week5 case study5 - Alireza Ghoorchian Case study 5 Sec-280...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Alireza Ghoorchian Case study 5 Sec-280 Consider the following scenario. You get an alert from the IDS telling you that somebody is trying to connect repeatedly to port 3389 of the computer at 192.168.2.124. While you are sitting at the computer, the mouse pointer starts moving by itself. Please evaluate this scenario and explain the correct response including the following: a. Describe what your mental approach to these events should be. b. Explain what you should do to isolate the affected computer. c. After the computer is isolated, describe what should be investigated next. d. List people who should be notified. e. Describe what you could learn by a subsequent review of the firewall and IDS logs. A.I must stay calm this is not life or death; Most companies should have a standard procedure for handling things like this.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
B. Unplug all computers in the infected network so they can't access one another or the Internet. Unplugging the network cable is the easiest/fastest and proper response. C. First thing I need to do is see what processes are running using my task manager and shut down any shady looking exe's. Port 3389 is used for Remote Desktop. It is the RDP for Windows. Also known as Remote Desktop Protocol.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 4

week5 case study5 - Alireza Ghoorchian Case study 5 Sec-280...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online