Chapter 11 Page 7

2. What types of activities are prohibited by the Computer Fraud and Abuse Act??

Activities are listed on page 537.

3. What types of activities are illegal under the Federal Wiretap Act? The Pen Register, Trap and Trace Devices statute?

The Federal Wiretap Act makes intercepting communications illegal. The Pen Register, Trap and Trace Devices statute adds the noncontent parts of a message to that protection.

1. Survey results on the incidence of cyber attacks paint a mixed picture; some surveys show increases, others show decreases. What factors could account for the differences in results?

Student responses will vary. Some possible explanations include underreporting on surveys or lack of knowledge of the attacks. It is possible that attacks are becoming common and un-noticed.

2. Consider how a hacker would like to trick people into giving you their user IDs and passwords to their accounts. What are some of the ways that you might accomplish this?

Student responses will vary. The most common approach would probably be a phishing email, indicating a need to “verify” account information by going to a false website.

3. B2C EC sites continue to experience DOS attacks. How are these attacks perpetrated? Why is it so difficult to safeguard against them? What are some of the things a site can do to mitigate such attacks?

DOS attacks come from many computers (zombies) at the same time. It is therefore difficult to isolate just the attacker’s IP address and shut off traffic from it. Use of a firewall may help mitigate these attacks.

4. All EC sites share common security threats and vulnerabilities. Discuss these threats and vulnerabilities and some of the security policies that can be implemented to mitigate them. Do you think that B2C Web sites face different threats and vulnerabilities than B2B sites? Explain.

EC sites are vulnerable to the following major types of security attacks: operating system holes, Web server holes, database server holes, problems with storefront and shopping cart software, DOS attacks, input validation attacks, eavesdropping attacks, malicious



当前页为:第 7 页 分页:1 2 3 4 5 6 7 8 9 10 11