Tanner Carlson

ITS 370



1.     If an individual hacker broke into a network, copied a few files, defaced a web page, and stole credit card numbers, the attack could potentially fall in to five different threat categories. The types of threats this attack could potentially fall under would be: compromises to intellectual property, espionage/trespass, sabotage/vandalism, technical software failures/errors and theft.

2.     In February of 2000, Michael Calce, or “Mafiaboy”, launched serval denial-of-service(DoS) attacks and distributed-denial-of-service(DDos) against large corporations. Some of the corporations that Mafiaboy hit with DoS attacks were Yahoo, Dell, E-Trade, CNN, FIFA, and Amazon. Using denial-of-service attacks, Mafiaboy was able to overload websites servers with different types of communications, which caused the sites to shut down almost immediately. The FBI and the RCMP, found that Calce was responsible for the attacks, because he claimed responsibility on many forum sites, before major news sources even knew about the attacks.

3.     By reading “The Official Phreaker’s Manual” a security administrator would be able to better protect a communications system. Through reading the manual, a security administrator would be able to understand the vocabulary of “phreakers”, and would be able to understand what they are talking about on their forum sites. This skill, and the manual itself, would help a security administrator understand how a “phreaker” or other type of hacker would begin to infiltrate their security system.

4.     Securityfocus.com is a database for all things security related. On their site, users are able to see what kind of security threats are found in everyday technology, to the technology large corporations use for their servers. This information could help a security administrator track a known issue in their security system, or provide information on how to make their security system more secure. Cert.com is ran almost identically like securityfocus.com, in that users are able to see what kind of security threats are found in software and technology. CERT also tries to predict security vulnerabilities by having a team of people try to find security vulnerabilities before hackers do.

5.     There are many vulnerability issues that could effect companies, one of the latest ones is found in Microsofts .NET framework. The issue is described by Symantec.com as “Microsoft Windows is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Espionage is another security issue that could take place at almost any time. One way to prevent this is to make sure that all the employees in your building only have access to what they need. An employee should not be able to find any information that is not directly to their job.