96%(97)93 out of 97 people found this document helpful
This preview shows page 11 - 14 out of 19 pages.
Grabianowski, 2004) (similar in concept to a cellular tower).While each protocol has their benefits, when examining them all, it is evident that for our network, it is best to stay with the current protocol type in place (currently we have transitioned to WPA2 for Wi-Fi). Bluetooth would not provide an adequate range and throughput (data transfer rate), ZigBee would have too limited of a throughput, and WiMax would be limited somewhat in speed (for our server and high importance systems) and too cost intensive.Remote Configuration ManagementRemote Configuration Management is the practice of being able to manage configuring and enforcement of policies or requirements for system access without direct system or console access to the device. It allows for management of patches and updates, antivirus and security, remote monitoring, and remote control (for support and remediation of issues). We have started to require this (specifically AVG Managed Workplace) on all BYOD, to ensure that vulnerabilities that have available patches are up to date, and to more easily monitor what is
Cybersecurity Incident Report12occurring on a system (as opposed to previously when we were only able to watch communication it was attempting to send through our network).In the scenario of an undocumented device being found on the network, the RCM would not enable us to stop access of the device. The undocumented device would be identified by Cisco ISE and then would have its network access removed. The RCM would have assisted in the scenario of the incident that occurred (a malicious device was communication through a compromised machine left still on the network from an employee). It would have allowed us to remote into and see what was going on with the device – if the user was intentionally attacking the network, or that is was just an exploited vulnerability that had not been patched (or virus that had not been identified with an antivirus solution). We would have been able to ensure the devicestopped communicating via an ad hoc network, isolated the device in a protected VLAN (withoutfull internet access – just with the ability to remote in to remediate), removed traces of the virus, and ensured all possible issues were identified/remediated (missing patches, etc).Employee MisconductThe incident occurred when there was a dictionary-based attack noticed against the webserver here at SuperCyberSecure, and the attack originated from inside of the network. The attack occurred outside of normal the hours the employee last logged in on the device would workWe were alerted shortly after the attack started (but were unable to stop it before it finished) by a log analyzing tool that google released called Scalp. Scalp was able to identify the attack due to the massive number of HTTP/GET requests that attempted to get the webserver to reveal sensitive local security/configuration files. Once the alert was sent, I verified that the
Cybersecurity Incident Report13attack did occur by reviewing the recorded logs and restricted the malicious device’s network access. I then determined the IP address of the computer that the attack came from and disabled