incident response 1

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadlines.


Order a Similar Paper Order a Different Paper

On a Saturday night, network intrusion detection software records an inbound connection originating from a blacklist IP address. The intrusion detection analyst determines that the connection is being made to the organization’s VPN server and contacts the incident response team. The team reviews the intrusion detection, firewall, and VPN server logs and identifies the user ID that was authenticated for the session and the name of the user associated with the user ID.

  • What should the team’s next step be (e.g., calling the user at home, disabling the user ID, disconnecting the VPN session)? Why should this step be performed first? What step should be performed second?
  • How would the handling of this incident differ if the external IP address belonged to an open proxy?
  • How would the handling of this incident differ if the ID had been used to initiate VPN connections from several external IP addresses without the knowledge of the user?
  • Suppose that the identified user’s computer had become compromised by a game containing a Trojan horse that was downloaded by a family member. How would this affect the team’s analysis of the incident? How would this affect evidence gathering and handling? What should the team do in terms of eradicating the incident from the user’s computer?
  • Suppose that the user installed antivirus software and determined that the Trojan horse had included a keystroke logger. How would this affect the handling of the incident? How would this affect the handling of the incident if the user were a system administrator? How would this affect the handling of the incident if the user were a high ranking executive in the organization?

"Is this question part of your assignment? We can help"

ORDER NOW
Writerbay.net

Do you need help with this or a different assignment? We offer CONFIDENTIAL, ORIGINAL (Turnitin/LopesWrite/SafeAssign checks), and PRIVATE services using latest (within 5 years) peer-reviewed articles. Kindly click on ORDER NOW to receive an A++ paper from our masters- and PhD writers.

Get a 15% discount on your order using the following coupon code SAVE15


Order a Similar Paper Order a Different Paper