Doug is a system administrator for XSecurity, Inc,, a well known security software company. Part of his duties include maintaining the company's servers and monitoring their logs. Doug had always been interested in cyber security, so he signed up for a certification program in ethical hacking. As part of the course, he was introduced to the concept of "Enumeration." Doug was curious, so on his home computer he downloaded the trial version of several enumeration tools and stored them on a USB flash drive. He then went to the public library and ran the tools on the library internet, using the library computers provided to the public for general use. He was able to harvest the names of several library systems, and by chance encountered the user name of one of his friends. Using some social engineering techniques that he had also learned in the certification class, he was able to discover his friend's password, and found that his friend had A Premium Member power user account.
1. Discuss the ethical concerns of Doug's actions. What might the ramifications or consequences of his actions be? Why?
2. If you were Doug in the case above, what would you do to practice the new skills, and why?