Immediate steps to be taken:
In case of a Smurf DDoS attack in the database of the company, the immediate response will be to detach all the devices which are connected to the same network. This would help in preventing the attack to spread in other systems of the company. Staffs will be given the instruction for interrupting the transfer of files to the customers or other stakeholders. They will be also prevented from storing any data in the system till the attack is mitigated with perfection. If some of the systems are not affected, then they will be instructed to immediately backup the data from those systems to the secured devices. The data should not be use for backup from the systems which are already affected (Mische and Wilkerson 2016). This could result in the spreading of the attack in the backup devices as well. Staffs will be also encouraged to immediately report any vulnerabilities if they find in their system so that that system can be protected on an immediate effect. Communication between the IT team and the staffs is going to be extremely important to ensure the impact of the attack is reduced as soon as possible. Response from the staffs is going to be extremely essential in this regard. A disaster response plan will be developed immediately with the help of the IT security experts and it will be implemented with an immediate effect (Guo and Kapucu 2015). The staffs will be made aware about the actions they need to take at different point of time during and after the execution of the plan. This will help them to be aware about the necessary steps that they would require to implement for reducing the impact of the attack with success. The network will be closed until the security measures are implemented in it by the security team. Resumption of the network activities will be initiated after the closure the disaster recovery process.
If you need assistance with writing your essay, our professional essay writing service is here to help!Essay Writing Service
Steps for stopping the incident:
In the process of stopping the attack, the first aim will be to configure the router as such that the packets which are directed to the broadcasting addresses will not be forwarded anymore. This will help in ensuring that the external broadcasts will not get any responses from the router. This will be the initial step which will be followed for stopping the spread of the attack in the network and other systems. Ingress filtering process will be used for examining the packets which are moving inwards towards the system (Seewald and Barton 2019). In this way, it will be possible to prevent further attacks in the network. The vulnerabilities in the network will be further checked with the help of the audit team and then with an immediate effect, firewall will be implemented which can help in protecting the flow of unwanted packets within the network. This is going to be one of the most effective process by which the network can be revived and the operations of the network can be restarted once again with success. This process can also help in making the network stable once again.
In order to ensure that all the staffs and the management members are engaged in the network security and disaster response, it will be important to develop the platforms through which communication can be conducted with efficiency. First of all, it will be essential to know which information needs to shared with the users of the network. This will help in identifying the users with whom thee information can be shared. It will be important to make the users aware about the incident that took place. This would help them to be aware about the precautions that they need to take for ensuring that the attack would not spread further (Bartnes, Moe and Heegard 2016). The communication of the in-house staffs will be made through face to face meetings. In case of the virtual staffs, the communication will be made by sending them emails about the incident and the process they need to follow further to prevent the increase of the impact. It will be ensured that the communication will be continued and maintained until the issues get mitigated successfully. In the communication plan, the contact information of the responsible person will be provided to all the staffs. This will include the contact information of the members of the IT team, the management team and the disaster response team. The staffs will be encouraged to communicate with them in case of any requirements about the security of their system and data (Ahmad, Mynard and Shanks 2015). This will be an important strategy as it will help in ensuring that the communication between the response team and the staffs would be maintained throughout the process. This would also help in effective mitigation of the issues without the interruption of the business activities. The communication plan will be documented and provided to the staffs. In case of the virtual staffs, the plan will be sent as the email.
The communication plan will include the name of the members, their role, contact number and email id. The issues would be fixed by interrupting the networking for a day. In this time, the activities regarding response of the incident and security enhancement would be made. However; the staffs would be requested to be present throughout the activity as their support and feedbacks are going to be extremely essential. The issues will be assessed initially and an audit will be conducted in order to find the causes of the attacks. In this phase, communication will be required between the audit team and the staffs. It would be essential for the audit team to known about the feedbacks of the staffs regarding the probable causes. This communication will help in completing the audit process in a relatively less time. Then after the mitigation of the issues, communication will be made with the staffs and the management regarding the process they need to follow for ensuring prevention of further attacks in the network (Hasan et al 2016). In this case, two-way communication between the users and the IT teams is going to be extremely essential. This is because; with the help of two-way communication, it will be possible for the IT team and the higher authority of the company to understand if the staffs have become fully aware about the preventive measures or not.
Thus, communication is going to be the key in order to revive the network activities and to prevent the network from the impact of security attacks in the future.
Security response plan:
About the plan:
This plan is regarding the development of the security measures so that the IT assets and the network can be recovered after the Smurf DDoS attack. In this plan, the technical design and the implementation aspects will be highlighted. Then the administrative controls and the documentation of the response plan will be also demonstrated.
The technical design:
It has been identified that the Firewall 1 that was already implemented in the network has been damaged after the attack. Therefore; it can be assessed that the firewall was not effective enough to prevent the attack. First of all, a strong firewall is required to be implemented along with a supporting VPN. It is suggested that a double firewall needs to be implemented in the network. The router will not forward the broadcasting addresses from the packets and this will be done to ensure that the malicious data do not enter the network anymore. The next step will be to implement the encryption techniques for ensuring that the data that are stored in the database of the company would not be readable for the hackers. In this process, AES will be used as the encryption will be symmetric one. Along with this, it will be ensured that the data would be backed up daily (Pancholi and Patel 2016). This will ensure that even if such incidents occur in the future, the confidential data of the business would not be lost. In the router, the flow of packets will be controlled and in this regard, the broadcasting messages will not be allowed to be flowed towards in inward system of the network. The overall steps will be strong for developing a strong technical architecture of the database and network of the company. There will be provisions of regular update of the system and it will be automated one. This will help the IT administrators of the company would be aware of all the changes to be made.
It would be essential to make the users aware of their responsibility in the response plan. Therefore; the responsibilities are provided in the table below:
To lead the project on incident response
To lead the IT team
To manage the security of the network
To look after the security audits
To communicate with the response team and implement the necessary security measures.
The responsible person for the response plan has been shown in the above table. The role of the users can change in accordance to the changes in the requirements in the plan.
Responsibility of the audit team:
The audit team for this plan will be responsible for a number of activities. These activities are as follows:
- To communicated with the management and staffs of the company to receive the information regarding the usage of the system
- To understand the patterns of attack and to understand the probable roots of the attacks
- To review the current security measures of the company
- To identify the vulnerabilities in the security measures that was implemented
- To assess the vulnerabilities in the network and database of the company
- To identify the unwanted packets that have been sent to the network
- To identify all the risks related to the network security
- To develop an audit report by citing all the details of the assessment
The responsibilities of the response team are as follows:
- To review the audit report and understand the requirements that have been identified
- To communicate with the users regarding the processes they used to follow for network security
- To prepare the communication plan regarding the responses from the users
- To assess the existing security measures and compare those with the report of the audit team
- To develop the precautions and post-incident processes for the staffs and the management
- To increase the security of the network
- To increase the security of the database
- To train the staffs and the management about the process that they need to follow for further steps
- To implement all the digital resources which are required for continuation of the business
- To implement the risk mitigation techniques
- To prepare a final report of the disaster response plan
These responsibilities are going to be extremely vital and if properly followed, would certainly help in proper mitigation of the security issues of the company. Further, these would also help in reviving the activities of the network with success.
Control and documentation:
In the process of enhancing the network security, it would be also important to implement proper control of the network access. It would be important to increase the effectiveness of the authentication of the users who are accessing the network. Proper authentication would help in ensuring that only the authorized users would be able to access the network (Ding et al 2018). The control needs to be in the hands of the higher authorities of the company so that the decisions on the authentication can be taken effectively. The documentation of the security policies is going to be essential as well. Proper documentation would in ensuring that the users would be able to follow the regulations on maintaining the network security. The documents need to be reviewed according to the changes in the plan in the future.
- Ahmad, A., Maynard, S.B. and Shanks, G 2015. A case analysis of information systems and security incident responses. International Journal of Information Management, Vol.35, No.6, pp.717-723.
- Bartnes, M., Moe, N.B. and Heegaard, P.E 2016. The future of information security incident management training: A case study of electrical power companies. Computers & Security, Vol. 61, pp.32-45.
- Ding, D., Han, Q.L., Xiang, Y., Ge, X. and Zhang, X.M 2018. A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing, Vol. 275, pp.1674-1683.
- Guo, X. and Kapucu, N 2015, Network performance assessment for collaborative disaster response. Disaster Prevention and Management, Vol.24, No.2, pp.201-220.
- Hasan, R., Zawoad, S., Noor, S., Haque, M.M. and Burke, D 2016, June. How secure is the healthcare network from insider attacks? An audit guideline for vulnerability analysis. In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC) Vol. 1, pp. 417-422). IEEE.
- Mische, S. and Wilkerson, A 2016, Disaster and contingency planning for scientific shared resource cores. Journal of biomolecular techniques: JBT, Vol.27, No.1, p.4.
- Pancholi, V.R. and Patel, B.P 2016, Enhancement of cloud computing security with secure data storage using AES. International Journal for Innovative Research in Science and Technology, Vol.2, No.9, pp.18-21.
- Seewald, M. and Barton, R 2019. DETERMINISTIC PROCESS NETWORKS BASED ON ADAPTIVE TRAFFIC POLICING AND FILTERING.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: