thesis
What services were attacked on the IIS server?
FTP
Remote Login Services
How many failed logins were detected?
17
Between what time and what time did the attacks occur?
19 March 2014 @ 2002 – 14 May 2014 @ 1925
What options are available to prevent brute force authentication attacks in a Windows Based domain?
Restricting the amount of login attempts that a user can perform
Blocking a user’s IP address after multiple failed login attempts
Monitor your log files for suspicious login attempts.
Require passwords to be changed after a certain number of days.
Implement password history
Implement password complexity
What is an insider attack?
An insider attack is an attack that is initiated from within the network, usually by someone who has access and has an understanding of the network.
If the attacks for Lab 9 were coming from an internal IP, would you allow the attack to continue to investigate further or stop the attack?
I would permit the attack to continue so I can trace route back to the point of origin. Additionally, I would save all data that they are trying to steal to obtain proof of malicious acts.
With the information provided in lab 9, if the source of the attack is external, what steps would you take to prevent reoccurrence?
Restrict the number of login attempts that the user can perform
Block the offenders IP address after multiple failed login attempts
Monitor log files for further suspicious login attempts.
What is the best practice to deter insiders from even thinking about executing an attack?
Have all employees sign an acceptable use policy outlining what is and isn’t allowed on the network and the repercussions of violating this agreement
Regularly monitor logs for suspicious activity
Name two different types of insider attacks.
IT sabotage
Fraud and EspionageWhat services were attacked on the IIS server?
FTP
Remote Login Services
How many failed logins were detected?
17
Between what time and what time did the
FTP
Remote Login Services
How many failed logins were detected?
17
Between what time and what time did the attacks occur?
19 March 2014 @ 2002 – 14 May 2014 @ 1925
What options are available to prevent brute force authentication attacks in a Windows Based domain?
Restricting the amount of login attempts that a user can perform
Blocking a user’s IP address after multiple failed login attempts
Monitor your log files for suspicious login attempts.
Require passwords to be changed after a certain number of days.
Implement password history
Implement password complexity
What is an insider attack?
An insider attack is an attack that is initiated from within the network, usually by someone who has access and has an understanding of the network.
If the attacks for Lab 9 were coming from an internal IP, would you allow the attack to continue to investigate further or stop the attack?
I would permit the attack to continue so I can trace route back to the point of origin. Additionally, I would save all data that they are trying to steal to obtain proof of malicious acts.
With the information provided in lab 9, if the source of the attack is external, what steps would you take to prevent reoccurrence?
Restrict the number of login attempts that the user can perform
Block the offenders IP address after multiple failed login attempts
Monitor log files for further suspicious login attempts.
What is the best practice to deter insiders from even thinking about executing an attack?
Have all employees sign an acceptable use policy outlining what is and isn’t allowed on the network and the repercussions of violating this agreement
Regularly monitor logs for suspicious activity
Name two different types of insider attacks.
IT sabotage
Fraud and EspionageWhat services were attacked on the IIS server?
FTP
Remote Login Services
How many failed logins were detected?
17
Between what time and what time did the