- Evaluate the reason for the limited use of the root or superuser account in Linux. Determine why you believe, by default, this account is so cautiously guarded in comparison to Windows operating systems. Provide a rationale with your response.
- From the e-Activity, discuss the tool’s primary uses, strengths and weaknesses, competing products, costs, system requirements, and whether hackers and / or security personnel commonly use the tool. Decide whether or not as a security manager you would consider the use of this tool for your team. Provide a rationale with your response.
- Explain in your own words the importance of keeping an Incident Response Plan (IRP) up-to-date with changes in a business. Hypothesize what you believe to be the greatest reason for a corporation to not have an updated IRP and explain the potential issues this could create.
- Imagine you are a chief information security officer (CISO) for a large corporation. Propose communication procedures you would consider utilizing for incident response, such as when to provide communication, and who you believe would be privy to those communications based on the need to know.
Case Study: Viruses
Case Study: Viruses
The country of Iran is expending tremendous resources on developing a nuclear energy program that is believed by the Western countries to be weapons-oriented. Recently, a virus named the Stuxnet has been in the news because it was introduced into the Iranian computers controlling their nuclear program and wreaked havoc on their centrifuges. Unfortunately, this virus has now escaped and is available to malicious attackers so that it could potentially be used against our own infrastructure.
Watch the video from “ 60 Minutes” titled, “Stuxnet: Computer worm opens new era of warfare”, located at http://www.youtube.com/watch?v=6WmaZYJwJng, concerning the Stuxnet virus.
Read the article titled, “News briefs: Flame, Stuxnet, breach at LinkedIn and other security news”, located at http://www.scmagazine.com/news-briefs-flame-stuxnet-breach-at-linkedin-and-other-security-news/article/245502/, concerning the Flame virus and Stuxnet.
Write a three to five (3-5) page paper in which you:
- Describe the virus and how it propagated itself onto servers over the Web based on the actual information provided. Assess the Web-based risks that led to the attack.
- Create a graphic rendering of how the virus was able to replicate onto remote servers using Visio or an equivalent such as Dia. Note: The graphically depicted solution is not included in the required page length.
- Describe some of the common vulnerabilities to utility companies with a virus such as Stuxnet.
- Discuss some secure coding efforts and practices under way to mitigate the vulnerabilities exposed by this particular episode.
- Determine if Stuxnet or a similar virus could happen here, and how you would protect the utility infrastructure in light of a heavy reliance on the Internet and Web-based applications which allow remote access.
- Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
- Include charts or diagrams created in Visio or Dia. The completed diagrams / charts must be imported into the Word document before the paper is submitted.
The specific course learning outcomes associated with this assignment are:
- Compare and contrast Web-based risks.
- Describe the attributes and qualities of secure coding practices.
- Use technology and information resources to research issues in securing Web-based applications.
- Write clearly and concisely about Web application security topics using proper writing mechanics and technical style conventions.