First case assignment
sam99
InformationSecurity.docxRunning head: INFORMATION SECURITY 1
INFORMATION SECURITY 6
Information Security
Name
Date
Information Security
Reviewing the Case Study:
Background:
No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.
Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third-party IT Services Company.
Attack Analysis:
After collecting evidence and analyzing the attack, the third party was able to recreate the attack. No-Internal-Controls, LLC has a number of PCs configured for employee training. These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc. The generic logins were not subject to lock out due to incorrect logins.
One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees. Due to high employee turnover and lack of documentation none all the IT staff were aware of the legacy remote access. The main office has only a single firewall, and no DMZ or bastion host exists to mediate incoming remote desktop connections.
The internal network utilized a flat architecture
An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers. The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access. The attacker installed tools on the compromised host to scan the network and identify network shares. The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files. Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost.
Here are the mitigations for further attacks.
POLICY: -
i) Conducting employee security awareness training.
ii) Changing the Internal Network Architecture from Flat architecture to Hierarchical architecture (Core, Distribution and Access layer)
iii) Use of VPN for remote access via the internet.
iv) Updating Firewall equipment, also Adding DMZ (demilitarized zone)
v) Adding an Intrusion Detection System. Which is capable of Secure Content filtering
vi) Adding Lockout of all Devices if incorrect Login happens. (even For generic Logins)
vii) This is how the Network architecture must look
The above policy ensures the following
Firewall and IDS/IPS are used for guarding the entrance of the enterprise network.
VPN is typically used for remote access to the enterprise network and is allowed by the firewall.
A Demilitarized Zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network, such as DNS, web and email servers. Internal hosts can also access the servers in the DMZ and the Internet. However, the hosts in the Internet are blocked by the firewall from accessing the internal network, and these external hosts can access the internal network only through VPN (Peltier, 2010).
The communication channel, where security can be effectively applied, may employ IP security with the IPsec protocol suite involving the virtual private network (VPN), web/transport layer security using Secure Socket Layer/Transport Layer Security (SSL/TLS) as well as perimeter security with host-based and network-based firewalls as well as intrusion detection/prevention systems (IDS/IPS).
The company should consider different alternatives to other existing controls to help in the implementation and support of a security approach. Instances of remuneration get to controls incorporate security arrangement, staff supervision, checking, and work undertaking methodology. For instance, the company to view the situation as a control utilized instead of or rather than increasingly alluring or harming controls. For instance, the utilization of a movement indicator with a spotlight and a woofing sound playback gadget can be utilized (Tipton, & Nozaki, 2007).
The company should also control and restrict the activities of the subject to drive or support consistency with security approaches. Instances of Directive access controls incorporate security watches, protect hounds, security approach, posted notices, escape course leave signs, observing, regulating, work assignment methods, and mindfulness preparing.
The company should incorporate logic access controls in their security system. Logical/technical access controls Logical access controls, and technical access controls are the hardware or software mechanisms used to manage access to resources and systems and provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists (ACLs), protocols, firewalls, routers, intrusion detection systems, and clipping levels.
References
Maes, S. H., & Sedivy, J. (2000). U.S. Patent No. 6,016,476. Washington, DC: U.S. Patent and Trademark Office.
Peltier, T. R. (2010). Information security risk analysis. Auerbach publications.
Tipton, H. F., & Nozaki, M. K. (2007). Information security management handbook. CRC press.
