100%(2)2 out of 2 people found this document helpful
This preview shows page 6 - 9 out of 17 pages.
Rogue Access PointsAll access points must be identified properly and put in a list to avoid the creation of unauthorized access or rogue access points. Rogue access points are unauthorized access points to a network. Rogue access points can be set up by malicious actors or by workers within an organization, (Saruhan, 2007). Unauthorized equipment on a network can be volatile and put the company at risk for a data hack. Rogue access points on a company wireless network can make the company vulnerable to attacks like Address Resolution Protocol (ARP) Poisoning, denial-of-service attacks, sniffing attacks, and spoofing. Rogue access points can be found by cross-referencing the SSID against a preconfigured list of approved access points because rogue accesspoints frequently broadcast SSIDs that haven’t been approved by the organization. In an effort to keep rogue APs out of your network, your information security policy should explicitly prohibit unauthorized employees from installing wireless equipment. Also, if possible, your network should filter out traffic from all unknown MAC addresses, (Potter,2003). Rogue access points connect to the network through 3rd party wireless equipment and ad hoc access points behave
Cybersecurity Incident Report7the same way. Authorized Access PointsAuthorized access points are wireless access points that are granted permission to be on the network by the network administrator. The network administrator should be aware of the physical locations of the devices and which ones have been authenticated and which aren’t. Cross referencing the SSID’s and MAC addresses is one way to verify an authorized access point. Access points are secured with WPA2 encryption which makes it harder for malicious activity to take place within the network. Authorized access points should have MAC addresses that are recognized by the organization's Address Resolution Protocol (ARP) tables and the network administrator should be fluid in this knowledge. Cyber Kill ChainThe Cyber Kill Chain gives a framework for the life cycle of a cyberattack and also a good perspective to security teams to understand the processes and techniques of a malicious attacker. Cyber kill chain in simple terms is an attack chain, the path that an intruder takes to penetrate information systems over time to execute an attack on the target, (Mallari, 2016). This framework gives brief descriptions on the different phases of the Cyber Kill Chain and how attackers move about during an attack. Understanding every step of the attackers can help improve the response times for networks when they will be able to recognize all the different
Cybersecurity Incident Report8signs of an attack even when they are covert. The cyber kill chain step could take months or up to a year but by that time the cyber team should be able to predict and block out any attempts thatthe attackers make. Deception is a technique that companies use to keep attackers disoriented in their attempts.