Background: No-Internal-Controls, LLC is a
mid-sized pharmaceutical sales company in the Midwest of the US
employing around 150 personnel. It has grown over the past decade
by merging with other pharmaceutical sales companies and purchasing
smaller firms. Recently No-Internal-Controls, LLC
suffered a ransomware attack. The company was able to recover from
the attack with the assistance of a third party IT Services
Company. Attack Analysis: After collecting evidence and analyzing
the attack, the third party was able to recreate the attack. No-Internal-Controls, LLC has a number
of PCs configured for employee training These training computers use generic
logins such as "training1", "training2", etc. with passwords of
"training1", "training2", etc. The logins were not subject to lock out
due to repeated incorrect logins One of the firms purchased by
No-Internal-Controls, LLC allowed Remote Desktop connections from
the Internet through the firewall to the internal network for
remote employees Due to high employee turnover and lack
of documentation none of the IT staff were aware of the legacy
remote access The main office has only a single
firewall and no DMZ or bastion host exists to mediate incoming
remote connections The internal network utilized a flat
architecture An attacker discovered the access by
use of a port scan and used a dictionary attack to gain access to
one of the training computers The attacker ran a script on the
compromised machine to elevate his access privileges and gain
administrator access The attacker installed tools on the
compromised host to scan the network and identify network
shares The attacker copied ransomware into the
network shares for the accounting department allowing it spread
through the network and encrypt accounting files Critical accounting files were backed
up and were recovered, but some incidental department and personal
files were lost Instructions: All Questions are worthÂ
3Â points each -Â
12 points total for the assignment. Assignment is
due on February 26
th, at 11:59 pm, EPT. Suggest a password policy for
No-Internal-Controls. Include an example of a technical control and
an administrative control. Also include examples of a preventative
control and a detective control. You may include as many controls
as you like. Explain how this will mitigate against similar
attacks. No-Internal-Controls has a main office,
two regional sales offices, and two warehouses. Suggest a physical
security policy for No-Internal-Controls that includes controls
that address each of the following potential vulnerabilities: No-Internal-Controls has a limited
budget and is considering one of three different projects for the
first half of the year: The organization can only afford one
project, the other two will be delayed until the end of the year.
The board has asked you to recommend which project will be funded
first. Which one do you support, and why? The Board of Directors wants to
preserve evidence in the event that the attacker can be identified
and prosecuted. Refer to slide 8 from the Week 5 lecture. How can
we assure that the evidence is authentic? Accurate? Complete?
Should you request documentation from the IT services company that
investigated? Why? Bonus Question (1 point): Â What ports and protocol was in
use by the remote employees at the time of the attack?
Question 3:
Solution details:
ANSWER RATING
This question was answered on: Sep 05, 2019
This attachment is locked
We have a ready expert answer for this paper which you can use for in-depth understanding, research editing or paraphrasing. You can buy it or order for a fresh, original and plagiarism-free solution (Deadline assured. Flexible pricing. TurnItIn Report provided)












Other samples, services and questions:
When you use PaperHelp, you save one valuable — TIME
You can spend it for more important things than paper writing.