Published on: Mar 3, 2016
Transcripts - namngivna
1. Direct broadcast satellite TV companies have complained for years that their
systems have are secure, however there are a few ‘hobbyist’ who have
compromised the systems. Research the cat and mouse game being played for
both large US satellite companies (DirectTV and Echostar) and report on the
current state of system security for these systems
2. Pretty Good Encryption (PGP) has been around for a while now. How does it work?
Why are Governments so concerned about its routine use? What other encryption systems
are similar in performance? How seamless is PGP (and like encryption methods)
integrated into e-mail programs? Can you use PGP for other types of data? Are these
encryption systems practical for streaming or high speed network data? What are some
performance metrics? Demo’s and examples can be beneficial! Can PGP be used in A
VPN environment? Why, or why not?
3. Many people are very concerned with infrastructure attacks. Focusing on electrical
transmission, gas transmission (not gasoline), and local telephone services, investigate
the vulnerabilities to each command and control system. Are they as vulnerable to system
wide failure as some suspect? What is the official word from the service providers? What
safety measures are in place now for each service? What safety measures are planned for
the near term future? Provide your assessment of the safety of these systems from attack
via networks, computers, and from insiders.
4. Medical, financial, and personal data are extremely important to the privacy of the
individual. Investigate the vulnerabilities in each of these areas. Is it possible to “dig” or
“data mine” information on an individual (without his permission)? How far can you go
in each area? In particular, how much information can you obtain for free? What sources
would you employ to gain access to additional data? What are HIPA regulations, and
how will they affect this area? If you were an “insider” how much data could you obtain
on someone? (An insider, for example, is someone who may work at a medical facility or
a doctor’s office). Currently, what formal actions are being pursued for the protection of
this data (if any)? What are your recommendations to 1.) Lawmakers, 2.) General public,
3.) The active Internet user? Document your work well, and show all web based sources
5. Banking on line is a growing area. On-line money is a new e-commerce area.
Investigate how secure the on-line banking actually is. Target specific financial
institutions, write to them formally. Ask them how much fraud is being caused on-line
from their on-line (Internet) banking activities being hacked. Ask also for the fraud rates
of credit cards they offer. Ask how much of that fraud is Internet based fraud (i.e., people
using stolen card numbers over the Internet). What steps are each institution taking the
ensure security to their customers? What are the limitations and liabilities to the customer
who conducts their banking on-line with each banking institution?
Do they have procedures in place should a customer identify his account as being broken
into? What are they? Ask what steps are being taken to prevent their banking servers
from obtaining mobile code (virus which travels) and dynamic virus attacks (for example
Back Orifice 2000).
Point out to them that Norton Antivirus and similar signature-based antivirus programs
will not detect these type of attacks, and this is not an acceptable response. Detail and
summarize your findings.
6. Firewall Survey. Survey the state of the art in firewall protection. Firewalls are used at
network connection points to keep malicious people out of your systems. What are good
firewalls for personal, business, e-commerce, Government, and educational entities?
What are their limitations (in terms of attack coverage, event logging, data recording,
etc). Do they have provisions for dynamic code detection (virus which travels)? Is there
any attack detection?
7. CyberCops. You suspect a cybercrime at your business. What do you do now? What
evidence will you need for prosecution? (Assume New York state laws apply). How do
you get the evidence? What forensic tools and methods can you employ? Which can be
used 1.) Before the arrest, 2.) After seizure of the computer and network assets, 3.) To
demonstrate evidence in court. Work with D.A.s. How much has been done in our courts
today? What type of cases exist today? Give a summary of the steps to follow. Show
points of contacts in law enforcement, and legal representatives.
8. Computer Forensics. What is computer forensics? What are the necessary steps needed
to gather official evidence data? What tools work best? Are there tools which are
accepted for use in the courts?
9. News media spoofing
10. Cellular Telephone Hacking. Digital Cell Phone security. How secure are mobile
GSM and analog telephones? What technology is used to keep them secure? What are
points of vulnerability?
11. DVD Cracks. Recently, Digital Versatile Disks have been hacked. There exists two
programs to recover secure data, from the disks. Investigate the history, nature, and the
methods used to exploit this vulnerability. Are other data sources at risk? What legal
ramifications are there to exploiting data on DVDs or even using the DeCSS programs.
What can be done to re-secure the data on DVDs? What are region codes? Why are these
important? Can watermarks or steganographic means be a way to re-secure DVD data?
What are the controlling organizations for the security aspects to DVD data? Provide
your assessment (with as much support as possible) as to the direction DVD data security
will take in the next two years.
13. Hidden Data detectors. Steganography detection. Mobile code detection. Data can be
hidden in many ways in media. There exists today public domain data hiding software.
Assess the state of the art in data hiding detection software. (You may start by
investigating the data hiding software available). Try to think “out of the box” and make
your own recommendations as to how one may be able to detect hidden data in media
files. If one is able to hide data effectively, can the data represent computer code which
can become mobile (traversing as hidden data embedded in imagery, sound, or video)?
How would you propose to build protection mechanisms for this hidden mobile code?
Would it be part of an advanced firewall? Is there enough computing power available in
the firewall host to perform on-line real time steganography detection?
14. Wireless LAN/WAN Protection. IEEE 802.11b devices are claimed to be not secure.
Why? What software and techniques are required to break WEP? What are some
statistical data concerning the number of open access points? What is WAR DRIVING?
How is this performed? What equipment is necessary? Why are the risks so great? What
techniques can be used to secure IEEE 802.11b based devices and WLANs?