NOC REPORTING TEMPLATE Date Updated: Name: Jeffrey Sorensen A. Introduction As the incident response manager for the Network Operations Center, I was directed to validate the current security post... ure of Psinuvia’s network systems. Starting from scratch, we used ZENMAP to identify and enumerate the network. Once we had a full scope of the equipment we were concerned about, we proceeded to use Alienvault to run a vulnerability scan to identify potential vulnerabilities in the systems. The report was eye opening, and it appears that a single host has not been managed properly. The risks associated with the vulnerability scan pushed the team in the direction of identifying if any of these vulnerabilities had been exploited. Using Alienvault, we ran a report to show alerts to the system and identified some further potential issues. We also believe that the reporting/alert function of Alienvault is currently misconfigured as the team should have been notified these events were happening. B. Vulnerability Scan (Attach as Appendix A) C. Scan Summary The vulnerability report showed 45 vulnerabilities on host .131. The most concerning identifications are the 4 Serious and 32 High rated vulnerabilities. These results are what drove the further investigation described in the introduction of this report. The vulnerabilities also identified several patches that would be required to bring the system up to compliance. It also identified software that we as end of life and required upgrades. Some of the identified vulnerabilities that currently have no known fix actions. By reviewing the reports, it was identified that the server at host .131 was targeted with a SQL injection attempt on January 24, 2020 and November 20, 2019. There were over 4,000 attacks targeted at this IP. • Has the information been confirmed to be correct and accurate? The information discovered had been verified through the AlienVault audits and vulnerability scan. • Who, what, when, where, why, and how? July 16th , there were hundreds of attacks on 172.20.1.129. The attacks came from 10.216.31.2146 and were mainly SQL Injection attempts. That server does not have the open vulnerabilities, however, 172.20.1.131 was attacked through XSS and SQL injections on both Nov 20th and Jan 24th . This system has confirmed vulnerabilities and has been compromised. • What information is available from the firewall, router, server, system, intrusion detection system (IDS), system logs, etc.? Times and attack methods have been identified through the IDS and AlienVault. This study source was downloaded by 100000831988016 from CourseHero.com on 08-08-2022 09:57:56 GMT -05:00 https://www.coursehero.com/file/103548383/NOC-Reporting-Sorensen-C795docx/ • What type of data is involved, and what is its classification? All data involved is unclassified. However, it is possible that there is both medical data and PII that could only be disclosed under the proper reasoning and procedures. • Are there obscenities, child pornography, or confrontational data? There is no obscene or vulgar data involved. • Is there criminal activity? At the current time, criminal activity is not suspected. • Is the data protected by an encryption solution? Data is protected by encryption. • What is the magnitude of the systems being impacted? Magnitude of the system is high. The data being tracked is significantly impacting overall health of patients. • Is the event still in progress? Yes • Has preliminary containment been performed (i.e., disable account, reset password, remove remote access, isolate device in segregated segment)? System has been disabled and removed from the network. • What is the estimated value of the impacted data and systems? Data is valued at ~$200M (~1/3 of yearly sales) and the system is ~$10K D. Detailed Analysis Reviewing the SIEM identified several different attacks that happened from July to January. Starting with the earlier attacks, alarms were reviewed and monitored to identify which systems were being attacked and if they were vulnerable to those attacks. In July, the attacks were targeted at system 129. These attacks mainly consisted of SQL injection attempts with a few XSS and brute force attacks. But as identified in the Vulnerability report, this system is secure. This study source was downloaded by 100000831988016 from CourseHero.com on 08-08-2022 09:57:56 GMT -05:00 https://www.coursehero.com/file/103548383/NOC-Reporting-Sorensen-C795docx/ Then next step was to review the alarms that were triggered in November. Systems 129 and 131 were both targeted during this attack. Again system 129 is secure according to the vulnerability scan, but most attacks were targeting 131. Resources were targeted to identifying the capabilities of the system and if it had been exploited. Per the vulnerability scan, this system is missing multiple updates and has several issues as identified in section C of this document. The images below show both the summary of alarms per host and some of the specific events that triggered the alarms. This study source was downloaded by 100000831988016 from CourseHero.com on 08-08-2022 09:57:56 GMT -05:00 https://www.coursehero.com/file/103548383/NOC-Reporting-Sorensen-C795docx/ The final step was to look at the events of January 24th . There is a persistent threat to the network as this is the third example of similar attack patterns. Again, system 131 was the primary target and it had not been patched since the events of November. The images below show both the summary of alarms per host and some of the specific events that triggered the alarms. This study source was downloaded by 100000831988016 from CourseHero.com on 08-08-2022 09:57:56 GMT -05:00 [Show More]
Last updated: 1 year ago
Preview 1 out of 7 pages
Information Technology> QUESTIONS & ANSWERS > Examen Kaspersky Junio (All)
1. Under which scenario would a Kaspersky Endpoint Security 11.1 installation require a system restart? 2. Which components of Kaspersky Endpoint Security for Windows (11.1.0) can NOT be installe...
By Maxquizer , Uploaded: Jul 19, 2021
Information Technology> QUESTIONS & ANSWERS > GIS FINAL EXAM QUESTIONS AND ANSWERS LATEST UPDATE (All)
GIS FINAL EXAM QUESTIONS AND ANSWERS LATEST UPDATE
By luzlinkuz , Uploaded: Aug 30, 2022
Information Technology> QUESTIONS & ANSWERS > WGU C961 Ethics in Technology Preassessment Questions and Answers with Complete Solutions (All)
What does the Bathsheba syndrome refer to? ✔✔Ethical failure of people in power What is defined as a concept by which organizations assimilate social and environmental concerns in their business ope...
By keisha , Uploaded: Oct 30, 2022
Information Technology> QUESTIONS & ANSWERS > WGU C961 Ethics In Technology Acts (All)
acceptable use policy (AUP) ✔✔A document that stipulates restrictions and practices that a user must agree in order to use organizational computing and network resources. advanced persistent threat...
By keisha , Uploaded: Oct 29, 2022
Information Technology> QUESTIONS & ANSWERS > WGU C715 Practice Test Questions and answers, Graded A+, 2022 update (All)
WGU C715 Practice Test Questions and answers, Graded A+, 2022 update Employees A and B work together on the same project team. When the team faces a complex problem, the team leader usually asks...
By bundleHub Solution guider , Uploaded: Aug 26, 2022
Information Technology> QUESTIONS & ANSWERS > WGU C725 Exam Practice (All)
C725 Exam Practice Information security is primarily a discipline to manage the behavior of - ✔✔People Careers in information security are booming because of which of the following factors? - ✔✔thr...
By Nutmegs , Uploaded: Aug 19, 2022
Information Technology> QUESTIONS & ANSWERS > Class C836 WGU, Top Exam Questions and answers, rated A+ (All)
Class C836 WGU, Top Exam Questions and answers, rated A+ An organization plans to encrypt data in transit on a network. Which aspect of data is the organization attempting to protect? Integrity...
By Topmark , Uploaded: Mar 16, 2023
Information Technology> QUESTIONS & ANSWERS > System Administration and IT Infrastructure Services Week 3: Software and Platform Services Already Passed (All)
What are some communication services you can utilize in your organization? Check all that apply. ✔✔email; Communication services, like chat applications, emails, and phone calls, allow you to commun...
By clairel^ , Uploaded: Oct 12, 2022
Information Technology> QUESTIONS & ANSWERS > TEST BANK FOR MIS 300-MICROINFORMATION SYSTEMS- ALL QUESTIONS ANSWERED-GRADED A (All)
Chapter 1 "Active Review Questions" pg. 30 Q1-1 Why is introduction to MIS the most important class in the business school? - MIS is the most important class because technology is fundamentally cha...
By d.occ , Uploaded: May 04, 2021
Information Technology> QUESTIONS & ANSWERS > WGU Information Management - C468 (All)
WGU Information Management - C468 Information literacy Ans- Defined as the ability to recognize when information is needed as well as the skills to find, evaluate and use needed information eff...
By Tenhang , Uploaded: Aug 27, 2022
Connected school, study & course
About the document
Aug 08, 2022
Number of pages
This document has been written for:
Aug 08, 2022
Avoid resits and achieve higher grades with the best study guides, textbook notes, and class notes written by your fellow students
Your fellow students know the appropriate material to use to deliver high quality content. With this great service and assistance from fellow students, you can become well prepared and avoid having to resits exams.
Your fellow student knows the best materials to research on and use. This guarantee you the best grades in your examination. Your fellow students use high quality materials, textbooks and notes to ensure high quality
Get paid by selling your notes and study materials to other students. Earn alot of cash and help other students in study by providing them with appropriate and high quality study materials.
Florida State University
Great way to get paid for all of the hard work!.
It is an excellent site to post assignment.
Florida State University
Awesome and a great way to make money!.
Thank you so much for this nice platform.
University Of South Florida
Great! It is a good place to share knowledge.
University of Windsor
G D Goenka University
It is helpful Platform for offering the notes
Louisiana State University
I love this site, they make everything so easy
Florida State University
Great tool for learning! I wish you success.
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
Copyright © Browsegrades · High quality services·