9/8/2013 SEC280 Case Study Week 1 Case Study: Ping Sweeps and Port Scans Ping sweeps and port scans are not an immediate threat to the company. While it may be used by an attacker to build a profile against the company, it can also be used by an administrator to gather information about the company. Although it is not an immediate threat, it should still be monitored for potential threats because it is a common way for hackers to attempt to break a network. In the following document, more will be discussed about what ping sweeps and port scans are and how they are used to gather information about a company’s network. What is a ping sweep and how does it work?
Case Study For any business ping sweeps and port scans could be a huge security threat if they continue unnoticed. Ping sweeps are performed to find end points on a network. Then a port scan is performed to find an open door into that particular end point or end points. After that anyone can find all kinds of utilities on the internet to exploit these open doors on systems and gain access to important and confidential files on the network. It’s imperative that we not only protect against these types of activities on the network, but that we also conduct them ourselves.
IT department should ensure firewalls are in place and configured to filter the traffic as it comes through. You can also use EICAR standard anti-virus test file on client computers. Instruct users to select one antivirus and one anti-spyware product and install them on their computer: Norton Antivirus; McAfee Antivirus; Avast Pro Antivirus; Bull Guard Antivirus; Webroot; Bitdefender. Most antivirus products are capable of protecting against most malware. I would select Norton antivirus and Webroot anti-spyware Ensuring anti-malware software and data is up-to-date.
Deep Freeze cannot be uninstalled by the simply manual operation. We need the password to uninstall it, which is generated at the time of downloading the software program. If we cannot remember the password, then we will not be able to uninstall the program. Most of the time, we forget the password and then we cannot uninstall the application. So, we need something different for uninstalling the program.
Reconnaissance is one of the phases of a computer attack and is the safest and the easiest to accomplish. In this phase an attacker would be using various tools and applications that allows them to see which ports are open on a network or computer and what applications are listening in on the other end of the router or firewall. Some of the various tools that an attacker will use during the reconnaissance phase are: • DNS and ICMP tools within the TCP/IP protocol suite • Standard and customized SNMP tools • Port scanners and port mappers • Security probes (Introduction to Information Systems Security, 367) The attacker can use other internet related websites and such to find more information out on their target such as DNS Lookup or WHOIS Lookup. These will both give more information about the target's DNS server name. The attack will also use rpcinfo or telnet logon in order to find out if rpc is active for remote command execution and to find out how soft the perimeter
How can you minimize the risk of viruses on your PC? If you follow these few simple steps you should be able to avoid viruses from affecting your computer: 1. Virus detection: You need to have some sort of virus protection on your computer (an anti-virus program). This will warn you if you have accessed a program with a virus. These should be updated frequently to be able to detect the newest versions of viruses.
Software devices used are; firewalls, Host intrusion Prevention Systems (HIPS), and Antivirus/Malware scanners. The concept of “work factor” is an important part of layering and is defined as the amount of effort a hacker, malware, etc. must use to breach the security measures guarding our network. Obviously, the less work they have to do point out that our security isn’t good. Showing that we have strong, layered security around our data and network will convince them to go elsewhere.
d. denial-of-service attack (an example: smurf attack) 4. What type of device guards against an attack in which a hacker modifies the IP source address in the packets he's issuing so that the transmission appears to belong to your network? b. proxy server 5. Which of the following devices can improve performance for certain applications, in addition to enhancing network security? b. proxy server 6.
This includes hosts file poisoning, even though the hosts file is not properly part of the Domain Name System. Hosts file poisoning is discussed in the malware section since it involves changing a file on the user’s computer . j) Content-Injection Phishing Describes the situation where hackers replace part of the content of a legitimate site with false content designed to mislead or misdirect the user into giving up their confidential information to the hacker. For example, hackers may insert malicious code to log user's credentials or an overlay which can secretly collect information and deliver it to the hacker's phishing server. k) Man-in-the-Middle Phishing This is harder to detect than many other forms of phishing.
The most valuable information for detecting unauthorized input from a terminal would be provided by the A. B. C. D. console log printout transaction journal automated suspense file listing user error report Answer: B 8. Which of the following is the most important factor to review during a business continuity audit? A. B. C. D. A hot site is contracted for and available as needed.