99%(73)72 out of 73 people found this document helpful
This preview shows page 12 - 14 out of 16 pages.
VI.Employee MisconductIn addition, there has been a recent incident where an employee was discovered attempting to access the company’s network through an ad-hoc wireless network. These networks are formed from device to device connections called nodes. All of these nodes are connected to a router or other centralized device. This creates a separate network, which in this case could have connected to company systems. Ad-hoc networks can be used by malicious actors to exploit connections from other users on the network. When the employee attempted to use this ad-hoc network to access systems they were, intentionally or not, giving access to company systems to every other devices located on that ad-hoc network.Actors can usually find a device and establish a connection while within 100 meters. Because of this the employee was likely in a public setting, most likely using publically accessible Wi-Fi. Any data which would have been transmitted by this employee could also be intercepted by other users on the ad-hoc network, even without further penetration of the company’s network.Detecting these events can be difficult. The proposed dual agent solution should enable the company to detect these ad-hoc networks by obtaining information which is unique to each device (Mac addresses, SSIDs etc). These devices, including the access points (e.g. public Wi-Fi routers) can be individually blocked when the slave agent reports a device which the master agent identifies as blacklisted, or possibly even simply unknown. Signal hiding stops automatic
Incident Report 12 broadcasting and doesn’t send out and SSID. It is imperative the company makes sure to scan all access to our routers and access points. This will help ensure the company will help maintain network integrity. The incident predicated a larger investigation within the security department. The initial information gathering was conducted with the assistance of the legal department to ensure all material was gathered within the correct legal framework. All information to include the time, date, and location of the incident will be compiled into an initial findings report.Once this report is created senior management will be given an initial brief to include the full investigative plan. This will lead to coordination between human resources, legal, and security to gather full details on the employee and ascertain the extent of this violation. Security will compile the investigative findings and seek to interview the employee with a member of human resources, and legal present. This interview and the totality of the investigative findings will be given to senior leadership to determine appropriate actions on the employee. If necessary the investigative findings will be forwarded onto the appropriate law enforcement organizations.