Question

Miller Harrison was still working his way down his attack protocol. Nmap started out as it usually did: giving the program identification and version number. Then it started reporting back on the first host in the SLS network. It reported all of the open ports on this server. Then the program moved on to a second host and began reporting back the open ports on that system, too. Once it reached the third host, however, it suddenly stopped. Miller restarted Nmap, using the last host IP as the starting point for the next scan. No response. He opened up another command window and tried to ping the first host he had just port-scanned. No luck. He tried to ping the SLS firewall. Nothing. He happened to know the IP address for the SLS edge router. He pinged that and got the same result. He had been blackholed—meaning his IP address had been put on a list of addresses from which the SLS edge router would no longer accept packets. This was, ironically, his own doing. The IDPS he had been helping SLS configure seemed to be working just fine at the moment. His attempt to hack the SLS network was shut down cold.

Questions:

1. Do you think Miller is out of options as he pursues his vendetta? If you think there are additional actions he could take in his effort to damage the SLS network, what are they?

2. Suppose a system administrator at SLS happened to read the details of this case. What steps should he or she take to improve the company’s information security program?

Answer 1

ANSwes Step 1 who ioesponstble employee ad mini statos an System of maintainira desian installatfon, fmple mentation, foot oogntzatton hestoonks and Conpatens and System S4sterm ad ministaao updates nedwook applications and Secueely Phe system equlerly maintains BY secuorty administeako Suptem maintains activating anti Viaus porog gam fisewalls fnstall 1ng Cube sec°tY dther meaEUes of Step a TnfoBmat onseccott Tme ove compahy & Ste ps to Progsam Secuorty applicatons to opeontyn POstalling mosie Company Computeaa & tnfosmin System of all

disclose any sensttrue decdals Of FRCials to hot vegasding company nfoormaton stoied System paocedtoes egnd Defining al policies 10 S4stem utth Suppood Seaunt & imple nenting hose poltcies pasticaly to man tan daea ssiaely f sganiaton Sustem pen logs and 34sten Requlasly analysing mance nco ming Outgoing data packets matntaining data backup. often ard Sdvi ng thereaeS Detecting byseaches secueity facts a betng nea WEth auasie of ard Phe mooig ing tboneat Tha Can aftack Sustem Deleatir oeo

-to- system Sortoae checking ohesten all updat ed and C be date ard ensuert padche s re Gerutoel used tuteneves Toainina employees 02aon to secure data wrth storong passuosds assesing osks & sdueronto Sdve Those poioblems, checting ooking of add sesses to send and gecesve daka packets AVoidina unRR cessar accOSS Softwase SYstem. Limiting access to con fedenttal es and docum andemployees monitortng netooek -ents actvity