Question

In: Computer Science

Case Project 4-1: Using System-Monitoring Tools You recently became the server administrator for a company. As...

Case Project 4-1: Using System-Monitoring Tools

You recently became the server administrator for a company. As soon as you walked in the door, users were telling you the network is running slowly quite often, but they couldn't tell you when it happened or how much it slowed down. What tests and measurements could you use to try to determine what's going on?

Case Project 4-2: Protecting the Network

You work for a company that hasn't been too concerned about network security and performance, but as more employees are hired, management is beginning to worry that employees are using the Internet for purposes that aren't work related. What types of network monitoring could you do to make sure Internet access is being used correctly in the company?

Case Project 4-3: Auditing Sensitive Data Access

You're the network administrator for a company that has contracts to store sensitive data for other companies, and clients want reassurance that you're protecting their data. The company has groups of employees who will be working with clients, and several contractors need access to the data, too. To make managing data easier, each client has been assigned his or her own disk volume. What types of auditing can you set up to reassure clients their data is protected and to check which files employees and contractors are accessing?

Solutions

Expert Solution

4.1 The following Test & Measurment can be determine when the network is running slow:

  • Test basic connectivity with ping, check the map if the ports are open 20 and 21. check if firewall is restricting traffic to the server.
  • Ping the DNS server and check the response. check the Wireshark if DNS request and response packets are being send and received.
  • Check the connectivity with the default gateway. check if the DNS server is configured on the PC. check if the appropirate port number is active using nmap on the DNS Server.
  • Check the IP connectivity with the DHCP server from a system configured on the network. Test if the DHCP client and server service is started on the DHCP server and the client. Test if the DHCP server service is reachable using nmap.
  • check the IP connectivity using ping. check if port 23 is open on the router using nmap.

Network administrators hane many different ways to find out what happening on networks:

  • Port scanners - gathers information across the network, no special permission required, determine up/down status by ping, check for open ports may indicate available service, scan operating system determine without logging in, scan service for version inforamtion.
  • Interface monitoring - the most important statistics, no special right or permission required, it will show alarming and alerting, provides short term and long term reporting.
  • Packet flow monitoring - gather traffic monitoring, netflow, problem collector, usually separate reporting app.
  • SNMP - it is stands for simple network management protocol, its information will be very detailed.

4.2 To successfully defend against the network to defend our network against attacks as system administrators need to consider lots of different things:

  • Physical controls - if somebody have attacks our power or systems that can be effect on servers as well as networks well. the physical controls can be done following ways:
    • reduce unauthorised access
    • mantraps
    • keypads
    • locked facilites
    • Authentication access
    • Badges, Biometrics, Key fobs, Pins, Password
  • User Training - the users are one of our biggest problems for insuring the networks. users presents one of the greater vulnerabilities to the network. Training should include:
    • Social engineering awareness
    • Virus Transmission dangers
    • Password security
    • E-mail Security
    • Physical security
  • Patching - we have to patch our systems and update our operating systems as well as network gear, if there is know vulnerability and you don't patch for it the hacker already know the way in, and just give them to keys. it is designed to correct a known bug or fix to known vulnerability in an application or program. Patches should be implemented so they become available. Updates add new features, patches fix vulnerabilites.
  • Security Policies - it is usually handled by management and they're can be the polices and procedures that are in place for us to follow the secure our networks better and ensure that we're doing thing properly. lack of security policy, or lack of enforcement of an existing policy, is one reason of security breaches, Accepting use polices are common component of a corporate security policy, it contains a myraid of other complmentary policies. the large organization, the more complex the security policy is. security policies server multiple purposes:
    • Protecting an organization assets.
    • identifying specific security solutions
    • Making employees aware of their orgranization
    • Acting as baseline for ongoing security monitoring
  • Security Policy parts are:
    • Governing Ploicy - Focused toward managerial and technical employees, high level document that focuses the organization
    • Technical policies - E-mail, wireless, Remote access, and bring your own devices. the devices brings new vulnerabilities such as bluejacking which is sending of unauthorized message over Bluetooth, Bluesnarfing which provides unauthorised access to wireless through Bluetooth and Bluebugging which is unauthorised backdoor to connect Bluetooth back to attacker.
    • End user policy - acceptable use policy, consent to monitoring, cellular devices
    • Standar, guidelines and procedures.
  • Incident response - with instant response, dealing with how are we going to respond when an exit, when an incident happens, if a hackers get into your systems how you are going to stop them and how you are going to recover form it.the incident response is how an organization reacts to a security violation, prosecuting computer crimes can be very difficult, successful prosecution relies on:
    • Means - Does the suspect have the technical skill to perform the attack?
    • Motive - Why would they perform the attack?
    • Opportunity - Do they have time and access?
  • Vulnerability scanners - about finding what vulnerabilities have finding those unpatched systems and finding the ways to hackers are going to get into your networks. Peroidically test the network to verify the network security components are behaving as expected and to detect known vulnerabilities, they are application that conduct these tests.
  • Honey pots and Honey nets - those are distractors for the attackers going to put those in our network so that the attackers go after those instead of going after our actual resources. they are the systems designed to appears to be alternative target that is distractor for the attackers. Attackers user their resources attacking the honey pot and leave the real servers alone. Honey pot is a single machine which is a network of multiple honey pots, it can be used to study how attackers conduct their attacks.
    • Remote-access security - how can protect network then do allow remote access to of users. it controls access the network devices such as routers, switchers, servers and clients.
      Method

      Discription

      SSH Secure Remote access via terminal emulaor
      RADIUS Open standard, UDP-based authentication protocol
      TACACS+ Cisco prosperity, TCP-based authentication protocol
      IEEE 802.1X Permits or denies a wired or wireless client access to a LAN
      Two-factor authentication Requires two types of authentication; something you know, something you or something you are
      Single sing-on Authenticate once and access multiple systems.

4.3 The auditing can be set up in following types:

  • Establish user Accountability : This is a difficult challenge as many applications use connection-pooling which masks the true identity of the end user.
  • Provide Detailed Audit Event information : Capturing the raw access query and system response attributes is essential for effective forensic investigation and incident response.
  • Customize compliance reports, alterts and Analytics tools : Real-time alerts and audit analytics tools enable efficient and comprehensive forensic investigations and incident response. Predefined reports provide a starting point and help address the specific audit requirements of each regulation, while customizability supports unique technical and business needs
  • validate that all system in scope are audited : Automated discovery and classification capabilities enable quick identification of regulated systems and reduce the cost required to maintain compliance.
  • Audit all access to sensitive data - to ensure all systems hosting regulated data are in audit scope, audit all the data systme containing containg data which is on regular basis. privilaged access to data including local system access, and non provilage network access. the data access events whether the access is read only, a data modification transaction or provilage operations.

Related Solutions

Case Scenario Congratulations! You were recently promoted from Assistant Administrator to Licensed Nursing Home Administrator. With...
Case Scenario Congratulations! You were recently promoted from Assistant Administrator to Licensed Nursing Home Administrator. With the promotion comes a new opportunity to be the Administrator of a one-hundred bed skilled nursing facility in a rural area of central PA. Unfortunately, the facility is not without its challenges. In the past six months, twenty-nine employees, all CNAs, have resigned with several CNAs simply not showing up for their scheduled shift. The constant turnover has impacted staff morale to where it...
Case Project 4-1: Using an E-mail Address to Determine a Network’s Operating System Quiz Questions a....
Case Project 4-1: Using an E-mail Address to Determine a Network’s Operating System Quiz Questions a. What tools might you use after learning Mike’s e-mail address? b. What can you determine by entering Mike’s e-mail address into Google? What about just the handle “vetman2601”? c. Could the information you learned from Google be used to conduct vulnerability testing? d. Write a memo to the IT manager, Bob Jones, about the potential issues with running a old RHEL 5.8 server, and...
Case Project 3-3: Ensuring Proper Server Configuration You are called to consult with an organization that...
Case Project 3-3: Ensuring Proper Server Configuration You are called to consult with an organization that has well over 100 servers including virtual servers. The manager you spoke with told you that the organization is having problems keeping the servers properly configured. Different administrators make changes to the configuration or add and remove services to keep up with user demand. However, the manager finds that changes are not well documented and often cause problems. The manager would like to know...
You are the senior system administrator in your company and are known for your Active Directory...
You are the senior system administrator in your company and are known for your Active Directory expertise. Your specialty is Group Policy Objects (GPO) and tracking changes. Your boss tells everyone about a tool developed by Microsoft called “Policy Analyzer” for tracking changes and troubleshooting GPO. He would like you to conduct a “lunch and learn” about Policy Analyzer for your Windows Administration Team. You realize that the product’s name has been changed to “Microsoft Security Configuration Toolkit”. Diplomatically conduct...
How can you a an administrator be involved in a case regarding suspected physician incompetency? (1...
How can you a an administrator be involved in a case regarding suspected physician incompetency? (1 paragraph please)
Case Project 3-2: Desktop Computing The director has evaluated your server recommendations and asks you to...
Case Project 3-2: Desktop Computing The director has evaluated your server recommendations and asks you to design a strategy for upgrading the desktop hardware. He feels that most of the university’s desktop computers need to be replaced. You should explain your strategy.
You are a network administrator in a medium-sized company. The owner has heard of using RIP...
You are a network administrator in a medium-sized company. The owner has heard of using RIP and OSPF on the routers and that it will help your network. He isn't very computer savvy, so he wants you to explain it to him and tell him what to use and how you are going to implement it. Write a memo using standard memo format that outlines this for your company's owner using either a Microsoft Word Memo template or another example,...
Scenario: You are a network administrator in a medium-sized company. The owner has heard of using...
Scenario: You are a network administrator in a medium-sized company. The owner has heard of using RIP and OSPF on the routers and that it will help your network. He isn't very computer savvy, so he wants you to explain it to him and tell him what to use and how you are going to implement it. Write a memo using standard memo format that outlines this for your company's owner using either a Microsoft Word Memo template or another...
Project #1 Collaboration Description: In this assignment you are to explore what information technology tools are...
Project #1 Collaboration Description: In this assignment you are to explore what information technology tools are available for collaboration in teams. While there are many options, you will find that we can put them into categories. For each of the categories listed identify a collaboration tool and fill out the relevant table entries.
Case Study You work as a Change Manger for ABC Company. In this project you are...
Case Study You work as a Change Manger for ABC Company. In this project you are required to demonstrate your skills and knowledge through identifying change requirements and opportunities, developing a change management strategy, and implementing a change management strategy. You can demonstrate evidence of your planning by providing the communication strategy and action plan to ensure consultation and participation, stakeholder analysis, risk treatment action plan, a work breakdown analysis, a responsibility assignment matrix and a project schedule. Read the...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT