You are the chief information security officer (CISO) at a Department of Defense

Question

You are the chief information security officer (CISO) at a Department of Defense (DoD) contractor. There are many contracts the business is currently engaged in. One involves a new radar system with a significant amount of intellectual property (IP). You arrive at work Monday morning and your network team follows you into your office, explaining that it appears the enterprise may have been compromised. Explain what the IPS and IDS would indicate. Would the alarms necessarily have alerted the appropriate parties? What might the attackers have done to prevent from being detected by the IDS/IPS? What might be the implications of this action on the business from an information security (InfoSec) perspective.

a. IPS and IDS - explain what the IPS and IDS would indicate for the network compromise.

b. Alerts to appropriate parties- explain whether the alarms would have alerted the appropriate parties to the possible compromise.

c. Attackers escape detection - explain what the attackers might have done to prevent from being detected by the IDS/IPS.

Kindly focus on a. b. and c.

Explanation / Answer

a.

IPS would indicate the following:

IDS would indicate the following:

b.

If the company is using IPS or IDS or the embedded system consisting of both then the alerts are being send to the network team and administration. The alerts contains the information about the type of attck been taken place and its severity level.

Yes, the alarms would alert the specific parties that have been compromised.

c.

The attacker may use the following mechanism to escape from being detected by the IDs/ IPS:

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.