(lights off in front of the room, Maxine is standing at the back, where she picks up an envelope on the computer/desk

nearest the door. She opens it and looks at its contents, and pulls out an ID.) MAXINE: (on cellphone) Understood, Sir. We guarantee everything will go smoothly. Leave this to us. Yes, I understand whats at stake. Nothing will go wrongfor us. (ends phone call, calls Keembe.) Ill launch a Distributed Denial of Service attack on Azacar Company tonight, so they cant inform Linopod they havent authorized this transaction. Has Giah uploaded the Trojan horse into our IRC networks? KEEMBE: (should be sitting down somewhere with the class) The program has been downloaded by over one thousand computers through their IRC clients, Max. Our zombies are ready. Giah has an appointment set for tomorrow evening with Linopod Corporations vice president. Shell be going as Azacars CEO. Can you secure fake IDs for her? MAXINE: Can I? Of course I can. Just make sure everything goes well on your end, and get the handprint of their Vice President. Ive already IP spoofed Azacar and placed an order with Linopod, actually. [lights off] [SCENE 2 lights on in front; Giah enters in front, and Beth stands up to greet her. Giah is wearing latex gloves. Beso beso] Beth: And you would be the CEO of Azacar? Wow, such a young CEO for such a successful company! Im Beth, Vice President for Public Relations of Linopod Company. Chill, our CEO, apologizes for not being able to make it today. Shes been out of the country, and she wont be back until next week. Giah: Thank you, Miss Beth, but Ill have you know Im impressed with your companys work on IT security as well. We are very excited to be able to enter this deal with your company, and finally be able to set up a direct private communications link between our companies, as your trading partner. Shall I sign the contract? We can have a photo op after. Beth: (flattered) Definitely! A value-added network (VAN) wouldnt suffice for major clients such as you. Heres the contract and here (gives one of our classmates a camera), take a picture of us! Giah: Wait! I want a picture with us shaking hands. [pose, picture.] Beth: Oh, I know! How about we have a celebratory dinner? Ill go ahead and have the car prepared. Do you want Japanese? Native? What kind of food? Giah: Anything will do, Miss Beth! Beth: Oh, call me Beth. We cant have dinner together calling each other Miss. (walks away) Dont take too long, okay? Giah: All right. Ill just keep my things. (turns around and presses earpiece) Keembe? Giah here. The contract terms have been decided on. The EDI process should be underway soon, and her handprint plus a picture has been secured. Keembe: Good. Now its up to Max. [lights off, Giah exits. SCENE 3 opens at the back.] MAXINE: (on cellphone) Yes, I know its been a week, and the transactions are ongoing, but we cant I cant just urgh. I know and am working on it. But even so, we only have limited access. Ive

already bypassed the firewall. Just be patient. Fine! You know what, Ill launch a DoS attack on Linopod Corps system as well, if thats what you want. You mean a Smurf attack? Yeah, yeah. Ill do that. That IS a kind of denial of service attack, you know, along with the distributed denial of service attack and SYN Flood attack. What? Fine. Ill hurry. (ends call) This is so not going to end well, but the customer is always right. (goes to computer and starts typing) MAXINE: AAAAAAAAND now its closed. For a company with high network security level, they didnt even try to catch the culprit red-handed using deep packet inspection. Great. I knew this would happen. Now I cant get in. I need an inside identityhmmm Oh I know! Ill use HIS account to enter, since this is all his fault. (Types again, but a few minutes later maxs cellphone rings and she answers) MAXINE: Yes? Keembe! KEEMBE: Max, what are you doing? He just called me, and hes furious because you used his account to access the system while it was under a quarantine. Is this true? MAXINE: Yes, I did. KEEMBE: Max! What the. Why would you do that? Do you know how dangerous this is? He could get caught, and that was not part of the deal. Our reputation as criminal consultants would be destroyed! You need to fix this. Delete the system audit log, now. MAXINE: What? But Keembe, thats kind of really obvious, and I needed an inside account. KEEMBE: Now, Max. Delete it. MAXINE: Fine. It was useless anyway. Their mainframe is too tight. I cant get into their operating system. We need to have software inside the company. KEEMBE: You mean a virus? MAXINE: Yes. I could write the program for it, but theres no way theyll let me plug in there. KEEMBE: Ill talk to the customer. Just write the program, and Ill take care of the rest. [LIGHTS OFF, SWITCH TO FRONT, WITH JUSTICE AND JOHONEY AND A FEW OTHER TEAMMATES SEATED] JUSTICE: *looking stressed, typing a lot on Sirs computer+ Who would do thisHow? JOHONEY: Whats wrong, Just? You look stressed. JUSTICE: Someone just launched a Smurf Attack on our system. I guess I should be glad they didnt use a DDoS instead, but still JOHONEY: What does that mean? JUSTICE: *sighs+ A smurf attack is an attack wherein the perpetrators computer IP spoofs us and sends a ping message packet to an intermediary, so that the intermediary sends a lot of echo responses to us and crashes our system. JOHONEY: Oooh! I know! Thats a denial of service attack, isnt it? So this means our website is down?

JUSTICE: Yes. [Goes back to typing] JOHONEY: What about a DDoS? Why the extra D? JUSTICE: [mutters] JOHONEY: What? JUSTICE: I SAID Distributed Denial of Service. JOHONEY: Oh. So lots of websites crash, not just us? JUSTICE: [Facepalms] No, it means the perpetrator uses a lot of computers to crash our website. It causes more damage cause it comes from more computers than a SYN Flood or a smurf attack. JOHONEY: SYN Flood? JUSTICE: [annoyed now] A SYN Flood attack transmits hundreds of SYN packets to the targeted receiver, but he never responds with an ACK to complete the connection, so the receiver keeps requesting for acknowledgment until it times out. Dont you have something else to do? Im busy. JOHONEY: *sad+ I was just curious aboutNever mind. Ill go away, then.

TEAMMATE 1: [sees Johoney sad] You want to know what a Smurf attack is? JOHONEY: [Happy] Yes, please! Will you tell me? Thank you so much. TEAMMATE 1: A Smurf Attack is when the perpetrator of a smurf attack uses a program to create a ping message packet that IP Spoofs the victims computer to an intermediary, and so the intermediaries, which are a bunch of computers, all send an echo response to the victims computer and overwhelms it. JOHONEY: But what about our firewall? Isnt that a system that enforces access control between two networks? Wont that stop the attackers? TEAMMATE 1: Well, all we have is a network-level firewall, which is efficient but its kind of low security. It has a screening router that examines the source and destination addresses attached to the incoming message packets and accepts or denies requests based on filtering rules programmed into it. Actually, its a firewall that offers less security but more convenience. We could have had an application-level firewall, buuuut Mr. Tiu, our chief operating officer, rejected the idea because although it provided a higher level of network security, it adds a lot of overhead to connectivity. We could have run security apps called proxies to perform user authentication for some tasks, plus gotten some sweet auditing tools and transmission logs for unauthorized activity. TEAMMATE 2: Yeah, and he wouldnt let us invest in an intrusion prevention system that employs DPI to stop DDoS attacks either, because he said it was a waste of time or something. Its not deep packet inspections would inspect the entire content of the message packet, not just the header portion. JOHONEY: *Sighs+ I dont really know a lot about these thingsWhy dont I ever know them? *is sad and leaves the room]

TEAMMATE 1: Shes kind of hard on herself. TEAMMATE 2: Well, she has to meet big expectations. Word is theyre planning to promote her to Justices role when he gets promoted. Justice was, after all, the one who suggested message sequence numbering, which is why we now add a sequence number in each message so no one can delete or change the order of the messages we receive. TEAMMATE 1: Oh yeah, wasnt he the one who suggested that thing where we have a log of the user ID, time of access, and terminal location from where the access originated? TEAMMATE 2: Oh, you mean the message transaction log? Yeah, thats also him. TEAMMATE 1: But you know, Johoney isnt so bad. She was the one who suggested multilevel password control, where different functions need different passwords. Its saved the company a lot of money, cause many employees can share the same computer now without mixing functions. JUSTICE: Hey, back to work. I just realized we also lost our system audit trail and our event logsomeone is really out to get us. Maybe I should have pushed for keystroke monitoring instead of just event logging. That way, we could have records of both the users keystrokes and the systems responses instead of just the key activities of the system. Not that it matters, if theyd deleted it. [Slams hand on table] What in the world are we up against? How did they even get in our system? I shouldve implemented a one-time password system, so we can have new algorithmgenerated passwords every minute instead of just reusing the same password over and over again. TEAMMATE 1: Sir, could it be a line error that deleted our data? JUSTICE: No, Johoney made sure all electric motors, atmospheric conditions, faulty wiring, defective components, or noise spills from other communications channel dont cause any line errors. Im sure its not that. TEAMMATE 1: At least it doesnt seem like the attacker is making much progress either? JUSTICE: But were in a deadlock a draw. Thats no good either. We cant go on like this; our customers need to access our website [LIGHTS OUT, SCENE ENDS, STARTS AT THE BACK WITH ONLY JOHONEY AT FIRST] JOHONEY: Im so uselessI couldnt even understand what was going on there. What am I going to do? All I can really help with at this point is those of network topologies the communication lines, hardware components, software*SIGH+ But network risks? Not my thing. MATTHEW: *enters room, swinging USB around a finger+ Who do I.Oh, Johoney! What are you doing? Why so blue? JOHONEY: [Surprised] Mr. Tiu! What are you doing here? Oh my gosh, Im so haggard-looking, not professional and neat at all! Im so sorry. Also, what do you mean blue? Are my clothes not white? Did I accidentally choose something blue? MATTHEW: No, I mean why so sad? JOHONEY: OhOh, its nothing, sir. MATTHEW: Come on, you can tell me.

JOHONEY: Its justSir, I feel like I cant help. Our network suffered from a DoS, but Im useless. I just learned the meaning of DoS this morning, so I really know nothing about it. MATTHEW: [nods, with slow realization dawning on his face+ Oh. Well, Im pretty good with networks. I think I can help you. JOHONEY: Really, Sir?! MATTHEW: Yes! All you have to do is plug this into the system and itll fix everything. JOHONEY: You mean it?? MATTHEW: Yes, but you have to plug it in using Miss Beths computer. JOHONEY: Huh? Why? MATTHEW: See, Miss Beth always leaves her computer logged-in, but if you use your computer, youll have to go through the normal log-on procedure because youre technically unauthorized to fix problems like this. If you use her computer, the operating system will create an access token that contains key info about her, including her user ID, password, user group, and privileges granted. If you look at the access control list, Miss Beth has access privileges to almost everything, as well as discretionary access privileges meaning she can grant access privileges to others. JOHONEY: So its to allow this program to access everything? MATTHEW: Yup! That program needs to access everything in order to fix things. But if you give it to Justice, *puts his arm around Johoneys shoulders+ he wont let you do it. JOHONEY: *Sad+ I cant blame him for not trusting me MATTHEW: Well, trust me. Hell rely on you from now on, if you fix this. Even he cant fix it, but if you can JOHONEY: Hell believe in me again! Oh thank you, Matt! *runs out of the scene+ MATTHEW: *calls Keembe+ Itll be plugged in within the day, I assure you. Tell her not to screw up this time. KEEMBE: Yes, sir. Ill inform Maxine right away. [Lights in front, enter Johoney in front. Beth is already sitting at a computer, happily clicking away on FB, which we project on screen] BETH: Oh, hi Johoney! How are you? JOHONEY: Im great, Miss Beth! BETH: Sure? You look sad. JOHONEY: ErI just miss the president, thats all! Shes always so confident, it makes me feel so much safer when shes around the company. BETH: Oh, I know how you feel. This catastrophe would never happen with her around! Shes so smart. JOHONEY: [sad again] I wish I could be as smart.

BETH: Oh honey, dont be sad! Shell be back tonight, so Im sure shell fix everything. Wait here, I know how to make you feel better! Ill get you a bar of chocolate! JOHONEY: Oh, thats a great idea Miss! I love chocolate! BETH: [running outside] Should I get Toblerone? Or Cadbury? Maybe just Snickers? I think Snickers! I love Snickers! JOHONEY: [looks at door until Beth is gone, then quickly sits down and plugs in the USB] Okay, here! Now this will work MAXINE: [sitting down at back+ I dont really need the DoS attack anymore, so Im just going to fix it. JOHONEY: OMG! Eveerything is okay again! I did it! I did it! Im amazing! I cant wait to tell Justice, hell be so proud of me! [EXIT, Then enter Justice and Co, with Johoney and Beth and Matthew] BETH: Lets have a toast to Johoney tonight! For saving our systems, without even breaking a sweat. Tell us, Johoney, how did you do it? JOHONEY: *looks at Matthew+ Well, it wasnt just me. Actually it was mostly MATTHEW: Dont be humble! Accept credit where its due! JOHONEY: [Surprised] Really Sir? Werent you the one who -? JUSTICE: Im really proud of you, you know. I always knew you had it in you. Could you tell me how you did it? That was a really impressive hacker you just beat. JOHONEY: Well, I didnt really MATTHEW: Well have a celebratory dinner tonight [Suddenly, all lights turn off. People gasp, and the lights turn back on. Justice runs to the computer and starts clicking and typing like crazy. If possible, we can project that thing Jamaica talked about where the circles break and stuff? ] JUSTICE: What in the world Everything! All our defences, theyre compromised. What happened [realizes something] Johoney, tell me exactly what you did to fix the system. Now. JOHONEY: What, I didnt I saved everything I didnt do this! JUSTICE: NOW, Johoney! Theres no time. The hacker has just breached another level. JOHONEY: Well, I just plugged in this USB into Miss Beths computer JUSTICE: You did what? Oh no! Whose USB was it? JOHONEY: It was MATTHEW: What have you done? [points accusingly at Beth] You, you let her access your account? When you know your account has privileged access? Do you know what abuse of that kind of access does to a system? BETH: I didnt - Johoney, while I was out getting chocolate, did you? *hurt+

JOHONEY: Miss, I didntI was only trying to help *looks as if shes about to cry+ JUSTICE: That USB must have had a malicious programNow the attacker has total access to our files! What do we do?! MATTHEW: Beth, if Chill hears about this BETH: Its not my fault, its Johoneys! MATTHEW: But it was your responsibility! When I tell the president CHILL: *Enters+ When you tell me what? Whats going on? I leave the company for a few days and now youre in trouble? <<<<<<ikaw lay insert synopsis from start until niabot te chill jaece.. O.o mao ni iya iingon>>>>>>> In the first place, there is no one sweep solution against an expert hacker. Johoney, you should have been more skeptical because a USB drive with contents you dont even know is clearly suspicious. Whats the status? JUSTICE: Maam, the hacker has breached all but our last two levels, ____ and ____. Its only a matter of minutes until our mainframe server goes down, or worse, goes to the hands of that filthy hacker. CHILL: I understand. We dont have a choice, then. (adto sa office nit te chill..turns on the computer) Activate Almadel. (screen turns black the system appears. Hopefully were not too late. This virus will set up another security control: a dual-homed firewall, with 256-bit advance encryption standard keys. As te Chills virus is countering Maxs virus, te Chill talks about security. CHILL: Our operating system is the core of our companys operations, as it runs in our mainframe server, it integrates all our processes. We need to let the operating system do its job. As the OS protects itself from users, protects users from themselves, protects users from each other, protect itself from its own, and protects itself from its environment, WE have to protect it. Now, I get that the hacker has found a back door because of the USB. Even our most secure log-on procedures and access tokens were bypassed. We need to tighten our access privileges, both at physical and logical level. Beth, do not let others get inside our offices without supervision, and DONT let anyone plug anything, or touch our computers. Review our employee records to check our people who may have possibly worked together with the hacker to jeopardize our information system. Justice, there should be some system log records left in our server. Check for the TCP/IP and IP addresses associated within the timeframe of the attack, we might catch our hacker. Also, after Almadel has finished cleaning our system, implement a one-time password via PIN. But keep Johoney suggestion of multilevel passwords. Do you have pen and paper? Because you really have to write this. a. All of us should provide passwords before we can access sensitive data. b. Make sure our passwords are not sloppy nor weak.

c. Check our encryption keys at irregular intervals because they might be compromised, rendering our password encryption useless. d. Have someone review and modify our log-on and lockout procedures. Someone may have made too many mistakes in logging on. Johoney, fix our system logs, and this time, provide a high level of security so that it wont be easily erased. Also, we are going to send a distress signal to the ____, our trusted security team. Conduct echo check, parity check and prevent unauthorized sniffers from intercepting our message. I will send a digitally signed document with RSA encryption, so make sure it gets across ____ uncompromised.

Matthew, you and I are gonna have a talk.