Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Word Length: 2500 words Due Date: Week 14 (June 18 th 11:55pm) Submission: Moodle Turnitin Submission Case Study Description: Imagine at one end when you are discussing with the security services to...

1 answer below »
Word Length: 2500 words Due Date: Week 14 (June 18 th 11:55pm) Submission: Moodle Turnitin Submission Case Study Description: Imagine at one end when you are discussing with the security services to add up the layers of security defences, you find that your company has been compromised. But the intruder, rather than attacking your company's network, instead uses your servers as a launching pad for attacks on other companies, making your firm an unintentional ally. This is the scenario that IT managers faced at ITBase. ITBase is a publicly traded company that is considered a market leader in the highly competitive, multi-billiondollar IT infrastructure market. At the time of the attack, the IT managers were in discussions with SeekSecNet, a network security company to plan an external penetration test. The goal of the penetration test was to reveal IT infrastructure weaknesses to ITBase management. Armed with this information, management was to consider the benefits of further investment in security improvements versus the risk of inaction. ITBase had used a firewall to protect its corporate network, but the logs generated by the firewall were not rarely reviewed by the system administrator. Moreover, ITBase did not implement any intrusion detection capabilities. The organization learned of the incident when an unrelated firm contacted the corporate ICT205 Cybersecurity Final Exam Assessment T1 2020 administrators in response to a network attack that originated from a server located at ITBase headquarters and demanded that ITBase should take all necessary steps to terminate the attack. In the ITBase case, while the intruder launched his attack from a server within the ITBase network, he happened to attack an outside system that was being monitored for such activity. When the system administrator of the attacked network detected the hostile activity, he quickly notified ITBase system administrators. Assessment Requirement Specification As discussed in the case study assume that ITBase has approached SeekSecNet to add up the layers of the security. Now, ITBase wanted SeekSecNet to run further investigation about the incident. Assume that you are part of SeekSecNet and your team is taking the responsibility of running further investigation on the security incident. It is important to note that only one company contacted ITBase to complain; therefore, it is probably safe to assume that several compromised organizations were unaware of the attacks. Also, if ITBase had not been notified by the compromised organization, ITBase system may have remained compromised for months without notice. The IT professionals and the other business unit professionals of ITBase needs to place all possible measures for SeekSecNet to work on the incident. As a step towards this, ITBase should prepare a disaster recovery plan. Furthermore, as a team from SeekSecNet responsible for further investigation the team is expected to prepare a response based on the investigation and a Security Incident Checklist. Your report needs to include the following: 1. Prepare a disaster recovery plan for the incident experienced by the organization. The plan needs to include detailed discussion on how the steps of the plan are executed ICT205 Cybersecurity Final Exam Assessment T XXXXXXXXXXPrepare a response summary in relation to the incident based on the investigation 3. Prepare a security incident checklist to be used by the organization when they have been compromised
Answered Same Day Jun 17, 2021

Solution

Neha answered on Jun 18 2021
144 Votes
Executive Summary
This report is based on the case study of a company as they were attacked by a hacker and they want to find out the compromise system to save the other systems of the organization from attach this report includes plan which can help to find out the system and possible way to find out the attacker also. At last a checklist is provided which can be used by the organization in the future.
Introduction
This report is based on the ITBase company which is well noon as the trading company and is a great competition for other companies in the market. The IT managers came across a company called SeekSecNet to help them in securing their system. This company is based on a network security company which helps the other organizations to plan an external penetration test. This test is done to find out the weak links which are present in the network of the organization. The IT managers of the company Wants to investigate all the system present in their organization and find out what steps can be taken to improve the security and reduce the risk. This organization also uses firewall to protect the network, but the administration did not check the locks generated by the firewall. They do not have any intrusion detection capabilities. An attacker launched the attack using the server which was present in the organization. As soon as the administrator find out the attack, he informed the other responsible person of the organization. This report is to develop our disaster management plan which can be used in future to have the secure network and let the work process flow. As the disaster can apply a pause to the workflow so it is important to have a backup plan which allows the employees to work without any loss of connection or information.
This report contains a disaster plan, steps to find out the attacker and a security checklist which can be used by the organization stop any further attacks and remove the compromised system.
the following is the security incident switch took place in the organization and it also contains the investigation which was done by the SeekSecNet.
Day 1: The initial call
The administrators of the organizations meant their first day to conduct an internal investigation to find out the compromised system. In the initial investigation the administrators found that they have a FTP server which is sending a large volume of the traffic to different IP addresses which are external. The administrators of the organization check the system again to solve this question but they were not able to find out any science which proves for the compromise or to find out any suspicious program which can be known as the source of the attack. The next thing which they did was to contact the SeekSecNet to perform the analysation for the intrusion and help the company to recover from the compromised system. The first conversation was done over the telephone call and then a consultant was sent to the organization to check for the scenario in detail. The consultant suggested the administrator of the IT base to disconnect the network connection from the compromised system which can help to stop any further damage which can be done by the attacker to the internal systems or links.
The administrators of the IT base system were highly experienced but they were not able to have any security information which was required to find out the source or nature of the attack which help the hackers to hide their presents. In order to find out any sign for the attacker who made the system compromised there was a risk that administrators may destroy the potential evidence and also the system which was ultimately the goal of the hacker. As the consultant reached the site he speed up on the events but as the FTP server which was sending the packets in high speed was the critical connection in the organization so it was not possible to turn that off.
As the investigation proceeds SeekSecNet took the backup of the critical data and information which was present in the organization and the backup was taken in the form of low level image which was critical for the future forensics and also to find out the tools and techniques which were used by the attacker. The SeekSecNet used some online utilities to take the backup and requested the organization not to use their utilities as others may also be attacked.
Another step was to remove the hard drive from the compromised system and please it in the read only more in a incident response system which will provide it...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here