LOT2 Job 1
Competency 426. 4. 4: Refusal of Servive (DoS)
Bill J. Lawson
MS Information Security & Assurance -- 5/1/13
Scholar ID: 000311942
My Advisor: Mary Gordon
Indianapolis, IN - Eastern Time
[email protected] wgu. edu
B. Advise in an business summary measures to countertop this type of 2 Attack. Business Summary
The university or college network was a victim of your DDoS attack. Whereby a cyber felony first attained administrator get. We suspect that the attacker gained access to the network from an indoor computer, probably from students PC in one of the labs. The attacker probably used keylogger software to learn administrator credentials. Once the attacker had the administrator access the systems he/she could create Crawlers and push to many college student PCs found in various labs. The attacker then trigger a control attack simply by activating the BOT's in order to form a BotNet (a. k. a. Zombie Network) with the target of purposely causing on the web services to get unusable to students (ICECC, 2009). It is important to note a single ROBOT alone wasn't able to have trigger the enrollment server not available. It was the combined effect of using many BOTs simultaneously that created the attacker's desired effect of overflowing the resources of the subscription web hardware and rendering it unusable. Recommendation to Table this type of DoS attack
To avoid or limit the impact of keyloggers:
Deploy a firewall to dam known keylogger software.
Educate center not to wide open email by unknown users and not to click on links in e-mails from unfamiliar users. Produce a Policy where users simply cannot install fresh software to a machine without opening a ticket with the helpdesk or asking for administrator access (ICECC, 2009). The student computer systems should be preloaded with all required applications. Deploy a file monitoring program, just like Tripwire to detect and notify in the event that any alterations have occurred to...
References: Worldwide Council of Electronic Trade Consultants (2009). Ethical hacking and
countermeasures: Attack phases. (Vol. 1). Course Technology, Cengage Learning.
International Council of Electric Commerce Consultants. (2009). Honest hacking and
countermeasures: Hazards and body. (Vol. 2). Course Technology, Cengage
Schifreen, R. (2006). Defeating the hacker: A non-technical guide to computer protection. John Wiley &