How are the vulnerabilities discovered

Assignment Help Computer Network Security
Reference no: EM131858103

Case Project Assignment: Read the following Case Study and answer the questions at the end in paragraph form.

XYZ Security Auditors was hired to determine if he could gain access to the network servers of a department store chain that contained important proprietary information. The chief information system officer (CISO) of the department store chain boldly proclaimed that breaking into the servers by the auditor would be "next to impossible" because the CISO "guarded his secrets with his life." The auditors were able to gather information about the servers, such as the locations of the servers in different areas and their IP addresses, along with employee names and titles, their email addresses, phone numbers, physical addresses, and other information.

The auditors also learned that the chief executive officer (CEO) had a family member who had battled through lupus which does not have a cure. As a result the CEO became involved in lupus fundraising. By viewing the CEO's entry on Facebook, he was also able to determine his favorite restaurant and sports team.

The auditors then called the CEO and impersonated a fundraiser from a lupus charity that the CEO had been involved with before. They stated that those individuals who made donations to this year's charity event would be entered into a drawing for prizes, which included tickets to a game played by the CEO's favorite sports team and gift certificates to area restaurants, one of which was the CEO's favorite.

The CEO was very interested in the fake charity event, the auditors said that they would email him a PDF document that contained more information. When the CEO received the attachment he opened it, and a backdoor was installed on his computer without his knowledge. Auditors were then able to retrieve the company's sensitive material. (When the CISO was later informed of what happened, he called it "unfair"; the auditors responded by saying, "A malicious hacker would not think twice about using that information against you.")

Now pretend that you are an employee of that company and that it is your job to speak with the CISO and CEO about the security breach.

What would you say to them? Why?

What recommendations would you make for training and awareness for the company?

Write a letter to the CISO and CEO explaining the breach and what steps are taken to prevent this from happening in the future.

Case Project: Choose one of the following threats, use the Internet to research and answer the questions, and write a one-page paper on your research: DoS Attacks, Arbitrary/Remote Code Execution Attacks, Injection Attack Defenses, Zero-Day Attacks, Buffer Overflow Attacks.

• How do these attacks commonly occur?
• How are the vulnerabilities discovered?
• What are the defenses to protect against these attacks?
• What are some of the most well-known attacks that have occurred?

Reference no: EM131858103

Questions Cloud

Describe the entrapment defense : Describe the entrapment defense and the 2 tests used by courts to validate it and give an example of how each is used.
What theory of delinquency : What theory of delinquency (i.e. social disorganization theory, strain theory, opportunity theory, etc) do you believe holds the most water
Explain the theory behind traffic stops : Explain the theory behind traffic stops as a crime reduction strategy and what types of tactics can be used to take that traffic stop
What is problem-oriented policing : What is problem-oriented policing? Discuss how a problem-oriented policing approach might apply to issues such school bullying
How are the vulnerabilities discovered : How are the vulnerabilities discovered? What are the defenses to protect against these attacks? What are some of the most well-known attacks that have occurred?
Beneficial in the success of criminal profiling : Deductive and inductive reasoning as associated with profiling, what can you suggest why both approaches may be useful
Character of faith-motivated activism : At what point does the character of faith-motivated activism become extremist and terrorist?
Reintegrative shaming and stigmatization : What benefits do you see to both reintegrative shaming and stigmatization, and why? What are the drawbacks to both and why?
Discuss element of the global marketing mix : You have been asked to consult with a small business owner who wants to expand her company overseas. She has asked you to develop a global marketing strategy.

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd