What tech nique was used by the Kiley Innovators employee to send information to the rivalmarketing company?
Lori is a certified ethical hacker as well as a certified hacking forensics investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company came out with an exact duplicate product right before Kiley Innovators was abo ut to release it. The executive team believes that an employee is leaking information to the rival company. Lori questions all employees, reviews server logs,and firewall logs; after which she finds nothing. Lori is then given permission to search through the corporate email system. She searches by email being sent to and sent from the rival marketing company. She finds one employee that appears to be sending very large email to this other marketing company, even thoughthey should have no reason to be communicating with them. Lori tracks down theactual emails sent and upon opening them, only finds picture files attached tothem. These files seem perfectly harmless, usually containing some kind of joke. Lori decides to use some special software to further examine the pictures andfinds that each one had hidden text that was stored in each picture. What tech nique was used by the Kiley Innovators employee to send information to the rivalmarketing company?
What type of insider threat would Shayla be considered?
Shayla is an It security consultant, specializing in social engineering andexternal penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company’s network security. No employees for the company, other than the IT director, know about Shayla’s work shewill be doing. Shayla’s first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee’s access badge and uses it to gain unauthorized accessto the Treks Avionics offices. What type of insider threat would Shayla be considered?
What built-in Windows feature could you have implemented to protect the sensitive information on these laptops
You are the CIO for Avantes Finance International, a global finance companybased in Geneva. You are responsible for network functions and logical securitythroughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows XP. Last week, 10 of your company’s laptops were stolen from salesmen while at a conference in Amsterdam. These laptops containedproprietary company information. While doing damage assessment on the possiblepublic relations nightmare this may become, a news story leaks about the stolenlaptops and also that sensitive information from those computers was posted toa blog online. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?
What no-cost setting could Jacob make to stop pop-ups on these computers?
Jacob is the network administrator for Richardson Electric, a heating and air conditioning company based out of Wichita. Jacob is responsible for the entire corporate network, including its security. Jacob has recently been receivingnumerous calls from users stating that they receive pop-ups all the time. Theseusers’ computers are all running Windows XP SP2. Jacob checks their Internet Explorer settings and the pop-up blocker is on for every machine. Jacob decidesto install a couple of other free browsers that have pop-up blockers, and the computers still receive numerous pop-ups. Jacob downloads free spyware and adwareremoval software to scan these computers. The scans return no results, and thecomputers are still getting numerous pop-ups. Jacob does not have any money inhis budget to buy any commercial products to stop this issue. What no-cost setting could Jacob make to stop pop-ups on these computers?
What type of attack has William just demonstrated to his boss?
William is the senior security analyst for Cuthbert & Associates, a large law firm in Miami. William is responsible for ensuring complete network security.
William’s boss, the IT director, is trying to convince the owners of the firm to purchase new Blackberry devices and new Bluetooth enabled laptops. William h
as been telling his boss that using Bluetooth devices like that is not secure. William’s boss doesn’t believe that Bluetooth devices are a security risk, so he
asks for a demonstration. William obliges his boss by setting up an attack with his personal laptop and his boss’ Bluetooth enabled phone. William uses Logic
al Link Control and Adaptation Layer Protocol ( L2CAP) to send oversized packets to his boss’ phone. This attack overloads the phone and William is able to do
whatever he wants to with the device now. What type of attack has William just demonstrated to his boss?
What other command could Michael use to attempt to freeze up the router?
Michael is an IT security consultant currently working under contract for alarge state agency in New York. Michael has been given permission to perform any tests necessary against the agency’s network. The agency’s network has come under many DoS attacks in recent months, so the agency’s IT team has tried to take precautions to prevent any future DoS attacks. To test this, Michael attemptsto gain unauthorized access or even overload one of the agency’s Cisco routers that is at IP address 192.168.254.97. Michael first creates a telnet session over port 23 to the router. He uses a random username and tries to input a very large password to see if that freezes up the router. This seems to have no affect on the router yet. What other command could Michael use to attempt to freeze up the router?
Under what right does this investigator have to ask for the encryption algorithms and keys?
Nathan is the senior network administrator for Undulating Innovations, a software development company in Los Angeles. Nathan’s company typically develops secure email programs for state and local agencies. These programs allow these agencies to send and receive encrypted email using proprietary encryption and signing methods. An employee at one of the state agencies has been arrested on suspicion of leaking sensitive government information to third world countries for profit. When the US federal government steps in, they seize the employee’s computer and attempt to read email he sent but are not able to because of the encryption software he used. Nathan receives a call from an investigator working forthe CIA on this particular case. The investigator tells Nathan that his companyhas to give up the encryption algorithms and keys to the government so they can read the email sent by the accused state employee. Under what right does this investigator have to ask for the encryption algorithms and keys?
With this error checking, what will be the resulting speed of the wireless networks?
David is the wireless security administrator for Simpson Audio Visual. Davi d was hired on after the company was awarded a contract with 100 airports to install wireless networks. Since these networks will be used by both internal airport employees and visitors to the airports, David decided to go with the de facto standard of 802.11b. Every airport wants to use 802.11b with TCP error checking, even though David has said this will slow down the wireless network connection speeds. With this error checking, what will be the resulting speed of the wireless networks?
What is Kevin attempting here to gain access to Katy’s mailbox?
Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, whohas an online email account that he uses for most of his mail, knows that Katyhas an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any information.
What is Kevin attempting here to gain access to Katy’s mailbox?
What command did James type in to get this window to come up?
James is an IT security consultant as well as a certified ethical hacker. James has been asked to audit the network security of Yerta Manufacturing, a toolmanufacturing company in Phoenix. James performs some initial external tests and then begins testing the security from inside the company’s network. James finds some big problems right away; a number of users that are working on WindowsXP computers have saved their usernames and passwords used to connect to serverson the network. This way, those users do not have to type in their credentialsevery time they want access to a server. James tells the IT manager of Yerta Manufacturing about this, and the manager does not believe this is possible on Windows XP. To prove his point, James has a user logon to a computer and then James types in a command that brings up a window that says “Stored User Names and Passwords”. What command did James type in to get this window to come up?