Assignment 7 - Incident and Disaster Response

Discussion Questions

1. (DUE April 5, 2006 by midnight EDT) Briefly answer the following two questions:
   • What was the most difficult part of chapter 10 or the most surprising thing you learned in chapter 10?
2. (DUE April 6, 2006 before midnight (11:59 p.m. EST)) Select one of the following questions to discuss in detail through the threaded discussion.
   • Identify the most probable threats to a personal computing system located in a university computer lab. That is, identify the vulnerabilities that are most likely to be exploited. Estimate the number of times each vulnerability is exploited per year; justify your estimate.
   • "The authors, well-known and trustworthy experts in the field of security, made an outrageous claim that most of the Fortune 2000 companies have already been penetrated by hackers (and have been in that state for years!)" [Issues Discovering Compromised Machines Assume that you are the Information Security Officer of a fairly small company. After reading this article, a) Should you use a firewall? b) Should you use antivirus systems? c) Should you use an intrusion-detection system? d) Should you use an intrusion-protection system? What would you recommend and why?
   • Given the relative ease in identifying a honeypot [Defeating Honeypots: Network Issues, Part 1, Defeating Honeypots: Network Issues, Part 2, Defeating Honeypots: System Issues, Part 1], discuss the advantages of using a honeypot. When should you use a honeypot and why?
   • Discuss when journaling and real-time database duplication should be used. When should it not be used?
3. (DUE April 11, 2006 before midnight (11:59 p.m. EST)) Select a discussion from one or more of your classmates and respond to their comments.