SlideShare una empresa de Scribd logo

Countering Computer Hacks-Sandy Suhling

S
suhlingse

INFO 644: Critical Thinking 2, a case study on a computer hack at Stellar University

TecnologíaNoticias y política
1 de 10
Descargar para leer sin conexión
Countering Computer Hacks: A Case Study By Sandy Suhling
Computer hacking ● What is it? (Beaver, 2007) ● Who does it? (Skoudis & Liston, 2005) ● Why is it a problem?
Case Study: Background ● About Stellar University ● Computer security ● Corporate culture
Case Studies: Problems ● Computer system ○ no backup system ○ no firewall, unsecured subnet ○ server_1 naming convention ○ personnel conflicts ○ outdated server-IBM Netfinity 1999 ● Shift in Management focus ○ financial difficulties ○ all servers located at the computer center ○ reverse engineering, problems with changes ○ decision to replace server_1, action delayed
Case Study: What happened? ● Suspicious activity noticed by system administrator ● user ID Ken created w/ administrator rights ● Antivirus process to examine open files was disabled
Case Study: Immediate counter attacks ● cleaned the servers so they could be brought back up ● removed all malware that had been identified ● created password restrictions ● External vendor hired to certify the systems were completely cleaned, full functionality
Case Study: Long-term counter attacks ● informal post-mortem of what went wrong and why ● modified standard server configurations ● temporary password policy was made permanent ● eliminated invalid/multiple accounts ● Other possibilities were considered, but needed support from system administrators
Case Study: Were counter attacks adequate and effective? ● sufficient immediate counter attacks ● good use of technical controls ● formal and informal controls relatively absent from response
Case Study: Lessons Learned ● Communication and team work are vital ● Technical controls play an important role in preventing computer hacking ● Compromises in security (i.e. hacks and recovery) can be costly ● Education of employees is worthwhile
References ● Beaver, K. (2007). Hacking for dummies. Hoboken, NJ: Wiley Publishing. Retrieved from http://proquest.safaribooksonline.com.proxy.library. vcu. edu/9780470052358 ● Dhillon, G. (2007). Principles of information systems security: Text and cases. Hoboken, NJ: John Wiley & Sons. ● Skoudis, E. and Liston, T. (2005). Counter hack reloaded: A step-by-step guide to computer attacks and effective defenses. (2nd Ed.). New York, NY:Prentice Hall. Retrieved from http://proquest.safaribooksonline. com. proxy.library.vcu.edu/book/networking/security/9780131481046 ● Stock.XCHNG. (2013). Photos. http://www.sxc.hu/

Recomendados

Leone ct#4 presentation
Leone ct#4 presentationLeone ct#4 presentation
Leone ct#4 presentationvincentleone
 
Ui analysis in android
Ui analysis in androidUi analysis in android
Ui analysis in androidVítor Bruno de Almeida
 
Implementing Continuous Monitoring
Implementing Continuous MonitoringImplementing Continuous Monitoring
Implementing Continuous MonitoringJohn Gilligan
 
ICSE 2019 A Model-Integrated Approach to Desiging Self Protecting Systems
ICSE 2019 A Model-Integrated Approach to Desiging Self Protecting SystemsICSE 2019 A Model-Integrated Approach to Desiging Self Protecting Systems
ICSE 2019 A Model-Integrated Approach to Desiging Self Protecting SystemsAndrea Montemaggio
 
Requirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityRequirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityAmel Bennaceur
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy Automation5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy AutomationTufin
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testingCu Nguyen
 

Recomendados

Leone ct#4 presentation
Leone ct#4 presentationLeone ct#4 presentation
Leone ct#4 presentationvincentleone
 
Ui analysis in android
Ui analysis in androidUi analysis in android
Ui analysis in androidVítor Bruno de Almeida
 
Implementing Continuous Monitoring
Implementing Continuous MonitoringImplementing Continuous Monitoring
Implementing Continuous MonitoringJohn Gilligan
 
ICSE 2019 A Model-Integrated Approach to Desiging Self Protecting Systems
ICSE 2019 A Model-Integrated Approach to Desiging Self Protecting SystemsICSE 2019 A Model-Integrated Approach to Desiging Self Protecting Systems
ICSE 2019 A Model-Integrated Approach to Desiging Self Protecting SystemsAndrea Montemaggio
 
Requirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityRequirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityAmel Bennaceur
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy Automation5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy AutomationTufin
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testingCu Nguyen
 
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015Cory Scott
 
Case of a computer hack
Case of a computer hackCase of a computer hack
Case of a computer hackericwinn
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps OverviewAdrian Sanabria
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
System Accidents: Understanding Common Accidents
System Accidents: Understanding Common AccidentsSystem Accidents: Understanding Common Accidents
System Accidents: Understanding Common AccidentsGalen Emery, CISSP
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterJisc
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsICS
 
Security Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonSecurity Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonInformation Security Awareness Group
 
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...DETER-Project
 
Itpi metricon 0906a final
Itpi metricon 0906a finalItpi metricon 0906a final
Itpi metricon 0906a finalGene Kim
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdfMing Man Chan
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
Building a Secure Organization
Building a Secure OrganizationBuilding a Secure Organization
Building a Secure OrganizationSiddharth Subramaniam
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Más contenido relacionado

Similar a Countering Computer Hacks-Sandy Suhling

Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015Cory Scott
 
Case of a computer hack
Case of a computer hackCase of a computer hack
Case of a computer hackericwinn
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps OverviewAdrian Sanabria
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
System Accidents: Understanding Common Accidents
System Accidents: Understanding Common AccidentsSystem Accidents: Understanding Common Accidents
System Accidents: Understanding Common AccidentsGalen Emery, CISSP
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterJisc
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsICS
 
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...DETER-Project
 
Itpi metricon 0906a final
Itpi metricon 0906a finalItpi metricon 0906a final
Itpi metricon 0906a finalGene Kim
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdfMing Man Chan
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 

Similar a Countering Computer Hacks-Sandy Suhling (20)

Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015
 
Case of a computer hack
Case of a computer hackCase of a computer hack
Case of a computer hack
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps Overview
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
 
System Accidents: Understanding Common Accidents
System Accidents: Understanding Common AccidentsSystem Accidents: Understanding Common Accidents
System Accidents: Understanding Common Accidents
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of Worcester
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory Teams
 
Security Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonSecurity Open Science Grid Doug Olson
Security Open Science Grid Doug Olson
 
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
 
Itpi metricon 0906a final
Itpi metricon 0906a finalItpi metricon 0906a final
Itpi metricon 0906a final
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
 
Incident response
Incident responseIncident response
Incident response
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
 
Building a Secure Organization
Building a Secure OrganizationBuilding a Secure Organization
Building a Secure Organization
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 

Último

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Último (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Countering Computer Hacks-Sandy Suhling

  • 1. Countering Computer Hacks: A Case Study By Sandy Suhling
  • 2. Computer hacking ● What is it? (Beaver, 2007) ● Who does it? (Skoudis & Liston, 2005) ● Why is it a problem?
  • 3. Case Study: Background ● About Stellar University ● Computer security ● Corporate culture
  • 4. Case Studies: Problems ● Computer system ○ no backup system ○ no firewall, unsecured subnet ○ server_1 naming convention ○ personnel conflicts ○ outdated server-IBM Netfinity 1999 ● Shift in Management focus ○ financial difficulties ○ all servers located at the computer center ○ reverse engineering, problems with changes ○ decision to replace server_1, action delayed
  • 5. Case Study: What happened? ● Suspicious activity noticed by system administrator ● user ID Ken created w/ administrator rights ● Antivirus process to examine open files was disabled
  • 6. Case Study: Immediate counter attacks ● cleaned the servers so they could be brought back up ● removed all malware that had been identified ● created password restrictions ● External vendor hired to certify the systems were completely cleaned, full functionality
  • 7. Case Study: Long-term counter attacks ● informal post-mortem of what went wrong and why ● modified standard server configurations ● temporary password policy was made permanent ● eliminated invalid/multiple accounts ● Other possibilities were considered, but needed support from system administrators
  • 8. Case Study: Were counter attacks adequate and effective? ● sufficient immediate counter attacks ● good use of technical controls ● formal and informal controls relatively absent from response
  • 9. Case Study: Lessons Learned ● Communication and team work are vital ● Technical controls play an important role in preventing computer hacking ● Compromises in security (i.e. hacks and recovery) can be costly ● Education of employees is worthwhile
  • 10. References ● Beaver, K. (2007). Hacking for dummies. Hoboken, NJ: Wiley Publishing. Retrieved from http://proquest.safaribooksonline.com.proxy.library. vcu. edu/9780470052358 ● Dhillon, G. (2007). Principles of information systems security: Text and cases. Hoboken, NJ: John Wiley & Sons. ● Skoudis, E. and Liston, T. (2005). Counter hack reloaded: A step-by-step guide to computer attacks and effective defenses. (2nd Ed.). New York, NY:Prentice Hall. Retrieved from http://proquest.safaribooksonline. com. proxy.library.vcu.edu/book/networking/security/9780131481046 ● Stock.XCHNG. (2013). Photos. http://www.sxc.hu/