RODJEAN SIMBALLA BSIT 2D

PROJECTS IN FUNDAMENTALS OF INFORMATION ASSURANCE AND

SECURITY

PROJECT 2.1: UNDERSTANDING EMAIL-BORNE VIRUSES

1. Email-borne viruses are the malicious programs which are attached with the
emails and are inflicted to the target computer or computer system. These virus
may be carried with a spam or phishing message from your friend who might also
be unaware that his computer system in inflicted with such viruses.

An email virus consists of malicious code that is distributed in email messages, and it

can be activated when a user clicks on a link in an email message, opens
an email attachment or interacts in some other way with the infected email message

2. Antivirus software plays an important role in protecting against email viruses;

however, this technology must be implemented as an element of a
comprehensive, multi-layered cloud email security solution to effectively combat
advanced attacks

PROJECT 2.2: RESEARCHING HACKERS

Open disclosure of Vulnerabilities

When researchers discover any vulnerability in the software he makes it public at large
with all the specifics of that vulnerability like how it was found, what software are
affected by it, using any policy like now a day’s Rain Forest Puppy1 (RFP) is being
used. Different people have different opinions on the open disclosure method. Some
say it is the best way to obtain security while other argues on it with the question that
informing the public before the patch of the vulnerability can be dangerous and it can be
exploited. Let us understand both the points and then I will suggest will one is better. As
soon as a vulnerability is discovered at it is communicated to the public at large is a
good idea because at least the users which can be affected by that vulnerability will stop
using that software until the patch is available which fills that loophole thus saving them
from any possible threat. Second benefit is that the vendor of that software gets a
pressure to work on that vulnerability and hence a patch is available soon and along
with that the researcher gets the credit of discovering vulnerability and is rewarded at
the same time resulting in motivation for other researchers to do the same. On the other
hand arguments which arise on this type of disclosure like is it a good way to inform the
vulnerability of software to the public before its patch is made available. Questions are
raised that as soon as the vulnerability is made public several scripts are also
developed to exploit that vulnerability and is used by the script kiddies too.
 RODJEAN SIMBALLA BSIT 2D

Types of Hacker

Hacker is a term by which people usually get afraid of, they think that he is someone
who will gain unauthorized access into their computer systems and will damage them or
do any unethical activity. Hackers are of different types some are good some are bad
while for some it depends on their mood. So let us briefly go through the types of
hackers definitions:

White hat: A white hat hacker is someone who can break into computers, discovers
vulnerabilities but in a lawful manner. He does not have malicious intent to anything or
to harm anyone. White hat hackers are also called security experts who do all the
hacking in an organized manner as to check the loopholes of their own security system.

Black hat: A black hat hacker has a malicious intent and can harm us. Whenever he
breaks into the system with use of technologies like networks, internet, cell phones etc
his intent is to do a crime. Some of them gain unauthorized access to gain profit while
other does this to get name and fame. Black hat hackers are also called crackers.

Grey hat: Grey hat hackers can be said as the combination of both white and black hat
hackers. They can act as a penetration tester sometime while sometime they can
actually hack the stuff. There is a thin line which keeps them separated from the two
types of hackers but if they cross them they will either be called black hat hackers or
white hat hackers.

Position of hacker’s prior to patches available in market

As we know that in full disclosure policy the detected vulnerability is made public before
the patch is developed. In this case all the hackers whether grey, white, black or script
kiddies they all can exploit it. The white hat hackers are the one who sometime research
on the software and discover vulnerabilities so they are the good guys who doesn ’t
exploit it, rather they help the vendors to develop the patch for it. Black hat hackers are
the one whom we should actually focus on because they are the one who create script
codes or exploitation scripts to use that vulnerability for their malicious purposes. One
more thing they do is that the exploit scripts they create is being uploaded on their
websites and script kiddies also began to use them. Grey hat hackers can sometime
help the vendor to fix that vulnerability and may take some money for that too while
sometime they can exploit it but they did not cause any damage. They exploit it for their
own causes and reason or we can say that they want to prove themselves that they are
capable enough to break the security of the software .
 RODJEAN SIMBALLA BSIT 2D

PROJECT 2.3: COMPARING PHYSICAL AND VIRTUAL RISK-MANAGEMENT

TECHNIQUES

1. How is risk management for physical systems similar to risk management for
computer systems?

Risk management similarity for "computer & physical" systems are: Necessity: Risk

management is crucial for both the systems. Access control: In
both computer and physical systems, access control is used to protect unauthorised
entry of individuals. They are similar of being risk or a threat in a systems.

2. How are the two different?

A physical system can perform and manage processes internal to the

system;whereas any change to,or used,aconceptual system involves
processes performed by external physical systems interacting with the
conceptual system.
3. What skill sets are required for each type?

 Effective communication.
 Teamwork.
 Responsibility.
 Creativity.
 Problem-solving