Ryan Volz

Shin Ping

Chapter 2 Homework

 

Exercises

 

2.) Using the Web, Research Mafiaboy’s exploits. When and how did he compromise Sites? How was he caught? 

Mafiaboy, whose real name is Michael Calce, is a famous hacker who brought down Amazon, CNN, Dell, E*Trade, eBay, and Yahoo websites in 2000 when he was only 15 years old. How he brought these websites was by taking over a few university networks and using their combined computing power and he used their power to overwhelm these websites with too much information. He was caught when one of the students at one of the university’s networks he hacked noticed that one of the computers in a physics research lab had been sending thousands of requests per minute at one of the websites that shut down. The university handed over the computers hard drive to the FBI and they tracked down Michael Calce.

3.) Search the Web for “The official Phreaker’s Manual.” What information in this manual might help a security administrator to protect a communication system?

The Phreaker’s manual is a step by step guide to how to hack into a company by only using a telephone. The information in this manual can help security administrator protect their company’s communication system. One example of this if there’s a suspicious number calling don’t pick up the phone.

Discussion Questions

 

1.) Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that?

At first Fred didn’t think I was that big of an issue because he didn’t want to allocate money for training to prevent this from happening, but Gladys saw the big picture and saw that they need invest into training to prevent this from happening again. Charlie saw what this attack did to the company and saw that massive change needed to happen to prevent this again, and Fred’s perception change, after being promoted and talking with Charlie, from this attack from not being a big issue, to being a massive problem and needing to take all the measures to prevent this from happening again.

2.) How should Fred measure success when he evaluates Glady’s performance for this project? How should he evaluate Charlie’s performance?

When Fred is measuring Glady’s performance is to see if Glady’s staff are following procedures and all of them are following company policy about the USB drive and other that may come up in the near future. He should measure his performance is by how successful his plan of action is and see if the whole company is proceeding with his plan.  

3.) Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?

 

I think the threats that should receive Charlie’s attention right away are protecting that company against phishing, Worms, and Viruses. The reason why I think these threats should get the most attention because they seem like the most common, and they all can be sent by emails from an outside source.   

 

Ethical Decision Making

 

Instead of Charlie being named CISO, suppose instead that Fred hired his son-in-law, an unemployed accountant, to fill the role. Assuming the person had no prior experience or preparation for a job in information security, did Fred make an ethical choice? Explain your answer.

I don’t think Fred made an ethical choice and he made a dumb one to. The reason why is was not an ethical choice is he chose a family member who has not worked for the company before and wasn’t a qualified candidate. Which bring up why it was a dumb decision because he wasn’t qualified for the position and Fred just put the company at serious risk.

Suppose that SLS has implemented the policy prohibiting use of personal USB drives at work. Also, suppose that Davey Martinez brought in the USB drive he had used to store last month’s accounting worksheet. When he plugged in the drive, the worm outbreak started again and infected two servers. It’s obvious that Davey violated policy, but did he commit ethical violation as well?  

I think he did because the USB policy prevents this from happening and the reason why this policy is in place is to protect the personal information of all the company’s employees. So not only he put his information at risk but everyone else’s at the company.