ICE #2

What is the difference between a regular denial of service (DoS) attack and a distributed denial of service (DDos) attack? Which is harder to combat? Why?

A denial of service is an attack coming from one location with multiple requests attacking a specific target in an attempt to pull it down. A distributed denial of service is similar but the attack comes from multiple locations usually from bot computers that are controlled by a single attacker or group of attackers. DDoS is harder because its very hard to figure out exactly where the attack originates from since the attacks seem to come from multiple locations at once.

How can dual controls, such as two-person confirmation, reduce the threats from acts of human error and failure? Describe two other controls that can also reduce this threat?

Dual controls can reduce threats since they require a second confirmation or verification. This is often referred to as two factor authentication where the user must enter something they know (probably a password or pin) and something they have (possibly a token or an id badge). This helps secure systems from user error because if one control is compromised another control is still needed to access the users account. Other controls such as backup drives that save another copy of all of the users logs and data frequently would help prevent loss of information. Input validation built into applications and systems also helps protect against user error and failure because it ensures the correct types of data and information are sent.

Why do employees constitute one of the greatest threats to information security that an organization may face?

Employees are huge risks to information security in an organization because humans are easily bamboozled by hackers into giving out personal information or downloading malware. Humans are easily "socially engineered". Phishing emails are a very common way of tricking users.

Why is information security a management problem? What can management do that technology alone cannot?

Information security is a management problem because management is the one who authorizes new technology, makes security policies, and enforces said policies. Technology won't work if policy is not used to enforce its use. Management is also in charge of risk management and play a big role in choosing technology for use within disaster recovery plans, if there is no management to create plans, high cost damages are inevitable.

Briefly describe the types of password attacks addressed in Chapter 2 of your text? Describe three controls a systems administrator can implement to protect against them?

Types of password attacks include brute force attacks, dictionary attacks, and rainbow table attacks. Brute force attacks consist of simply trying every possible combination of characters until you guess the correct ones. Dictionary attacks are like brute force attacks but use a "dictionary" of commons passwords to aid in guessing the password. Rainbow table attacks involve acquiring the encrypted password file and looking up the hash in a table. Dictionaries are often used in corporations to keep users from using common passwords. Organizations can also create requirements so that passwords take longer to crack such as making length requirements for passwords and requiring variation in character types such as uppercase letters, lowercase letters, numbers, and special characters.