Various suspicious events were found by a network administrator while logging into the server. The first discovery was a new folder that was created on the server desktop along with multiple DOS windows that popped up during the sign in process. After researching server logs …show more content…
A scheduled job was also found which was used to spawn the DOS windows to execute the virus application files. Further investigation revealed that a someones password was cracked, allowing the hacker to gain access and infiltrate the server, stage the files, and allow deeper access into the network.
Much can learned from this attack. First, the University had a very poor password policy, which allowed an existing user to create a password phrase that was the same as his user login name. Nor were the passwords forced expire after a certain number of days. As our text states, “it is common to see users having blank passwords, the word password, their pet’s name or children’s names, or their place of birth as a password” (Dhillon p.72). This is why it is necessary to have strong password standards and communicate them to all the users.
Also, it was found that real-time virus scanning software was turned off, allowing the hacker to install the malicious software. This change did not proactively alert (email or text) the core team of network administrators. Any major change in the base server configurations should alert the core team. Also, the antivirus software must be kept up-to-date on all machines to protect the University from future