After several network security breaches, I have been tasked to increase the security of my company’s IT infrastructure as a part of my duties as senior systems administrator. An unauthorized individual managed to access the company’s network and several authorized users have been asked for their passwords by someone who claimed to be a member of our IT department. Therefore, I have been asked to implement IT troubleshooting best practices to improve the efficiency of solving these IT problems that are frequently experienced in this company.
Sally Chu requires all six of her administrative staff members to have the same computer access privelages.She would like them to all be able to access the applications and use the shared printer network, but wants to prevent them from being able to make an accidental changes. To provide the most efficient method of creating user accounts for these employees, they will be each be made their own account with restricted access to certain activities that will be reserved for the administrator. The computers will be a part of a domain in which the network administrators will be able to program the security and permissions for all the computers that are a part of the network (Windows, n.d.) The easiest way to create the user accounts is to click the start option, access the control panel, click “User Accounts and Family Safety”, and then select “User Accounts”. After this screen, “Manage Another Account” should be selected and then six new accounts should be created that are unable to access administrative functions that are essential to the computer’s main functions. An individual account will be created for each employee to have access to each computer.
Information is believed to be a key asset of any business today. No matter how exactly the business operates, disclosure of information to people that are not authorized to make changes to it or utilize it will be costly. The disclosure of information is a serious blow to any company, which may result in loyal customers’ loss, downgrade of the business’s reputation and image in the market, and considerable loss of business opportunities.
Personal-computer setup with at least two peripheral devices
A personal computer is a computer whose capabilities and size make it useful for users. Hardware comprises of the physical parts.
Would you recommend using a firewall? Explain.
Firewall is considered as a baseline control for securing the network environment of any enterprise. In general, routers are equipped with built-in firewall, such as Network Address Translation (NAT) or other software based packet filtration. However, a separate hardware based firewall is recommended for small medium enterprise or a global enterprise. Hackers are now using advanced methodologies for penetrating within the network. One of the examples are Advanced Persistent Threats (APT) that uses advanced encryption algorithms and phishing techniques. Once a network is compromised, confidential information such as trade secrets may be leaked and reputation or an organization will be at stake, for instance, banks may lose their clientele or may even become bankrupt if personal information is leaked such as credit card numbers.
Would you recommend using antivirus filtering? Explain.
Antivirus is also considered as a baseline security control that is considered mandatory for a computer network to be protected. The primary purpose of Antivirus is to detect and clean viruses from the system. Antivirus filtration is configured for detecting viruses attached to an E-mail, once the recipient open the attachment within the E-mail, virus files are executed.
Would you recommend an intrusion detection system? Explain.
Previously, firewall and antiviruses were adequate for securing a corporate network from threats and viruses from the World Wide Web. Today, security threats are continuously increasing, as hackers are using advance techniques capable of exploiting even the smallest of vulnerabilities. Intrusion detection systems are now mandatory, as they provide alert messages prior to an attack. These alerts inform the concerned personnel to isolate the infected machines from the network or initiate an action plan to combat against the threat.
When an IDS generates alerts, it can send them to a console in the security center, to a mobile phone, or via e-mail. Discuss the pros and cons of each.
The first major benefit for transmitting these messages is the information about the security breach that is about to happen. Likewise, receiving this information early provides time to the concerned personnel to initiate an action plan, as per the scenario. Moreover, a reliable information channel is preferred, for instance, SMS on cell phone is more relevant, as it is quickly accessible. If these messages are transmitted via email and the employee is not available in office, the information will not be effective. Furthermore, if these messages are accessed via unknown personnel, they can be misused. Hence, the messages generated by IDS must be secure and must be transmitted via reliable and secure medium.
Examine the integrated log file shown in Figure 9-15 of the text.
Identify the stages in this apparent attack, b). For each stage, describe what the attacker seems to be doing.
There are total 3 stages in this attack. The first stage incorporates a password attempt for accessing E-mails. The second stage incorporates a successful login to the SMTP server. The third stage incorporates retrieving emails from the SMTP server to the attacker’s location. The attacker has tried more than one password attempts to login the SMTP server. After gaining access to SMTP server by using the ID: Lee, the hacker deactivated host log entries. Moreover, data is also transferred from TCP.
Decide whether the actions in this stage work at human speed or at a higher speed, indicating an automated attack.
By reviewing the time sequence, it is obvious that it was a dictionary attack on the User Id: LEE. The logs are clearly demonstrating the evidence, as first login attempt was at: 08:45:07:49, the second login attempt was at: 08:45:50:18.
Decide whether the evidence in each stage is suggestive of an attack or conclusive evidence.
Logs in the figure shows that the attacker used a dictionary attack that randomly checked the password, or maybe there is a possibility of guessing the password of the user. Moreover, host logs were also disabled so that there will be no evidence of an unknown host present on the network.
Overall, do you have conclusive evidence of an attack?
There were two wrong attempts on Login ID: Lee. Moreover, host logs were also disabled, as these logs provide information of the hosts present on the network. Furthermore, data was transferred via SMTP as well as TCP.
Do you have conclusive evidence of who committed the attack?
188.8.131.52 As a suspicious IP address that guessed the password or used a random dictionary attack with 40 seconds time interval. After disabling the host logs, data was transferred via SMTP and TCP.
A firm is trying to decide whether to place its backup center in the same city or in a distant city. List the pros and cons of each choice.
The disaster recovery site must not be available in the same geographical region. One advantage is that for testing the disaster recovery site, resources are easy to manage, as the site is located within the same region. However, if a disaster hits one region, for instance, if earthquake occurs, the primary location as well as the disaster recovery site may be damaged. Whereas, if the disaster recovery site is located in geographically different location, risk is minimum.
To get out of taking exams, students occasionally phone in bomb threats just before the exam. Create a plan to deal with such attacks. This should take one single-spaced page. It should be written by you (a policy advisor) for your dean to approve and post in your college.
For dealing with this scenario, federal police helpline or bomb disposal helpline should be informed immediately. The government officials can investigate the originality of the caller and the bomb evidence can be investigated separately by the bomb disposal squad. Moreover, for minimizing the delay of the exam timings, a separate facility needs to be arranges in a safe secondary location that must not be too far away. The secondary location must be within a reach of every student. However, the exams must be delayed for some time in order to investigate the primary facility by bomb disposal squad. If the bomb disposal squad gives 2 hours or above for investigation, the secondary location plan will be executed, all students and their guardians must be informed about the slight change in exam timings along with the secondary location address. If the bomb disposal squad declares no bomb or bomb has been diffused, students of the second shift will conduct the exam on the primary location.
After you restore files following an incident, users complain that some of their data files are missing. What might have happened?
The plan has not addressed the recovery time objective adequately. Secondly, there is a possibility that the backup schedule is at 5:00 PM and the incident takes place on 4:30 PM, eventually the data will be available till yesterday 5:00 PM.
Honey pot networks are the most advanced form of security, as they are also considered as advanced intrusion detection systems. Likewise, honeypot networks provide hackers to access the demilitarized zone and show itself as the actual network. The honeypot systems are expensive and are part of the security infrastructure of an organization. Moreover, honeypot networks can be utilized for improving an organization’s information security policy.
1) Do you think programmers should be allowed to develop server-side dynamic Web pages, given the dangers that are involved in their doing so?
Server Side dynamic web pages pose one the largest internet security threat. The server side dynamic web pages use CGI applications and SSI-enabled web pages, but are insecure because poorly written code produces holes, leaks, and back doors on a system that would otherwise be safe. The programmers should know that CGI applications and SSI pages create the three most common security risks such as information leaks, gives access to potentially dangerous system commands or applications, and may deplete system resources.
The information leaks provide the hacker with the information that provides them with the weapons that they could use to break into the server. This brings out the fact that dynamic server side pages pose a security threat to a system because the hacker gets access to information that should be hidden to the hacker. The Server Side dynamic web pages pose security threats where hackers use the commands to gain access to the services of the server that they could use for their own gain. Example is using HTML form based script; the hacker uses this information to send fraudulent messages to client get confidential information.
Establishing a successful framework for business continuity in the wake of disrupted operations or when a disaster strikes requires a comprehensive understanding of such areas as financial assets and their influence on business operations as well as information systems resources that are readily available. It is imperative that knowledgeable and experienced team members recognize the most critical priorities in these scenarios, including sustainable business functions, the availability of financial resources, and recovery time frameworks. Security policies may be in different stages of their life cycles; therefore, the stage must be evaluated to determine how to move forward in the event of a significant disruption (Johnson and Merkow, 2011). In the event that disaster strikes, the systems team should already have established roles and responsibilities to assess the damage and to take the steps that are necessary to promote recovery with as little permanent malfunction as possible (Johnson and Merkow, 2011).
Disaster Recovery Overview
In the process of developing a disaster recovery policy there are many aspects that must be considered for the business and the appropriate actions and systems that must operation or be set into motion once a disaster is expected or has occurred. The disaster recovery plan includes all of the documented processes, procedures, plans, practices, roles, responsibilities, resources, and structures that are used to protect the IT infrastructure as well as the information that is utilized in the business (Johnsom and Merkow 2011). The disaster recovery plan in essence provides for the systematic procedure to bring the business back up and running after a disaster but maintaining a proactive approach and putting safeguards into place to mitigate risk to the IT resources can provide a quicker response for the business. The return to service or RTS timeframe is the primary objective and key performance indicator of the disaster recovery plan. This return to service timing is impacted by the ability of the disaster recovery plan to mitigate potential risks prior to disasters, safeguard the assets during a disaster and ultimately return all IT services and assets back to operational status within the shortest timeframe possible. These key areas are impacted by the business’s infrastructure, composition and organizational goals.
The networking of Hinds Hall’s four floors is going to take on two different formats: a wireless as well as a wired network. Outlined below is an overview of the planned approach to cabling, as the wired network will be the main platform for networking, with the wireless network simply being an addition to increase the networking opportunities. The outline will take on a step by step format, detailing the installation of the six subsystems as indicated within the EIA/TIA 568B standard. The first step in the cabling process will entail identification of the Building Entrance (EF), followed by the selection of an Equipment room, relative to the entry point of the main cables. The best route for the backbone cabling, used to link the telecommunications closets (TE) will then be identified, bearing in mind the distance limitations of the cable used (UTP CAT 6A in this case). The design for the horizontal cabling as well as the termination points (wall plates) for each individual floor will also be outlined.
Advice for password protection on Desktop PC
Passwords are vital in protecting documents. To ensure that information is safe and your password is not interfered with a person needs to change it regularly such as after every three months. It is also not advisable to reuse old passwords as someone may have a link to it. To avoid password recognition a person should keep it as a secret. Passwords should not be filed into personal computers or sent via e-mail to colleagues. In cases where a person must allow his friends or colleagues to access his password, it is advisable to create a temporary password for them and later change it. Some cases require ongoing access, which might lead to the creation of a separate account.
The most surprising thing in Chapter 5 was the concept of AAA which implied to Authentication, Authorization as well as Auditing. Assessment of people’s identity can be achieved through requesting permission of resource use through the process of authentication. It was also surprising to note that specified permissions can be granted to any authenticated user through a process of authorization. A network system can also conduct auditing or accounting which involves collection of information concerning a person for analysis through the provision of log files.
I have always lived by the motto that we never understand our true potential until we try.
At the same time, I am also fortunate to have been helped by many people during difficult times. These experiences have also helped me to realize that society prospers when those with potential and resources are passionate about making a positive difference in the lives of less fortunate members of society. This is why I want to pursue my Masters in Technology Management with a concentration in Health Services Management, which can help me to be of service to some of the most vulnerable members of society. I am also seeking a Masters in Technology Management/Health Services Management. I would like to emphasize that with the growing technology, having a dual career is valuable. I want to be a positive role model for my children and to prove that we—and not our circumstances—determine our eventual destiny in life. Not only will I be the first member in my family to pursue a graduate degree, but I will also be able to prove the skeptics wrong who are convinced that single mothers such as me do not have what it takes to complete the graduate degree and to have a successful career as a Healthcare Administrator. I am specifically interested in becoming a Healthcare Administrator in the Navy because I realize that the program is challenging and will push me to do my best.