Network intrusion takes place when an outside entity gains access to a prohibited network without authorization. A secure computer or network system should provide data confidentiality, data and communication integrity and assurance from a denial of service attack (Mukherjee, Heberlein, & Levitt., 1994, p.28). Network intrusion can have huge effects on an organization as data can be stolen, modified or erased, and equipment or programming can be harmed or annihilated. Organization in the public and private sector are constantly in the media for security breach, Companies such as JP Morgan Chase, Home Depot , TJ Maxx and recently the Federal Office of Personal Management have all been breach. In a case presented by Johnston and
…show more content…
This may be an indication of malware blocking the application from initiating. The server was unable to identify the Test utilities executable files. In addition, the USB and CDs that had the various test on them were tested and were intact. The second problem that was notice was the state of the remote connection from the server. A scan reported open ports that were undetected from within the operating system.
Audit Security Roles and Responsibilities.
The establishment of strong security roles and responsibilities within a corporate environment may have mitigated the events that had occurred from the case scenario above. According to the Federal Communication Commission (FCC) , department of Homeland Security, the National Cyber Security Alliance and The Chamber of Commerce recommend all companies to develop and maintain robust security policies to protect a company assets and to discourage in appropriate behavior by employees(FCC, n.d.).
Many system are designed to provide Role based access Control (RBAC). But if the procedures are not define then RBAC has little use if any. For example , in the scenario the end result showed that the intruder had gain access to the server and the desktop through weak passwords. For both systems the (IUSR_WIN and SUPPORT) account were change on January 29, …show more content…
The first Tool used was the Helix CD ( http://www.e-fense.com/helix/contents.php) to boot the server. The file system was examine using the Unix-based utilities from Sleuth Kit. Sleuth Kit utilities is able to produce a Time stamp of the system files. Sleuth Kit provided information on the inconsistency of file activity time line. This led to a closer look at specific files. Further examination disclose file activity that was consider unseen when the server was running(Johnston & Reust, 2006, p.119). Another process was the dumping the contents of the memory to an external device provide significant amounts of evidence such as IP addresses, passwords and other data related to intrusion((Johnston & Reust,
This may be an indication of malware blocking the application from initiating. The server was unable to identify the Test utilities executable files. In addition, the USB and CDs that had the various test on them were tested and were intact. The second problem that was notice was the state of the remote connection from the server. A scan reported open ports that were undetected from within the operating system.
Audit Security Roles and Responsibilities.
The establishment of strong security roles and responsibilities within a corporate environment may have mitigated the events that had occurred from the case scenario above. According to the Federal Communication Commission (FCC) , department of Homeland Security, the National Cyber Security Alliance and The Chamber of Commerce recommend all companies to develop and maintain robust security policies to protect a company assets and to discourage in appropriate behavior by employees(FCC, n.d.).
Many system are designed to provide Role based access Control (RBAC). But if the procedures are not define then RBAC has little use if any. For example , in the scenario the end result showed that the intruder had gain access to the server and the desktop through weak passwords. For both systems the (IUSR_WIN and SUPPORT) account were change on January 29, …show more content…
The first Tool used was the Helix CD ( http://www.e-fense.com/helix/contents.php) to boot the server. The file system was examine using the Unix-based utilities from Sleuth Kit. Sleuth Kit utilities is able to produce a Time stamp of the system files. Sleuth Kit provided information on the inconsistency of file activity time line. This led to a closer look at specific files. Further examination disclose file activity that was consider unseen when the server was running(Johnston & Reust, 2006, p.119). Another process was the dumping the contents of the memory to an external device provide significant amounts of evidence such as IP addresses, passwords and other data related to intrusion((Johnston & Reust,