C-Bay Properties:Enterprise Security Group
 
Welcome & Orientation
 
Welcome
  
Orientation
  
Tasks & Assignments
 
Task 1.0: Policy Critique
  
Task 2.0: Network Outages
  
        2.1: Outage Causes
 
        2.2: Outage Solutions
 
Task 3.0: Network Monitoring
  
        3.1: Monitoring Procedures
 
        3.2: Monitoring Software
 
        3.3: Software Configuration
 
Task 4.0: We've Been Hacked!
  
        4.1: Incidents
 
        4.2: Hacker Profile
 
Task 5.0: Security Awareness
  
        5.1: Help Desk Inquiries
 
        5.2: Education Program
 
Task 6.0: Emergency Response
  
        6.1: Threats and Vulnerabilities
 
        6.2: Emergency Response Procedures
 
Subtask 2.1: Outage Causes
 
From
Subject
attachment Director, IT unauthorized parties entering network
attachment Director, IT files being modified inappropriately
  Director, IT router freezing
attachment Director, IT unauthorized file access
attachment Director, IT Erratic response time on network
  Director, IT all hosts lost connectivity

From: Director, IT & Operations
Subject: unauthorized parties entering network
Attachment(s): Problem Report Template

 

Hi

During a routine scan of the router logs, addresses from non C-Bay business partners were observed. Apparently, traffic from unauthorized external parties is being allowed to enter C-Bay’s internal network. Not sure where the problem is--there is password protection of the internal network and the information lives in our computing system environment.

Please take a look, and then fill out a problem report template about the situation, using the problem report template attached. Be sure to include both symptoms and recommended causes in the problem report.

Thanks,
IT Director

PS--Not sure this is relevant, but I know you're new and may not be familiar with all of the equipment we're using, so wanted to let you know about our access router. C-Bay is using a Cisco 1605 Router. For specs, go to http://www.cisco.com/en/US/products/hw/routers/ps214/index.html

Up Arrow

From: Director, IT & Operations
Subject: files being modified inappropriately
Attachment(s): routerLog.doc

 

We’ve discovered that some files have been modified inappropriately. When the logs were examined (see attached file) they disclosed that Oscar, the Lead System Administrator, had modified the files. Oscar asserts that he did not modify the files.

IT Director

 

Up Arrow

From: Director, IT & Operations
Subject: router freezing
Attachment(s):

 

When any unexpected traffic occurs, the network crashes, information bottlenecks, and the router stops. (It's the Cisco 1605 Router from Cisco.)

IT Director

 

Up Arrow

From: Director, IT & Operations
Subject: unauthorized file access
Attachment(s): salarySchedule.doc

Unauthorized, internal users are accessing files on the network that they shouldn’t be able to access. See attached file.

-IT Director

Up Arrow

From: Director, IT & Operations
Subject: Erratic response time on network
Attachment(s): accessLog.txt

 

Customers are reporting erratic response time on the website. See attached file for more information.

-IT Director

Up Arrow

From: Director, IT & Operations
Subject: all hosts lost connectivity
Attachment(s):

 

All of our hosts in the main building have lost network connectivity. We found evidence (in entry logs) of unauthorized access to the wiring closet that supplies power to the hosts.

IT Director

 

Up Arrow

 
Updated: June 29, 2006 by the Experiential Learning Center
This material is based on work supported by the National Science Foundation under ATE Grants # DUE 0302894 & 0603297.
© 2004-2006 Content, Foothill-DeAnza Community College District | © 2004 Original site design and pedagogical approach, Socratic Arts