...Week 1 Boss, Regarding your recent inquiry regarding ping sweeps and port scans, I wanted to provide some information to assuage any apprehension you may have had regarding the subject. Port scans and ping sweeps are common networking tools used by admins to perform common functions, such as checking to see if a server is running a particular service or if a desktop is on to receive an important update. It is also true that this same functionality can provide information to hackers who may use it for nefarious purposes, but you will see why that is less of a concern than it may seem. Port scans, like I stated earlier, are used to discover what services are running on a target machine. Each service offered by our servers makes use of “ports” by which TCP/IP requests are sent; for example our company’s website accepts connections on port 80. Hackers use this information to determine what types of vulnerabilities they can make use of, which is why we only leave the ports we are using open, so that there are no unnecessary openings. Additionally, because the majority of our network is inaccessible to the outside world a hacker would already need to be inside our network to gain access to any of the critical systems. Ping sweeps are often used in conjunction with Port scans in a similar discovery process. Ping sweeps instead are used to see what targets are available on the network. For instance, we may be on a 192.168.1.0 vlan with only a dozen or so machines. Typically the...
Words: 406 - Pages: 2
...SEC280 Week 6 Assignment – Joseph Ercole Case Study: Creating an IDS Policy. As the need to secure corporate networks continually increases, the task of ensuring the security of sensitive company data so that it is not compromised becomes increasingly difficult with each day. Gem Infosys, a small software company, has decided to secure their computer systems. The organization uses ten PCs and a broadband connection to the Internet. The management at Gem needs to formulate an IDS policy. We need to identify the steps to be performed when formulating the IDS policy. One of the best ways to protect company networks and data from attackers is to have an Intrusion Detection System in place. Today, IDS’s are an integral part of many organizations’ network infrastructure. But having the IDS in place and not understanding why it’s in place, how it works or who will deploy and run it or how to respond in the event of an attack is counter-productive to its existence. This is why we need to formulate the IDS policy. Before the IDS is deployed, we will create a basic outline of what we are trying to accomplish with the IDS and from there, devise a strategy. So, what are we protecting the network from and how strict will we make accessibility? Sometimes beginning with the end in mind is a good way to execute the first step of any plan or strategy. Knowing how tightly or loosely you want to allow traffic to flow on the network in order to have better control over it is a good start. We...
Words: 831 - Pages: 4
...SEC280 Week 6 Case Study Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning. Gem Infosys Incident Response Policy To ensure timely response to a network disruption, an Incident Response Team has been formed. This team comprises contacts in several departments throughout the organization. The following policy outlines who to contact and what steps to take in case of an incident involving network related tasks. Incident Response Team Contacts DUTIES TEAM MEMBERS EXTENSION Team Lead Edward Einright 7001 Network Analysts Dave Firuzio 7002 Paul Gerschadt 7003 Security Analysts Rob Jensen 7004 Natalie Pierson 7005 Legal Affairs Frank Saddich 7006 Public Affairs Michelle Davenport 7007 Duties Team members will establish and implement policies in the following areas: a) Worm response procedure b) Virus response procedure c)...
Words: 870 - Pages: 4
...SEC280 | Week 1 | Case study on Port scans & sweeps | | Jared's | 11/3/2012 | Brief description of what they are and are they dangerous to company! | To answer the main questions for the concerns of our network, NO. These items that have been heard about do not require immediate attention as they are considered normal. We are protected behind our firewall as well as if the employees do as asked at the end of their shift, we will have absolutely nothing to worry about. As more in likely that situation was handled when we brought the network online. Here is a brief rundown on your concerned areas: Ping Sweeps and Port Scans are the two most common network probes that serve as important clues in sensing invasions or intrusions that can harm any type of network. Network probes are not actual intrusions, although, they could be potential causes of actual intrusions. Port scans and ping sweeps can lead to an intrusion of companies’ network system, however, with today’s technological advancements, these activities can be detected and prevented. Ping Sweeps; Ping sweeps are a set of ICMP Echo packets that are sent out to network of computers, actually a range of IP addresses, to see if there are any responses. As an intruder sends out the ping sweeps, he looks for responses so he can figure out which machines he can attack. “Note that there are legitimate reasons for performing ping sweeps on a network—a network administrator may be trying to find out which...
Words: 1129 - Pages: 5