Investigation plan
In every incident of crime that occurs, an investigation is of paramount importance in handling the situation. For a reliable solution to be obtained, a straightforward procedure has to be carried out. All evidence gathered has to be preserved for the sake of the investigation. Besides, every data got to have to be documented and preserved for both present and future use. This paper is an investigation plan. Its purpose is to discuss the steps to be considered when handling a crime scene and the procedure to handle digital evidence.
Steps in handling the crime scene
The first step is identifying the scene dimension. If the crime involves physical harm or damage, the investigators should locate a focal point of the scene and tape it around the perimeter. The investigators should keep the size of the dimension to be large than the needed one. This ensures that the evidence around the crime scene has not tampered.
In the next step, investigators start interviewing the victims and witnesses in the crime scene. The essence of this interview is to gather information on the procedure that the attackers used in carrying out the crime. The data is helpful because the attackers can be easily identified, and their route of attack be mended.
After interviewing is done, the investigators design the procedure that needs to be followed in the investigation. The process gives the investigators guides on where to start the inquiry, relevant areas for conducting analysis, and how to analyze the information gathered.
During the investigation, investigators should keep records and reports of the results obtained. The forms should be anonymous so as not to reveal the identity of the witnesses. Besides, the document should only be shared only among the investigators.
Procedure for handling digital evidence
The investigators should first identify the digital evidence so that they can decide on how to handle it. It can be in a physical form involving the digital device itself or in a logical structure, which comprises the digital device’s data. The removal of digital evidence is not always recommendable. Investigators should always be equipped with skills to know when to remove them.
There is an acquisition process, which involves taking pictures of the potential digital evidence. Various methods are used in the acquisition process, but the investigator should consider using the most appropriate method based on time and cost.
The investigators should preserve the potential digital evidence to ensure their usefulness during the entire investigation. The preservation involves safeguarding the possible digital evidence and protecting it from being tampered with. Besides, the investigators should be able to demonstrate that the evidence was not modified.
The digital evidence is then examined before its final analysis. The examination involves doing an in-depth systematic search to verify that the digital evidence contains the information needed in the investigation. The investigators carry out detailed scrutiny of the data identified. They collect data and table the results.
Security report
Summary of the report
The rapid advancement in digital technology has resulted in new challenges that revolve around data security. When a disaster or attack strikes, any organization’s survival depends on offsite data recovery. Organizations need to keep their data safe by implementing a strong authentication and cryptography key vaulting approach. Finding a provider that can provide secure and resilient cybersecurity solutions that will protect offsite data for businesses and organizations can be challenging. Numerous studies have demonstrated the impact of cyber-attack losses on the organization; they would potentially lead to huge disruptions and massive losses and damages (Malomo. The cloud-based attacks have been going up in recent years; the attackers are taking advantage of poor security practices and cloud users’ vulnerabilities and service providers. The paper is a report: It gives an overview of the research, the steps of a network attack methodologies and the solutions, and how attackers could have used the five strategies against the organization. It also covers tools and techniques for network attack, incidence response plan, and disaster recovery plan.
Description of the attack
Overview of Scenario and Purpose of this Report
Carnegie Mellon University (2016) notes that data organization within the informal setting and safety gets grounded on its sensitivity. Classifying data is vital to judging the appropriate standard safety controls to secure the data. There are several ways to organize data: private, delicate, limited, and secret. It is crucial to classify the assets that support categorized data. Besides, data classification implementation enables companies to have a clear of areas they need to secure. Failing to ensure the data adequately puts the organization’s information at a higher risk of being stolen. The chances are reduced by employing countermeasures and appropriate access. The houses and locations that secure the data need to be secured adequately to curb unauthorized entry. The company failed to secure data in a layered style resulting in information damage and theft. Therefore, to mitigate this risk, protected sites form an extra layer of security.
The methodology of Network Attack and Steps in an Attack
The first step is reconnaissance. It is the action of acquiring data to target and develop a strategy for an attack. Surveillance can be done aggressively by a refined touch to the marks or passively through an arbitrator. The second phase is scanning. In this stage, scanning gears are used to collect intelligence.
A good example is the use of a susceptibility scanner on the object. The next phase is gaining access. The attacker has full control over the network; they have access to data. For instance, in ABC, during this phase, they had control over the company’s data. The fourth phase is maintaining. During this phase, the attacker tries to ensure they remain consistent in their attack to acquire much information as possible. They are careful not to get trapped as it would cripple their efforts. Covering tracks is the last phase, and it involves an attacker’s efforts to avoid any exposure (Matt, 2020). They try to restore the network to normalcy to prevent administrators from recognizing the attack.
The solution to Network Attacks
The company needs to use strong passwords. A strong password is one that both human beings and computers cannot easily detect because it has complex characters that include a combination of words, symbols, and letters, making it difficult for social engineers to access. Salahdine & Kaabouch (2019) argue that a strong password must have eight characters or more; that is, it must be long enough. Instead of using “Password1” as the password, instead use a strong one like “Inerduytr@1”. Using a strong password is because most hackers exploit the systems quickly. Strong passwords are crucial to preventing cyber theft; they need to log in first for someone to access the computer. It is also vital to ensure the password remains a secret that means no one should know your password. After all, criminals guess the password. Therefore, a strong password is recommended. Research has revealed that approximately 1.5 billion people worldwide get scammed every year due to a lack of strong passwords, giving cybercriminals easy access to people’s accounts starting in 2015 (Salahdine & Kaabouch, 2019). Federal Bureau of Investigation (FBI) has revealed that 60% of financial institutions in the United States faces fraud cases from social engineers due to inadequate knowledge of the risk factors; this has increased cybercrimes rates (Norris et al., 2019). The high speed of hackings emanates from creating weak passwords, enabling cybercriminals to have an opportunity to hack.
The ABC company should use biometric technology to curb the five steps of attack. Biometric is a technology that can measure and evaluate a human being’s behavioral characteristics such as voice and signature; it also analyzes biological features such as iris’s pattern, palm, and fingerprint (Fianyi & Zia, 2016). These features are stored on the computer and cannot get forgotten or misplaced. Everyone has unique features, and no one has a similar anatomical characteristic like the fingerprint (Fianyi & Zia, 2016). Therefore, it serves as a solution to the five steps of attack by distinguishing individuals based on these characteristics.
The ABC company should use antivirus because it is sufficient to curb cyber theft. An antivirus protects a computer from hacks, spam attacks, viruses, and other related threats. A virus is a program designed by cybercriminals and enters the computer system; it spreads and replicates, affecting computer performance, equivalent to a human body virus. The antivirus enables the computer to counter any virus attacks. It is vital to install an antivirus at the ABC company because it cannot get eliminated in its absence (Bendovschi, 2015). Therefore, to curb cyber theft in the ABC company, it is vital to have antiviruses.
How Attackers Could Have Used Various Attack Methodologies Against the ABC
The attackers could have hacked the ABC system using surveillance which is the most protracted process to obtain data. According to Abass (2018), a hacker illegally tampers information in a computer system. Therefore, they could have used the five phases to exploit a private network or a computer system to achieve an illicit purpose. They could have used scanning to weaken the web to steal data. The common types of hacking are grey, black, and white hat hackers. In the ABC company, hackers could have interfered with the System, leading to digital data damage because they have skills in using computer software.
Conclusively, the attackers are taking advantage of poor security practices and cloud users’ vulnerabilities and services. Classifying data is vital to judging the appropriate standard safety controls to secure the data. There are several ways to organize data: private, delicate, limited, and secret. Reconnaissance, scanning, gaining, maintaining, and covering tracks are five network methodology attack steps. The use of antivirus and biometric technology are practical solutions to these risks in the ABC company. Lastly, attackers could have used hacking, which tampers the computer system in the organization.
Network defense tools and strategies
Network attack has been a significant problem since the advancement of technology began hitherto. Different individuals have mastered stealing from organizations that use technological gadgets such as phones and computers. Organizations have responded to this crime by improvising ways to curb the crime. They succeed in doing this by using different tools and strategies. Therefore, we will be discussing some recommended tools and techniques that will proactively defend ABC’s network from attacks which are: Intrusion Detecting, Encryption, Filtering, and System Update as the strategies and Cryptography and Symmetric Encryption as tools that ABC can use to prevent its network from attack.
Using the Intrusion Detecting system is the first strategy that can be considered useful in defending a network from attack. The process is recommendable as it is a cheap method of preventing and detecting network attacks. The System keeps away any intruders regardless of their intentions. The systems work by preventing some attacks and detecting the rest. They do so by sending signals to your machine in case of any attack. The techniques can effectively prevent attacks on ABC company, as installing them would detect attacks and contain some. The attackers would hence have a hard time and unsuccessful attempts in attacking ABC’s network. The ABC company’s task of installing the System should be assigned to trained individuals.
Secondly, keeping your System Updated and configured plays a significant role in preventing network attacks. Updating and configuration ensure the confidentiality of the network information. Many of the attacks happen on or through the already known network information. The attackers mostly get the information through the Microsoft typical cycle as it announces some security information once a month. Updating the ABC network system regularly will prevent attackers from using the report released to attack its network (Pawar & Anuratha 2015). ABC company should train its workers on how to avoid exposing the network’s information unknowingly. Therefore, the network information should be restricted to a few workers to prevent leakage.
The use of a Filtering System is another strategy in dealing with network attacks. The most commonly used is the firewall. It stands between the internet and the design and filters the harmful traffic. It examines the stream of packets and purifies them, modifies the potential damaging packets that can be modified, and others are thrown away. It protects the network by preventing some systems from accessing the network (Pawar & Anuratha 2015). However, some methods like antivirus or firewall are given authority to control one’s network. The use of a firewall will be an effective way of protecting ABC’s network. It filters the harmful packets, converts them into being less toxic, and is used as useful packets. It is also a cheaper way of protecting ones’ network against attackers.
Encryption is also an effective strategy that protects specific parts of one’s network from attack. Encryption involves the use of encryption scenarios such as SSH and TSL. They deny access to the network without consent from the owner. The network owner designs a password to the web to ensure no one accesses the encrypted network without the password. Setting a password on the ABC networks and disclosing the password to a few privacy personnel will protect it from attackers.
Fixed core problems; Some network problems can be easily fixed and save the web from attackers. The problem fixing involves updating the network application and keeping protective systems such as antivirus updated. ABC company should assign experts the tasks of updating its networks from time to time. They should permanently hire qualified personnel to always ensure that the web is always updated.
Cryptography is the first tool that can be used to protect the internet against attack. It presents confidential data in a language that can hardly be understood by intruders. One of the ways that attackers can attack the network is when they have information about the web (Pawar & Anuratha 2015). Concealing the data meaning gives them a hard time interpreting it, hence making their attack difficult. ABC should use a network language that will only be understood by the receiver. Doing that ensures confidentiality and data integrity; therefore, attackers will have little or no information to help them attack the network system.
Symmetric Encryption is another tool that protects a network from attackers. It works by introducing a secret key that is only shared between the sender and the receiver. The key is designed so that it doesn’t solely depend on the plain text but also the algorithm. When the critical value is changed, the algorithm produces different cypher text. Introducing symmetric encryption to ABC’s network will mean effectively solving its network attack problem. Once it has been submitted, the key is supposed to be changed more frequently. The algorithm can produce a different cypher text and hence protect the network against attack.
In conclusion, the attackers use the network to gain access to an organizations’ System. Measures have to be established to prevent the attack. Different strategies and tools have been used to minimize the malicious attack. Security must be maximized to ensure the safety of the organization’s network and data.
Incident response plan
Despite the security measures being improvised to deal with network attacks, it remains a major problem in every organization. Continuous attempts of attack keep companies on their toes. To eradicate the attacks, companies must consider all the strategies that have been used and those that are suspected to be used in the future and put measures to prevent them. Doing this would not only solve their current attack problems but also prevent a future attack. It can only be done by following steps in a well-designed response plan. This is our proposed response plan for your company. This response plan aims to discuss the steps that ABC Inc. would follow to prevent future attacks on its software and networks.
Incident Response Procedure/Plan
Preparation
At the preparation stage, the response team set phase users expectations and prepares the system administrators. This is also the stage where the response team decides on when to involve the executive management and the law enforcement. A banner is designed to set the expectations of the user and also to serve as a notice that there is no expectation of privacy.
Sometimes, law enforcement must be notified, which is therefore addressed at this stage. If the law enforcement is used, the organization loses control. The aim of the two are differentiated as the company wishes to get back to their normal operations while the law wishes to find evidence and prosecute the crime. In this case, ABC Inc. risks equipment seizure by the authorities. However, it would be desirable for the company to leave the issue to the response team other than leaving it to the authority.
Identification
At this stage, the event is analyzed so as to determine its nature. Identification of the event is a crucial stage as it gives the response team a clue on how to deal with the event depending on its magnitude. For instance, it is after this stage that ABC Inc. would decide on whether to inform the authority or to leave the case to the response team depending on the magnitude of the incident.
Containment
At this stage, the aim of the team is to prevent further hacking at that time. It includes disabling the network so as to deny the hacker access to it. Besides the attacked System needs to be isolated to prevent the further spread of the virus. For a long term solution, ABC Inc. should consider changing the password, adding more firewalls, and removing the account that the attackers used and shut down the attacker’s process.
Eradication
This is the stage where the attacker’s artifacts are removed and the System cleaned. If the attack involved the use of malware, it is easily identified using internet. For cleaning up the System, the most recent clean up System is recommended.
Recovery
This step involves checking the operation of the System before putting it back into operation. This stage only involves the system administrators and the owner of the System. The owner then makes the final decision on whether or not to put the System back into operation.
Follow up
In this stage, the whole process of attack and fixture is documented. A report detailing on how the attacker got access, and how the attacker was stopped is documented. A well detailed recommendation should be included to prevent such an event from happening.
Post-incident activity
This step involves updating the organization’s threats intelligence feeds and identifying the preventative measures to prevent such an incident. This involves installing firewall and antivirus in the company’s devices. Besides, installing a security log hawk to analyze similar data and send signal in case it appears.
Conclusion
Network attacks will remain a major threat among different organizations if the respective organizations do not take full measures. The ABC company should consider the above steps to prevent any future network attacks. Besides, it’s the role of every worker to ensure the safety of the organization’s data. However, the company should entrust its information to a few individuals to prevent data leaks.
Disaster recovery plan for ABC Inc.
Other than network attack, every company is prone to encountering other disasters like fire, earthquakes, floods, and terrorism. The loss an organization incurs from the occurrence of such disasters is dependent on the preparedness of the organization. Preparing a disaster management plan will be of great importance to ABC Inc. as it will have a clear procedure on how to deal with an emergency in case it occurs. This write up is meant to serve as a disaster plan, and its purpose is therefore to identify the goals of the plan, data and backup plan and recovery method, potential stakeholders, and methods of plan testing.
Goals of the plan
The first goal of the plan is to minimize attackers’ access to ABC Inc. network information through encryption of the organization’s data. To limit the extent at which the attack occurs, by installing firewall and antivirus, is another goal. The third goal is to minimize the effects of the attack on the company’s economy by using an economic friendly method of problem solving. The fourth goal is to establish another way for the company to be running and operational until the attack problem is fully solved. Your company (ABC Inc.) can use its unattached devices until the attack incident is fully solved. Besides, training personnel in the company to deal with such an incident in case it occurs in the future and restoring the company’s operation to its usual way are vital goals in the plan.
Data, backup plan and recovery methods
For a recovery plan to be a success, data processing personnel are to be selected. Their names, contacts, addresses and their positions should be tabulated. The procedure of the data backup should be followed, which includes changing the System’s environment by changing the journal receivers and saving the changed journals in a different profile. After the completion of the change, all the media should be restored. Besides, all the personal computers should also be backed up and saved with the normal systems change procedure. The essence of personal computers backup is to provide a backup on the personal computer related System in case the disaster affects the System.
Disaster recovery procedure includes: Firstly, emergency response procedure where not only the response on network attack is documented, but also the other tragedies like fire, national disaster, and any other activity to limit their damage. Secondly, the backup operation procedure is conducted to ensure that the disruption does not affect the essential data processing operation task. Lastly, the recovery action procedure to ensure the restoration of data processing of the System is facilitated.
Identification of stakeholders
Stakeholders are the parties who are affected either positively or negatively by a situation. Identifying them depends on the type of the emergency and the role that the stakeholders play in the recovery process. For preparedness or readiness sake, the potential stakeholders are identified in advance and defined how they are to assist in the emergency response. The essence of the identification is to keep the existing stakeholders on their toes as far as the emergency response is concerned.
Methods of testing the plan.
Different disaster recovery testing methods can be used despite their advantages and disadvantages. The first method that can be used is a walk-through method which involves the members of the team going through the recovery plan verbally to identify its weaknesses. It is less distractive, but it omits various components of the recovery plan in action. The next method is simulation which looks at the recovery plan in-depth as compared to walk through as it only forces on only a specified type of disaster.
Parallel method involves building recovery systems and testing them to see whether they function. The production workload is carried by the primary systems. Lastly, full interpretation method uses the actual production data and equipment to test disaster recovery plan. Its limitation to the organization is that it distracts the whole organization’s operations.
In conclusion, disaster recovery plan offers a clear guideline on how to handle an emergency without incurring great loss. Additionally, it offers recommendations on measures to be taken to prevent the occurrence of non-natural disasters. Preparing a disaster recovery plan is of great importance to your company, ABC Inc., as it helps to solve any emergency incident in less time.