C-Bay Properties:Enterprise Security Group
 
Welcome & Orientation
 
Welcome
  
Orientation
  
Tasks & Assignments
 
Task 1.0: Policy Critique
  
Task 2.0: Network Outages
  
        2.1: Outage Causes
 
        2.2: Outage Solutions
 
Task 3.0: Network Monitoring
  
        3.1: Monitoring Procedures
 
        3.2: Monitoring Software
 
        3.3: Software Configuration
 
Task 4.0: We've Been Hacked!
  
        4.1: Incidents
 
        4.2: Hacker Profile
 
Task 5.0: Security Awareness
  
        5.1: Help Desk Inquiries
 
        5.2: Education Program
 
Task 6.0: Emergency Response
  
        6.1: Threats and Vulnerabilities
 
        6.2: Emergency Response Procedures
 
Task 3.0: Network Monitoring
 
From
Subject
attachment Director, IT Configuring IP Monitor

From: Director, IT & Operations
Subject: Configuring IP Monitor
Attachment(s): C-Bay Specs ; C-Bay Network Topology

 

We had been planning to draft detailed monitoring procedures in the near future, but following the incidents over the last few weeks that need has become imminent, so I'm putting your team on this project immediately.

As it stands, there is nothing in our security policy about monitoring. Our unofficial policy is pretty simple though: don't let intrusions occur, and if they do occur, stop them as quickly as possible. Before your team was hired, I did ask one of the IT staff to draft monitoring procedures, and he got as far as a high-level outline, consisting of notes to himself, before we needed to call him off the assignment to help with the outages. I've included his preliminary outline email below, which, though rudimentary, should get you off to a good start in determining high-level goals. You can use the C-Bay's network specs and topology for reference.

You'll have your work cut out for you. Not only do you have to draft step-by-step monitoring procedures, but I'll also be asking you to research and recommend intrusion detection tools and software. Because of budgeting limit, I’d like your recommended hardware and software purchase to be limited to $10,000 or less. Let me know in advance if you have any reason to exceed this budget limit.

Thank you, and keep up the good work.

IT Director

------------------------------------------------

From: george@cbay.com

To: ITDirector@cbay.com

Re: rough outline for C-Bay monitoring procedures

Following are some thoughts on the form our monitoring procedures should take. I hope they are helpful.

  • State C-Bay's objectives for monitoring.
  • Notify all authorized users that the network is being monitored and that their activities may be logged and/or recorded. (This is a requirement for using any data logged in a legal action.)
  • Specify which data streams will be monitored and for what purposes.
  • Identify what constitutes anomalous behavior.
  • Notify users of definitions of anomalous behavior and require users to report any such behavior to the appropriate official--usually the system administrator.
  • Identify specific responsibilities of each system administrator in handling notifications generated by monitoring software.

Regards,

G. Rodriguez, System Administrator

 

 

 

up arrow

 
Updated: June 28, 2006 by the Experiential Learning Center
This material is based on work supported by the National Science Foundation under ATE Grants # DUE 0302894 & 0603297.
© 2004-2006 Content, Foothill-DeAnza Community College District | © 2004 Original site design and pedagogical approach, Socratic Arts