FXT Task 2 Scenario
An employee hacked into the human resource records system at the employee’s place of business and changed the employee’s base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount.
|Notes:a. The HR records were being hacked by an employee
b. The employee changed the base salary to obtain a pay raise
c. By spoofing an IP address in order to eavesdrop on the network
d. Employee was able to locate where the data was stored, modified it to receive two pay checks with the new amount
Fortunately, an auditor happened to discover the error. The auditor sent an e-mail to several individuals within the organization to let them know there was a potential problem with the employee’s paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original e-mail was sent to. The employee and the auditor exchanged e-mails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee’s own paycheck.
|Notes:1. How was the attack discovered? = An auditor discover the error
2. What he did? = he sent email to several individuals within the organization to let them know there was potential problem with the employee’s paycheck
3. Man-in-the Middle attack. However, the employee was able to intercept the message and craft fake responses from the individuals the original email was sent to.
4. Gain access to Financial records: The auditor and the employee exchanged emails back and forth until the employee was soon given access permissions for some other financial records
5. Security Issues: With this information the employee was able to lower the salaries of the President of the company and several other employees and include the difference in his own paycheck
The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls. As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network traffic to and from the human resources system and prevent eavesdropping. It would also properly authenticate the host to prevent spoofing.
|Notes:· Lack of authentication and Encryption controls: The IT staff has determined that the Spoofing that occurred was caused by lack of authentication and encryption controls.
· Remediation: IT department installed a local root certificate authority to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate.
· This will encrypt all network traffic to and from the human resource system and prevent eavesdropping. It will also prevent Spoofing by properly authenticating the host.
- Perform a postevent evaluation of how the organization’s IT staff responded to the attack described in the scenario by doing the following:
- Describe the series of malicious events that led up to the incident.
Malicious attacks that led to compromising the HR records are;
- Identify who needs to be notified based on the type and severity of the incident.
IT Seurity Staff
Senior Management: President
Accounting Department: Manager
Developers: for the DATABASE
- Outline how the incident could be contained.
How to contain the following attacks:
Implementation of proper security methods for authentication and encryption controls
- Discuss how the factor that caused the incident could be eradicated.
The factor that caused the incident could have been eradicated if proper controls were implemented to detect IP Spoofing and the employees were trained to detect and report such matters to the right sources
- Discuss how the system could be recovered to return to normal business practice.
- Explain how the system could be verified as operational.
The system could have been recovered to normal business practice, if the MSQL data manipulation has been detected earlier that better controls were being placed to prever
- Perform a follow-up of the postevent evaluation by doing the following:
- Identify areas that were not addressed by the IT staff’s response to the incident.
The areas that were not being address by the IT staff’s response to the incident are:
- What security areas need to be discussed for an IP Spoofing Attack
- Identify the other attacks mentioned in the scenario that were not noticed by the organization.
- Describe the type and severity of the attacks not noticed by the organization.
The type of attack that were not noticed by the organization are:
- Describe how these additional attacks can be prevented in the future.
The following attacks can be prevented by:
- Recommend a recovery procedure to restore the computer systems back to a fully operational state.
A recovery procedure that would restore the computer system back to a fully operational state is as follows: fdffafasfafasasfdsf
- When you use sources, include all in-text citations and references in APA format.
Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.
Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.
Note: When using sources to support ideas and elements in a paper or project, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.
Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. For tips on using APA style, please refer to the APA Handout web link included in the General Instructions section.