94%(31)29 out of 31 people found this document helpful
This preview shows page 9 - 12 out of 15 pages.
Remote Configuration ManagementRemote Configuration Management (RCM) is the ability to manage configuring and enforcement of policies without direct console access to the device. Having such remote access allows management to have the ability to patch updates and antivirus without the delay imposed by having to be at their console. As part of our ongoing quality control efforts, all BYOD are required to have RCM to ensure if vulnerability or threat is detected immediate action is able to
be taken. This also ensures that required security patches are completed without having to rely onany action by the device owner, increasing our efficiency in securing our network. Because RCM is specific to the devices that are on our whitelist, if an undocumented device were to be identified as having accessed the network, RCM would not enable to prevent this device from access our network via remote disablement. The undocumented device would beidentified by our IPS, Cisco ISE, where it would be quarantined. If malicious activity were to occur on a known device such as that of an employee, RCM would have the ability to assist by disabling the device or blocking network access immediately. RCM would also allow us to probe deeper into the root cause of the occurrence, providing vital information that may lead to identifying who initiated the attack, advising us if the attack initiated internally or from an outside source. Employee MisconductHere at Omni Tech, all of our employees are advised upon hire how important network security is and how we as an organization rely on our employees to make ethically and morally sound decisions. In reviewing the activity, it was identified that an employee had been accessingour network outside of normal operational business hours using an ad-hoc, or peer, network. Systems in place did alert us of the attack however not until after the attacker successfully accessed our network. Our IPS was able to identify the attack due to the massive number of HTTP/GET requests that attempted in a short span of time outside of standard network patterns. Once the alert was sent it was verified that the attack did occur by reviewing the captured packets and took immediate action to deny the malicious device network access. We were then able to use the source IP from the attack to disabled the AP it was connecting to, immediately preventing any potential for further compromise via the same point of access.
After disabling the AP, it was necessary to physically locate the device. It was found tthat the device was unmanned at the time of attack meaning no direct console contact was required by the attackers. It was found that the individual manning the device but rather via an ad hoc network. An ad hoc wireless network is a peer to peer network which consists of sperate computing devices called nodes, which are connected without a central device or infrastructure such as a router (Pinola, 2018). An Ad hoc wireless network is a threat to our security due to it having no central authority for ensuring that devices entering it are completely benign. As it is a