Principles of Information Security (MindTap Course List)
6th Edition
ISBN: 9781337102063
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 7, Problem 1CEDQ
Explanation of Solution
Trial made to hack the network:
“Yes”, from the case discussed it is clear that Miller is left with no option to pursue the vendetta.
Reason:
- Miller is required to attach tools such as fully explained network diagram of the SLS company with all the required files along with the access code that are required in attacking the network.
- The attack is made to the network using client VPN (Virtual Private Network) and was identified that front door was closed.
- Since, it is found closed doors at the front, the connection was tried to establish using a dial-up connection and it was again redirected to same authentication server that is used by the Virtual Private Network which made first attempt failure...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario.
Discussion Questions
Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that?
How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance?
Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?
Discussion Questions
Do you think Miller is out of options as he pursues his vendetta? If you think he could take additional actions in his effort to damage the SLS network, what are they?
Suppose a system administrator at SLS read the details of this case. What steps should he or she take to improve the company's information security program?
Consider Miller's hacking attempt in light of the intrusion kill chain described earlier and shown in Figure 7-1. At which phase in the kill chain has SLS countered his vendetta?
Ethical Decision Making
It seems obvious that Miller is breaking at least a few laws in his attempt at revenge. Suppose that when his scanning efforts had been detected, SLS not only added his IP address to the list of sites banned from connecting to the SLS network, the system also triggered a response to seek out his computer and delete key files on it to disable his operating system.
Would such action by SLS be ethical? Do you think action would be legal?
Suppose…
Based on what you what heard on the media and your readings and multimedia about the SolarWinds attack please discuss the following:
What did the attack consist of?
How did it originated? What are your thoughts about what government officials are saying about attribution?
Could this type of attack have been avoided? How? If not what else can be done to prevent these attacks in the future?
Based on your reading, what do you think was Kevin Mitnick’s motivation? What was his favorite method for hacking?
Why do we need to understand the attacker’s kill chain process? Address each one in your response: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on the target, and Impact.
How can the MITRE ATT&CK Matrix help you not only understand the kill chain used by hackers to compromise an organization but also how it will help you stop attacks? Describe how it will help you with your job as a defender.
Chapter 7 Solutions
Principles of Information Security (MindTap Course List)
Ch. 7 - Prob. 1RQCh. 7 - Prob. 2RQCh. 7 - Prob. 3RQCh. 7 - Prob. 4RQCh. 7 - Prob. 5RQCh. 7 - Prob. 6RQCh. 7 - Prob. 7RQCh. 7 - Prob. 8RQCh. 7 - Prob. 9RQCh. 7 - Prob. 10RQ
Ch. 7 - Prob. 11RQCh. 7 - Prob. 12RQCh. 7 - Prob. 13RQCh. 7 - Prob. 14RQCh. 7 - Prob. 15RQCh. 7 - Prob. 16RQCh. 7 - Prob. 17RQCh. 7 - Prob. 18RQCh. 7 - Prob. 19RQCh. 7 - Prob. 20RQCh. 7 - Prob. 1ECh. 7 - Prob. 2ECh. 7 - Prob. 4ECh. 7 - Prob. 5ECh. 7 - Prob. 1CEDQCh. 7 - Prob. 2CEDQCh. 7 - Prob. 3CEDQ
Knowledge Booster
Similar questions
- What distinguishes a passive security compromise from an aggressive one? This is the reason why offensive assaults are more hazardous than defensive ones. To substantiate your arguments, please provide concrete examples.arrow_forwardDo you prefer the phrase "network sniffing" or "wiretapping," given the similarities between these two practices? Is there anything about them that causes others to see them as potential dangers in a more subtle way?arrow_forwardConsider the first step of the common attack methodology we describe, which is to gather publicly available information on possible targets. What types of information could be used? What does this use suggest to you about the content and detail of such information? How does this correlate with the organization’s business and legal requirements? How do you reconcile these conflicting demands?arrow_forward
- Imagine if Jim was going to be infected by a virus that was going to be attached to an email and sent to him. Can you talk about this attack in terms of vulnerabilities, threats, and the agents of those threats?arrow_forwardWhat does the use of a poison package in an attack imply, and what does the fact that it occurred imply? I would appreciate it if you could offer me with two instances of this type of assault for my consideration.arrow_forwardWhat's the difference between taking a top-down strategy to information security and a bottom-up one?Because it is more effective to implement a method that works from the top down?arrow_forward
- The concept of vulnerability assessment (VA) and penetration testing (PT) can be confusingto the minister given that he is not an information security specialist. Briefly point out to theminister the difference between vulnerability assessment and penetration testing.arrow_forwardWhat is an Incident Containment Strategy? Give an example and discuss it.arrow_forwardConsider the attacks on higher education from inside. Please let us know if you have any ideas on how to avoid similar assaults.arrow_forward
- I need help with this problem for my Strategic Management class. Thank you You have received word of the Ryuk threat, a ransomeware attack. Assume $100 per infected device to recover data. Your assignment is to research the threat and write a 1 page executive briefing (use a memo format), using the following steps: Research and review information regarding a security threat and/or breach Analyze the threat Prepare an executive briefing (a one-page paper in Word, PDF, etc.) Summarize the key points of the issue Describe how/if it might impact St Eligius Recommend short term mitigation steps Recommend long term mitigation actionarrow_forwardWhat's the difference between a top-down strategy and a bottom-up one when it comes to information security?Because using a technique that works from the top down is more efficient, why?arrow_forwardIf you are employed by "x" company and are involved in a network project, consider the following: The CIA trinity is a security pillar, therefore we'll talk about the idea of non-repudiation. Give some samples of what you're talking about.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning