CST630_Project2_Incident.docx - Running Head Incident...

This preview shows page 1 - 5 out of 16 pages.

Running Head: Incident Report Project 2 Incident Report I.
Incident Report 1 I. Wireless and BYOD Security Plan With the explosive growth in mobile computing technology and the adaptation of this technology the company has recently published what is known as a Bring Your Own Device (BYOD) Policy. BYOD policies allows a company to leverage an employee’s mobility to increase productivity by allowing remote access to the company’s network. This allows employees to update company data, prepare documents, and participate through video teleconferences all remotely. Because of this new policy, there has been an increase in the number of cybersecurity incidents being reported within the companies now expanded digital infrastructure. This integration of mobile platforms has introduced new attack pathways which did not exist in the previous network environment. For example, in the diagram above, an employee attempts to utilize a search engine. The request traverses the organization's switch and router where firewall allows the communication between the internal user and the search engine. However, if there is an external attempt to communicate
Incident Report 2 with the network this attempt would likely be stopped at the firewall for being outside of parameters. However, with the BOYD policy the employee is allowed access the company’s network using their equipment which may be an unsecured access point. The above diagram shows what the network looks like with a BOYD policy. While previously company assets existed within the confines of the firewall on the network topography this has changed with personally owned devices accessing the network from outside the secured network area. This creates vulnerabilities as malicious users within the same wireless network may be able to gain access as illustrated above with the path shown in red. Additionally since the company does not maintain positive control over individual devices there is no current means to directly control the security configuration. These unauthorized entryways are called Rogue access points. Rogue access points can be established intentionally or unintentionally by malicious actors or employees. These access points are potential vulnerabilities which need to be protected against through policy, practice, and preventive measures. Rogue access points can be detected and identified. This process typi-
Incident Report 3 cally involves cross-referencing service set identifier against pre-approved lists. If left unad- dressed these rogue access points are vulnerable to Address Resolution Protocol poisoning, de- nial-of-service, sniffing, and man-in-the-middle techniques. (Saruhan, 2007). This report proposes a solution which emphasizes automation in the detection and elimination of Rogue access points. By employing two levels of multi agents, Master mobile agents (MA) and Slave mobile agents (SA) it is possible to identify, and close rogue access points while still allowing the flexibility needed for a successful BYOD policy. When a new access point is created the MA creates and dispatches an SA. This SA’s will then be cloned and

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture