You are on page 1of 10

Principles of Information Security, 4th Edition Chapter 2 Review Questions

1. Why is information security a management problem? What can management do that technology cannot? Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function. Decision-makers in organizations must set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization’s data. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important in the organization because without it an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that functions within the modern social context of connected and responsive service relies on information systems to support these services, protecting data in motion and data at rest are both critical. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function? Both general management and IT management are responsible for implementing information security that protects the organization’s ability to function. Although many business and government managers shy away from addressing information security because they perceive it to be a technically complex task, in fact, implementing information security has more to do with management than with technology. Just as managing payroll has more to do with management than with mathematical wage computations, managing information security has more to do with policy and its enforcement than with the technology of its implementation. Has the implementation of networking technology created more or less risk for business that use information technology? Why? Networking is usually considered to have created more risk for businesses that use information technology. This is due to the fact that potential attackers have more and readier access to these information systems when they have been networked, especially if they are interconnected to the Internet. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.

4.

5.

When an attacker is able to control access to an asset. Today there are both expert hackers and unskilled hackers. What measures can individuals take to protect against shoulder surfing? The best way for an individual to avoid shoulder surfing is to avoid. and are often relatively unskilled in programming languages. They are the ones who use it in everyday activities. One should be constantly aware of who is around when accessing sensitive information. a hacker frequently spends long hours examining the types and structures of the targeted systems because he or she has to use skill. _____________________________________________________________________________________________ Page: 2 . if an attacker is able to gain access to a set of data in a database and then encrypt that data. 7. and can be internal or external to the organization. with limited parental supervision who spent all his free time at the computer. it can be held hostage to the attacker’s demands. The perception of a hacker has evolved over the years. For example. The expert hackers create the software and schemes to attack computer systems while the novice hackers are the ones who merely utilize the software created by the expert hacker. 6. guile. age 13-18. age 12 – 60. 8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today? The classic perception of the hacker is frequently glamorized in fictional accounts as someone who stealthily manipulates their way through a maze of computer networks. However. with varying technical skill levels. and failure to protect information. They rarely create or write their own hacks. An unskilled hacker is one who uses scripts and code developed by skilled hackers. The traditional hacker profile was male. in reality. as far as possible. The expert hacker is usually a master of several programming languages. and employee mistakes represent a very serious threat to the confidentiality. accidental deletion or modification of data. systems. entry of erroneous data. and operating systems. and availability of data. the accessing of confidential information when another person is present. they may extort money or other value from the owner in order to share the encryption key so that the data can be used by the owner. and operating systems. storage of data in unprotected areas. or fraud to attempt to bypass the controls placed around information that is the property of someone else. and data to find the information that resolves the dilemma posed in the plot and saves the day. integrity. The individual should limit the number of times he/she accesses confidential data. and do it only when he/she is sure that nobody can observe them. Why do employees constitute one of the greatest threats to information security? Employees are the greatest threats since they are the closest to the organizational data and will have access by nature of their assignments. networking protocols. 9. networking protocols. Employee mistakes can easily lead to the revelation of classified data. What is the difference between a skilled hacker and an unskilled hacker (other then the lack of skill)? How does protection against each differ? An expert hacker in one who develops software scripts and codes to exploit relatively unknown vulnerabilities. The current profile of a hacker is a male or female.

undocumented attack code. 10. not only to the lives of individuals. flood. earthquake. 13. During installation.Protecting against an expert hacker is much more difficult. Once a trusting user executes a Trojan horse program it will unleash viruses or worms to the local workstation and the network as a whole. landslide or mudslide. Therefore. software users are asked or even required to register their software to obtain technical support. which uses preconfigured signatures for detection. and back doors. or the use of all features. worms. Why does polymorphism cause greater concern than traditional malware? How does it affect detection? Polymorphism causes greater concern because it makes malicious code more difficult to detect. 11. Computer viruses are segments of code that induce other programs to perform actions. electrostatic discharge (ESD). tornado or severe windstorm. The code changes over time. most companies file patents. Trojan horses. What is the most common form of violation of intellectual property? How does an organization protect against it? What agencies fight it? The most common violations involve the unlawful use or duplication of software-based intellectual property known as software piracy. Conversely. and even the intentional placement of bad sectors on software media. which means commonly used anti-virus software. protection against these hacks can be maintained by staying up-to-date on the latest patches and being aware of hacking tools that have been published by expert hackers. This makes it almost impossible to guard against these attacks at first. lightning. Worms are malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication. _____________________________________________________________________________________________ Page: 3 . logic bombs. Some organizations have used such security measures as digital watermarks and embedded code. due in part to the fact that most of the time the expert hacker is using new. What are the various types of Malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms? Common types of malware are viruses. copyright codes. There are two major organizations that investigate allegations of software abuse: Software and Information Industry Association (SIIA) and the Business Software Alliance (BSA). and/or dust contamination. This makes polymorphic threats harder to protect against. Another effort to combat piracy is the online registration process. but also to information security. 12. trademarks or copyrights which can allow a company to legally pursue a violator. What are the various types of force majeure? Which type is of greatest concern to an organization in Las Vegas? Oklahoma City? Miami? Los Angeles? Force majeure refers to forces of nature or acts of God that pose a risk. tsunami. Force majeure includes fire. Also. an unskilled hacker generally uses hacking tools that have been made publicly available. hurricane or typhoon. will be unable to detect the newly changed attack.

Use a “disallow” list of passwords from a similar dictionary. Dictionary: A form of brute force for guessing passwords. how can attackers threaten that value? Yes. and Dictionary: Password crack: Attempting to reverse calculate the password is called “cracking. One of the best ways to prevent this is through proper planning by management. c. Once discovered. which leads to unreliable and untrustworthy systems. the IP of an organization may be its highest value asset. Technological obsolescence occurs when the infrastructure becomes outdated. 17. Attackers can threaten its value by reducing or removing its availability to the owner or by stealing and then selling copies of the asset thus causing a loss in the economic value of the assets.” Cracking is used when a copy of the Security Account Manager data file can be obtained. OK. Tornado is a concern for Oklahoma City. 14. security administrators can: a. To protect against password attacks. Brute Force: The application of computing and network resources to try every possible combination of options for a password. FL would be most concerned with hurricanes or tsunamis. Information Technology personnel must help management identify probable obsolescence so that any necessary replacement (or upgrade) of technologies can be done in a timely fashion. 15. Miami. Earthquakes. The dictionary attack selects specific accounts and uses a list of commonly used passwords with which to guess. What is the difference between a denial-of-service attack and a distributed denialof-service attack? Which is potentially more dangerous and devastating? Why? _____________________________________________________________________________________________ Page: 4 . wildfires and riots would be of concern to LA. What are the types of password attacks? What can a systems administrator do to protect against them? The types of password attacks include: Password Crack. A possible password is taken from the SAM file and run through the hashing algorithm in an attempt to guess the password. How does technology obsolescence constitute a threat to information security? How can an organization protect against it? Technological obsolescence is a security threat caused by management’s potential lack of planning and failure to anticipate the technology needed for evolving business requirements. As a result. Brute Force. 16. Does the intellectual property owned by an organization usually have value? If so. outdated technologies must be replaced. Require use of additional numbers and special characters in passwords. mud-slides. b. there is a risk of loss of data integrity from attacks.A major concern to an organization in Las Vegas might be dust contamination. Implement controls that limit the number of attempts allowed.

or by using deception to act on the conscience of users. It can be caused over a network when there is a mismatch in the processing rates between the two entities involved in the communication process. 18. who perhaps even works directly with those in power. numerous machines are first compromised and used as “zombies” to carry out the denial-of-service attack against a single target. _____________________________________________________________________________________________ Page: 5 . someone higher up the chain of command. What is a buffer overflow and how is it used against a web server? A buffer overflow occurs when more data is sent to a buffer than it can handle. In most DDoS attacks. A data-entry clerk could likely be swayed just by mentioning the name of the CEO and describing his anger at not getting the requested information promptly. 20. By convincing an unwitting employee to instruct the attacker as to the whereabouts of the networking equipment. This may also be accomplished by installing bogus software on user machines that will gather access information. What method does a social engineering hacker use to gain information about a user’s login and password? How would this method differ if it were targeted towards an administrator’s assistant versus a data-entry clerk? Social Engineering is the process of using social skills to obtain access credentials or other valuable information. A distributed denial-of-service attack is potentially more dangerous and devastating. Social engineering offers the best way for an attacker to gain access to a network to install a physical sniffer device. what must the attacker do? How can an attacker gain access to a network to use the sniffer system? The attacker must first gain access to a network to install the sniffer. For a sniffer attack to succeed. DDoS attacks are most difficult to defend against. and there are currently no controls any single organization can apply. A distributed denial-of-service attack occurs when a coordinated stream of requests is launched against a target from many locations at the same time. Tactics change based on the target. where the attacker represents himself or herself as someone of authority requesting information. This could be anything from a few additional details regarding a particular project or something as precise as an authorization password or document. Conversely. 19. Role-playing can do this. would require more convincing proof. the installation of the sniffer can be accomplished.A denial-of-service attack occurs when an attacker sends a large number of connection or information requests to a target.

Using the web. which in turn linked to the ISP. can be represented in more than one threat category. they crashed completely. Different sub-categories that this attack could fall under are deliberate acts of espionage or trespass. copies a few files. _____________________________________________________________________________________________ Page: 6 . message boards and even on his own site.Exercises 1. He was deemed an unskilled attacker because of a number of indicators. and steals credit card numbers. If a hacker hacks into a network. defacing the web page. the authorities were able to associate an IP address to the attacks. they linked the IP address to an account whose phone numbers linked to Mafiaboy's father's number.  Management failure. In addition to this. and stealing credit card numbers. such as erasing logs. like a hacker. A series of computer taps led to Mafiaboy’s arrest. it prompted the authorities to investigate. How many sites did he compromise and how? How was he caught? Mafiaboy's exploits consisted of a series of DDoS (Distributed Denial of Service) attacks on 11 corporate networks. with the ISP's help. Since the attacks were so large. Alternate Answer One example of a novice using pre-coded exploits was that of Mafiaboy.7 billion dollars in loss for these companies but there is dispute regarding the accuracy of that figure. deliberate acts of sabotage or vandalism. Mafiaboy simply ran a computer script that clogged networks full of garbage data. MafiaBoy’s denial-of-service attacks brought down many of the Internet's largest sites. Consider the statement: an individual threat. For instance. 2. if part of the organizations software has an unknown trap door then this type of hacker attack could occur. and then. determine what was the extent of Mafiaboy's exploits. This hacker attack could happen if management were to have a lack of sufficient planning and foresight to anticipate the technology need for evolving business requirements. and deliberate acts of theft. according to investigators. remaining offline from mere hours to as long as several days. The attacks caused. how many different threat categories does this attack cover?  Deliberate acts are the main threat category for this type of attack because the hacker is deliberately trying to cause harm. primarily that he failed to take basic steps to cover his tracks. In some cases. approximately 1. The attacks caused some of these companies' websites and networks to be difficult to reach.  Compromises to intellectual property – copying of files. Authorities found that someone by the name of Mafiaboy was bragging about the attacks on websites. defaces the Web page.  Technical failures. a teen that launched distributed denial-of-service attacks against several high profile websites. being simple enough for use by script kiddies. The tools used for these attacks are widely available on the Internet and require little computer knowledge to use.

or other service.com.gov/ . MafiaBoy gained illegal access to 75 computers in 52 different networks and planted a DoS tool on them which he then activated and used to attack 11 Internet sites by sending up to 10.com and Yahoo! offered more concrete numbers. as it is estimated that thousands of dollars of revenue is lost per hour of non-operation. Because Amazon. a system administrator would be aware of and could utilize different approaches in implementing a more extensive security program. “One year after DoS attacks. Dell. http://www.700 phony information requests in 10 seconds.Nonetheless. Using a keyword search on “threats. CNN.com as well as more than 1. 4.securityfocus.com and eBay are among the sites Mafiaboy was able to cripple.com. February 9. may be unable to form a transmission path from one end of the network to the other.200 other sites CNN hosts worldwide.iol.cnn. Search the Web for “The Official Phreaker’s Manual”. of dollars. “DoS Attacks Cripple Yahoo.com.com’s website was inaccessible for more than a day. Buy. all networks used within the Bell Systems are of the blocking type. Amazon. In general.com” Irish News.” http://csrc.” A blocking network is a network that.nist. his skill deficit did not stop him from successfully shutting down a number of prominent websites.html#2 3. References: 1.ncsl. What information contained in this manual can help a security administrator to protect a communications system. A security administrator could benefit from studying "The Official Phreaker's Manual" as it could allow them to better protect their communications system. order. transfer. vulnerabilities remain.anniversary.This site has details about new security standards that should be adopted by organizations and the reasons for the security standards ranging from cryptology to network security. Phone phreaking is the act of using mischievous and mostly illegal methods in order to avoid having to pay for some sort of telecommunications invoice.ie/~kooltek/dosattacks. This security includes “blocking networks. From the system administrator's point of view. under certain conditions. The cost to these companies is estimated to be in the millions. this type of attack can be a disaster. _____________________________________________________________________________________________ Page: 7 . it is estimated they lost several million dollars. http://www. Yahoo!.com/2001/TECH/internet/02/08/ddos. CNN. Using the Web. For example. find at least two other sources of information on threat and vulnerabilities. each company lost a million dollars every four hours that their networks were inaccessible. Buy. this information would prove useful due to the fact that it provides many common ways of finding loop-holes and alternate ways around different communications system security measures. perhaps even billions. 2001.html 2. Equipped with this information. Amazon and Buy. for a company whose only storefront is web-based.idg/index. The chapter discussed many threats and vulnerabilities to information security. It often involves usage of highly illegal boxes and machines in order to defeat the security that is set up to avoid this sort of tactic. 2001. Begin with www.” February 8.

Securityfocus.security-survey.com lists threats. vulnerabilities.gartner.s.com https://www.com http://www.infomaticsonline.1283.idc.com http://www.com http://www.uk. 1. http://www. Using the categories of threats mentioned here. http://www.gov.1.fedcirc.Information on reported threats.gov/ .cerias. Compromises to intellectual property http://www. http://www.id.theregus.siliconvalley.nwfusion.com/ . Deliberate acts of espionage or trespass.com .com/security/ .com http://www. review several newspapers and locate examples of each.washtimes. Potential acts of human error or failure http://www.This site is a searchable index of information on computer vulnerabilities.com/columnists/2001/00379820.search. and advisories http://www.54681.com http://zdreviews.The Register’s listing of the latest threats http://www.cert.co.washtimes.net/security_center/ http://www.edu/ http://www.purdue.com/news/politics/0.This site has a number of articles with information security concerns for various industry experts on a wide variety of issues especially in the corporate world.co.This site has information on the latest viruses and security advisories.html . http://security1.securityfocus.19.html 3.uk 5. as well as the various attacks described.http://www.php.theregister.gocsi.org/stats http://www.gov/icat.wired.riptech. http://www.symantec.Microsoft’s listing of important announcements for security and privacy http://www.htm _____________________________________________________________________________________________ Page: 8 .http://icat. http://www.nist.iss.00.uk/content/55/index.html 2.jsp .com/upibreaking/24052002-081209-7018r.com/section.This site has information on any new information about the Technology industry including breaches of security of various companies information systems.microsoft.com/avcenter/ .cfm .

newsfactor.worm.symantec. Deliberate software attacks.Worm is a worm that attempts to spread using the popular KaZaA file-sharing program.html 11. It copies itself as OsamaLaden.html Virus Attack: VBS.efno.wired.com/jun01security.1282.zdnet.Melhack.4.com/texis/techinfobase/techinfobase/+Dwq_qoKX88XK9s/zdisp lay.202665721.htm 12.computertimes. When this worm runs.htm#defense 6.10124. Potential deviations in quality of service from service provides http://zdnet.zdnet.com.html 13.00.vbs into two locations.00.dll) to run.com/perl/story/17940.http://www.com/avcenter/venc/data/w32.html 8. This causes the worm to be accessible to other users on the KaZaA network." However.melhack. Technical hardware failurehttp://www. it changes several KaZaA registry keys.Efno.com/news/mac/0. http://securityresponse. Technical software failurehttp://www.html 9.au/newstech/enterprise/story/0.15459.scmagazine.exe.com/news/topstories/0. it is possible to change the file name to other names that may appeal to people. html Trojan Horse: _____________________________________________________________________________________________ Page: 9 .h tml) Worm Attack: W32. Deliberate acts of information extortionhttp://www.00.2125. (http://securityresponse. Technological obsolescencehttp://www.b.http://www. Deliberate acts of theft. Deliberate acts of sabotage of vandalismhttp://www.symantec.com. The worm spreads using the file name "Win XP SP1 cracker.wired. Forces of naturehttp://www.com/2100-1105-837412.signonsandiego.com/avcenter/venc/data/vbs.com/scmagazine/sconline/2002/article/33/article.com/news/technology/0.html 5.50025.com/news/computing/personaltech/200208129999_mz1b12summer. The worm is written in Visual Basic.html 7.00.B is an intended mass mailing virus that is written in Visual Basic.2000025001.1287. http://cma.wired.html 10. and therefore it requires Visual Basic runtime libraries (Msvbvm60.

After it is installed into victim's system.IrcBounce is the detection for a collection of programs that a hacker can use to conceal intrusion and obtain administrator-level access to Microsoft Windows environments. It also allows voice communication from the intruder to the user of the compromised computer.Trojan. _____________________________________________________________________________________________ Page: 10 . in which the Administrator account has no password Use user names and passwords that are very common. Back Door: Backdoor.FunFactory allows unauthorized access to an infected computer. These programs can be used to attack Windows environments that    Have the default installation. it gives a remote attacker unobstructed access to the compromised computer.