75%(4)3 out of 4 people found this document helpful
This preview shows page 1 - 4 out of 16 pages.
Running head: Cyber Security Incident Report1Cyber Security Incident ReportRonny D. HeadleyUniversity of Maryland Global Campus
CYBER SECURITY INCIDENT REPORT 2Executive SummaryAn incident happened on our network recently that was brought to my attention. I thoughtI would share it with you and tell you how we are going to defend against it from happening again. When the policy came out allowing BYOD we thought that it was going to be a big benefit to us. What we did not know or maybe completely understand at the time is the Pandora’sBox we were opening. The fact of the matter is that instead of getting better with security we as an organization in general have gotten lax in our network security. According to NIST Special Publications 800-53, it states, “When planning WLAN security, configuration designers should consider the security not only of the WLAN itself, but also how it may affect other networks that are accessible through it, such as internal wired networks reachable from the WLAN. An important principle of WLAN security is to separate WLANs with different security profiles. Forexample, there should be separate WLANs for external (guest, etc.) and internal use. Devices on an organization’s external WLAN should not be able to connect through that WLAN to devices on another of the organization’s WLANs. This helps to protect the organization’s other networks and devices from external devices and users. Organizations often set up external WLANs primarily to provide Internet access to visitors; such WLANs should be architected so that their traffic does not traverse the organization’s internal networks. For external WLANs that do need internal network access, WLAN client devices should be allowed access only to the necessary hosts or subnets using only the required protocols.” (Souppaya & Kent, 2012) I am hoping that this incident will remind myself first, and then the organization how important network security really is.
CYBER SECURITY INCIDENT REPORT 3Wireless and BYOD Security PlanOne of the security measures that we could do better on is rogue access points. While we do permit BYOD per policy, we cannot have unauthorized access points. How can we defend against this? The answer is whitelisting. The security team has whitelisted all approved wireless access points and have set up alerts in Splunk, IDS, IPS, and the firewall to block any that are notauthorized. In addition, any access point that is not broadcasting its SSID or engaging in signal hiding and is found will be taken off the network and the employee who owned the device will be terminated on the spot. All authorized company assets will have a standard naming convention and will have specific asset Identification numbers that will allow us to track the company’s assets. As of our last audit late last year, which we passed, we had a list of all corporate owned devices. With this information we are able to whitelist these devices. For the