Chapter 12 Exercises
1. Search the Web for the Forum of Incident Response and Security Teams (FIRST). In your own words, what is the forum’s mission?
a. The mission of the Forum of Incident Response and Security Teams (FIRST) is to bring cooperation and coordination in incident prevention to increase rapid reaction to incidents and to promote the sharing of information amongst the members and community. Since 1990, they have been solving security-related attacks and incidents and handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever-growing Internet. Members develop and share technical information, tools, methodologies, processes, and practices. (109 words)
2. Search the Web for two or more sites that discuss the ongoing responsibilities of the security manager. What other components of security management can be adapted for use in the security management model?
a. Two other site that discuss the ongoing responsibilities of the security manager are: www.windowsecurity.com and http://h10076.www1.hpe.com/us/en/training/index.html
b. A major component of the network management that can be adapted to the security management is a firewall that serves dual roles to keep external intrusion from entering an organization’s internal data for the confidential, integrity, and availability of the system. Fault management is a component of a network that can be adapted to the security model by detecting, log, notify users of, and automatically fix network problems to keep the network running effectively. (126 words)
3. This chapter lists five tools that can used by security administrators, network administrators, and attackers alike. Search the Web for three to five other tools that fit this description.
a. Nmap (www.nmap.org) – Nmap is a port scanner. Port scanners scans for open ports, such as 80 (http) or 25 (SMTP).
b. Sam Spade (www.samspade.org) – Sam Spade is a multi-network query tool with many extra built-in utilities and a tool for spam. It includes utilities such as ping, who is, traceroute, and finger.
c. NetScan Tools (www.netscantools.com/nstmain.html) – An investigation tool that gathers information about the Internet or local LAN users, IP addresses, ports, and many other network specifics.
d. SuperScan (www.foundstone.com) – Powerful connect-based TCP port scanner, pinger and hostname resolver. (120 words)
4. Using a Web browser and the names of the tools you found in Exercise 3, find a site that claims to be dedicated to supporting hackers. Do you find any references to other hacker tools? If you do, create a list of the tools along with a short description of what they do and how they work.
a. There are many groups and people dedicated to supporting hackers. The following are some sites that keep up with the information that shows crucial information to the everyday life of a hacker
i. SoldierX, Hack3r.com, Code2600, Textfiles.com Hacking Section, Telnet
b. I did notice similar topics of the sites, for example: where the hacker site would tell how to compromise a system such as a NT web server, the sites geared toward security administrators would bring up security issues for NT web servers and how to protect against known vulnerabilities. (149 words)
5. Using the components of risk assessment documentation presented in the chapter, draft a tentative risk assessment of a lab, department, or office at your university. Outline the critical risks you found and discuss them with your class.
a. The RA is a method of identifying and documenting the risk that a project, process, or action introduces to the organization and may also involve offering suggestions for controls that can reduce that risk. The information security group is in the business of coordinating the preparation of many different types of RA documents including: Network connectivity RA (used to respond to network changes and network architectural design proposals) and Dialed modem RA (used when a dial-up connection is requested for a system). (121 words)