Clinic Denial Of Services Case Study

Two weaknesses were found in regards to the company 's network security. First weakness is a hardware weakness; and another is IDS which not having a Network-based Intrusion Detection System (IDS) in use. The recommended solutions are to show an AAA server for user authentication and authorization to company resources, and deploy a combination Host and Network-based IDS for overall monitoring of the company 's enterprise.

In order to be properly prepared for an outage in the magnitude of what transpired to the CareGroup network, systems and process control may have prevented this unfortunate event from occurring. Instituting a preventive approach to network functionality and security, along with a contingency plan to deal with failures or breaches to the system should have been in place.

GFI cannot afford system outages because its cash flow and financial systems heavily depend on the network stability. GFI has experienced DOS network attacks twice this year and its Oracle database and email servers had been down for a week. The recovery process required GFI to use $25,000 to restore its operations back to normal. GFI estimated the loss from these network attacks at more than $100,000 including lost customer confidence. GFI’s failure to incorporate proper firewall devices at Internet access points can be linked to DOS network attacks and Oracle database and email servers being down.

1. The most significant problem was CareGroup suffered internet collapse in November 2002 and caused every software that required network unable to function. The main factor of this problem was the huge data transfers in short period of time and monopolized all networks resources and caused other users unable to connect to the service (the same idea of DDos attack). There were three underlying causes of this internet collapse. First of all, algorithms for computing alternative data paths were unable to function correctly. Due to the evolved of network, the network components were mostly rely on the service of major switch which meant that they lost the capability to find the new paths if they lost the services. Second, CareGroup IT did not use network traffic control system to efficiently distribute the resource. Although the data center was able to process 40 terabytes of data per day, it did not mean the system was good at handling extreme events. The last underlying cause is CareGroup IT did not frequently check the status of the router. The case referenced that CareGroup IT and the Cisco SWAT team found out the firmware in the old router was broken due to permanently written into the microchips.

A Denial of Service (DoS) attack on the corporate IT system at IVK Corporation. (Adapted from the book The Adventures of an IT Leader, 2009, Harvard Business School Publishing). After reading the case description, answer the questions that follow.

Any network dependent enterprise should have procedures and process in place that facilitate quick fixture of problems in the network. It gets all the more important in the case of a sensitive industry like the healthcare institution - Being able to fix and troubleshoot problems faster could define the life and death of the patients

Threat: Denial of Service is the interruption of service on a device that prevents legitimate users from accessing it. A common source of this type of attack is from malicious agents. This is a threat because of the importance of the server to this small investigation business. Since this is where clients upload their evidence, it must always perform at its optimal capability. With this in mind denial of service attacks becomes a great threat, as the opposing party in a case will benefit from evidence not being not being uploaded to the attorneys (OWASP Top 10, 2015).

1 What are the procedures incase of an attack. We should write a well-developed cyber incident response plan that includes all the protocols to responses. Our plan should generally have these following components, such as response team, reporting, initial response, investigation, recovery and follow up, public relations, and law enforcement. The job of the response team is to develop cyber incident response plan and for investing and responding to cyber attack. They will identify and classify cyber attack sceneries, and figuring out what tools and technology will be used to detect the attack. Determined the scope of the attack and internal investigation. Lastly, address the data breach and conduct follow reviews. Second, The cyber incident response plan should address procedures to take on discovery and reporting of cyber attack incidents. For example, set up team to monitor industry practices, checking if all the system are updated and patched. Non-stop monitoring the system activity and computers logs to see any incidents, than recorded it in a track log for later use. Third, if there was a report of a cyber attack, the response team should start their investigation whether the attack had occurred. The response team should quickly stop the attacker right away and stop the spreading further into the companies computers system. After doing that they should document what they have done and the incident. Forth, investigating the cyber security we need to construct internal

Management of security incidents described in this policy requires Blyth’s Books to have clear guidance, policies and procedures in place. Fostering a culture of proactive incident reporting and logging will help reduce the number of security incidents which often go unreported and unnoticed – sometimes, over a long period of time and often without resolution. The purpose of this policy is to:

The defense in depth concept is constructed to rapidly characterize, attribute, and respond to attacks and is given the name Defense of The Grid System or DTGS. The DTGS provides the capability to monitor, detect, analyze, and respond to unauthorized activity, as well as unintentional, non-malicious user errors within the iSOC, Tops, and Gen, components of the DTGS. For the DTGS system and its monitored component systems, must detect attacks and respond quickly (e.g. limiting access, excising users, or even disconnecting from the network.) The DTGS Interface Control Document (ICD) addresses five operational capabilities: DTGS defense from cyber-attack, maintaining service while under attack, recovering from cyber-attack and reduce vulnerabilities, monitoring Information Assistance (IA) of the DTGS.

The information security incident management policy of Blyth’s Books was created in 2010 and has been reviewed four times in five years. Those covered by its scope are clearly stated. It stresses the importance of incident management to the organisation and has the support of upper level management.

for example, overhauling programming and effectively designing system and firewall guidelines, utilizing a decent hostile to infection programming etc.In this report a large portion of the fundamental data with respect to network security will be plot, for example, discovering and shutting vulnerabilities and forestalling system assaults furthermore efforts to establish safety as of now being utilized.

The formation of an ISIRT is an essential activity in the plan and prepare phase. ISIRTs provide organisations with the suitable proficiency to assess, respond to and learn from information security incidents. Blyth’s Books should establish an Information Security Incident Response Team (ISIRT) that encompasses individuals from different departments in the organisation. Their contact information should be accessible to all in the organisation. Their roles should be clearly defined with regards to synchronization and rapport with other parties, feedback to the management, communication and relationship with other departments in the organisation. Mechanisms of assistance which comprises tools such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and log monitoring systems should be set up and put into effect to aid the ISIRT in monitoring and detection.

An organization wide strategic plan formulated to avoid or minimize the impact of incidents should focus on three integral components of any organization; People, Process and Technology. The organization currently doesn’t have any Incident Response Team which resulted in a delay in responding

This paper entails a discussion about Intrusion Detection and Prevention Systems. An explanation with reference to what they are, what they are used for, where, why and