A1.
The scenario is about a disgruntled employee who felt that his salary should have been more. He also felt that while he was being under paid the president and some other employees were making too much. He then set out to change this without authority, if he could only find where and how to do this.
As an employee he already has access to the network and with his knowledge of hacking he decided to start spying and searching for inform on the human resource records system. To do this he plugs his personal computer into and extra network slot located in his office and use nmap network scanning tool to scan and gather information on all the devices on the work network, by using a spoofed local server IP address to hide his identity. After he identified all of the hosts on the network he narrowed the search to see what operating system and applications were running on each machine. This allowed him to eventually identify the human resource records system. Now he just needs to be able to access it and know how to use it. He then set out to learn how to access and use the human resource records system by using wireshark network scanning tool on his computer. He again spoofs a network server IP address and begun scanning and collecting information on everything that involves the human resource server. Eventually he was able to find the login and password in the information collected. From analyzing the packet captured he was able to see how changes were made. The then logged into the human resource records system and increased his own salary. However, he knew that the audit team would find out. So, he the Cain and Able tool on his computer to launched a man in the middle attack, in order to track and alter all traffic to and from the company’s network. The auditor did notice the anomaly with the employee’s pay change and immediately sent an email to notify various employees in the organization. However, since the employees were intercepting everything he stopped the emails and altered them before forwarding the edited version. Eventually he was able to collect critical information from the email exchanges which helped him the lower the salaries of the president and several other employees. He then added the amount he deducted from others to his pay check. The IT staff eventually found out and blamed the breach on IP spoofing. A2. This incident was pretty severe since the disgruntled employee was hurting the CIA triad of Confidentiality, Integrity and Availability. This including information that he was not authorized to see, changing salaries and emails. He also made original emails unavailable until modified. Many people in the organization should be informed about this incident by various mean like a telephone call, in person at an emergency meeting and voice mailbox greeting. The president should be informed because of the severity of the incident, plus his salary was also lowered. The head of the information Security department should be notified so that he can quickly investigate the incident and start the containment and recovery process …show more content…
A number of attacks were overlooked by the IT staff in there evaluation. They missed the fact that a man-in-the-middle attack was used to eavesdrop on the entire network. This is how the disgruntled employee was able to stop and altered the notification email from the auditor to the president and some other employees. They missed the fact that a rouge device was used to carry out the attack. This calls for port security to stop these devices from accessing the network. They also missed that the network was had been scanned to identify various hosts and their IP address. Without these additions another employee could carry out the same attack. To do this they will send a gratuitous ARP to both the HR records system and the local certificate authority tell each that he is the other. The certificate authority will then send the man-in-the-middle a certificate. The man-in-the-middle will then use the certificate to access the HR records system and process to make changes to associates records. This would align with NIST 800-61 recommendations on post event evaluation (Cichonski, Millar, Grance and Scarfone, 2012).
The scenario is about a disgruntled employee who felt that his salary should have been more. He also felt that while he was being under paid the president and some other employees were making too much. He then set out to change this without authority, if he could only find where and how to do this.
As an employee he already has access to the network and with his knowledge of hacking he decided to start spying and searching for inform on the human resource records system. To do this he plugs his personal computer into and extra network slot located in his office and use nmap network scanning tool to scan and gather information on all the devices on the work network, by using a spoofed local server IP address to hide his identity. After he identified all of the hosts on the network he narrowed the search to see what operating system and applications were running on each machine. This allowed him to eventually identify the human resource records system. Now he just needs to be able to access it and know how to use it. He then set out to learn how to access and use the human resource records system by using wireshark network scanning tool on his computer. He again spoofs a network server IP address and begun scanning and collecting information on everything that involves the human resource server. Eventually he was able to find the login and password in the information collected. From analyzing the packet captured he was able to see how changes were made. The then logged into the human resource records system and increased his own salary. However, he knew that the audit team would find out. So, he the Cain and Able tool on his computer to launched a man in the middle attack, in order to track and alter all traffic to and from the company’s network. The auditor did notice the anomaly with the employee’s pay change and immediately sent an email to notify various employees in the organization. However, since the employees were intercepting everything he stopped the emails and altered them before forwarding the edited version. Eventually he was able to collect critical information from the email exchanges which helped him the lower the salaries of the president and several other employees. He then added the amount he deducted from others to his pay check. The IT staff eventually found out and blamed the breach on IP spoofing. A2. This incident was pretty severe since the disgruntled employee was hurting the CIA triad of Confidentiality, Integrity and Availability. This including information that he was not authorized to see, changing salaries and emails. He also made original emails unavailable until modified. Many people in the organization should be informed about this incident by various mean like a telephone call, in person at an emergency meeting and voice mailbox greeting. The president should be informed because of the severity of the incident, plus his salary was also lowered. The head of the information Security department should be notified so that he can quickly investigate the incident and start the containment and recovery process …show more content…
A number of attacks were overlooked by the IT staff in there evaluation. They missed the fact that a man-in-the-middle attack was used to eavesdrop on the entire network. This is how the disgruntled employee was able to stop and altered the notification email from the auditor to the president and some other employees. They missed the fact that a rouge device was used to carry out the attack. This calls for port security to stop these devices from accessing the network. They also missed that the network was had been scanned to identify various hosts and their IP address. Without these additions another employee could carry out the same attack. To do this they will send a gratuitous ARP to both the HR records system and the local certificate authority tell each that he is the other. The certificate authority will then send the man-in-the-middle a certificate. The man-in-the-middle will then use the certificate to access the HR records system and process to make changes to associates records. This would align with NIST 800-61 recommendations on post event evaluation (Cichonski, Millar, Grance and Scarfone, 2012).