Access point is created the ma creates and dispatches

This preview shows page 4 - 7 out of 16 pages.

access point is created the MA creates and dispatches an SA. This SA’s will then be cloned and distributed to any client connected through that access point. These clone agents will return identifying information to the MA through the SA. This information is compared against information in a stored repository. If the access point or the client aren’t identified as authorized the master agents can then inform the rest of the network to disconnect and block further communication attempts from the access point. Alternatively, the company can utilize the kill-chain approach to the problem set. This approach is a framework for the life cycle of a cyber-attack and can provide security personnel an understanding of potential actions which can be taken at specific phases. Rather than advocate for a technique it provides flexibility to security personnel and understand of the dynamics of an attack.
Incident Report 4 II. Tracking Suspicious Behavior Another potential problem involves a pattern of suspicious behavior being exhibited by an employee. This could mean an employee is performing utilizing the BYOD policy to perform malicious or negligent activities. Alternatively, it can indicate that an employee has had their identity stolen in some form and is having it used by outside actors. Identity theft involves obtaining an individual’s personal information and using it in an unauthorized fashion. Malicious actors can utilize unwitting employees to launch various forms of attack against the company’s network. Their objective may range from theft of information personal, proprietary, or otherwise sensitive information, or simply aim to disrupt the company’s operations. Targeted phishing attacks are particularly effective in identity theft. Other forms of social engineering such as spoofing websites, and poison watering holes also enable actors to steal
Incident Report 5 identifying information. Once an attacker begins to gather this information they can use it to attempt to access company systems. Rather than directly stealing an employee’s identity it may be possible to masquerade as said employee by spoofing their hardware. The Media Access Control (MAC) address is a designation applied directly to hardware. In a sense it is the unique ID of the device being used and is the same regardless of the access point being used to access the network. It is usually a reliable indicator which can be used to check against pre-determined accesses. Some techniques allow a user to effectively change the MAC address they appear to have. This does not actually change the built-in address but rather it changes how other devices see the MAC address. These techniques would allow malicious users to bypass precautions outlined in the previous section. This necessitates the monitoring of user behaviors in order to identify when the first line of defenses have proved ineffective. Currently the company is able to track location and time stamps through network traffic. In the event of an incident it will be necessary to investigate

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture