The scenario is about a disgruntled employee who felt that his salary should have been more. He also felt that while he was being under paid the president and some other employees were making too much. He then set out to change this without authority, if he could only find where and how to do this.
As an employee he already has access to the network and with his knowledge of hacking he decided to start spying and searching for inform on the human resource records system. To do this he plugs his personal computer into and extra network slot located in his office and use nmap network scanning tool to scan and gather information on all the devices on the work network, by using a spoofed local server IP address to hide his identity. After he identified all of the hosts on the network he narrowed the search to see what operating system and …show more content…
A number of attacks were overlooked by the IT staff in there evaluation. They missed the fact that a man-in-the-middle attack was used to eavesdrop on the entire network. This is how the disgruntled employee was able to stop and altered the notification email from the auditor to the president and some other employees. They missed the fact that a rouge device was used to carry out the attack. This calls for port security to stop these devices from accessing the network. They also missed that the network was had been scanned to identify various hosts and their IP address. Without these additions another employee could carry out the same attack. To do this they will send a gratuitous ARP to both the HR records system and the local certificate authority tell each that he is the other. The certificate authority will then send the man-in-the-middle a certificate. The man-in-the-middle will then use the certificate to access the HR records system and process to make changes to associates records. This would align with NIST 800-61 recommendations on post event evaluation (Cichonski, Millar, Grance and Scarfone, 2012).