User Account

All Pages

Which cis controls v8 could have helped to prevent attack

Assignment Help Computer Network Security
Reference no: EM133337837

Assignment:

Company Case Study: Luigi's

A Luigi's Inc. employee brought a personal laptop into the facility infected (albeit unknowingly) with PSL and connected it to the corporate network via a wireless access point (AP). The system obtained an IP Address using Dynamic Host Configuration Protocol (DHCP) addressing provided by the core corporate network services. Upon connection, the infected system made an Internet connection to the command and control server.

Once connected, the threat actor provided the command for the system to scan the local network for available services. While the user noticed that the machine was running slowly, it was late on Friday before a three-day weekend. The user left the machine powered on with plans to look at it again on Tuesday. The scan identified an open File Transfer Protocol (FTP) service on the internal network that allowed anonymous access. The threat actor, still using the compromised machine, logged into the FTP server, compressed the contents and then transferred the data to the control server (over the internet) using an encrypted outbound VPN connection.

Over the weekend, the Network Operations Center (NOC) tracked a large amount of data over an encrypted channel. While they were able to identify both the source and destination, without the encryption keys, they were unable to decrypt the traffic to identify the content. The destination was not on the current list of known malicious sites (the list was out of date by four months). The help desk technician then opened a work ticket for the local desktop services to investigate.

Early Tuesday morning the user noticed that the machine was still acting erratically, even after a reboot. The user then called the help desk to open a ticket. The help desk technician was able to tie IP address of this machine to the traffic identified over the weekend. When the desktop technician arrived, it was determined that the machine in question is not a corporate machine and does not have all the standard protection software. A quick scan using a boot time tool found the PSL signature. At this point, the technician confiscated the machine for forensic investigation and the ticket was closed.

The forensics team determined a known malware tool named PSL compromised the machine. They also found a temporary file, left over by the scanning, that included the directory listing of the FTP site. Many of the folders within the directory were named after previous high-value programs. These files included parts lists, price quotes and even proprietary drawings. Included in the information, were patents from the current Chief Executive Officer (Ms. J. Rabbit) as well as legal documents describing the purchasing and legal aspects of these programs.

Assumptions:

Luigi's falls somewhere between IG1 and IG2; hence, all of the IG1 Safeguards apply, but so do some of the IG2 Safeguards. This should be determined by the facts of the case study.

Answer the questions below:

1. State all of the issues that need to be addressed at Luigi's. (How did the attack occur?) (Please use bullets or numbers.)

2. Which CIS Controls v8 could have helped to prevent the attack that is detailed in the case study? (Please use bullets or numbers.)

  • Why is the Control important? (Answer this for each control listed in #2). Be thorough in your response.

3. List the Safeguards for each of the Controls that are listed in question 2, that should have been implemented to prevent the attack. (Please use bullets or numbers.)

  • Why are the Safeguards important? (Answer this for each safeguard listed in #3). Be thorough in your response.

Reference no: EM133337837

Questions Cloud

Discuss how you might counter their defensive steps : CYBERSECUR ISE 620 Southern New Hampshire University Discuss how you might counter their defensive steps, playing the role of a motivated, adaptable hacker
Explain in detail why the fast retransmit mechanism : IT CNT University of the District of Columbia Explain in detail why the Fast Retransmit mechanism in TCP improves connection data rate and reduces
Limitations or challenges facing NATO operations : What are the limitations or challenges facing NATO' operations? Explain its convergence interest observed.
Provide an update to their development status : Provide an update to their development status. Make sure you provide some background on your selection and then provide the update of the development
Which cis controls v8 could have helped to prevent attack : Which CIS Controls v8 could have helped to prevent the attack that is detailed in the case study? (Please use bullets or numbers.)
NATO make in 1999 conflict between Serbia and Kosovo : What impact did NATO make in the 1999 conflict between Serbia and Kosovo?
Create a small-to medium sized business : Create a small-to medium sized business's ICT infrastructure. This business will be a truck rental. They will have a singular server, 3 pcs, 3 mobile phones
Propose a specific and novel it innovation : BIT 4604 Virginia Tech Propose a specific and novel IT innovation that the firms could use to gain a strategic advantage over its competitors
Social movement create international political theory : How does the social movement create international political theory? Where are the women in international theory?

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd