User access strange changes in user access is a

This preview shows page 7 - 9 out of 17 pages.

User access- Strange changes in user access is a symptom of a hacker trying to gain access to the network using a user's credentials. Behaviors include accessing the accounts at odd hours, remote access, multiple failed login attempts, and discrepancies between user and device. Unauthorized port access- unauthorized port access could be an indication of a malware attack or that files have already been stolen. File changes- configuration changes to files including modifications, file additions, deletion, and replacement. This is a sign of a data breach, it indicates that someone has infiltrated the network and is trying not to get discovered. Enabling the GPS feature on the devices can benefit the company while auditing. The GPS can show where the device was at the time employees are signing into the network to make sure it isn’t a possible hacker. Network risks can include identity theft and Media Access Control (MAC) spoofing. Identity theft is the use of someone else personal information to perform an unauthorized action. This occurs when unsuspected users are taken advantage of by a hacker and numerous attacks take place in order to steal sensitive information such as credit cards, personally identifiable information (PII) which include names and social security numbers. “MAC spoofing is taking on the identity of another computer and can be done for both malicious and benign reasons. It can be used to obscure the true MAC address or gain access to networks by using a MAC address that is identifiable by the network.”[UMU17] Although network interface controllers (NIC)’s are
8 Incident Response assigned permanent MAC addresses when manufactured, there are tools that can be used to make computers believe a NIC has a different MAC address. It is important to implement network protections for the BYOD and wireless networks because of the many cybersecurity threat today. Vulnerabilities are always present and to ensure the security posture mitigating the threat is essential. Whitelisting changes the defense model by changes the default allow to a default deny. "Blacklisting techniques uses signatures to maintain a list of entities to block, whitelisting creates a list of a few trusted entities to allow while blocking anything, not on the whitelist." [UMU17] Whitelisting offers another advantage against attacks against the network. Whitelisting applications involves allowing users to install an application from a list created my admin while also forbidding them from downloading any applications outside the list. An example of the whitelisted applications are: Microsoft works, Adobe Internet Explorer Chrome Wired Equivalent Privacy Wired Equivalent Privacy (WEP) is a designed encryption algorithm aimed to “protect wireless communication from eavesdropping, prevent unauthorized access to a wireless network, and prevent tampering with transmitted messages" [Sta03] Even though WEP may be able to

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture