ABSTRACT
A historical case that I am familiar with will now be presented. This case will give you an even better sense of how to use procedures and tools discussed in previous chapters. The names, places, and some information have been altered to protect prior clients. Any names that are similar to those of current corporations or government agencies are coincidental. The persons in the case are:
Bill Miter Senior network security analyst Bob Jacobs Chief executive officer (CEO) of Nortelem, Inc.,
Boston, Massachusetts James Roberts Router administrator (who left and Steve Wier
took his place) Joe Freid Cable technician Lucy Miles Manager, system administrators Ron Yougald System administrator of hacked node Ross Pierce Manager, physical security personnel Sam Miller Member, physical security Steve Wier Router administrator Terry Reiner Manager, firewall and switch engineers/
technicians
The case began as so many others do-with a call from a potential client who has obtained my name and contact information from a previous, satisfied client. The first words I heard over the telephone from Bob Jacobs, CEO of Nortelem, Inc., were, “Our Web site has been hacked at least twice this past
week. The first time it occurred, my system administrator, Ron Yougald, took care of the problem-or so he thought. Now it has happened a second time. This is damaging to our reputation. Customers and the world in general will hear about this and believe we can’t even take care of our own systems, much less handle a client’s problems.” He started to continue, but I stopped him, telling Bob he needed to settle down and cease talking about sensitive corporate matters over an unsecured telephone line. Anyone could be listening in. I then asked Bob for his e-mail address. I sent Bob an encrypted email using AT&T’s Secret Agent product. Bob was able to decrypt the e-mail when he received it because we had agreed to a decryption password over the telephone. The e-mail contained my company’s standard contract. Bob was to review it, sign it, and fax it back to me at the number I provided in the e-mail. Bob spent a couple of hours reviewing the contract with his legal department. He then signed and faxed the contract to me. During that time, I verified that Bob Jacobs and Nortelem were actually who Bob had said they were. Now I could take action. I immediately booked a flight to Boston, the home of Nortelem, Inc.
