Chapter 7: Case Exercises 1 and 2

Case Exercise 1: Do you think Miller is out of options as he pursues his vendetta? If you think there are additional actions he could take in his effort to damage the SLS network, what are they?

Since he already tried an insider attack, he could try monitoring the system for a close in attack, hijack attack, contact a previous colleague and attempt a buffer overflow, continue an exploit attack, and or look for a password attack.

Case Exercise 2: Suppose a system administrator at SLS happened to read the details of this case. What steps should he or she take to improve the company’s information security program?

• Clearly establish and enforce all policies and procedures. Your policies and procedures should be thoroughly tested to ensure that they are practical and clear and provide the appropriate level of security.

• Gain management support for security policies and incident handling.

• Routinely assess vulnerabilities in your environment. Assessments should be done by a security specialist with the appropriate clearance to perform these.

• Routinely check all computer systems and network devices to ensure that they have all of the latest patches installed.

• Establish security training programs for both IT staff and end users. The largest vulnerability in any system is the inexperienced user.

• Post security banners that remind users of their responsibilities and restrictions, along with a warning of potential prosecution for violation. These banners make it easier to collect evidence and prosecute attackers. You should obtain legal advice to ensure that the wording of your security banners is appropriate.

• Develop, implement, and enforce a policy requiring strong passwords.

• Routinely monitor and analyze network traffic and system performance.

• Routinely check all logs and logging mechanisms, including operating system event logs, application specific logs and intrusion detection system logs.

• Verify your back-up and restore procedures. You...