User Account

All Pages

Potential weaknesses in the companys security posture

Assignment Help Computer Network Security
Reference no: EM132138700

Final Project: Incident Response Exercise & Report

Your Task

You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company's contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company's security posture for the R&D DevOps Lab (see figure 5).

Overview of the Incident

Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm's Red Team conducted a penetration test and was able to gain access to the engineering center's R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the "new folks" on the engineering staff (who were actually Red Teamers).

The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware "phoned home" to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.

Background

Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company's physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company's founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John's great nephew. Mary Beth Sifers is the chief financial officer and also serves as the head of personnel for the company.

Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon the company and its R&D DevOps and SCADA labs operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson R&D DevOps and SCADA labs, is protected from unauthorized disclosure. This information includes software designs and source code. The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner.

SCADA Lab
The SCADA lab was originally setup in 1974. It has been upgraded and rehabbed several times since then. The most recent hardware and software upgrades were completed three years ago after the lab was hit with a ransomware attack that exploited several Windows XP vulnerabilities. At that time, the engineering and design workstations were upgraded to Windows 8.1 professional. A second successful ransomware attack occurred three months ago. The company paid the ransom in both cases because the lab did not have file backups that it could use to recover the damaged files (in the first case) and did not have system backups that it could use to rebuild the system hard drives (in the second case).

The SCADA Lab is locked into using Windows 8.1. The planned transition to Windows 10 is on indefinite hold due to technical problems encountered during previous attempts to modify required software applications to work under the new version of the operating system. This means that an incident response and recovery capability for the lab must support the Windows 8.1 operating system and its utilities.

R&D DevOps Lab
The R&D DevOps Lab was built in 2010 and is used to develop, integrate, test, support, and maintain software and firmware (software embedded in chips) for the company's robots, drones, and non-SCADA industrial control systems product lines. The workstations in this lab are running Windows 10 and are configured to receive security updates per Microsoft's monthly schedule.

Attachment:- Project.rar

Reference no: EM132138700

Questions Cloud

Analyzes the effects of newsweek green rankings : Analyzes the effects of the 2009 Newsweek Green Rankings on firms' financial performance, as measured by stock market returns
Project manager can take to avoid terminating project : Identify two actions a project manager can take to avoid terminating a project early
Company organizational culture : A company's organizational culture. Evaluation criteria used to rate proposals and other supplier characteristics might include all of these EXCEPT:
Definition of formative assessment and give one example : Research assessment strategies that include formal, informal, formative, and summative assessments.
Potential weaknesses in the companys security posture : The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner
Activities that are critical for effective leadership : Briefly discuss the three interdependent activities that are critical for effective leadership.
Identify your child-the first part of your child observation : Identify Your Child The first part of your Child Observation Project requires that you select a child as the focus of your project.
Number of acquisitions to help achieve its ambitions : Amazon.com made a number of acquisitions to help achieve its ambitions.
Independent contractors-temporary employees and volunteers : Contrast the primary differences between independent contractors, temporary employees and volunteers.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Explain encryption concepts in understandable terminology

Imagine that you are an IT security manager charged with explaining encryption to senior management. Create a PowerPoint presentation of at least seven slides that explains encryption concepts in understandable terminology.

  What role does cryptography provide in the application

Discuss an application that you currently use that either includes encryption technology. What role does cryptography provide in the application?

  Write a summary of learning team collaborative discussion

Write a 350-word summary of the Learning Team Collaborative Discussion including your own personal views on ethics and privacy as they relate to information security.

  Examine and evaluate window host software firewall

Examine and evaluate Window's 7 host software firewall and one other operating system host firewall (other than Linux). Select the one that you feel is superior. Provide rationale for your response

  Identify all potential security threats on personal computer

Identify all the potential security threats on a personal computer. Identify some of the techniques an attacker might employ to access information on the system

  Describes the ideal information system security plan

Write a 1,750- to 2,450-word paper that describes the ideal information system security plan for your selected organization. Provide a clear description of the organization that includes the following: Business purpose and Primary functions

  Create a multiprotocol operational network using eigrp

Create a multiprotocol operational network using EIGRP, OSPF, and RIPv2 protocol. Implement a secure update of OSPF and EIGRP protocol. Implement virtual link in one segment of the network

  Using the diffie-hellman key agreement protocol find the

1 using the diffie-hellman key agreement protocol find the common key that can be used by two parties with keys k1 7

  Make a list of access points internal and external

Evaluate the perimeter security, make a list of access points internal and external(remote), identify vulnerabilities and make suggestions for improvements

  Provide input to thoroughly test the dfa

A run in a setting is a substring of length at least two, as long as possible, and consisting entirely of the same symbol.

  Discuss why the need for communication security protocols

Based on working through each of these methods, discuss why the need for communication security protocols is significant. First, decode each of the ciphers.

  Increment value in one cell in excel

Discuss how to increment value in one cell in Excel if another cell is populated. or example, I have cell A that has values such as 1, 2, 3, 4 etc...

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd