User Account

All Pages

How are the vulnerabilities discovered

Assignment Help Computer Network Security
Reference no: EM131858103

Case Project Assignment: Read the following Case Study and answer the questions at the end in paragraph form.

XYZ Security Auditors was hired to determine if he could gain access to the network servers of a department store chain that contained important proprietary information. The chief information system officer (CISO) of the department store chain boldly proclaimed that breaking into the servers by the auditor would be "next to impossible" because the CISO "guarded his secrets with his life." The auditors were able to gather information about the servers, such as the locations of the servers in different areas and their IP addresses, along with employee names and titles, their email addresses, phone numbers, physical addresses, and other information.

The auditors also learned that the chief executive officer (CEO) had a family member who had battled through lupus which does not have a cure. As a result the CEO became involved in lupus fundraising. By viewing the CEO's entry on Facebook, he was also able to determine his favorite restaurant and sports team.

The auditors then called the CEO and impersonated a fundraiser from a lupus charity that the CEO had been involved with before. They stated that those individuals who made donations to this year's charity event would be entered into a drawing for prizes, which included tickets to a game played by the CEO's favorite sports team and gift certificates to area restaurants, one of which was the CEO's favorite.

The CEO was very interested in the fake charity event, the auditors said that they would email him a PDF document that contained more information. When the CEO received the attachment he opened it, and a backdoor was installed on his computer without his knowledge. Auditors were then able to retrieve the company's sensitive material. (When the CISO was later informed of what happened, he called it "unfair"; the auditors responded by saying, "A malicious hacker would not think twice about using that information against you.")

Now pretend that you are an employee of that company and that it is your job to speak with the CISO and CEO about the security breach.

What would you say to them? Why?

What recommendations would you make for training and awareness for the company?

Write a letter to the CISO and CEO explaining the breach and what steps are taken to prevent this from happening in the future.

Case Project: Choose one of the following threats, use the Internet to research and answer the questions, and write a one-page paper on your research: DoS Attacks, Arbitrary/Remote Code Execution Attacks, Injection Attack Defenses, Zero-Day Attacks, Buffer Overflow Attacks.

• How do these attacks commonly occur?
• How are the vulnerabilities discovered?
• What are the defenses to protect against these attacks?
• What are some of the most well-known attacks that have occurred?

Reference no: EM131858103

Questions Cloud

Describe the entrapment defense : Describe the entrapment defense and the 2 tests used by courts to validate it and give an example of how each is used.
What theory of delinquency : What theory of delinquency (i.e. social disorganization theory, strain theory, opportunity theory, etc) do you believe holds the most water
Explain the theory behind traffic stops : Explain the theory behind traffic stops as a crime reduction strategy and what types of tactics can be used to take that traffic stop
What is problem-oriented policing : What is problem-oriented policing? Discuss how a problem-oriented policing approach might apply to issues such school bullying
How are the vulnerabilities discovered : How are the vulnerabilities discovered? What are the defenses to protect against these attacks? What are some of the most well-known attacks that have occurred?
Beneficial in the success of criminal profiling : Deductive and inductive reasoning as associated with profiling, what can you suggest why both approaches may be useful
Character of faith-motivated activism : At what point does the character of faith-motivated activism become extremist and terrorist?
Reintegrative shaming and stigmatization : What benefits do you see to both reintegrative shaming and stigmatization, and why? What are the drawbacks to both and why?
Discuss element of the global marketing mix : You have been asked to consult with a small business owner who wants to expand her company overseas. She has asked you to develop a global marketing strategy.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Star topology network

Explain the main advantages and disadvantages of a STAR topology network. In your own words, described the functional differences between a bridge and a gateway. Give an example of each.

  What is an application-level gateway

What is the difference between a packet filtering firewall and a stateful inspection firewall? What is an application-level gateway?

  How is the fourth amendment applied

You are encouraged to conduct research and use other sources to support your answers. Be sure to list your references at the end of your post.

  Differences between terms security class and security level

Explain the differences between the terms security class, security level, security clearance, and security classification and What are two rules that a reference monitor enforces?

  Developing a security evaluation process

You are responsible for developing a security evaluation process that can be used to assess various operating systems both during and after development.

  Analyze the basic attacks that occur in cyberspace each

analyze the basic attacks that occur in cyberspace. each type of threat actor attempts to achieve certain goals

  Identify threats to private and public organizations

Define "cyber security," and identify threats to private and public organizations. Identify the pillars of personal security that assist in personal protection.

  Project - cloud computing security policy

Project: Cloud Computing Security Policy. Create a transition strategy for moving from the "As-Is" enterprise architecture to cloud-based services. You should consider IaaS, PaaS, and SecaaS strategies

  Discuss some of the problems nats create for ipsec security

Discuss some of the problems NATs create for IPsec security. (See [Phifer 2000]). Can we solve these problems by using IPv6? Why deployment of IPv6 has been slow to date. What is needed to accelerate its deployment?

  Develop detailed plan to approach and secure incident scene

Discuss the initial steps you would take for the investigation, depending on whether or not the attack is still in progress. Include how your actions would differ based on the current status of the incident.

  Conduct an internet search of cyber crimes

Conduct an Internet search of cyber crimes. Find a cyber crime, a crime where a computer is used to commit a majority of the crime that has occurred in the last three months.

  Explain the key inherent dangers of the chosen threats

SEC 420- Explain the key inherent dangers of the chosen threats, and indicate the key reasons why you believe such threats pose more of a risk than other current ones in existence. Justify your answer.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd