Scenario for the Penetration Analysis:
As the network administrator for a medium-sized health clinic, you wear many hats in your role. The health clinic recently dismissed a nurse that had been with the clinic for over 10 years. Letting this nurse go is quickly becoming more complicated, since the nurse had access to many files, the computer system, and even building keys. Your supervisor fears that this nurse may retaliate against the clinic.
The staff members at the clinic use the Internet extensively to check patients’ insurance and to authorize insurance claims. Shortly after dismissing this nurse, staff members throughout the clinic start to complain that the Internet has become so slow that it is unusable. The clinic uses a network appliance that functions as router, firewall, and wireless network access point. You have noticed that several rules on the firewall that would deny protocols, ports, or IP addresses have been disabled. You suspect that someone may have cracked the password to the firewall to accomplish this. Given that the firewall is remotely accessible, you suspect that the password was cracked without the perpetrator entering the building. The network intrusion detection system (NIDS) currently in place monitors network traffic by means of a sensor. Unfortunately, the NIDS had been slowing down network traffic prior to this most recent incident, so it had been disabled. The initial thought was that someone had re-enabled the NIDS, but that was not the case; it was disabled at the time of the incident.
After further investigation, you discover that the nurse’s spouse is a very skilled computer programmer, and you also suspect that the nurse’s spouse may have assisted the nurse in sabotaging the clinic’s computers. You report your suspicions to your supervisor, who agrees with your conclusions.
You have been asked to evaluate the DoS and intrusion detection system (IDS) security analysis conducted after the recent DoS attack at the clinic. As part of that evaluation, you are to prepare a briefing for the staff at the clinic to help them understand the results of the security analysis, become more aware of the nature of DoS attacks and other network security attacks, and learn how they can help prevent attacks.
For this task you will be expected to follow the incident handling guidelines for DoS attacks as specified in Special Publication 800-61 from the National Institute of Standards and Technology (NIST) titled “Computer Security Incident Handling Guide.” The section on incidents/attacks begins on Section 3 “Handling an Incident” (page 21). You can download this publication from the link listed in the web links section.
A. Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 12–15 slides) in which you do the following:
Note: The slides in your presentation should include only the main points you wish to make, with more extensive information included in the presenter notes section of the presentation.
1. Discuss the DoS security analysis.
a. Explain how to evaluate a DoS/IDS security analysis in terms that nontechnical personnel would understand. Include the following.
• Detection and analysis
• Containment, eradication, and recovery
• Post-incident recovery
2. Illustrate how all employees can help maintain network security when on the Internet and when using e-mail.
B. Create a memo (suggested length of 1–2 pages) to your supervisor justifying why the clinic should either update the current IDS or acquire and implement a new IDS.
1. Recommend a list of controls to address the security faults mentioned in this scenario.
C. When you use sources, include all in-text citations and references in APA format.