Ethical Hacking-Assignment 14
.docx
keyboard_arrow_up
School
Florida International University *
*We aren’t endorsed by this school
Course
4086
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
2
Uploaded by ProfessorMetal2935
Ethical Hacking Assignment 14
Security Architecture and Application Design
Objective:
Different Access Models and Attack Scenario. 1) You are working as an IT security specialist and you receive a call that a computer at the marketing department is acting strangely. You ask a few questions, but the most important question, “Have you accessed, downloaded, or clicked on anything out of the ordinary?” at this point the employee stays quiet and does not answers, you say, I will be right over. Indicate on a step by step basis and in detail what you would do to determine if an incident has occurred, what to do about it and counter its affect. (make an assumption of a type of attack, to outline what you would do, for example, I ran such test
and determined it was this attack
, not I am going to do this
) Consider three different attack scenarios: 1) user initiated, 2) internal attacker initiated, 3) external attacker initiated. User initiated) I arrived at the location, then inspected the user computer to see any signs that may show weird behaviour, I then examined the computer’s logs and checked the network traffic
to see if the suspicious patters and how they are communicating. The I ran antivirus and anti-
malware scans to remove malicious software. I asked questions to the user to gather info about if there was social engineering involved or if shady websites were accessed or if any emails, pdf’s, etc where opened. The antivirus worked so I restarted the machine, re-assessd the computer to see if all the malicious software stop having an effect, uploaded the file that was quarantined by the antivirus into a vm and reversed engineered the code to upload information to a cybersecurity
forum/company, and finally educated the user about safe practices in cybersecurity.
External attacker attack: the user explained he received a call about a job lead and needed to gather information on an employee, that caller assured he was a cyber security manager from a company, gave id number, job position and talked with a lot of confidence, using very technical words about security and analysis, I identified the attack was initiated by social engineering and the attacker got easy access to the network. the first and most important thing I did was to isolate the system by disconnecting it from the network and prevent malware spread, then I did a detailed analysis to identify the source and how many info was being compromised, after doing pen testing on the services of the network I realized the security of the network was WPA, and services installed where out of date, when to online services to see if there was any
vulnerabilities and the services had very dangerous and exploitable vulnerability, I installed a new router on the area with WPA3 security, and downloaded better network services on the machine, did an assessment on the machine and setup a vpn while getting rid of the malware installed by the attacker. Machine is now safe and then I educated the user on cybersecurity question.
Internal attack: ask question to the user that reported the attack, as we are good in social engineering we do a small meeting with select employees to asses any behavior of the suspected internal attacker, I reviewed the machine of the internal attacker or monitor his network traffic, the after confirming the attacker we assessed the network and installed the correct patches to the vulnerabilities used by the attacker to prevent future exploits, examine the files that were tampered with and analyze them to patch issues. Send report about the internal attacker and educate about cybersecurity to the employees.
2) Provide an example of each of these Access Control Models:
•
Bell-LaPadula : a user with a secret clearance cannot access top-secret documents, adhering to the "no read up" rule.
•
Biba : a user with low integrity clearance cannot modify high integrity financial records, ensuring data integrity is maintained.
•
State machine: consider a voting system, a voter can transition from the "registered" state to the "voted" state after casting their ballot, and then the system transitions the vote to the "counted" state after tallying. Each transition is controlled by access control rules and policies defined within the State Machine model.
•
Clark-Wilson in an accounting system, only authorized users can create transactions, and each transaction must be verified and approved by another user before it is committed to the system
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help