Case Project 9-1: DoS attacks are one of the easier attacks to perpetrate on a network, so
They’re often used by people who have a grudge against a company or are
out to commit acts of vandalism. To read about some well-known DoS
attacks, go to www.grc.com/freepopular.htm and look for the Original DDoS
Report, which discusses an attack perpetrated on that Web site by a 13-
year-old. Read the report and write a synopsis of how the attack was carried
out and what could have been done to prevent it.
1. What’s the largest attack volume (in Gbps) as of the papers writing?
2. What percentage of companies were hit by a DDos attack in 2013?
3. What’s the trend for the current method attackers use to perpetrate DDos attacks?
4. Using the chart on page 7 of the report, what’s the trend for the type of attacks being perpetrated?
Case Project 9-2: Using the information on open ports you found with NetInfo in Hands-On Project 9-5, research these ports to determine their function and whether leaving them open is safe. A Google search is a good place to begin your research. Write a summary of what you found and list which open ports pose a security risk.
Case Project 9-3: Search for security policy templates on the Internet. A good place to start is the
SANS Institute (www.sans.org). Using one or more of the templates you find,
develop a security policy for your school or a business.
Case Project 9-4: A small research company in Pittsburgh is working to develop a new method of mass storage to replace current hard drive technology. Four engineers and an office manager work there the engineers are highly skilled professionals, and the office manager is a capable computer user. The company has a high-bandwidth Internet connection because employees must conduct research frequently. The employees have hopes of making a breakthrough and bringing the company public within the next two years. You’ve been hired as a security consultant to assess the company’s needs. Write a paper recommending what type of security policy should be used (open, moderately restrictive, or high restrictive) and what security technologies should be used. On what areas should the security policy focus (physical security, data security, auditing, passwords, and so forth), and what technologies should be used to secure these areas?
Case Project 9-5: An architectural firm of eight employees, each with a networked desktop computer, wants you to develop a security policy for the company. Management
has emphasized that ease of use is paramount, and little time is available for
training. Working in small groups, each group should write a list of questions
aimed at getting enough information for developing the policy. After determining
the questions, each group should interview another group, with the other
group posing as the architectural firm and answering the list of questions.
What level of security should the policy reflect? Use one of the templates you
found in Case Project 9-3 to develop a policy based on the answers the other
group supplies.