Critical Thinking #2 Principles of Computer Information Systems Security Tyler Brunet VCU Department of Information Systems
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
- 1. Critical Thinking #2 Principles of Computer Information Systems Security Tyler Brunet VCU Department of Information Systems
- 2. Case of a Computer Hack - Background Case took place over 2 years at Stellar University This is a public institution that contains a diverse range of technologies Windows 3.1 to 2003 inclusive, VAX, Mainframe, Linux, Unix, Apple, SANs, NASs Infrastructure- Token Ring , 10/100/1000 Mbps Ethernet, Wireless & Dialup There is a VPN to the medical portion of the university
- 3. server_1 Running Windows NT 4.0 Service Pack 5 Internet Explorer 4 Primary Domain Controller (PDC) no Backup Domain Controllers (BDCs) Windows Internet Naming Service (WINS) Primary File Server Primary Print Server
- 4. Naming Convention server_1 Difference between a dash and a underscore _ is minimum Underscore is unsupported by the DNS server Too late to change naming convention Have to reinstall SQL and reconfigure 800+ systems. Dashes are supported
- 5. History of server_1 Relocated on an as-is basis Accountability of the server was transferred Minimal system documentation & history Changes broke applications temporarily Changes had to be made with approval
- 6. Off hour Maintenance First off-hours maintenance attempt was disastrous Windows NT 4.0 service pack 6a would not apply Due to error message of could not find setup.log file in repair directory Other system-critical updates would not apply for same reason SQL 7.0 service pack 4 would not go past 57% Said there was not enough room to install Would not uninstall at that point either
- 7. Hack Discovered Found new folder on the desktop Multiple DOS windows popped up in a succession Processor usage spiked higher than normal No security settings were knowingly modified Anti-virus was current by the process to examine open files was disabled
- 8. Immediate Response Take system off the network to prevent spread of a possible compromise Notify security team at the university Review the system to determine scope and severity Determined that a Trojan was installed on server_1
- 9. Further Research Password crack program was executed Found 2 additional servers to be compromised Found a client system to be compromised User set username and password the same jksmith Was the weak link that exploited to gain access to the server DameWare Trojan Program was eventually located on server_1
- 10. Immediate Counterattack Actions Taken Clean the servers Removed all malware that was identified Required ports were compiled to facilitate the firewall configuration A password policy was established Unsure if all remnants of the attack were removed Brought in computer forensic expert to accomplish task Found 12 client workstations infected along with the infected servers
- 11. Long-term Counter Attack Actions Modified standard server configuration Password policy change was made permanent Server was configured with a batch file that gathers system info and places it in a text file on the hard drive. The deletions of net shares could be tailored to each server and placed in that batch file with minimal effort
- 12. Sources Dhillon, G. (2006). Principles of information systems security: Text and cases. (pp. 325-334). John Wiley & Sons.
Related Documents
