Question

You work as a security administrator of a large department store chain or choose another large...

You work as a security administrator of a large department store chain or choose another large corporation of your choosing. You believe that there has been a breach in the VPN where an employee has stolen data using a personal laptop along with using the company assignment computer. You review the logs from the IDS, remote access systems, and, file servers and confirm this belief. Your employer wishes to gain access to the personal laptop used for the breach to determine the full extent of the data stolen. The guilty employee’s lawyer claims that the laptop is not identifiable. · Create a formal document to the CEO of the company to account for your findings, tools used to solve the breach and what steps will be taken to prevent this type of breach from happening again. You will also need to create a press release to the Public regarding this breach. Create a disaster recovery plan for the employees and vendors in case of a breach. · Things to consider: What would best be used to identify the specific laptop used for the theft? How would you acquire the identifying information? List some items that would NOT be useful to identify the specific computer used by the insider.

The questions I have specifically regarding this project are what network tools would have been used to detect the breach? Could it have been discovered during a routine system audit? What would the best program/tool be used to identify the specific laptop? Could Nmap do that if the laptop is off the system now? What other monitoring logs could have been used to identify the specific laptop used to access the files? Could a dedicated DHCP server logs, DNS logs or even Event Managers be able to pinpoint the specific computer and VPN laptop?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Finding a data breach:

  • Appointing a cyber security expert: - A cyber security expect can easily figure out the source of data breach and they know how to figure out the loopholes.
  • Using data breach detection tool: Maintaining systems, applications and need to have modern detection tool. The detection tool can easily figure out from where the data has been leaked.

Tools used to find data breach:

  • NetStumbler: - it is a wireless network discovery tool which helps to detect unauthorized traffic entering into the network.
  • nMap Security Scanner: - it is another open source platform tool which is effective in security auditing and network discovery.

Ways to prevent data breaches:

  • Protect the information: it is important that you protect the sensitive information which should be protected whenever the data is stored somewhere.
  • Using a complex password: - this is mandatory that every account must be configured with complex password so that it is hard for the hackers to decode the password.

Disaster recovery plan for the organization:

  • Proper data security: The information security must have a direct tie-in towards the incident response. Incident response must respond to data breaches or even malware attacks.
  • Technologies are often used in data recovery security and it may vary from business to business and even application to application. In case of disaster, proper backup should be there so that the data is restored as soon as possible and it must not hamper the company’s data.

What would best be used to identify device involved in data breach and how to acquire identifying information:

Spotting a data breach involved device: there are several tools are there through which a data breach involved device can be identified. Through back tracking, you need to check for the logs so that the involved IP of the device can be figured out. File indicator can be used to evaluate the root cause of data breach.

So, it is important that you should look for patterns through which the external device connected to the network. The user account is identified and the involved device is spotted.

Things that are not used to detect the Computer:

  • Files: - What kinds of files are breached will not at all help in detecting the device.
  • Network: Network will not help in detecting the device that involved in the breaching.
Add a comment
Know the answer?
Add Answer to:
You work as a security administrator of a large department store chain or choose another large...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT