Xiaoling Wu

ITS 370

Ch 1 Homework



1.       Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in previously unexamined areas?

Answer: This paper signaled a pivotal moment in computer security history. When the scope of the computer security expanded significantly from the safety of physical locations and hardware to include the following:

(1)    Addressed security control in resource-sharing systems.

(2)    Limiting random and unauthorized access to the data.

(3)    Involving personnel from multiple levels of the organization in matters pertaining to information security.

Today, the internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.


5. Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous.

Answer: Kevin Mitnick, a.k.a. Condor, is one of the most famous hackers in the history of computers. He was so prolific that he earned a place on the FBI’s Most Wanted List. Mitnick started as a phone phreaker, someone who breaks into phone switches, but later he turned his attention to computer systems. Mitnick was brought up on charges numerous times, but he made national attention with a computer hacking spree in 1995. Mitnick was finally tracked down after two years on the run as a fugitive. Tsutomu Shimomura played a major role in the capture after his computer system was hacked by Mitnick. Mitnick was jailed for five years without a trial or bond and is said to be the longest-held American prisoner without a trial. Mitnick was released in 2000 but was prohibited from using any electronic device as a term of his probation.


Case Exercises:

The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to re-install desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack of the previous day.

Discussion Questions

1.       Do you think this event was caused by an insider or outsider? Explain your answer.

Yes, this event was caused by an insider or outsider. An insider unfortunately attaches a personal flash drive to the office computer. The virus would inject on a host computer then send emails containing copies of the virus to email contacts, making the virus widespread.

2.       Other than installing virus and worm control software, what can SLS do to prepare for the next incident?

SLS can increases its user’s awareness of virus and take preventative measures. Users should not open attach files from sources that are unknown. USB Thumb drives, CDs and other media can also contain viruses. By creating an awareness of sources of infection, risk can greatly be lowered. Image of page 1


3.       Do you think this attack was the result of a virus or a worm? Explain your answer.

I think the result of this attach may be virus but not worm. Because this attach identified is a security issue which can caused by a virus but worm.


Ethical Decision Making

 Often an attacker crafts e-mail attacks containing malware designed to take advantage of the curiosity or even greed of the recipients. Imagine that the message body Amy saw on the e-mail from Davey had been “See our managers’ salaries and SSNs” instead of “Funniest joke you’ll see today.”

1.       Would it be ethical for Amy to open such a file?

It would not be an ethical to open the file.


2.       If such an e-mail came in, what would be the best action to take?

If such an email came in, the first action is to report it to the company’s network administrator, and forward the email to them if asked to do so. This is with the assumption that the email was sent through the company's email system. Otherwise, I'd recommend marking the email as spam and moving on.