1. Direct broadcast satellite TV companies have complained for years that their
systems have are secure, however the...
Point out to them that Norton Antivirus and similar signature-based antivirus programs
will not detect these type of attac...
How would you propose to build protection mechanisms for this hidden mobile code?
Would it be part of an advanced firewall...
of 3


Published on: Mar 3, 2016

Transcripts - namngivna

  • 1. 1. Direct broadcast satellite TV companies have complained for years that their systems have are secure, however there are a few ‘hobbyist’ who have compromised the systems. Research the cat and mouse game being played for both large US satellite companies (DirectTV and Echostar) and report on the current state of system security for these systems 2. Pretty Good Encryption (PGP) has been around for a while now. How does it work? Why are Governments so concerned about its routine use? What other encryption systems are similar in performance? How seamless is PGP (and like encryption methods) integrated into e-mail programs? Can you use PGP for other types of data? Are these encryption systems practical for streaming or high speed network data? What are some performance metrics? Demo’s and examples can be beneficial! Can PGP be used in A VPN environment? Why, or why not? 3. Many people are very concerned with infrastructure attacks. Focusing on electrical transmission, gas transmission (not gasoline), and local telephone services, investigate the vulnerabilities to each command and control system. Are they as vulnerable to system wide failure as some suspect? What is the official word from the service providers? What safety measures are in place now for each service? What safety measures are planned for the near term future? Provide your assessment of the safety of these systems from attack via networks, computers, and from insiders. 4. Medical, financial, and personal data are extremely important to the privacy of the individual. Investigate the vulnerabilities in each of these areas. Is it possible to “dig” or “data mine” information on an individual (without his permission)? How far can you go in each area? In particular, how much information can you obtain for free? What sources would you employ to gain access to additional data? What are HIPA regulations, and how will they affect this area? If you were an “insider” how much data could you obtain on someone? (An insider, for example, is someone who may work at a medical facility or a doctor’s office). Currently, what formal actions are being pursued for the protection of this data (if any)? What are your recommendations to 1.) Lawmakers, 2.) General public, 3.) The active Internet user? Document your work well, and show all web based sources used. 5. Banking on line is a growing area. On-line money is a new e-commerce area. Investigate how secure the on-line banking actually is. Target specific financial institutions, write to them formally. Ask them how much fraud is being caused on-line from their on-line (Internet) banking activities being hacked. Ask also for the fraud rates of credit cards they offer. Ask how much of that fraud is Internet based fraud (i.e., people using stolen card numbers over the Internet). What steps are each institution taking the ensure security to their customers? What are the limitations and liabilities to the customer who conducts their banking on-line with each banking institution? Do they have procedures in place should a customer identify his account as being broken into? What are they? Ask what steps are being taken to prevent their banking servers from obtaining mobile code (virus which travels) and dynamic virus attacks (for example Back Orifice 2000).
  • 2. Point out to them that Norton Antivirus and similar signature-based antivirus programs will not detect these type of attacks, and this is not an acceptable response. Detail and summarize your findings. 6. Firewall Survey. Survey the state of the art in firewall protection. Firewalls are used at network connection points to keep malicious people out of your systems. What are good firewalls for personal, business, e-commerce, Government, and educational entities? What are their limitations (in terms of attack coverage, event logging, data recording, etc). Do they have provisions for dynamic code detection (virus which travels)? Is there any attack detection? 7. CyberCops. You suspect a cybercrime at your business. What do you do now? What evidence will you need for prosecution? (Assume New York state laws apply). How do you get the evidence? What forensic tools and methods can you employ? Which can be used 1.) Before the arrest, 2.) After seizure of the computer and network assets, 3.) To demonstrate evidence in court. Work with D.A.s. How much has been done in our courts today? What type of cases exist today? Give a summary of the steps to follow. Show points of contacts in law enforcement, and legal representatives. 8. Computer Forensics. What is computer forensics? What are the necessary steps needed to gather official evidence data? What tools work best? Are there tools which are accepted for use in the courts? 9. News media spoofing 10. Cellular Telephone Hacking. Digital Cell Phone security. How secure are mobile GSM and analog telephones? What technology is used to keep them secure? What are points of vulnerability? 11. DVD Cracks. Recently, Digital Versatile Disks have been hacked. There exists two programs to recover secure data, from the disks. Investigate the history, nature, and the methods used to exploit this vulnerability. Are other data sources at risk? What legal ramifications are there to exploiting data on DVDs or even using the DeCSS programs. What can be done to re-secure the data on DVDs? What are region codes? Why are these important? Can watermarks or steganographic means be a way to re-secure DVD data? What are the controlling organizations for the security aspects to DVD data? Provide your assessment (with as much support as possible) as to the direction DVD data security will take in the next two years. 13. Hidden Data detectors. Steganography detection. Mobile code detection. Data can be hidden in many ways in media. There exists today public domain data hiding software. Assess the state of the art in data hiding detection software. (You may start by investigating the data hiding software available). Try to think “out of the box” and make your own recommendations as to how one may be able to detect hidden data in media files. If one is able to hide data effectively, can the data represent computer code which can become mobile (traversing as hidden data embedded in imagery, sound, or video)?
  • 3. How would you propose to build protection mechanisms for this hidden mobile code? Would it be part of an advanced firewall? Is there enough computing power available in the firewall host to perform on-line real time steganography detection? 14. Wireless LAN/WAN Protection. IEEE 802.11b devices are claimed to be not secure. Why? What software and techniques are required to break WEP? What are some statistical data concerning the number of open access points? What is WAR DRIVING? How is this performed? What equipment is necessary? Why are the risks so great? What techniques can be used to secure IEEE 802.11b based devices and WLANs?

Related Documents