Intrusion Assessment and Response

profileJohnkig
INTRUSIONASSESSMENTANDRESPONSE.edited.docx

Running Head: INTRUSION ASSESSMENT AND RESPONSE 1

INTRUSION ASSESSMENT AND RESPONSE 3

Intrusion Assessment and Response

Student Name

Instructor Name

Course

Date

Introduction

Currently, there has been an increase in the level o cyberattack among many of the networking system of a given organization. Information technology experts have tried everything possible to ensure that e matter is under control over a given period. It is a problem that has persisted in intervening throughout the technological world, ending up creating an alert to a given industry's experts. Information technology experts have come together to undertake prevailing concerns. Their continuous efforts have enabled them to develop better systems that have shown exemplary efforts in mitigating given concerns within the technological world (BetaFred, 2016).

The intrusion detection system has turned out to become one of the systems used to mitigate insecurity issues within the technological industry. IDS is a network security system that is designed to monitor all networking activities of an organization. It is a system that has also taken part in identifying any of the incoming malicious patterns from the network. Therefore, it helps the network sever to detect compromising activities that subject the network to an attacking threat (BetaFred, 2016).

Introduce the nature of the intrusion and the systems likely affected.

As a network security administrator, I have detected the MS16-087 attack that exploits window print spooler components within the organization's network system. It is a type of attack that involves the use of a printer driver hack tool. A printer driver hack that uses complete device entry, remote software implementation, and circumvents connect control (BetaFred, 2016).

A network security administrator is always under the obligation of ensuring all of the organization's software is in a safe condition. Therefore, under a given attack, there will be a need to conduct a close and careful examination of all systems supported by windows. It is the safest way possible to help network security administrators formulate a better mitigation strategy on a given attack. Therefore, we shall conclude that all systems that use Window server such as windows 7, windows 10, windows RT and window server 2008 are more likely to be affected by the MS16-087 attack. Also, all system that utilizes window Vista is more likely to be affected by the given attack (BetaFred, 2016).

Outline the steps necessary to assess this security incident effectively.

A network operator can utilize ZenMap scans, Nessus, and Microsoft Baseline Safety Analyzer to evaluate this safety event accurately. It would help examine logs and details about how the intrusion impacts programs and customize which programs are targeted. The test outcomes would search for securities, screen for notifications, and detect suspicious activity by approved individuals unauthorized people requesting entry to databases and records. It would also scan for traffics forwarded to identified and unidentified sites, secret archives, and adjustments in setup (BetaFred, 2016).

Create and explain a security incident response plan designed to mitigate the MS16-097 exploitation

When introducing new printers or drivers, details on the MS16-087 safety bulletin will be distributed around the enterprise to ensure customers know how to interpret it. For participants to evaluate and comprehend, data on CVE-2016-3238 will also be submitted. IT Software Managers will conduct adjustments on databases related to this problem. The IT Device Expert will be responsible for upgrading equipment related to this problem (BetaFred, 2016).

These changes will be subjected to all servers as well as machines. These systems are Windows Server 2008 x64-based, Windows6.1-KB3170455-ia64.msuoWindows 10 32-bit edition, Windows10.0-KB3163912-x86.msuoWindows 10 64-based editions, Windows 10.0-KB3163912-x64.msuo, Windows 10 Version 1511 32-bit edition, Windows 10.0-KB3172985-x86.msuo, Windows 10 Version 1511 64-bit edition, Windows 10.0-KB3172985-x64.msu (BetaFred, 2016).

We are also trying to add up some more measures to our systems. These measures will help strengthen the printing restrictions of our systems (BetaFred, 2016). It is an additional form of security that will play a significant part in strengthening the organization's prevailing network security system. these additional restrictions are

1. Always notify the IT division to mount all printers through the connections of the company.

2. We will delegate a particular printer to and community of consumers to print on approved printers.

3. The Community Rule has now been modified to add print domains to the impressive approved list.

4. As we seek to mitigate the abuse of these weaknesses effectively, we kindly request the users of the system adapt to these new laws. If not, the same rights may be accessed by an intruder as the client logging in. An intruder may install the software based on the client's permissions, access, alter, or remove information or build new accounts with complete client permissions.

Both Windows devices will have the critical upgrades done on the specific improvements on this specific flaw to ensure that systems are not prone to any more violations. In successfully regulating this violence, the specific updated referenced are essential. It would ensure that our servers and databases cannot alter or delete information by having an attacker within them. Given the reality that we have found that consumers with the least value are not as big of a risk as those with increased rewards on all structures, we are working out these proposed safety studies (BetaFred, 2016).

References

BetaFred. (2016, July 12). Microsoft Security Bulletin MS16-087 - Critical. Retrieved January 21, 2021, from https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-087