98%(42)41 out of 42 people found this document helpful
This preview shows page 5 - 8 out of 19 pages.
These devices gain unauthorized access through entryways which are referred to as Rogue Access Points. It creates a wireless backdoor into the network bypassing all wired securitymeasures such as the Network Access Control (NAC) as well as Firewalls. Rouge assess points are established either unintentionally from an unaware employee or intentionally by a malicious
PROJECT 2 INCIDENT RESPONSE 6actor, whom could also be an employee. Rogue assess points are serious vulnerabilities which can be mitigated through preventive measures and policy.The first priority is ensuring that our company BYOD policy is updated and acknowledgeby all employees making them aware of what specific devices and operating systems are allowedto access the network. This BYOD policy only supports the use of Apple iOS, MAC OS, Android OS, and they are required to be 2016 or newer. The policy is considered a living document and updates will be made periodically as new vulnerabilities are exposed. Prior to any device being granted access to the network it needs to be registered to an employee ID number (EIN).The requirement for employees to register their device to their EIN is because our company is also utilizing Workspace ONE powered by VMware AirWatch, which is a unified digital workspace platform that simplifies and secures app access and IT management for the modern workforce (VMware, 2019). Once devices are registered an internal list is created correlating the device to the employee, with the intent of ensuring only authorized users have access to the network. This same list is what essentially controls the employee permissions and accessibility to additional data. The spillage of controlled data is a serious risk, especially having a BYOD policy. Through the use of AirWatch and some other tools, only specific employees have access to sensitive data through a Wi-Fi device. All other employees are restricted to accessing the central hub where all their data is stored. “Security monitoring is important for all systems and networks, but it is generally even more important for WLANs because of the increased risks that they face. Organizations should continuously monitor their WLANs for both WLAN-specific and general attacks” (Souppaya & Scarfone, 2012).
PROJECT 2 INCIDENT RESPONSE 7The Cyber Kill Chain is an outline that shows the life cycle of a cyber-attack, as pictured below in figure 1. It was developed by Lockheed Martin as part of the Intelligence Driven Defense model for identification and prevention of cyber intrusions activity. The Cyber Kill Chain categorizes what an adversary must complete in order to achieve their objective, creating abetter understanding on how to detect and respond to an attack. Understanding the different phases of the kill chain provides our company with a stronger defensive posture.