Eagle technology are a technological firm that uses the distributed computer system networks which mainly involves the interconnection of working computers to a Local Area Network (LAN) that enables the sharing of information from PCs and other peripherals like printers. The LAN is connected to a high end server that allows large storage of their data and application programs. The server allows for logical access control for potentially sharable information through elementary access control. Access controls limit the number of users that can get access to the desired data or files. The company’s connection to the internet towards the usable computers is facilitated by a router. The router acts as a translator of data between protocols and addresses (Great Britain, 2010). It acts a filtering device that can separate data in specified packets such as email packets and other smaller packets.
The company has ownership rights to a part of a larger Wide Area Network (WAN) governmental agency that help the company communicate with other parts of the agency with access credentials obeying hierarchy and that only the CTO can have a hold of these logins of valuable data within the mainframe server (Nemati, 2008).
Recently, the company received suspicious ongoing from within their server that was able to get access to unauthorized data and the modification of others. The severity of the data contained by the access of those credentials would cost the company millions in trying to recover the information. Using the tools obtained from the company to determine the cause of infiltration of the system and just like any other prone organisation, email spam and phishing was the problem As the malware was being particularly evident it appeared that the malware was part of a TeslaCrypt, a mass-mailing malware group. Moreover, a distributed denial service was found implied on the DNS of the firewall which caused some of the websites used within the company to fail. Phishing activities were also recognisable using the Symantec Website Security which secures and scans the websites of malicious entities. In addition to that, it has an Online Certificate Status Protocol (OCSP) looking into all information that passes through the website.
The local servers hosting the database of the company showed that a significant amount of phishing had occurred. Eagle technology organization professionals weathered a significant amount of USB-based social engineering attack that has seemingly caused some of the web applications to fail. The company’s CTO that the attack on their servers and breach of their files were prone due to the lack of software updating by the employees.
In addition to the email and spear-phishing, another cause of the company’s breach was done through the main connection through the Wide Area Network (WAN). This was done carefully by use of the Symantec Probe Network which monitored a small opening within the changes of the protocols that transverse through the WAN server and the LAN server. The perpetrators used “living of the land” that uses a range of tools that include taking advantage at loopholes that are contained within the operating system. Thus for the company to experience high level security it must undertake security protocol to protect the system in use. Some of the methods used in the securing of data in the company is through IDS/IPS, WinDump, Snort and TCPdump tools (Nemati, 2008).
Networking allows the interaction of data from various points within the network. In the protection of the organisation focus analysis was on the TCP, UDP and ICMP traffic. Through this the fundamental aspects of data traffics and the relay of information is analysed. These include:-
Source and destination IP addresses.
For TCP or UDP traffic, the source and destination ports.
For ICMP traffic, only the contents of Destination Unreachable (ICMP type 3) messages. These is expected to be useful in identifying failed and blocked connection attempts. Depending on the volume of traffic that is viewed the relevant personnel start by collecting traffic for a few minutes, hours or days (Nemati, 2008). Moreover,the collection is expected to be very resource-intensive, so it’s better in the organisation of small samples and the collection of bigger samples later as possessions permit (Great Britain, 2010). It’s a worthy idea to gather information over an extended period of time or to do short collections repeatedly and on varying days and times to get a more accurate sampling of data. This also allows the company to create a baseline of sorts. It is very important to realize that by doing monitoring periodically, one cannot be sure that you are catching everything going on. Taking into account the data on TCP packets and querying it to show failed connections (those that lack the full TCP three-way handshake), as well as evaluated the contents of ICMP Destination Inaccessible messages, can provide more valuable data for analysis.
Additionally, in many environments, no individual will know what activity is really illegal, particularly on a server-by-server or host-by-host basis. Tools like UDP are used in the securing of data. One struggle you will face is how to dal with UDP packets. Being that UDP is connectionless, it is often unclear which host is the server and which is the client. In conclusion it can be seen that the various threats were countered in the process through networking and traffic analysis methods such as IDS/IPS, WinDump, Snort and TCPdump.