Copyright 2012 Elsevier Inc. All Rights Reserved Chapter 2 D ✓ Solved

copyright 2012 Elsevier Incall Rights Reservedchapter 2deceptionc

All Rights Reserved Chapter 2 Deception Cyber Attacks Protecting National Infrastructure, 1st ed. 2 All rights Reserved C h a p te r 2 – D e c e p tio n Introduction • Deception is deliberately misleading an adversary by creating a system component that looks real but is in reality a trap – Sometimes called a honey pot • Deception helps accomplish the following security objectives – Attention – Energy – Uncertainty – Analysis 3 All rights Reserved C h a p te r 2 – D e c e p tio n • If adversaries are aware that perceived vulnerabilities may, in fact, be a trap, deception may defuse actual vulnerabilities that security mangers know nothing about. Introduction 4 Fig. 2.1 – Use of deception in computing All rights Reserved C h a p te r 2 – D e c e p tio n 5 All rights Reserved C h a p te r 2 – D e c e p tio n Introduction • Four distinct attack stages: – Scanning – Discovery – Exploitation – Exposing 6 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.2 – Stages of deception for national infrastructure protection 7 • Adversary is scanning for exploitation points – May include both online and offline scanning • Deceptive design goal: Design an interface with the following components – Authorized services – Real vulnerabilities – Bogus vulnerabilities • Data can be collected in real-time when adversary attacks honey pot All rights Reserved C h a p te r 2 – D e c e p tio n Scanning Stage 8 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.3 – National asset service interface with deception 9 • Deliberately inserting an open service port on an Internet-facing server is the most straightforward deceptive computing practice • Adversaries face three views – Valid open ports – Inadvertently open ports – Deliberately open ports connected to honey pots • Must take care the real assets aren’t put at risk by bogus ports All rights Reserved C h a p te r 2 – D e c e p tio n Deliberately Open Ports 10 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.4 – Use of deceptive bogus ports to bogus assets 11 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.5 – Embedding a honey pot server into a normal server complex 12 • The discovery stage is when an adversary finds and accepts security bait embedded in the trap • Make adversary believe real assets are bogus – Sponsored research – Published case studies – Open solicitations • Make adversary believe bogus assets are real – Technique of duplication is often used for honey pot design All rights Reserved C h a p te r 2 – D e c e p tio n Discovery Stage 13 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.6 – Duplication in honey pot design 14 • Creation and special placement of deceptive documents can be used to trick an adversary (Especially useful for detecting a malicious insider) – Only works when content is convincing and – Protections appear real All rights Reserved C h a p te r 2 – D e c e p tio n Deceptive Documents 15 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.7 – Planting a bogus document in protected enclaves 16 • This stage is when an adversary exploits a discovered vulnerability – Early activity called low radar actions – When detected called indications and warnings • Key requirement: Any exploitation of a bogus asset must not cause disclosure, integrity, theft, or availability problems with any real asset All rights Reserved C h a p te r 2 – D e c e p tio n Exploitation Stage 17 C h a p te r 2 – D e c e p tio n Fig. 2.8 – Pre- and post-attack stages at the exploitation stage All rights Reserved 18 • Related issue: Intrusion detection and incident response teams might be fooled into believing trap functionality is real. False alarms can be avoided by – Process coordination – Trap isolation – Back-end insiders – Process allowance All rights Reserved C h a p te r 2 – D e c e p tio n Exploitation Stage 19 • Understand adversary behavior by comparing it in different environments. • The procurement lifecycle is one of the most underestimated components in national infrastructure protection (from an attack perspective) All rights Reserved C h a p te r 2 – D e c e p tio n Procurement Tricks 20 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.9 – Using deception against malicious suppliers 21 • The deception lifecycle ends with the adversary exposing behavior to the deception operator • Therefore, deception must allow a window for observing that behavior – Sufficient detail – Hidden probes – Real-time observation All rights Reserved C h a p te r 2 – D e c e p tio n Exposing Stage 22 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.10 – Adversary exposing stage during deception 23 Interfaces Between Humans and Computers • Gathering of forensic evidence relies on understanding how systems, protocols, and services interact – Human-to-human – Human-to-computer – Computer-to-human – Computer-to-computer • Real-time forensic analysis not possible for every scenario All rights Reserved C h a p te r 2 – D e c e p tio n 24 All rights Reserved C h a p te r 2 – D e c e p tio n Fig. 2.11 – Deceptively exploiting the human-to-human interface 25 • Programs for national deception would be better designed based on the following assumptions: – Selective infrastructure use – Sharing of results and insights – Reuse of tools and methods • An objection to deception that remains is that it is not effective against botnet attacks – Though a tarpit might degrade the effectiveness of a botnet All rights Reserved C h a p te r 2 – D e c e p tio n National Deception Program Financial Accounting and Reporting Section 1: Statement of Cash Flows Harnish Decorators provides the Statement of Operations, Statement of Financial Position and Statement of Shareholders’ Equity and footnote information for use in preparing its 2012 statement of cash flows.

REQUIRED: Prepare an indirect statement of cash flows for 2012. Identify non-cash transactions. Cash paid for interest and income taxes are not necessary Footnote Information: · FIXED ASSETS During 2012, Harnish had no asset purchases or sales. Carrying Value Property Plant, and Equipment, at cost $4,880 $4,880 Accumulated Depreciation $3,150 $3,105 Property, Plant and Equipment, Net $1,730 $1,775 · INVESTMENTS Harnish holds securities designated as trading securities and as available-for-sale securities. All securities are reported at their fair-market-values, in accordance with GAAP.

During 2012, Harnish purchased addition available-for-sale securities with excess cash. · DEBT AND LEASES On June 30, 2012 Harnish repaid all of the outstanding installment notes, incurring a pre-payment penalty of $18. Harnish issued $300 of 3% bonds due in 2020 at par to replace the financing provided by the installment note. No other bonds were issued or retired during 2012. Also during 2012, Harnish leased a new warehouse under a capital lease and a new steamer under an operating lease. The minimum lease payments for the capital lease totaled $125.

The operating lease payments totaled $45 for 2012. Operating lease expense is included in selling costs on the income statement. Face Value Carrying Value % Installment Note $0 $% Bond due in 2020 $300 $% Bond due in 2018 $500 $501 $503 Total Debt $801 $928 Capital Lease Liability $545 $450 Total Debt and Lease Liability $1,346 $1,378 Current Portion ($46) ($177) Total Long-term Debt and Lease Liability $1,300 $1,201 · PENSIONS Harnish provides a defined-benefit pension plan for its employees. During 2012, Harnish increased cash contributions to reduce underfunding. Pension Benefit Obligation Beginning Balance $ 1,230 $1,125 Service Cost $ 142 $140 Interest Cost $66 $ 65 Benefits Paid $ (120) $ (100) Ending Balance $ 1,318 $1,230 Plan Assets Beginning Balance $ 430 $330 Actual Return $ (15) $ 60 Contributions $ 203 $140 Benefits Paid $ (120) $ (100) Ending Balance $ 498 $430 Net Pension Asset $ (820) $ (800) Net Accumulated Other Comprehensive Income Prior Service Costs $ - $ - Net Pension Gains & (losses) $ (58) $ - Pension Expense Service Cost $ 142 $140 Interest Cost $66 $ 65 Expected Return $ (43) $(33) Pension Expense $ 165 $172 · SHAREHOLDERS EQUITY During 2012, Harnish preferred shareholders converted all shares of preferred stock to common stock. During 2012, Harnish awarded its founder stock options with a value of $18. The stock options vest over three years. Harnish Designs Income Statement 2012 Sales Revenue 973 Wage Expense (320) Selling General and Administrative Expenses (120) Depreciation Expense (85) Income from Operations 448 Interest Expense (60) Loss on early repayment of installment note (18) Loss on investment in trading securities (20) Pretax Income 350 Income Tax Expense (100) Net Income 250 Harnish Statement of Shareholders’ Equity for 2012 PS CS APIC TS RE AOCI Total December 31, 2011 Balance $ 200 $ 45 $ 320 $ (12) $349 $ (8) $694 Net Income $250 $250 Pension gains and (losses) $ (58) $ (58) Unrealized loss on available-for-sale securities $ (8) $(8) Conversion of preferred stock $ 100 $ 5 $ 95 $100 Employee compensation $6 $ 6 Purchase of Treasury Stock $ (11) $ (11) Cash Dividend $ (64) $ (64) December 31, 2012 Balance $ 300 $ 50 $ 421 $ (23) $535 $ (74) $909 Harnish Design Balance Sheet Change Cash $77 $ Investments - Trading Securities $16 $ Investments - Available-for-Sale $800 $ Total Current Assets $893 $ Property, Plant and Equipment, net $1,730 $1, Capital Lease Assets $550 $ Deferred Tax Asset $133 $ Total Assets $3,306 $3, Accounts Payable $76 $ Deferred Revenue $18 $ Dividends Payable $1 $ Deferred Tax Liability $36 $ Current portion of Long-term Debt $1 $ Current portion of Capital Lease Liability $45 $ Total Current Liabilities $177 $ Long-term Debt $800 $ Capital Lease Liability $500 $ Net Pension Liability $820 $ Total Liabilities $2,297 $2, Preferred Stock $100 $ Common Stock $50 $ Additional Paid in Capital $421 $ Treasury Stock -$23 -$ Retained Earnings $535 $ Accumulated Other Comprehensive Income (Loss) -$74 -$ Total Shareholders’ Equity $1,009 $ Total Liabilities and Shareholders’ Equity $3,306 $3, Section II Bond Amortization Tables (select the appropriate table) A.

FV $3,000,000.00 Payment $150,000.00 Int. Rate for period 6% Number of Periods 5 Present Value $2,873,629.09 End of period Cash Payment Interest Expense Principal Carrying Value 2,873,629./31/,000.,417.,417.,896,046./31/,000.,762.,762.,919,809./31/,000.,188.,188.,944,998./31/,000.,699.,699.,971,698.11 B. FV $3,000,000.00 Payment $75,000.00 Int. Rate for period 3% Number of Periods 10 Present Value $2,872,046.96 End of period Cash Payment Interest Expense Principal Carrying Value 2,872,046./30/,000.,161.,161.,883,208./31/,000.,496.,496.,894,704./30/,000.,841.,841.,906,545./31/,000.,196.,196.,918,742.13 C. FV $3,000,000.00 Payment $90,000.00 Int.

Rate for period 2.5% Number of Periods 10 Present Value $3,131,280.96 End of period Cash Payment Interest Expense Principal Carrying Value 3,131,280./30/,000.,282.,717.,119,562./31/,000.,989.,010.,107,552./30/,000.,688.,311.,095,240./31/,000.,381.,618.,082,621.88 D. FV $3,000,000.00 Payment $150,000.00 Int. Rate for period 6% Number of Periods 10 Present Value $2,779,197.39 End of period Cash Payment Interest Expense Principal Carrying Value 2,779,197./30/,000.,751.,751.,795,949./31/,000.,756.,756.,813,706./30/,000.,822.,822.,832,528./31/,000.,951.,951.,852,480. Section 2: Equity Problems Question 1: Mentzer Health Care, Incorporated is a hospital management firm. Mentzer reports the following on December 31, 2011.

Common Stock: $1 par, 3 million shares authorized, 500 thousand shares issued and outstanding $ 500,000 Additional Paid in Capital 4,000,000 Retained Earnings 1,246,000 Accumulated Other Comprehensive Income 2,100 Total Stockholders’ Equity 5,748,100 REQUIRED: Prepare the journal entries needed in 2012 to account for the following transactions On February 1, 2012, Mentzer repurchased 10,000 shares of common stock for $18.00 per share. The shares were originally issued for $9. Mentzer accounts for the shares as retired common stock. 1. On May 1, 2012 Mentzer issued 200,000 of $1 par common stock to the public throughan initial public offering.

Shares sold for $25 each. The underwriting firm withheld $135,000 to cover issue costs. 2. Also on May 1, 2012, Mentzer issued 10,000 shares of $1 par common stock to Nursing Associates, in exchange for title to office space in their facility. The space was appraised for $275,000.

3. On June 30, 2012 Mentzer’s bond holders converted 3,000 bonds to common stock. The 5% bonds were issued on January 1, 2011 and pay interest semi-annually on June 30th and December 31st. The bonds mature on December 31, 2015. The market rate at the time the bonds were issued was 6%.

Each bond converts to 50 shares of common stock. The market price of common stock on June 30, 2012 is $28 per share. (See the bond tables in the cover section) 4. On September 1, 2012, Mentzer reissued the 10,000 shares repurchased in February for $30 per share. 5. On December 1, 2012, Mentzer declares a $1.00 per share common stock dividend, payable on January 5, 2013 to shareholders of record on December 13, 2012.

6. On December 31, 2012 Mentzer determine that the value of a put option tied to the NYSE health-care index has declined in value from $2.10 per contract on December 31, 2011 to $1.85 per contract. Mentzer purchased 1,000 contracts in 2011 and designated them as a cash-flow hedge against changes in reimbursements in 2013. The options expire in 2013. Question 2: Slade Manufacturing Reports the following information for 2012.

REQUIRED: Compute Basic and Diluted Earnings per share. Slade had the following transactions related to common stock during 2012 · On January 1, 2012 Slade had 1,000,000 share of common stock issued and 165,000 shares in treasury. · On March 1, 2012 Slade issued 250,000 shares of common stock for $68 per share · On April 1, 2012 Slade declared a 150% stock dividend. · On May 1, 2012, Slade repurchased 750,000 shares of common stock for $28 per share · On December 1, 2012 Slade declared a $0.50 cash dividend payable on December 29, 2012. For 2012, Slade had Net Income of $3,500,000 and paid cash dividends on the convertible preferred stock of $1,100,000 and cash dividends on common stock of $981,250.

Interest Expense on debt totaled $790,000. Slade also had the following potentially dilutive securities. Assume the tax rate is 35%. · 500,000 shares of preferred stock outstanding that are each convertible to 3 shares of common stock at the option of the shareholders. · The firm has 8,000,000 stock options issued. At the end of the year, the average stock price was $30. · 5,000,000 options allow the holder to purchase a share of common stock for $32. · 3,000,000 options allow the holder to purchase a share of common stock for $12. Section 3: Review Problems GRADE Part 1: PROBLEM 1 Part 2: PROBLEM 2 Part 1, Problem 1 Michelle’s Bridal Emporium misses both 2012 interest payments on the company’s $1,000,000 outstanding 10% bonds, due to a cash crunch.

The semi-annual interest payments were scheduled for June 30th and December 31st. On December 31, 2012, bond holders agree to modify the terms of the bond as follows: 1) Interest for 2012 is forgiven. 2) Beginning on December 31, 2013 will make four equal, annual payments of $240,000 in settlement of the debt. Required: 1. Assuming the bond was originally sold at par, give any journal entries