Ch 12 Homework
1. Search the Web for the Forum of Incident Response and Security Teams (FIRST). In your own words, what is the forum’s mission?
Answer: FIRST is an international consortium of computer incident response and security teams that work together to handle computer security incidents and promote preventive activities.
The mission of FIRST (www.first.org) is to provide its members with technical information and tools, methods, assistance, and guidance. It also coordinates proactive liaison activities and analytical support. FIRST encourages the development of high-quality products and services and works to improve national and international information security for government, private industry, academia, and individual users.
The forum also enhances the image and status of the incident response and security teams (IRST) community.
4. Using a Web browser and the names of the tools you found in Exercise 3, find a site that claims to be dedicated to supporting hackers. Do you find any references to other hacker tools? If you do, create a list of the tools along with a short description of what they do and how they work.
Answer: The most notable finding is that many of the sites are no longer functional. While researching Exercises 3 and 4, the authors found that the only tool common to both types of sites was Nmap (Network Mapper). The authors did notice similar topics on the sites. For example, a hacker site would describe how to compromise a system such as NT Web Server, while the security administrator sites would discuss security issues for NT Web Server and how to protect against known vulnerabilities.
Remember from the beginning of this book how Amy’s day started? Now imagine how it could have gone with better planning:
For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping office workers with computer problems was not glamor- ous, but she enjoyed the work; it was challenging and paid well enough. Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed that technology jobs were a good way to pay the bills.
The phone rang, as it did about four times an hour and 28 times a day. The first call of the day, from a user hoping Amy could help him out of a jam, seemed typical. The call display on her monitor showed some of the facts: the user’s name, his phone number and department, where his office was on the company campus, and a list of his past calls to the help desk.
“Hi, Bob,” Amy said. “Did you get that document formatting problem squared away?”
“Sure did, Amy. Hope we can figure out what’s going on this time.”
“We’ll try, Bob. Tell me about it.”
“Well, I need help setting a page break in this new spreadsheet template I’m working on,” Bob said.
Amy smiled to herself. She knew spreadsheets well, so she would probably be able to close this call on the first contact. That would help her call statistics, which was one method of measuring her job performance.
Little did Amy know that roughly four minutes before Bob’s phone call, a specially pro- grammed computer at the edge of the SLS network had made a programmed decision. This computer was generally known as postoffice.seqlbl.com, but it was called the “e-mail gate- way” by the networking, messaging, and information security teams at SLS. The decision was just like many thousands of other decisions it made in a typical day—that is, to block the transmission of a file that was attached to an e-mail addressed to Bob.Hulme@seqlbl .com. The gateway had determined that Bob didn’t need an executable program that had been attached to the e-mail message. The gateway had also determined that the message origi- nated from somewhere on the Internet but contained a forged reply-to address from Davey Martinez at SLS. In other words, the gateway had delivered the e-mail to Bob Hulme, but not the attachment.
When Bob got the e-mail, all he saw was another unsolicited commercial e-mail with an unwanted executable that had been blocked. He had deleted the nuisance message without a second thought. While she was talking to Bob, Amy looked up to see Charles Moody walking calmly down the hall. Charlie, as he liked to be called, was the senior manager of the server administration team and the company’s chief information security officer. Kelvin Urich and Iris Majwubu were trailing behind Charlie as he headed from his office to the door of the con- ference room. Amy thought, “It must be time for the weekly security status meeting.”
She was the user representative on the company information security oversight committee, so she was due to attend this meeting. Amy continued talking Bob through the procedure for set- ting up a page break and decided she would join the information security team for coffee and bagels as soon as she was finished.
1. What area of the SP 800-100 management maintenance model addresses the actions of the content filter described here?
Answer: The email content filter was designed as a security measure, preventing the attachment of executable files to emails. This could fall under the Security Planning section of SP 800-100 as a strategic plan used to support SLS’s IT plans, goals, and objectives. Risk Management could also be considered. By not allowing executable email attachments, SLS significantly reduces its risk of accidentally executing malicious software. It is important that change management is continuously monitoring the system’s performance. The configuration should meet both security and user needs without compromising the performance of either.
2. What recommendations would you give SLS for how it might select a security manage- ment maintenance model?
Answer: The realization of a basic level of security. This is necessary to guarantee the continuity of the management organization.
Ethical Decision Making
Referring back to the opening case of this chapter, suppose Charlie had just finished a search for a new job and knew that he would soon be leaving the company. When Iris came in to talk about the tedious and time-consuming review process, he put her off and asked her to schedule a meeting with him “in 2 or 3 weeks,” knowing full well that he would be gone by then. Do you think this kind of action is unethical because Charlie knows he is leaving soon?
Answer: Charlie’s action is not unethical because Charlie notifies all email message and also reviews about unsolicited commercial e-mail and takes action for blocking that kind of mails. Charlie knows he is leaving soon though schedules meeting with iris and could have also discussed about tedious and time-consuming review process. Charlie as information security officer monitors all employee activities and also installs key logger software to record information on computer as it saves all keystrokes by user. By installing key logger software unknowingly, Charlie finds out how efficiently every employee utilizes computer and also websites visited by employees and checks every employee’s job performance. Time consumed for doing a project or a particular task by a group or an employee using key logger. So that Charlie can warn employee for their inefficient work and also can tain employees to efficiently utilize system.