Below is a summary of a security incident at some police department, as told by a...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Below is a summary of a security incident at some police department, as told by a security researcher in a podcast. A. Incident 1 and Response A police department in some US city (about 28,000 residents) was hit with ransomware: all the computers in the police department were no longer functioning. The ransomware affected the entire network: the patrol vehicles, the police department, and also some of the city laptops that were connected to the network during the incident. Ultimately, the entire police department was affected. The outage affected the network printers first, and then brought down the computers. A security researcher, Nicole, who works for the Secret Service, becomes aware of the breach and offers assistance; however, the department declines. The IT team at this police department were doing daily backups of all their systems in the network, so they never even considered paying the ransom. Thus, they proceed to initiate the restoration from backup. However, something happened months earlier which meant their backups weren't actually working. The latest backup they had was from ten months ago. By the time they figure that out, they had already restored a bunch of their systems, and the network was back up and online. This allows people to get up and working fairly quickly. However, the staff has to re-enter all the data from the last ten months back into the systems. No further actions are performed at this point. B. Incident 2 and Investigation One week later, a similar situation happens: the printers stop working. Nicole attends the location this time. The IT department consists of only one person. The server is located at the back of the building, in a garage or a storage place-like area. The wires are scattered on the floor, surrounded with boxes of documents and other non-IT objects. Some of the computer management is outsourced, another company was performing updates to the computers and security monitoring. However, they were more reactive, and not very proactive at handling security incidents. The server also houses some of the city's other departments, not just the police. Nicole records some network traffic (using Wireshark), dumps the memory contents (using Volatility), and some other data onto a USB drive. While performing this, she notices another active logged-in system-admin account, and it was neither the department's IT person, nor any of the contracted companies. Then she notices more accounts active. Although it is suspected the active accounts are malicious, Nicole permits them to continue to be connected for just as long as she needs to wait for her tools to complete their work. Immediately after, she disconnects the other connections, changes all the passwords and grabs some other content from the server. After that, Nicole contacts the company to which the department outsourced security monitoring and asks them to turn over the logs they had captured, and if possible - a copy of the malware file from the previous incident, as well as the ransom letter, or any other details. They refuse, stating that their internal team is working on this, yet state they had a malware sample and the ransom note. She later insists that they disable remote access to the domain controller. The IP address from which the logins were made was from within the city the department was located in, and the user was able to upload the malware to the server again, but not to activate it. Shortly after, it is discovered the IP address belonged to the mayor of the city. After further investigation, it's discovered that the way the city staff checked their email was by logging in into the main server via Remote Desktop connection, using administrative credentials. Ultimately, someone sent the mayor a phishing email, managed to install a keylogger and later used the mayor's computer to attack the police station's computer. Q1: Briefly discuss TWO (2) security controls covered in the ITEC 3210 that would have helped prevent these security incidents. Use for EACH security control the format below: • Security control #1 (list name): Explain how Security control #1 helps prevent the incident (3 lines MAX) Q2: Discuss TWO (2) security controls covered in the ITEC 3210 that would not have helped prevent these security incidents. Use for EACH security control the format below: Security control #1 (list name): Explain why Security control #1 does NOT help prevent the incident (3 lines MAX) Q3: Briefly discuss TWO (2) security controls covered in the ITEC 3210 that would have enabled easier threat eradication and recovery after these security incidents. Use for EACH security control the format below: Security control #1 (list name): Explain how Security control #1 helps in recovery (3 lines MAX) Q4: Discuss TWO (2) security controls covered in the ITEC 3210 that would not have had benefit in eradication and recovery in these security incidents. Use for EACH security control the format below: • Security control #1 (list name): Explain why Security control #1 does NOT help in recovery the incident (3 lines MAX) Below is a summary of a security incident at some police department, as told by a security researcher in a podcast. A. Incident 1 and Response A police department in some US city (about 28,000 residents) was hit with ransomware: all the computers in the police department were no longer functioning. The ransomware affected the entire network: the patrol vehicles, the police department, and also some of the city laptops that were connected to the network during the incident. Ultimately, the entire police department was affected. The outage affected the network printers first, and then brought down the computers. A security researcher, Nicole, who works for the Secret Service, becomes aware of the breach and offers assistance; however, the department declines. The IT team at this police department were doing daily backups of all their systems in the network, so they never even considered paying the ransom. Thus, they proceed to initiate the restoration from backup. However, something happened months earlier which meant their backups weren't actually working. The latest backup they had was from ten months ago. By the time they figure that out, they had already restored a bunch of their systems, and the network was back up and online. This allows people to get up and working fairly quickly. However, the staff has to re-enter all the data from the last ten months back into the systems. No further actions are performed at this point. B. Incident 2 and Investigation One week later, a similar situation happens: the printers stop working. Nicole attends the location this time. The IT department consists of only one person. The server is located at the back of the building, in a garage or a storage place-like area. The wires are scattered on the floor, surrounded with boxes of documents and other non-IT objects. Some of the computer management is outsourced, another company was performing updates to the computers and security monitoring. However, they were more reactive, and not very proactive at handling security incidents. The server also houses some of the city's other departments, not just the police. Nicole records some network traffic (using Wireshark), dumps the memory contents (using Volatility), and some other data onto a USB drive. While performing this, she notices another active logged-in system-admin account, and it was neither the department's IT person, nor any of the contracted companies. Then she notices more accounts active. Although it is suspected the active accounts are malicious, Nicole permits them to continue to be connected for just as long as she needs to wait for her tools to complete their work. Immediately after, she disconnects the other connections, changes all the passwords and grabs some other content from the server. After that, Nicole contacts the company to which the department outsourced security monitoring and asks them to turn over the logs they had captured, and if possible - a copy of the malware file from the previous incident, as well as the ransom letter, or any other details. They refuse, stating that their internal team is working on this, yet state they had a malware sample and the ransom note. She later insists that they disable remote access to the domain controller. The IP address from which the logins were made was from within the city the department was located in, and the user was able to upload the malware to the server again, but not to activate it. Shortly after, it is discovered the IP address belonged to the mayor of the city. After further investigation, it's discovered that the way the city staff checked their email was by logging in into the main server via Remote Desktop connection, using administrative credentials. Ultimately, someone sent the mayor a phishing email, managed to install a keylogger and later used the mayor's computer to attack the police station's computer. Q1: Briefly discuss TWO (2) security controls covered in the ITEC 3210 that would have helped prevent these security incidents. Use for EACH security control the format below: • Security control #1 (list name): Explain how Security control #1 helps prevent the incident (3 lines MAX) Q2: Discuss TWO (2) security controls covered in the ITEC 3210 that would not have helped prevent these security incidents. Use for EACH security control the format below: Security control #1 (list name): Explain why Security control #1 does NOT help prevent the incident (3 lines MAX) Q3: Briefly discuss TWO (2) security controls covered in the ITEC 3210 that would have enabled easier threat eradication and recovery after these security incidents. Use for EACH security control the format below: Security control #1 (list name): Explain how Security control #1 helps in recovery (3 lines MAX) Q4: Discuss TWO (2) security controls covered in the ITEC 3210 that would not have had benefit in eradication and recovery in these security incidents. Use for EACH security control the format below: • Security control #1 (list name): Explain why Security control #1 does NOT help in recovery the incident (3 lines MAX)
Expert Answer:
Answer rating: 100% (QA)
Question 1 Security Control 1 Firewall A robust firewall would have acted as a digital sentinel warding off unauthorized access and preventing the ini... View the full answer
Related Book For
Posted Date:
Students also viewed these computer network questions
-
What strategies can teams employ to effectively manage virtual collaboration and overcome the challenges of asynchronous communication, time zone differences, and cultural diversity in distributed...
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Managing Scope Changes Case Study Scope changes on a project can occur regardless of how well the project is planned or executed. Scope changes can be the result of something that was omitted during...
-
ABC Corporation earned $300,000 in profit in the current tax year, which is significantly higher than its previous year's earnings. Thus, its shareholders expected large dividends in the current...
-
Determine the angles θ and φ between the axis OA of the pole and each cable, AB and AC. Given: F1 = 50 N F2 = 35 N a = 1 m b = 3 m c = 2 m d = 5 m e = 4 m f = 6 m g = 4 m al 8
-
Prepare a schedule of interest expense and bond amortization for 2025-2027. (Round answer to 2 decimal places, e.g. 38,548.25.) Cash Paid Schedule of Interest Expense and Bond Premium Amortization...
-
Why is it important to be able to use different closing methods in different situations?
-
Three different plans for financing a $10,000,000 corporation are under consideration by its organizers. Under each of the following plans, the securities will be issued at their par or face amount,...
-
How do individuals cultivate resilience in the face of adversity, drawing upon psychological, social, and neurobiological frameworks? Explain
-
A solid circular bar ABCD with fixed supports is acted upon by torques T0 and 2T0 at the locations shown in the figure. Obtain a formula for the maximum angle of twist (max of the bar. (Use Eqs. 3-46...
-
the is an expense off expenses. Which of the following activity bases would be the most appropriate for food costs of a hospital? lying ace M a. number of nurses scheduled to work b. how many MRI's...
-
Explain the meaning of the statement "If regression model assumptions SR1-SR5 hold, then the least squares estimator \(b_{2}\) is unbiased." In particular, what exactly does "unbiased" mean? Why is...
-
A typical horse weighs \(5000 \mathrm{~N}\). The distance between the front and rear hooves and the distance from the rear hooves to the center of mass for a typical horse are shown in Figure P8.6....
-
We have five observations on \(x\) and \(y\). They are \(x_{i}=3,2,1,-1,0\) with corresponding \(y\) values \(y_{i}=4,2,3,1,0\). The fitted least squares line is \(\hat{y}_{i}=1.2+0.8 x_{i}\), the...
-
This problem is related to Problem 8. Jeff has $10,000 to invest for a period of 5 years. The following three alternatives are available at his bank: Data from problem 8 Jeff has $10,000 to invest...
-
Consider the weekly sales (number of cans) of a national brand of canned tuna (SAL1 = target brand sales) as a function of the ratio of its price to the price of a competitor, RPRICE3 = 100 (price of...
-
RYZ consulting is hiring junior analysts to staff the growing business. They are looking for candidates who are kind and considerate both with coworkers and clients. The Big Five Personality Trait...
-
Teasdale Inc. manufactures and sells commercial and residential security equipment. The comparative unclassified balance sheets for December 31, 2015 and 2014 are provided below. Selected missing...
-
David Stark submitted an application to the maintenance department at Wyman-Gordon Company. Stark was a journeyman millwright with nine years' experience at a neighboring company at the time of his...
-
Hewlett-Packard has an employee manual called The H-P Way that states the corporate philosophy of "belief in people." The manual stated the company goal "to provide job security based on their...
-
The facts before the Board when it made its decision are: The Firestone Tire and Rubber Company employs 15,000 production and maintenance employees in 11 plants across the nation. All production and...
-
What are the values of the feathering parameters for the airfoils given by Examples 8.5 and 8.6? Examples 8.5 Assume an airfoil pitching about its leading edge and plunging with \(k=0.35\) as follows...
-
Obtain the lift and propulsive force coefficients of an airfoil given in Example 8.6, and compare the results with Problem 8.30. Assume the profile pitches about midchord. Example 8.6 The NACA 0012...
-
Find the heat transfer rate \(\mathrm{q}_{\mathrm{w}}\) at \(\mathrm{x}=10 \mathrm{~cm}\) and \(100 \mathrm{~cm}\) for the flat plate given in Problem 7.31. Problem 7.31 A flat plate of \(4...
Study smarter with the SolutionInn App