Question

In: Computer Science

Jane has an intent to penetrate the network in an organization. She has used passive reconnaissance...

  1. Jane has an intent to penetrate the network in an organization. She has used passive reconnaissance to gather extensive information on the company. She finds out the model numbers of routers and other devices by reading discussions between system administrators in forums. She also has a list of all the IT staff and their phone numbers. She also has the services running on ports on some machines she ran a network scanner on.
    1. What reasonable steps should the company have taken to prevent Jane from finding this information?
    2. What steps should the company take to prevent or reduce the efficacy of port scans?

Solutions

Expert Solution

Passive reconnaissance or passive attacks is a method for gaining information about a target system or network without actively engaging with the system whereas active reconnaissance which involves port scanning to find open ports for conducting attacks in the system requires the attacker to engage with the system actively.

a. Here, a Jane tries the method of passive reconnaissance to acquire information about the routers and the other systems or devices present in the network of the organization. Jane passively oversees the conversation of the system administrators of the organization on their forum and as she has their contact numbers, she also tries to impersonate or masquerade as another employee of the organization to get valuable information about their systems. Passive reconnaissance is also known as a method of social engineering.   

The steps the organization should have taken to prevent the attacker Jane to find out such valuable information about the devices and system types present in the organization are:-

  • Any discussions related to the IT resources of the organization such as their routers, computing devices should happen over a closed channel or on a forum belonging to the intranet of the company which should only be accessible to the employees of the organization after they login with their valid employee email id and password. Passwords should be changed on a regular basis.
  • Employees or system administrators should be advised against sharing their email IDs and passwords with anyone unknown. Awareness programs must be conducted by the higher management to make the employees aware about the various safety measures that he/she should take while handling important data of the company. Employees should be advised against accessing insecure sites or respond to spam mails.
  • System administrators should be advised against handing out any information related to the devices of the company via phone calls, even if the caller happens to be another employee. A through check of the caller should be made and then the system administrator could write a mail to that employee over the intranet of the organization to hand out the asked information. An email over the intranet of an organization is more secure than a phone call.
  • Computing devices of the organization should be installed with the licensed and updated versions of application softwares and antivirus softwares so that there is no chance of a virus or malware to affect the system. Model number of routers and other devices should be stored in a secure database of the organization which should have very limited access.

2. Jane running a network scanner to find out the open ports of the organization and the services running on them is an example of active reconnaissance.

The steps the organization should take to prevent active reconnaissance are:-

  • A good firewall should be used which would monitor the exposed ports and also control the visibility of those ports.
  • A good Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) should be used to detect and shutdown any ongoing port scans so that the attacker could not gauge the network of the organization.
  • Antivirus software must be used to flush out any threat on the systems of the organization. Harmful files or files coming from unknown sources should not be downloaded on the systems of the organization. The routers and other computing devices should be replaced with newer ones in every quadrennial.
  • Servers and operating systems should be patched with the last software versions and information about the latest threats on the operating systems should be known.

These are the ways in which the attacks could be prevented.


Related Solutions

Jane Smith, age 40, is single and has no dependents. She is employed as a legal...
Jane Smith, age 40, is single and has no dependents. She is employed as a legal secretary by Legal Services, Inc. She owns and operates Typing Services located near the campus of Florida Atlantic University at 1986 Campus Drive. Jane is a material participant in the business. She is a cash basis taxpayer. Jane lives at 2020 Oakcrest Road, Boca Raton, FL 33431. Jane’s Social Security number is 123-45-6789. Jane indicates that she wants to designate $3 to the Presidential...
Jane Smith, age 40, is single and has no dependents. She is employed as a legal...
Jane Smith, age 40, is single and has no dependents. She is employed as a legal secretary by Legal Services, Inc. She owns and operates Typing Services located near the campus of Florida Atlantic University at 1986 Campus Drive. Jane is a material participant in the business. She is a cash basis taxpayer. Jane lives at 2021 Oakcrest Road, Boca Raton, FL 33431. Jane's Social Security number is 123-45-6789. Jane indicates that she wants to designate $3 to the Presidential...
Jane Smith, age 40, is single and has no dependents. She is employed as a legal...
Jane Smith, age 40, is single and has no dependents. She is employed as a legal secretary by Legal Services, Inc. She owns and operates Typing Services located near the campus of Florida Atlantic University at 1986 Campus Drive. Jane is a material participant in the business. She is a cash basis taxpayer. Jane lives at 2021 Oakcrest Road, Boca Raton, FL 33431. Jane's Social Security number is 123-45-6789. Jane indicates that she wants to designate $3 to the Presidential...
Jane Doe has a promising career at University Hospital. In six months of working, she has...
Jane Doe has a promising career at University Hospital. In six months of working, she has been promoted to Associate Director and tasked with overseeing consumer quality and satisfaction, which will be used to support the hospital’s new vision and mission. This is Jane’s first big assignment, which is to develop a campaign aimed toward adult learners across several departments. However, her project is at risk due to a 32-year veteran on her team, named John Doster, who is reluctant...
Jane has been working in a drug testing lab for a few years. She is very...
Jane has been working in a drug testing lab for a few years. She is very familiar with antimicrobial testing. She is given a new drug to test for susceptibility and sensitivity. Her report needs to be detailed, listing all of the organisms that are susceptible and resistant, to back-up her results for the Minimal Inhibitory Concentration. Working in a lab where funding is an issue, describe how you would test the new drug. Be very detailed. Working in a...
Jane has 2,000 hours that she can allocate to work (H) or to leisure (L), so...
Jane has 2,000 hours that she can allocate to work (H) or to leisure (L), so H+L=2,000. If she works, she receives an hourly wage of $10. Any income she earns from working, she spends on food (F), which has price $2. Jane’s utility function is given by U(F,L) = 150*ln(F)+100*ln(L). The government runs a TANF program, which is defined by a benefit guarantee (BG) of $5,000 and a benefit reduction rate (BRR) of 50%. How many hours, H*, does...
Jane is the financial manager for Alpha Corporation. She has been asked to perform a lease-versus-purchase...
Jane is the financial manager for Alpha Corporation. She has been asked to perform a lease-versus-purchase analysis on a new printing machine. The machine costs $360,000 and will be depreciated using the straightline method with zero residual value over five years. Alternatively, the company can lease the machine with year-end payments of $95,000 over five years. The company’s tax rate is 35% and its before-tax cost of borrowing is 10%. Required: a Given the above information, calculate the net advantage...
Jane is the financial manager for Alpha Corporation. She has been asked to perform a lease-versus-purchase...
Jane is the financial manager for Alpha Corporation. She has been asked to perform a lease-versus-purchase analysis on a new printing machine. The machine costs $360,000 and will be depreciated using the straightline method with zero residual value over five years. Alternatively, the company can lease the machine with year-end payments of $95,000 over five years. The company’s tax rate is 35% and its before-tax cost of borrowing is 10%. Required: a) Given the above information, calculate the net advantage...
Anita donates a used car to a qualified organization. She bought it3 years ago for $9000....
Anita donates a used car to a qualified organization. She bought it3 years ago for $9000. A used car guide shows the fair market value for this type of car is $6000. However Anita gets a form 1098-C from the organization showing the car was sold for $2900. The vehicle was neither used nor improved by the organization given nor sold to a needy individual. If Anita itemizes her deductions, what amount csn she deduct for her donation?
Assume you are the network administrator for a mid-sized organization. Recently, management has given permission for...
Assume you are the network administrator for a mid-sized organization. Recently, management has given permission for several employees to work remotely. Your organization has used VPN access in the past for short-term traveling assignments. Discuss the pros and cons of implementing DirectAccess, and always on VPN vs normal VPN solutions. Your post should be 250-500 words.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT