The Help Desk at the College of Engineering at fictional Sunshine University has special privileges. It can fix user access problems bypassing normal access control procedures. Years ago, an Electrical Engineering professor with considerable prestige in the College was unable to submit a grant proposal because he had accidentally locked his Engineering account over the weekend. The Dean of the College and the Department Chair were extremely unhappy. As a “temporary” solution, student workers at the Help Desk were given administrative privileges to the Engineering domain, so they can change passwords and unlock accounts without inconveniencing the faculty and staff. Years later, the so-called “temporary solution” has become permanent, and quick response over the weekend is expected by all users.
One Saturday morning, Adam, a new student hired as a Help Desk employee decides, against the College’s policy, to install a BitTorrent client on his Help Desk computer. Later in the week, an investigation into reports of sluggish computers leads to the discovery of a bot-net installation on most of the computers in the College. After days of investigation, the source of the botnet installations is discovered when a keylogger is found on the machine Adam used. He had inadvertently installed malware on the machine together with the BitTorrent installation and the keylogger malware had captured Adam’s credentials.
Answer the following questions with regard to this organization:
1. What threats and vulnerabilities allowed this situation to occur?
2. What is the potential damage of this scenario?
3. Classify the threats and vulnerabilities in terms of Microsoft STRIDE.
4. What recommendations would you make to the Dean going forward?
5. In your opinion, what should be done with Adam?
This question belongs to computer science and discusses malware threats and vulnerabilities at fictional Sunshine University.
Word count: 514Download Full Solution
If you are here for the first time, you can request for a discount coupon, which can knock off upto 20% of the quoted price on any service.