Security Awareness: Applying Practical Security in Your World, 3rd edition Solutions 1-1

Student Names: Farah AlZarooni, Somaya Ali, Sumaya AlHosani

Chapter 1 Solutions
Quick Quiz 1
1. Answer: False
2. Answer: True
3. Answer: Information security
4. Answer: exploiting

Quick Quiz 2
1. Answer: Script Kiddies
2. Answer: Cybercriminals
3. Answer: Probe for information
4. Answer: Layering
5. Answer: True

2) Case Project 1-1, p36 of text – The Current State of Security

The OUCH newsletter topic for the current month which is October talks about different types of attackers and
how can the user guard him/herself from them. Also, the September issue compared different kinds of web
browsers and their measureable security advantages. However in July issue, OUCH newsletter discussed a
more interesting new type of attack or danger that the users may face while using the social networking sites.
Facebook is one example of these social networking sites which is considered a very critical example. As the
users of Facebook are dramatically increasing and it is the No. 1 of the Top Ten social networking sites. It is
listed as a new danger for the users for many reasons. One reason is that it is suspected that the Facebook
operators are embezzling the users’ personal information. Another reason is that they suddenly alter the users’
security and privacy settings. Also, Facebook is considered an irresistible prey for hackers, crackers,
spammers, and scammers. For example, the users who display their full birthday are more exposed to identity
theft than the users who don’t.
The OUCH newsletter is presenting some guidelines for the users so they can protect themselves from these
attackers. One of these guidelines is to increase their awareness of the social networking attitude. They should
think carefully about how they want to use the social networking and assume that their personal information
and pictures are available to everyone not only their friends (Golden Rule). In addition, the users should be
cautious about who they are accepting as a friend as this friend will be able to view the user’s personal
information and pictures. In addition, they should be cautious when they join groups and networks.
Another guideline is for protecting the children from online predators which states to discard posting the child
name in a photo tag or caption. Also, the teenagers should not use the social networking without supervision.
Moreover, the users should set their privacy settings and adjust them to protect their identity. They should not
post their exact birthdates and they should regularly review their privacy settings. Additionally, the users
should avoid posting their location whether they are at home or not.
Along with the previous guidelines, the users should install up-to-date web browser and update it consistently.
Finally the user should be aware of how to delete their personal information if they wanted to stop using the
social network. For example, Facebook users should submit a deletion request and never login again to
Facebook. Unfortunately, there is no confirmed method that the deletion request is completed and yet
Facebook might still keep copies of the users photos on their servers for technical reasons.
pg. 1
Security Awareness: Applying Practical Security in Your World, 3rd edition Solutions 1-1
Student Names: Farah AlZarooni, Somaya Ali, Sumaya AlHosani

3) Visit the site: http://www.ftc.gov/bcp/edu/microsites/idtheft/ . There are seven key publications

available on this site. Summarize [1/2 page] a publication of your choice highlighting the main security
points raised.

To Buy or Not To Buy: Identity Theft Spawns New Products and Services To Help Minimize Risk
Fraud Alerts are mainly simple signals placed on your credit report. It helps in positioning your credit identity
before issuing credit under your name. Fraud alerts prevent those thefts that target opening new accounts
under your name. But it fails to hinder any misuse of the existing account.
Two different kinds of the fraud alert are identified by the federal Fair Credit Reporting Act (FCRA), initial
and extended. The former involves those situations in which you are suspicious about a current or potential
identity theft. If this takes place, you should report it directly to the consumer reporting company. It lasts for
90 days and could be renewed if necessary.
Initial fraud alerts are available for free under the law. A toll free number is called and informed to activate
such an alert on your credit account. As a result all consumer reporting companies will be informed of your
alert. Those companies are Equifax, Experian, and TransUnion. A free credit report will be available to you
upon request.
If the identity theft took place, an extended alert will be necessary. Differing from the initial fraud alert, the
extended alert stays for a longer period that is seven years. Credit bureau should be contacted to report such
kinds of frauds. Two free credit reports are entitled to the victims from the previously mentioned companies
within 12 months.
Another way of defeating identity theft is through credit freezes. It simple is withholding the access and usage
to your credit report. This method paralyzes any attempt or activity of theft aimed at your credit account.
Rules and conditions of credit freeze vary from state to state. The costs and lead times vary similarly. Credit
freezes are only totally free for identity theft victims. Free credit reports are offered to consumers every 12
months.
There are many products and services to prevent identity theft. Locking, flagging or freezing your credit are all
possible through what consumer reporting companies offer. They can also assist in placing freezes on your
credit report and renewing and updating your alerts and freezes automatically. In case of identity theft, those
companies may also assist you in rebuilding your identity. Several of other services are offered by those
companies to build more awareness against identity theft such as removing your name from a mailing list.
A library of resources is available by FTC to assist victims of identity theft on www.ftc.gov/idtheft.

pg. 2
Security Awareness: Applying Practical Security in Your World, 3rd edition Solutions 1-1
Student Names: Farah AlZarooni, Somaya Ali, Sumaya AlHosani

4) Visit the site: http://www.redbooks.ibm.com/abstracts/redp4397.html . Discuss briefly [1/2 page] the

main issues relating to IT Perimeter Security.

IT Perimeter Security
Latest technologies such as Internet, Wireless, Portable storage devices and mobile devices, has forced us to
redefine the definition of IT Perimeter from “Perimeter are well defined, and security could be enforced on a
physical level” to “Every device with potential networking capabilities can be considered a perimeter”.
The definition needs change as devices like, modems or single-point remote access devices, were introduced
to enable computers or terminals to communicate directly with the central computer system. This new
infrastructure layer requires an additional access control layer because access control enforced at the central
system was no longer sufficient to protect the host from unauthorized access. Single-point remote access
shifted dramatically with the introduction of Internet, which connected large number of PCs. Authentication at
the local system was lost as systems became personal. These PCs also began to be networked together through
the use of modems and eventually connected to the Internet.
Many sorts of wireless devices allow people to transparently gain access to the Internet and, with this access,
to gain access to a corporate IT environment. Because the systems and applications are interdependent and
connected. Devices such as vending machines, telephones, medical equipment, and manufacturing equipment
all have the ability to access the Internet and can even be accessed remotely. “The perimeter is now becoming
fuzzy. Any sort of computing device may become the perimeter itself, and these devices in many cases are
mobile”.
Some of the devices that break traditional perimeter security are:
 Applications that traverse through firewall policies.
 Mobile devices.
 IP-enabled devices internal to the network.
 External devices that are “allowed” on the internal network “temporarily”.
 Wireless access points that are unknowingly deployed.
 Direct Internet access from devices
Mobile devices are, in fact, mobile, their nature is to be moved and connect to various networks at various
locations. Some connection points can be within the organization’s perimeter, others are not. This requires the
mobile device in actuality to act as a perimeter, thus being enabled and configured to that end. IP-enabled
devices internal to the network often require a number of open ports in the firewall. To keep up with
technological advances, these devices are often IP enabled after their initial configuration, and thus they are
required to act as a perimeter as well, sometimes to protect an IP implementation where corners were cut to
enable the device’s functionality. External devices allowed on to the internal network temporarily can be a
major threat for internal IT security. These devices are typically not scanned for viruses; access is often
granted to an unrestricted network segment, and thus all devices in the network must act as one perimeter
against these external devices.
The introduction of wireless technology probably had the most impact on opening internal networks to
external threats. Unprotected and unknowingly deployed wireless access points still represent major loopholes
into the enterprise network, as shown by various drive-by attacks.
Direct Internet access from any device is one of the most difficult to control from an IT organization’s point of
view. These can be personal devices, not owned by the IT department. By connecting directly to a computer,
pg. 3
Security Awareness: Applying Practical Security in Your World, 3rd edition Solutions 1-1
Student Names: Farah AlZarooni, Somaya Ali, Sumaya AlHosani

these devices sometimes can enable the host computer to bypass traditional perimeter security controls. When
a “smart cell-phone” is connected to a computer and the computer can then access the Internet using the cell
phones’ internal modem capabilities. The user can then disconnect this device and reconnect the computer
back on to the IT infrastructure.
Because the network has become extremely dynamic, we must ensure a vigilant exploration of this ever-
changing network. Scanning and assessment must be continuous and ensure that we can identify misuse and
abuse of the network and its IT resources. The key to successfully defining the network perimeter is a
combination of automated network tools and the ability to globally enforce host-based security software
deployed to the mobile systems that access the network. Scanning and the discovering of unknown devices
also must be considered because by definition, these unknown entities may constitute a perimeter breach.
How to protect our IT Perimeters?
All computers and IP-enabled devices in the organization can be the perimeter. Every computer system with
potential networking capabilities can be considered a perimeter host device. Today organizations would rather
protect the network instead of protecting individual host Systems.
There are two basic approaches to analyzing the perimeter and the traffic around and through it using
automated tools. There are two types as passive and active monitoring tools.
Networks must provide a variety of communications in and out of an organization in a carefully controlled
manner. A key concept is defining security zones in network infrastructure. All areas of the network must be
part of a security zone, and all nodes must be able to act as the perimeter. Security zoning requires initial
classification, and it requires that zone definitions include the various types of mobility and enforcement. A
key benefit of a security zone is that in the event of a security breach or incident, the breach will be limited to
the zone itself.

5) Visit the site: http://www.symantec.com/business/security_response/threatexplorer/threats.jsp

Search for latest viruses and record  for one virus the following:

- Virus Name: W32.Pilleuz!gen14.

- Nature: Worm.
- Brief Description: W32.Pilleuz!gen14 is a heuristic detection that may include members of the
W32.Pilleuz family of threats. The target of Infection is spreading through file-sharing programs, instant
messaging and removable drives. It was discovered on 4 November 2010. The affected systems were
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows
Vista, Windows XP. The threat assessment of this worm is as follows. The wild level is Medium, the
number of infections varies from 50 to 999 and the number of sites varies from 0 – 2. In addition, the
geographical distribution is medium and the threat containment and removal is easy. The Distribution level
of this worm is low. It opens as a back door.
- Damage Level: Low.

pg. 4