Академический Документы
Профессиональный Документы
Культура Документы
8/15/20
NTS405
Final
Scenario: Barry Inc. has been experiencing a large number of customer inquiries from
customers stating that their accounts have been logged into from strange countries and
machines that do not belong to them. Barry Inc. launched an investigation into the
issue, after a week they realized their servers had been compromised and customers
personally identifiable information have been stolen and are now sitting in paste bins all
over the internet. The company doesn’t know anymore they are scared that more
servers have been compromised and are unsure as to what they should do. Barry Inc.
plans to speak out to the public once they consult a third-party incident response
company.
Strategy: The first step to solving this issue is to pick up the pieces and assess the
damage. Barry Inc. should use forensics tools such as Mandient Redline and autopsy
sleuth kit to try and see what has happened on the drives of the server. At the same
time, the logs should be checked to see if any fishy logins were made during the
timeline of the incidents. Most of the time when a company is compromised it’s because
brute-forcing. By doing this the main goal is to see where the attack came from and
possibly by who. This will allow us to close any security loopholes and work on
mitigating the damages. Once this is done we will need to check the internet/dark web
for pastebins to see what was stolen and decide the scope of the theft. After these steps
are taken it’s crucial to notify the public and inform everyone so people are aware of
possible identity theft and don’t find out later from a leak within the company. Although it
won’t be good publicity it will save Barry Inc. from a disaster later on because people
Recommended Tools:
Observation Tools- These tools are what will be used to log, manage logs, detect and
● Splunk Enterprise- this tool will be used for log analysis and management, this
tool is great because it does a great job of organizing logs and analyzing trends
within logs.
● Suricata- this tool will be used as an IDS tool this will detect threats as they come
in and show alerts. The tools must be configured to show only the most important
● NTOP- This is a network analyzer this tool is super important for analyzing the
things that go through the network. This tool is only a monitoring tool, but the tool
● OpenVas- A vulnerability scanner tool that will give an overview of the attack
Evaluating What’s Important- These tools will be used to keep an inventory of the
system and evaluate which pieces in the network are the most important
● OCS Inventory- This tool takes an inventory of the system and evaluates which
pieces of inventory are the most important. This is super important because
when something happens it’s important to know how critical the issue is.
● AlienVault OTX/AlienVault Labs- this tool isn’t absolutely necessary but it could
be helpful. This tool looks for new threats and attacks on a global level, indicators
of IP addresses with bad reputations and command and control servers are all
flagged. After they are flagged context for the threat is provided
The Plan- This part of the process doesn’t require any tools in particular. This step in
incident. This is maybe the most important part of the whole process. This is the road
Data Capture and Incident Response- these tools will be used to investigate the issue
after it has happened. These tools are for forensics purposes so the company knows
● SANS SIFT/Autopsy Slueth Kit- these tools capture data and perform forensics
checking the integrity of data, the registry, and create an audit trail throughout the
forensic process
Conclusion:
For Barry Inc. to solve their issue they must implement all the tools I mentioned above
even if it’s after the fact of the incident. After that, they must use the forensic
investigation tool, SANS SIFT, and Autopsy Slueth Kit to see what was compromised.
Then Barry Inc. must patch the holes and issue and send a notice to all the customers
of the company and the public. Many companies that go through this sometimes offer
identity theft protection services for free such as life lock to mitigate inconveniences to
customers. This is a great option if Barry Inc. can afford it, and will also show the
https://cybersecurity.att.com/resource-center/ebook/insider-guide-to-incident-
response/incident-response-tools