Professional Documents
Culture Documents
Answers To Exercise 1 & 2. Excercise 1
Answers To Exercise 1 & 2. Excercise 1
EXCERCISE 1
DOS (Denial –of –Service) - denial of service attack prevents users from
accessing a computer or website. A hacker attempts to overload or shut down
a service so that legitimate users can no longer access it. DOS attack targets
servers and aim to make websites unavailable. Sometimes a hacker will
saturate the target machine with external communication requests such that it
cannot respond to legitimate traffic, therefore violating the availability goal of
information.
EXERCISE 2
VMWARE- VMware virtualisation software lets you run one operating system
within another. This is quite useful for security researchers who commonly
need to test code, exploits, etc on multiple platforms. It runs on windows and
Linux as the host OS. The good thing about VMware is that it’s also useful for
setting up sandboxes. You can browse from within a VMware window so that
even if you are infected with malware, it cannot reach your host OS.
GOOGLE- while it is far more than a security tool, Google’s massive database is
a gold mine for security researchers and penetration testers. You can use it to
dig up information about a target company by using directives such as “site:
target-domain.com” and find employee names, sensitive information that they
wrongly thought was hidden.
Exercise 1
b) List the main kinds of information your organization requires to meet its
mission. Note down any areas in which the mission makes preserving
the value of information difficult.
Exercise 2
The use of latest security gadgets cannot be the only way to protect
applications and organization resources but rather a good organization’s
security policy will. The use of electronic doors, use of access cards and other
security control measures will only ensure protection of physical equipment
and gaining access to information by unauthorized personnel and other
intruders. But a good information security policy will ensure the following.
An ‘Acceptable Use’ policy ensures that employees understand the way
in which information should be used.
It enables both employees and the business organization to gain the
maximum value from the internet.
It alerts all users to the technical and commercial risks that can arise if
the technology is misused.
It informs all users of the consequences of misuse by employees.
Exercise 6
Additionally the building process of a security policy will also help define
a company's critical assets, the ways they must be protected and will
also serve as a centralized document, as far as protecting Information
Security Assets is concerned.