Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Brody had been enjoying a nice, calm shift in HAL\'s network operations center.

ID: 362899 • Letter: B

Question

Brody had been enjoying a nice, calm shift in HAL's network operations center. The calmness of the evening was interrupted, however, when a pop-up notification appeared on his monitor. The NIDS had detected malicious traffic on a brance network in Tuscaloosa, Alabama, specifically targeting the branch Web server. As Brody picked up the telephone to contact the on-call network tech for that office, the NIDS displayed another pop-up notification, this time reporting malicious traffic on a branch network in Mobile. In short order, it also displayed notifications for branches in Athens, Columbia, Auburn, and Starkville. Even more alarming, the NIDS indicated that the traffic was all coming from other branches within the company.

Brody immediately recognized that this was different from the typical attacks he'd seen in his time with the company and decided to call his boss, Nick Shula. It was 3:30 AM when he made the call.

"Hello?" said Shula, groggy with sleep.

"Boss, it's Brody," Brody said. "Sorry to be calling like this, but i think we've got a problemm. The NIDS is showing that Web servers in multiple branch offices are under attack, and the traffic is coming from inside our network. What do you want me to do?"

Shula, suddenly awake, thought back to the proposal that was sitting on his desk, concerning the creation of an incident response team for the company. Shula had een so busy with other things that he hadn't been able to consider the proposal at all. Mentally kicking himself, he muttered into the phone, "Why didn't I look at that proposal?"

"What was that, boss?" Brody said.

"Never mind," Shula said. He had to think quickly in order to guide Brody through the situation. "Call the firewall guy on duty," he said, "and have him put in a temporary rule on the DMZ firewall to block all inbound traffic to the Web servers from internal IP addresses." After all, it was the middle of the night, and very few, if any, employees would be doing any work that involved the Web servers. Shula figured he would jsut get up a little early and have the rule removed before normal working hours; hopefully, by then the attack would have stopped.

"OK boss, will do. Get back to sleep, now," Brody said.

Shula headed back to bed, thinking everything was OK. But as soon as his eyes closed, the phone rang again. He took a look at the caller ID and blanched. It was Mal Bryant,, the company CEO.

"Nick, it's Mal," Mal said. "Listen, I'm in Belgium and attached to the corporate network via the VPN. For some reason, I can't get to our internal Web server. You have ny idea what's going on?"

Shula sighed as he realized it was going to be a long night...

Two weeks later, Brody got an e-mail from Nick Shula inviting him to attend a meeting during the day shift later in the week. The meeting was being called to discuss the formation fo the company's new CSIRT.

Brody would be one of the employees identified to perform specific actions when events became incidents and the response plans were activated. As a front-line watch stander in the network operations center, Brody would play a critical role. In addition to his role as a key memeber of the response team, Brody was going to be invited to help develop the plans and procedures and would then be trained in how to be a first responder.

Discussion Questions:

1. From what you know of the company so far, what will be among the various constituencies that the CSIRT will serve?

2. Will the company need to hire more employees to meet the needs of the CSIRT, or would you suggest it outsource some of that effort?

Explanation / Answer

1. CSIRT would typically mean computer security incident response team. It will help employees report discuss and disseminate information regarding computer security related information across the entire organisation and its various verticals.

It will help in timely response 24x7 and a coordinated effort in incident handling. The information technology department and other departments heavily or partly using it systems would be the ones typically affected by the formation of this body.

2. To efficiently construct CSIRT, the organisation should outsource the work in majority initially. However, in the later stages once its employees get trained well, the company can build upon its in house department much more efficiently. Still the company should at all times have at least a part of the work outsourced to have a continuous access to the respective it systems. This would mainly be required because information security is a fast moving technology and the company and its employees need to be regularly updated and informed of any external threats.

Related Questions

Brittle (elastic, competent) solids bend and snap back, and can break. Ductile (
Question #105260
Brittle materials are characterized by significant plastic deformation prior to
Question #1920077
Brittman Corporation makes three products that use the current constraint-a part
Question #2386512
Brittman Corporation makes three products that use the current constraint-a part
Question #2387017
Britto is testing a new filter for their water purifier. Initial samples were co
Question #3143114
Bro please solve Q 3.10 in Matlab i only need the final answer just capture it t
Question #3110505
Bro. Daines got tired of trying to teach his students Fluid Mechanics and really
Question #1836057
BroSoBasic Productions has produced a TV series, Fleet & Frenetic. Its cast appe
Question #1140807
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Brodrick Company expects to produce 21,100 units for the year ending December 31
Next
Brody is considering opening up a second store. Since the current location is do

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.