Principles of Information Security (MindTap Course List)
6th Edition
ISBN: 9781337102063
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 7, Problem 3CEDQ
Explanation of Solution
Miller’s hacking attempt:
- Miller is required to attach tools such as fully explained network diagram of the SLS company with all the required files along with the access code that are required in attacking the network.
- The attack is made to the network using client VPN (Virtual Private Network) and was identified that front door was closed.
- Since, it is found closed doors at the front, the connection was tried to establish using a dial-up connection and it was again redirected to same authentication server that is used by the Virtual Private Network which made first attempt failure.
- The next option that miller preferred is installing the Zombie program at the company’s extranet quality assurance server and this approach also directed towards the failure because of the firewall and control policies defined in it...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Discussion Questions
Do you think Miller is out of options as he pursues his vendetta? If you think he could take additional actions in his effort to damage the SLS network, what are they?
Suppose a system administrator at SLS read the details of this case. What steps should he or she take to improve the company's information security program?
Consider Miller's hacking attempt in light of the intrusion kill chain described earlier and shown in Figure 7-1. At which phase in the kill chain has SLS countered his vendetta?
Ethical Decision Making
It seems obvious that Miller is breaking at least a few laws in his attempt at revenge. Suppose that when his scanning efforts had been detected, SLS not only added his IP address to the list of sites banned from connecting to the SLS network, the system also triggered a response to seek out his computer and delete key files on it to disable his operating system.
Would such action by SLS be ethical? Do you think action would be legal?
Suppose…
Consider a newsworthy authentication or access control breach. How did it influence everyday operations? Are there specific corporate losses?
“The Diamond Model of Intrusion Analysis
Summarize the diamond model and how does each section work together?
Do you feel that this module is effective? If not, what do you feel is missing??
How could this be used by cybersecurity teams in private organizations?
How does the Diamond Model compare to the Kill Chain? Which do you feel is the most effective and why?
Chapter 7 Solutions
Principles of Information Security (MindTap Course List)
Ch. 7 - Prob. 1RQCh. 7 - Prob. 2RQCh. 7 - Prob. 3RQCh. 7 - Prob. 4RQCh. 7 - Prob. 5RQCh. 7 - Prob. 6RQCh. 7 - Prob. 7RQCh. 7 - Prob. 8RQCh. 7 - Prob. 9RQCh. 7 - Prob. 10RQ
Ch. 7 - Prob. 11RQCh. 7 - Prob. 12RQCh. 7 - Prob. 13RQCh. 7 - Prob. 14RQCh. 7 - Prob. 15RQCh. 7 - Prob. 16RQCh. 7 - Prob. 17RQCh. 7 - Prob. 18RQCh. 7 - Prob. 19RQCh. 7 - Prob. 20RQCh. 7 - Prob. 1ECh. 7 - Prob. 2ECh. 7 - Prob. 4ECh. 7 - Prob. 5ECh. 7 - Prob. 1CEDQCh. 7 - Prob. 2CEDQCh. 7 - Prob. 3CEDQ
Knowledge Booster
Similar questions
- Consider a recent breach in authentication or access control in the news. If so, how did it affect daily operations? Is there a list of particular losses the company has incurred?arrow_forwardIn reality, what does multifactor authentication include and how does it work? To what goal does it serve when it comes to the prevention of passwords being stolen?arrow_forwardThink about a recent security incident involving authentication or authorization that made the headlines. Was this the case, and if so, how did it influence regular activities? Does the firm provide a breakdown of the specific losses it has taken?arrow_forward
- Take a look at the most recent authentication or access control breach that made headlines. In such case, how did it influence regular activities? Is there a breakdown of the specific losses experienced by the firm?arrow_forwardExamine the concept of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in the context of the OSI model, focusing on their role in network security.arrow_forwardI'm not really clear on what multifactor authentication entails. Thus, how does it contribute to the prevention of the use of leaked or stolen passwords?arrow_forward
- What exactly is meant by the term "multifactor authentication," and how does its use really play out in the real world? What part does it play in the prevention of password theft, and how exactly does that role play out?arrow_forwardIn terms of computer security, what is the link between MULTICS and the growth of the discipline in its early stages?arrow_forwardIf we divide IDPSs into two categories according to the techniques they employ to spot attacks, we get the first and second of the two main categories: intrusion detection and prevention systems.arrow_forward
- The CNSS security paradigm has to be described in full. How many space-time dimensions does this thing have?arrow_forwardLay down the CNSS security paradigm for me. To what extent does this thing extend in three dimensions?arrow_forwardAny thoughts on the parallels between network sniffing and wiretapping would be appreciated. Why do they just make veiled threats?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning