Task 1
Memo
This is to notify the management that serious security problem in the existing network layout has been the experiencing. Among the areas that have been affected is the listing of costs of products on the web and also the email system. The security risks of these form are usually as a result of weakness in the security system of the organization’s information system infrastructure.
For instance, this problem occurred because hackers might have taken an advantage ad used the loopholes that might be existing in the system to penetrate and impersonate and finally alter the pricing in the system database so that they read differently. This form of attack is DoS attack as the hacker gained access and that all a super user so to change pricing. Besides that, another way in which the attack could have resulted from is as a result of social engineering traits whereby an insider might be compelled to disclose some information regarding the are data, and that information can be used to access the resources that are stored in the organization database (Bosworth & Kabay, 2002).
How the attack took place using Social Engineering
In my view, it is clear that social engineering technique was used to lure insider workers so that they can be able to give out some private information. This can be done by hacker giving out some USB storages and tells the employees to insert them on computers whereby these USBs are capable of reading all the key strokes from the computer, and it becomes easy to identify the passwords from the different key strokes (Bradley & Carvey, 2006).
The access of the system was as a result of social engineering whereby hackers used insider workers and they were able to access the critical organization data that they used to perform other forms of crimes.The use of USB cables to take data was used whereby workers were easily enticed.
However, there are some of the recommendations that should be done. One there should be the increase in physical security and also authentication means be implemented so as to make sure that files are not compromised anymore.
Security Recommendations
List of Security Recommedatiosn
1.Physical security implementations.
2.Segregation of duties.
3.Logical security enhancements.
4.Training
In this case, there are numerous security recommendations that should be applied so as to make sure that the organization can improve the security. Physical security measures should be applied to make sure that all forms of attacks are prevented. There should be adoption and of guards whose role is to keep security on gates whereby the computer systems are installed so as to make sure that all people who access the system and visitors are thoroughly checked before they enter into the venue. There should also be segregation of duties so that all forms of security features that are present in the organization are based on different levels of access and this will end up making sure that all issues to do with security are well maintained.
Another form of security measure is based on the use of CCTV and Alarms so as to report on all issues to do with monitoring and surveillance so that all forms of reporting is done to prevent any form of damage from escalating further in the industry. The installation of such form of technology will make sure that all forms of monitoring are done and that the possibility of a risk occurring in the system information structure is well addressed. The use of firewalls is also another form of protection that should be implemented as it will detect various forms of USBs that are being installed on the computers so as to read various forms of data. This will act as a good security measure (Bradley & Carvey, 2006).
Mock-Up
In this case,there should be that security drill that should be used to identify social engineering attacks whereby this should be done at organizational level that can be used to identify vulnerabilities that might be present.
This should be done as a form of security drill that should be conducted in the information technology department. The people who should be tested are those who work for the department. They should be subjected to the questions that are used by social engineers so as to check on how they should respond to those questions. Besides that, the people conducting drill should also make sure that they are able to detect the and analyze on how the security system is composed when they tries to access various resources that are installed in the organization. The techniques that should be used n the mock-ups are social engineerings based questions whose role is to try to identify whether the users workers can identify those criminals who at many times lures them to make sure that they can given insider information regarding the security of data. Therefore, the role of mock up is to give the management that aspect whereby they can know how their workers are always prepared to respond to the security drill that is being performed (Bradley & Carvey, 2006).
Task II
Penetration Test
Introduction
A penetration test is a type of systematic probing of any given system. Besides that, the system can be a combination of applications, networks and hosts. Penetration testing in many cases focuses more on how deep one can get into the system. Furthermore, this form of activity is normally confused with audits and also assessments. Various forms of tools are used to perform pen testing on any given network. The following penetrating tools that can be used to perform testing (Harrington, 2005).
.
- Metasploit.
- Wireshark
- Back Track
Description
Metasploit
Description of the Penetration Tools
Metasploit is regarded as one of the most advanced and also popular framework that can be sued for pen-testing. The tool is based on the concept of the exploit which is a form of code that can have the capabilities of surpassing the security measures and enter into the system. If this tool enters into the system, it runs the payload which is a code that is used to perform operations on a target machine and this end up creating a perfect network framework that is used for penetration testing.
The tool can be used on web applications, networks and also servers. The tool is based on GUI and command line interfaces. Furthermore, the tool works on Linux, Mac OS, and Microsoft Windows. The tool exists as the commercial product and also available as the trial version(Harrington, 2005).
WireShark
This is a form of tool that normally functions as protocol analyze. The tool is popularly known form offering the minutest details regarding the network protocols, packet information and also decryption roles.
About the operating environments, the device can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD and other forms of operating systems. The tool allows the use of GUI based interfaces or even the TTY mode and Tshark Utility. The tool is usually an open source product.This means that the product is set for free.
Back Track
Back Track Tool works only on Linux machines, and the new version of this form of tool is regarded as Kali Linux. Besides that, this tool is said to be one of the best tools that are available for packet sniffing and also injecting. For one to be able to use this tool, one needs to have a vast knowledge of TCP/IP protocol and networking. The tool is usually an open source product.
Limitations of the tools were used.
When the tools are being used to perform the various forms of penetration testing, there are different forms of limitations that are experienced arising from the costs and mode of applications to issues to do with the application of these tools.
These limitations are normally based on the choice of user interfaces that are used, ability to trigger various forms of sections and also the costs that are incurred when obtaining the tool that should be used to perform any given penetration test(Huang, MacCallum & Du, 2010).In short there is poor user interactions and also lack of proper knowledge that is used in development.
Metasploit
One of the limitations of these three tools that have been used in network penetration is based on the costs that are used to acquire the tools. While both wire shark and backtrack exist as open source products which mean that they are free, the Metasploit tool normally exist as a commercial product, and this makes small based firms not to afford the means based on the costs of the tool, and this makes the penetration test using Metasploit tool not to be effective.
Kali Linux
Another limitation is based on the fact that some tools do not support the capability to run in multiple operation systems environment. For example, Kali Linux was also known as the Back Track tool only runs on Linux based platforms and the users who might be using Windows or Mac operating system cannot be able to use the tool since it only supports Linux-based operating system. Besides that, this tools lacks good interactivity such as the use of GUI whereby it is based on the use of command line which might not be effective for many users who might be using the tool to perform the penetration testing(Huang, MacCallum & Du, 2010).
Wire shark
With regard to wire shark, this tool in many cases is usually not used an intrusion tool as it does not warn the user of whether there are strange tasks being executed on the network and this is regarded as one of the drawbacks of the wire shark program due to the fact that it does not trigger the message reporting to the user regarding new component in the network.Wireshark also does not have that capability of ensuring that all things are manipulated in the network. However, this tool is limited to just measuring things and it does not send the packet on the network or any other active things. These are some of the drawbacks of Wireshark as compared to other tools penetration tools.
Application of Metasploit as a penetrating tool.
This tool is used in platforms such as in servers whereby a certain form of vulnerability might be existing being exploited by worms such as Zotob.
The tool, at first, tends to have some execution of codes that is used to access the system. The tool uses the Check function to see if the system is vulnerable before even exploiting the system.
Wireshark
In penetration of network,Wireshark can be used based on operating systems such as Windows, Mac and Linux whereby it is a form of tool that can be used to inspect data that passes through network interfaces that can be used in Ethernet, AN and also across Wi-Fi.
Regarding application, this form of a tool can also be used by users to make sure that all forms of capturing are well captured that is further used to decode them for any form of analysis. Besides that, this form of tool is used to make sure that all forms of transmissions across the TCP/IP is well addressed.
Besides that the tool is also used to locate the HTTP protocols and also be in a position to identify any form of response from the host that it might be attempting to login(Huang, MacCallum & Du, 2010).
Back Track
The penetration testing, in this case, can be done by use coming up with ways and means that should be used to make sure that the WEP encryption that is found existing on routers is analyzed and also being checked whether such form of network security enhancement is crackable or not.
This makes it easy to understand various forms of attacks that might be directed to various devices on any given network. This form of tool in many cases is used to check on the ability to crack the passwords to various WI-FI based networks and be able to access various resources that are served by that network(Huang, MacCallum & Du, 2010).
Task III
When performing the detection analysis of the DOS attacks, there are various forms of procedures that should be used so as to make sure that all forms of risks are prevented from occurring. The following are the steps that should be followed (Imai, Shin & Kobara, 2009).
- Tracing the Source of Attacks
In this case, there is a need to make sure that one can trace the source of attacks so as to make sure that all the stakeholders in the network can identify the source of attacks. This can be done by use of network penetrating tools that usually report the traffic and also the sources of those forms of packets that are not allowed by in the network. The headers of those packets are always unique, and this makes it possible to know the packets that are being propagated by attackers (Imai, Shin & Kobara, 2009).
- IP handlers not visible.
The IP handles are also analyzed so as to make sure that the packets that are being analyzed if they belong to a subnet that seems to be an additional compete in the network then they can be noted to be some form of
- Server Crashes
In cases when there is any form of server crash it becomes possible to know that there are those forms features it becomes evident that there are impending attacks that are being carried out once the server tends to be slow and at some time.
Containment, eradication, and recovery Methods
The aspect of containment, eradication and recovery are usually done so as to make sure that all issues to do with containment, eradication and recovery are well addressed. In this case, the first phase involves the use of correcting the vulnerabilities whereby the team that is responsible for maintaining the security is based on all issues to do with making sure that the filtering is also done to make sure that all issues to do with flow of packets are addressed and the eradication of those elements that might be at some point be threats to the system security are well addressed. The targets should also be-be hidden to make sure that all issues to do with the management of all tasks to do with recovery and also the development of all forms of security measures are ell addressed (Peterson & Davie, 2007).
Post-Incident Recovery
I this case, there are various forms of strategies that are carried out to make sure that the incidence recovery program is executed in a good manner. In this case, there is the use of various methods and strategies that should be installed so as to make sure that the recovery means is well addressed. In this case, firewalls are configured to makes rue that all issues to do with the development of security measures are achieved. A new follow-up report should also be created whose role will make sure that all issues to do with management and development of all roles and responsibilities of an incident plan are well addressed (Peterson & Davie, 2007).
Role of Workers
The role of workers is to make sure that all issues to do with developments of all tasks to do with the management of all private data as are kept as one of the organizations secrets. Besides that, the workers should make sure that they report all new visitors who are suspected to be people with bad intention towards the security and also the data of the company. Therefore, the workers should play a role in making sure that all data in the organization is well protected to make sure that at no given time is data being compromised (Peterson & Davie, 2007).
Memo.
Due to the occurrence of such incidence in the firm, there are various forms of methods that can be used to identify what led to files being accessed. One of them is based on the fact that one worker left the firm; all the security enhancements remained unchanged and since she knew all the passwords and other security weakness she was able to inform her son and this made the company experience data loss. To avoid this form of attacks from taking place in future, there are various forms of security implementation measures that should be adopted.
One of the methods that should be adopted to make sure that the security and private data is well maintained is the segregation of duties among workers that will play a critical role in makings sure that all issues to do with ownership of private data access are known by only a few people. Besides that, all security features such as firewalls should be regularly configured to make sure that at no time is the data of the organization end up being compromised.
Another issue that can be outlined in from the incident is based on the fact that all forms privileges should also be categorized whereby all users should not gain access to those passwords whereby there is confidential information regarding the organization (Peterson & Davie, 2007). Implementing such measures will ensure that the organization security system is improved, and this will play a critical role in addressing the workers and also other stakeholders.
In conclusion, when such methods are encouraged, it becomes easy to ensure that all issues to do with data privacy are well addressed, and also, the probability of risk occurring is also reduced since the organization can have good means that should be used to address the issues to do with security at the organizational levels (Peterson & Davie, 2007).
References
Bosworth, S., & Kabay, M. (2002). Computer security handbook. New York: John Wiley & Sons.
Bradley, T., & Carvey, H. (2006). Essential computer security. Rockland, MA: Syngress Pub.
Harrington, J. (2005). Network security. Amsterdam: Elsevier.
Huang, S., MacCallum, D., & Du, D. (2010). Network security. New York: Springer.
Imai, H., Shin, S., & Kobara, K. (2009). New security layer for overlay networks. Journal Of Communications And Networks, 11(3), 211-228. http://dx.doi.org/10.1109/jcn.2009.6391326
Peterson, L., & Davie, B. (2007). Computer networks. Amsterdam: Morgan Kaufmann.
