First case assignment

Running head: INFORMATION SECURITY 1

INFORMATION SECURITY 6

Information Security

Name

Date

Information Security

Background information

LLC is a company that is located in the Midwest of the United States. The company has employed around one hundred and fifty people. The progress and growth of the company can be attributed due to the fact that it has been merging with other pharmaceutical companies over the years as well as buying the smaller companies. However, recently the company has suffered a ransomware attack. However, the company got assistance from a third party information technology service company that enabled it to recover from the attack

Analysis of the attack

Through data collection and data analysis, the information technology company was able to recreate the attack. The third company found out that the company has a number of computers that have been personalized for employees' training. The IT Company discovered that these computers use generic logins that are so easy to crack or guess. The company also found out that a firm previously purchased by No-Internal-Controls LLC had initiated remote desktop connectivity. However, they have done this through an internet firewall linked to the internal network that is specifically used by remote employees. The company has a high employee turnover and since there is no proper documentation, the IT staff were not aware of the legacy remote access. The analysis also found out that the main office has only one firewall that lacks bastion host and DMZ that would have been crucial in providing security for remote desktop access.

The company discovered that the attack that happens, access that was used was a port scan. The attackers gained access to one of the training computers using a dictionary attack. The analysis shows that the attacker ran a script on the training computers that gained him access to administrators’ logins. Through the installation of tools, the attacker was able to scan the network and identified loopholes in shared networks. Through copying of ransomware in the shared network in the department of finance and accounting, the attacker was able to gain access to the accounting documents. Luckily the accounting files had backups but certain personal files were never recovered.

Here are the mitigations for further attacks.

POLICY: -

i) Conducting employee security awareness training.

ii) Changing the Internal Network Architecture from Flat architecture to Hierarchical architecture (Core, Distribution and Access layer)

iii) Use of VPN for remote access via the internet.

iv) Updating Firewall equipment, also Adding DMZ (demilitarized zone)

v) Adding an Intrusion Detection System. Which is capable of Secure Content filtering

vi) Adding Lockout of all Devices if incorrect Login happens. (even For generic Logins)

vii) This is how the Network architecture must look

The above policy ensures the following

Firewall and IDS/IPS are used for guarding the entrance of the enterprise network.

VPN is typically used for remote access to the enterprise network and is allowed by the firewall.

A Demilitarized Zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network, such as DNS, web and email servers. Internal hosts can also access the servers in the DMZ and the Internet. However, the hosts in the Internet are blocked by the firewall from accessing the internal network, and these external hosts can access the internal network only through VPN (Peltier, 2010).

The communication channel, where security can be effectively applied, may employ IP security with the IPsec protocol suite involving the virtual private network (VPN), web/transport layer security using Secure Socket Layer/Transport Layer Security (SSL/TLS) as well as perimeter security with host-based and network-based firewalls as well as intrusion detection/prevention systems (IDS/IPS).

The company should consider different alternatives to other existing controls to help in the implementation and support of a security approach. Instances of remuneration get to controls incorporate security arrangement, staff supervision, checking, and work undertaking methodology. For instance, the company to view the situation as a control utilized instead of or rather than increasingly alluring or harming controls. For instance, the utilization of a movement indicator with a spotlight and a woofing sound playback gadget can be utilized (Tipton, & Nozaki, 2007).

The company should also control and restrict the activities of the subject to drive or support consistency with security approaches. Instances of Directive access controls incorporate security watches, protect hounds, security approach, posted notices, escape course leave signs, observing, regulating, work assignment methods, and mindfulness preparing.

There should also be regulatory access to the administrative controls through the implementation of strategies and techniques characterized by an association’s security strategy to actualize and uphold in general access control (Maes, & Sedivy, 2000). Authoritative access controls center around two zones: workforce and business rehearse (e.g., individuals and arrangements). Instances of regulatory access controls incorporate strategies, methods, procuring rehearses, record verifications, information grouping, security preparing, get-away history, surveys, work supervision, faulty controls, and testing.

The company should incorporate logic access controls in their security system. Through the installation of logical access control, they will be able to monitor all logic access to the system. The installation of technical access will ensure that any software and hardware that are actively used in managing access to systems and resources that are meant to provide security to the network system and resources. This can be implemented through the use of biometrics, smart cards, data encryption, constrained interfaces, protocols, access control lists, firewalls, and clipping levels.

References

Maes, S. H., & Sedivy, J. (2000). U.S. Patent No. 6,016,476. Washington, DC: U.S. Patent and Trademark Office.

Peltier, T. R. (2010). Information security risk analysis. Auerbach publications.

Tipton, H. F., & Nozaki, M. K. (2007). Information security management handbook. CRC press.