MN604 IT Security Management: Network Attack Analysis and Prevention
VerifiedAdded on 2023/06/11
|11
|2449
|304
Report
AI Summary
This report provides an analysis of IT security management, focusing on network attacks such as Distributed Denial of Service (DDoS) attacks, exemplified by the Boston Children's Hospital case, and the WannaCry ransomware attack. It details how these attacks work, their propagation methods, and their impact on organizations. The report also covers mitigation options, incident response planning, disaster recovery planning, and business continuity planning. Furthermore, it offers practical steps to protect personal computers from WannaCry and similar attacks, discusses lessons learned from the WannaCry incident, and identifies the appropriate Australian authority to contact in case of a cyber-attack. The report also includes a memo discussing social engineering breaches within an organization, highlighting the importance of coordinated security policies and recommending measures to prevent data theft. Desklib provides this and other solved assignments for students' reference.
Running head: IT SECURITY MANAGEMENT
IT Security Management
Name of Student-
Name of University-
Author’s Note-
IT Security Management
Name of Student-
Name of University-
Author’s Note-
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1IT SECURITY MANAGEMENT
Part 1: Researching Network Attack
Name of attack: Distributed Denial of Service Attack
(DDoS)
Type of attack: Computer Network Attack
Dates of attacks: March 20, 2014, February 28, 2018
Computers / Organizations affected: DDoS attack on GitHub Website, DDoS
Attacks on Boston Children's Hospital
How it works and what it did:
The Denial of Service attack is considered as a deadly weapon that is used for attacking many
organizations and computer network. The case study that is taken in this account is the case
study of Boston Children’s Hospital. This hospital was attacked by Distributed Denial of
Service attack in the 2014. The Denial of Service attack is basically an attack that makes data
or information unavailable to intended hosts. There are different methods as well as strategies
to carry out the DoS attack. The main work of the DoS attack is to enter the network of the
victim and get access of the victim’s network. The DoS attack also makes that network
inaccessible for other clients. The network is made unavailable by using many number if IP
packets. Another way that the hacker can attack a victims using Denial of Service attack is by
attacking in different loopholes making the network unstable. There are other DoS attacks that
are mainly carried out in the application level disturbing the usual functioning of the service.
These attacks crashes Wen Browser, media player, or email application.
The attack took place in the Boston Children’s Hospital. The attack took place in three strikes.
Part 1: Researching Network Attack
Name of attack: Distributed Denial of Service Attack
(DDoS)
Type of attack: Computer Network Attack
Dates of attacks: March 20, 2014, February 28, 2018
Computers / Organizations affected: DDoS attack on GitHub Website, DDoS
Attacks on Boston Children's Hospital
How it works and what it did:
The Denial of Service attack is considered as a deadly weapon that is used for attacking many
organizations and computer network. The case study that is taken in this account is the case
study of Boston Children’s Hospital. This hospital was attacked by Distributed Denial of
Service attack in the 2014. The Denial of Service attack is basically an attack that makes data
or information unavailable to intended hosts. There are different methods as well as strategies
to carry out the DoS attack. The main work of the DoS attack is to enter the network of the
victim and get access of the victim’s network. The DoS attack also makes that network
inaccessible for other clients. The network is made unavailable by using many number if IP
packets. Another way that the hacker can attack a victims using Denial of Service attack is by
attacking in different loopholes making the network unstable. There are other DoS attacks that
are mainly carried out in the application level disturbing the usual functioning of the service.
These attacks crashes Wen Browser, media player, or email application.
The attack took place in the Boston Children’s Hospital. The attack took place in three strikes.
2IT SECURITY MANAGEMENT
On March 20 in the year 2014, the IT group of the Boston Hospital got a threatening message
in Twitter [1]. The message was related to the case of child custody case of a 15 year old girl
who had a complex diagnosis was undertaken by Massachusetts protective services. The
message that came to the hospital was about returning their child to her parents and making
certain action against the clinicians. The attackers who sent message also posted some
personal information including the home address, email address and the phone numbers of the
some of the people who were involved.
The first phase of attack was on April 2014. In this Strike 1 of DDoS, the attackers attacked
the external website of the hospital.
The second phase of attack was done again within a week. This is considered as Strike 2
attack of the hospital. This attack included the TCP fragmented floods, DNS reflection flood,
and the out of the state flood.
In the strike 3 attack of the DDoS, the attacks were at its peak. The third attack was four times
more dangerous than the second attack. The attackers used spear phishing emails to lure the
recipients for clicking the links or the opening attachments. This helps the attacker to grant
access to the network behind the firewall in the hospital.
Mitigation options:
On March 20 in the year 2014, the IT group of the Boston Hospital got a threatening message
in Twitter [1]. The message was related to the case of child custody case of a 15 year old girl
who had a complex diagnosis was undertaken by Massachusetts protective services. The
message that came to the hospital was about returning their child to her parents and making
certain action against the clinicians. The attackers who sent message also posted some
personal information including the home address, email address and the phone numbers of the
some of the people who were involved.
The first phase of attack was on April 2014. In this Strike 1 of DDoS, the attackers attacked
the external website of the hospital.
The second phase of attack was done again within a week. This is considered as Strike 2
attack of the hospital. This attack included the TCP fragmented floods, DNS reflection flood,
and the out of the state flood.
In the strike 3 attack of the DDoS, the attacks were at its peak. The third attack was four times
more dangerous than the second attack. The attackers used spear phishing emails to lure the
recipients for clicking the links or the opening attachments. This helps the attacker to grant
access to the network behind the firewall in the hospital.
Mitigation options:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3IT SECURITY MANAGEMENT
When the management came to know about the threat, then they immediately became aware.
The management team of the Boston Children’s Hospital started the incident response team
which is multidisciplinary. The team quickly accesses the services that are likely to be
compromised or to be lost if the hospital lose their internet connection. The wrong thing that
the hospital made was that it has not taken such preventive measures before the attack of the
denial of service. Three impacts were identified by the team.
They were not able to route prescriptions electronically to their pharmacies.
There were email downtime for all the departments which was the only critical process
for their functions.
They were not able to access the remotely Electronic Health Records in the server.
The hospital invokes an emergency response team, to do the mitigation and used Radware’s
scrubbing centre for handling the excessive rate of DDoS attacks.
As there are no such particular way of distributed denial of service attack, the system that
divides the system are volumetric, application attacks, as well as protocol.
References:
[1]"DDoS Case Study: DDoS Attack Mitigation Boston Children’s
Hospital", Security.radware.com, 2018. [Online]. Available:
https://security.radware.com/ddos-experts-insider/ert-case-studies/boston-childrens-hospital-
ddos-mitigation-case-study/. [Accessed: 30- May- 2018].
When the management came to know about the threat, then they immediately became aware.
The management team of the Boston Children’s Hospital started the incident response team
which is multidisciplinary. The team quickly accesses the services that are likely to be
compromised or to be lost if the hospital lose their internet connection. The wrong thing that
the hospital made was that it has not taken such preventive measures before the attack of the
denial of service. Three impacts were identified by the team.
They were not able to route prescriptions electronically to their pharmacies.
There were email downtime for all the departments which was the only critical process
for their functions.
They were not able to access the remotely Electronic Health Records in the server.
The hospital invokes an emergency response team, to do the mitigation and used Radware’s
scrubbing centre for handling the excessive rate of DDoS attacks.
As there are no such particular way of distributed denial of service attack, the system that
divides the system are volumetric, application attacks, as well as protocol.
References:
[1]"DDoS Case Study: DDoS Attack Mitigation Boston Children’s
Hospital", Security.radware.com, 2018. [Online]. Available:
https://security.radware.com/ddos-experts-insider/ert-case-studies/boston-childrens-hospital-
ddos-mitigation-case-study/. [Accessed: 30- May- 2018].
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4IT SECURITY MANAGEMENT
Part 2- Researching about WannaCry Ransomware Attack
Question 1: How it works and what it did?
WannaCry is a type of ransomeware attack that attacked a large number of computer
attack in May, 2017. The WannaCry attack infected the Windows of computers are mainly
encrypted the files on the hard drive and makes impossible for its users for accessing them and
then demands a payment for the Ransome in order to decrypt them [3]. The WannaCry attack
that took place spread over many number of high-profile systems which included Britain's
National Health Service. The malware exploited the vulnerability of Windows that was generally
suspected to discover the United States National Security Agency. The WannaCry Ransomware
has multiple of components in it. The malware arrives on infected computer as a dropper, which
is a self-contained program for extracting other components that are embedded within it. The
components that are embedded are application which helps to decrypt and encrypt the data, the
files that contains encryption keys, and a copy of Tor.
Question 2: How this attack is propagated?
The attack for the WannaCry is more interesting than ransomware itself. The malware of
the WannaCry mainly exploits the lies in Windows implementation. Of SMB (server Message
Block) protocol [5]. This protocol needs different nodes on the network communication. This
WannaCry attacked over 150 countries and then infected more than 230,000 computers all over
the countries. The hackers of the WannaCry attack executed this attack by exploiting the
vulnerability of EternalBlue in the operating system of OS. This WannaCry Ransonware attack
Part 2- Researching about WannaCry Ransomware Attack
Question 1: How it works and what it did?
WannaCry is a type of ransomeware attack that attacked a large number of computer
attack in May, 2017. The WannaCry attack infected the Windows of computers are mainly
encrypted the files on the hard drive and makes impossible for its users for accessing them and
then demands a payment for the Ransome in order to decrypt them [3]. The WannaCry attack
that took place spread over many number of high-profile systems which included Britain's
National Health Service. The malware exploited the vulnerability of Windows that was generally
suspected to discover the United States National Security Agency. The WannaCry Ransomware
has multiple of components in it. The malware arrives on infected computer as a dropper, which
is a self-contained program for extracting other components that are embedded within it. The
components that are embedded are application which helps to decrypt and encrypt the data, the
files that contains encryption keys, and a copy of Tor.
Question 2: How this attack is propagated?
The attack for the WannaCry is more interesting than ransomware itself. The malware of
the WannaCry mainly exploits the lies in Windows implementation. Of SMB (server Message
Block) protocol [5]. This protocol needs different nodes on the network communication. This
WannaCry attacked over 150 countries and then infected more than 230,000 computers all over
the countries. The hackers of the WannaCry attack executed this attack by exploiting the
vulnerability of EternalBlue in the operating system of OS. This WannaCry Ransonware attack
5IT SECURITY MANAGEMENT
impacted many leading organizations in various countries. Within a couple of days, this attack
became as sort of sensation of the global level. This makes the ransomware most famous among
all the non-technical people as well.
Question 3:
Impact of this attack on the operation of an organization?
The impact of the WannaCry ransomware attack was believed to be a rogue cyber
weapon that was stolen from NSA. The impact of this cyber-attack instructed the employees not
to open any files or they should not login into their accounts for two hours [1]. Most of the
organization installed the antivirus on their systems for allowing them to work first and then the
employees were instructed to log in their systems. The organizations faced problems about how
to mitigate the attacks and about how to robust their systems. The WannaCry ransomware also
attacked the computer systems in NHS hospital, blocking about all the files for accessing by
encryption. This ramsomware WannaCry attack demanded them to pay an amount of $300 in
bitcoin and increased their demand to $600.
Mitigation process to protect their networks and resources-
All the organization that have faced the WannaCry ransomware attack first of all installed
an antivirus in all their systems so that the antivirus can detect the malware in the system. The
organizations also instructed them not login to the network of the organization. The WannaCry
ramsomware leads to many organization loss [4]. It was also reported to all the identified
organization to not pay the ransom money to the attackers. If the amount of asked money were
paid to the attacker, then it would be very difficult to get the hacked data return from them. So,
not paying the amount was best decision that they took.
impacted many leading organizations in various countries. Within a couple of days, this attack
became as sort of sensation of the global level. This makes the ransomware most famous among
all the non-technical people as well.
Question 3:
Impact of this attack on the operation of an organization?
The impact of the WannaCry ransomware attack was believed to be a rogue cyber
weapon that was stolen from NSA. The impact of this cyber-attack instructed the employees not
to open any files or they should not login into their accounts for two hours [1]. Most of the
organization installed the antivirus on their systems for allowing them to work first and then the
employees were instructed to log in their systems. The organizations faced problems about how
to mitigate the attacks and about how to robust their systems. The WannaCry ransomware also
attacked the computer systems in NHS hospital, blocking about all the files for accessing by
encryption. This ramsomware WannaCry attack demanded them to pay an amount of $300 in
bitcoin and increased their demand to $600.
Mitigation process to protect their networks and resources-
All the organization that have faced the WannaCry ransomware attack first of all installed
an antivirus in all their systems so that the antivirus can detect the malware in the system. The
organizations also instructed them not login to the network of the organization. The WannaCry
ramsomware leads to many organization loss [4]. It was also reported to all the identified
organization to not pay the ransom money to the attackers. If the amount of asked money were
paid to the attacker, then it would be very difficult to get the hacked data return from them. So,
not paying the amount was best decision that they took.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6IT SECURITY MANAGEMENT
Question 4:
Duty of the Incident Response Planning
The Resource Planning team is most effective so that they can help the organizations for
responding the incidents when there are three distinct function in place [3]. There should be
presence of CSIRT (Computer Security Incident Response Team), a legal expert as well as
public communication expert.
The CSIRT mainly consists of group that helps to execute the technical aspect of the
Incident Response Plan. The members of this team are mainly responsible for detection,
eradicating the cyber incidents and the containment of the cyber-attacks.
Disaster Recovery Planning
To carry out the Disaster Recovery Planning, there must be a Disaster Recovery team that
is considered as a core of the disaster recovery or is also known as business continuity effort [2].
For disaster recovery, there must be involvement of the CIO or the involvement of the senior IT
manager. The planning that are taken by the team heads are known as Disaster Recovery
Planning that helps an organization to recover the attack that took place.
Business Continuity Planning
The Business Continuity Planning includes all the essential functions that are needed in a
business, which helps to identify the processes and the systems that are sustained and about how
to maintain them [3]. When an organization faces risks that are related to the cyber-attack, or
some natural disasters, then the Business Continuity Planning is done. In this process the IT
Question 4:
Duty of the Incident Response Planning
The Resource Planning team is most effective so that they can help the organizations for
responding the incidents when there are three distinct function in place [3]. There should be
presence of CSIRT (Computer Security Incident Response Team), a legal expert as well as
public communication expert.
The CSIRT mainly consists of group that helps to execute the technical aspect of the
Incident Response Plan. The members of this team are mainly responsible for detection,
eradicating the cyber incidents and the containment of the cyber-attacks.
Disaster Recovery Planning
To carry out the Disaster Recovery Planning, there must be a Disaster Recovery team that
is considered as a core of the disaster recovery or is also known as business continuity effort [2].
For disaster recovery, there must be involvement of the CIO or the involvement of the senior IT
manager. The planning that are taken by the team heads are known as Disaster Recovery
Planning that helps an organization to recover the attack that took place.
Business Continuity Planning
The Business Continuity Planning includes all the essential functions that are needed in a
business, which helps to identify the processes and the systems that are sustained and about how
to maintain them [3]. When an organization faces risks that are related to the cyber-attack, or
some natural disasters, then the Business Continuity Planning is done. In this process the IT
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IT SECURITY MANAGEMENT
administrators creates plan, there are participation of the executive staffs who can aid the process
and add knowledge to that organization.
Question 5:
What steps can you take to protect your own PC or laptop computer from Wannacry
attack and other attacks?
To protect the system from Wannacry Ransomware attack, the user needs to keep all the
software and the applications that are included in the system updated. The Wannacry is likely not
to attack the system which has all its software updated. The operating system in all the systems
should be kept up to date [1]. The user who is using a laptop or a computer system should also
make an antivirus that will help to detect any vulnerability in the system. The antivirus detects
any suspicious activity in the system. One of the advanced antivirus that can be used for
protecting the system from Wannacry is Avast anti-virus. The user can also configure an
advanced setting in the firewall for controlling the network traffic using specific connection
parameters.
Question 6:
Lessons learned from this malware incident
The lessons that can be learnt from the this Wannacry ransomware attack is that all the
organization should use protective measures to prevent the ransomware Wannacry attack so that
there is no possibility of attacks in the system. The organizations are always to protect their
system from the ransomeware attack. There should be anti-malware antivirus for protecting the
systems from the attack.
administrators creates plan, there are participation of the executive staffs who can aid the process
and add knowledge to that organization.
Question 5:
What steps can you take to protect your own PC or laptop computer from Wannacry
attack and other attacks?
To protect the system from Wannacry Ransomware attack, the user needs to keep all the
software and the applications that are included in the system updated. The Wannacry is likely not
to attack the system which has all its software updated. The operating system in all the systems
should be kept up to date [1]. The user who is using a laptop or a computer system should also
make an antivirus that will help to detect any vulnerability in the system. The antivirus detects
any suspicious activity in the system. One of the advanced antivirus that can be used for
protecting the system from Wannacry is Avast anti-virus. The user can also configure an
advanced setting in the firewall for controlling the network traffic using specific connection
parameters.
Question 6:
Lessons learned from this malware incident
The lessons that can be learnt from the this Wannacry ransomware attack is that all the
organization should use protective measures to prevent the ransomware Wannacry attack so that
there is no possibility of attacks in the system. The organizations are always to protect their
system from the ransomeware attack. There should be anti-malware antivirus for protecting the
systems from the attack.
8IT SECURITY MANAGEMENT
Question 7:
Whom to contact if Australian Business faces this type of attack?
If an organization in Australia faces any cyber-attack, they should firstly contact the
Australian Cyber Security Center (ACSC) team, which is s government agency that helps to
bring the capabilities of the cyber security [2]. The organization should implement Incident
Response Planning and Disaster Recovery Planning so that the organization do not face further
attacks in the organization.
Part 3- Victim of Social Engineering
MEMO
To:
From:
Date:
Subject: Discussion about the serious situation of the organization and highlighting the key
breaches that include the ITSec recommendation.
The auditor of the organization is finding the countless situation of information security in all its
processes. The organization lacked in coordinated security policy and all the policies that were
involved in the organization were not followed properly.
A contractor of the company requested for a TMS server address over phone. The auditor also
found that the administrator gave the server address to a contractor because the contractor was
upgrading the server system [5]. This might bring a problem to the company in future related to
Question 7:
Whom to contact if Australian Business faces this type of attack?
If an organization in Australia faces any cyber-attack, they should firstly contact the
Australian Cyber Security Center (ACSC) team, which is s government agency that helps to
bring the capabilities of the cyber security [2]. The organization should implement Incident
Response Planning and Disaster Recovery Planning so that the organization do not face further
attacks in the organization.
Part 3- Victim of Social Engineering
MEMO
To:
From:
Date:
Subject: Discussion about the serious situation of the organization and highlighting the key
breaches that include the ITSec recommendation.
The auditor of the organization is finding the countless situation of information security in all its
processes. The organization lacked in coordinated security policy and all the policies that were
involved in the organization were not followed properly.
A contractor of the company requested for a TMS server address over phone. The auditor also
found that the administrator gave the server address to a contractor because the contractor was
upgrading the server system [5]. This might bring a problem to the company in future related to
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9IT SECURITY MANAGEMENT
browser data breach or denial of service data breach. The company may loss all its data because
of this.
The best recommendation that the auditor can give the company is to keep a look on all the
activities of the contractor and monitor all the activity that the server contractor follows [4].
It can be clearly stated that the data was surely stolen by the contractor who was hired to upgrade
the network system. The organization needs system management so that the data breach for the
company can be mitigated.
browser data breach or denial of service data breach. The company may loss all its data because
of this.
The best recommendation that the auditor can give the company is to keep a look on all the
activities of the contractor and monitor all the activity that the server contractor follows [4].
It can be clearly stated that the data was surely stolen by the contractor who was hired to upgrade
the network system. The organization needs system management so that the data breach for the
company can be mitigated.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10IT SECURITY MANAGEMENT
References
[1] Mohurle, Savita, and Manisha Patil. "A brief study of wannacry threat: Ransomware attack
2017." International Journal 8, no. 5 (2017).
[2] Berr, J. "‘WannaCry’Ransomware Attack Losses Could Reach $4 Billion." CBS News 16
(2017).
[3] J. Fruhlinger, "What is WannaCry ransomware, how does it infect, and who was
responsible?", CSO Online, 2018. [Online]. Available:
https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-
does-it-infect-and-who-was-responsible.html. [Accessed: 31- May- 2018].
[4] Hasan, Mosin, Nilesh Prajapati, and Safvan Vohara. "Case study on social engineering
techniques for persuasion." arXiv preprint arXiv:1006.3848 (2010).
[5] Kvedar, Derek, Michael Nettis, and Steven P. Fulton. "The use of formal social engineering
techniques to identify weaknesses during a computer vulnerability competition." Journal of
Computing Sciences in Colleges 26, no. 2 (2010): 80-87.
References
[1] Mohurle, Savita, and Manisha Patil. "A brief study of wannacry threat: Ransomware attack
2017." International Journal 8, no. 5 (2017).
[2] Berr, J. "‘WannaCry’Ransomware Attack Losses Could Reach $4 Billion." CBS News 16
(2017).
[3] J. Fruhlinger, "What is WannaCry ransomware, how does it infect, and who was
responsible?", CSO Online, 2018. [Online]. Available:
https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-
does-it-infect-and-who-was-responsible.html. [Accessed: 31- May- 2018].
[4] Hasan, Mosin, Nilesh Prajapati, and Safvan Vohara. "Case study on social engineering
techniques for persuasion." arXiv preprint arXiv:1006.3848 (2010).
[5] Kvedar, Derek, Michael Nettis, and Steven P. Fulton. "The use of formal social engineering
techniques to identify weaknesses during a computer vulnerability competition." Journal of
Computing Sciences in Colleges 26, no. 2 (2010): 80-87.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.