making

It seems obvious that Miller is breaking at least a few law in his attempt at revenge. Suppose that when his scanning efforts had been detected, SLS not only added his IP address to the list of sites banned from connecting to the SLS network, the system also triggered a response to seek out his computer and delete key files on it to disable his operating system.

 

Would such an action be SLS be ethical? Do you think that action would be Legal?

I donít think this action would be ethical because he didnít harm anything in the system and he was shut out right away. I donít think I would be legal since the company would be breaking the same law that he did.

Suppose instead that Miller had written a routine to constantly change his assigned IP address to other addresses used by his ISP. If the SLS intrusion system determined what Miller was doing and then added an entire range of ISP addresses to the banned list, thus stopping any user of ISP from connecting to the SLS network, would SLS actions be ethical?

The I think the companyís actions would be ethical because it would stop these IP address from being sent, that is preventing people from logging in. Also, the action that Miller is doing would justify an attack on his computer.

What if SLS were part of an industry consortium that shared IP address flagged by IDPS, and all companies in the group blocked all of the ISPís users for 10 minutes? These users would be blocked from accessing perhaps hundreds of company networks. Would that be an ethical response by the members of the consortium? What if these were blocked for 24 hours?

I think this response would be so they can find and solve the issue and if they needed to do that for 24 hours so they can fix it then it is that fine as well.