Useful Textbook: Ethical Hacking
Note: The discussion should not be lengthy but just keep it between 250-300 words.
Discussion 01:W2
Given the rich and diverse skills and mindset of an ethical hacker (technical, administrative, and physical measures), which characteristics do you believe to be the most important in this role? Please explain your choice.
Discussion 02: W3
Tech companies prepare for cyberattacks using common cybersecurity resources. Select one of the resources listed and explain how you could implement that particular policy to prevent an attack: 1. monitoring and assessment, 2. policies and controls, 3. hiring, 4. software, 5. firewalls, 6. authentication and access, 7. encryption.
Discussion 03:W4
Cryptography is used to protect confidential data in many areas. Chose one type of cryptography attack and briefly explain how it works (examples include: ciphertext-only attack, known-plain-test attack, chosen-plaintext, chosen-ciphertext attack, timing attack, rubber hose attack, adaptive attack).
Discussion 04:W5
Explain in your own words what “FOOTPRINTING” (or digital reconnaissance) is and how you would go about gathering the information you need to determine the location of a recently stolen late model car that was last seen in the parking lot of our college.
Discussion 05:W6
Explain in your own words what type of information can be obtained by using network scanning techniques and why it is an important intelligence gathering process.
Discussion 06:W7
Research the variety of enumeration tools available. Select one tool and explain what it does, how it works and what type of information it extracts (example: Softerra LDAP Browser is the industry-leading software for browsing and analyzing LDAP directories. It provides a wide variety of features for handy viewing of directory contents, getting information about directory infrastructure and objects.)
Discussion 07:W8
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Explain a situation where using a keyloggers may be used in either a legitimate (legal) way or used as a tool for criminals.
Discussion 08:W9
Cybercriminals use many different types of malware to attack systems. Select one common type of malware listed in this article link and using your own words, explain how to defend yourself against it. https://www.esecurityplanet.com/malware/malware-types.html#maliciousmobileapp
Discussion 09:W10
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software – that will give them access to your passwords and bank information as well as giving them control over your computer.
Explain a scenario where you or someone you know may have unknowingly given too much personal information to a stranger. How could this situation been avoided?
Reference Article Link:
https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering
Discussion 10:W11
Web servers are compromised for a number of reasons which may include any of the following: Improper file or directory permissions, installing the server with default settings, unnecessary services enabled, security conflicts, a lack of proper security policies, improper authorization with external systems, default accounts with default or no passwords, unnecessary default, backup, or sample files, misconfigurations, bugs in server software, OS, or web applications, misconfigured SSL certificates and encryption settings, administrative or debugging functions that are enabled or accessible on web servers or the use of self-signed certificates and/or default certificates.
Select one of these compromises and explain how it could be avoided.
Discussion 11:W12
Wireshark is one of the most widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the preferred standard across many commercial and non-profit enterprises, government agencies, and educational institutions. GlassWire is a free network monitor & security tool with a built-in firewall. Review the features of these two products and explain how you could benefit from using either of these network management tools.
Discussion 12:W13
There are many mobile platform vulnerabilities listed in the readings from this week (slides 8, 9, and 10). Which do you feel is the greatest threat to users? Do you agree that people generally are not aware of the threats to their mobile devices?
Discussion 13:W14
Do you feel the benefits of cloud computing are worth the threats and vulnerabilities? Have we arrived at a point where we can trust external agencies to secure our most precious data? Please explain your answer.
Discussion 14:
Simple Questions:2/3of2/9
1) Explain why it is essential to use multi-factor authentication when banking online.
2) Are there other more secure methods to ensure data security or authenticity?
3) Other than banking, can you list another method that would provide a more secure transaction?
