BSIT380-T302

 In week 11 of BSIT 380 we covered the ways of classifying steps on incident response and how different certifying organizations have different terms. One thing that was a constant was that the steps were separated and many of the term are Cybers security items. When an attack is being repaired it will fall into one of the following categories: Validation, eradication, post-incident activities and containment. The goal with any attack is to isolate to prevent any additional attack surfaces from being attacked, this is done with containment. The next step when a system is either disconnected or in non-LAN/non-web facing environment is to eradicate the attack and any reminisce of it. Next would be to go back and validate that no virus is found in any system files or any network local services that hold the same signature is being used. Finally a incident report or meeting will take place to brief the higher ups on what caused the issue and the steps taken to eradicate the issue as we...

 Within my experience in IT, many repetitive tasks can be done by a well-designed automation system. When I was attending Southeast Tech in Sioux Falls, SD I had the opportunity to learn Linux scripting and the use of making .sh files. Often when creating automation files or formulas the information that is pulled must be accurate, if it is not the rest of the information will be incorrect. When creating a script the first thing is to determine the end goal, then take a step back and look at the overall impact, if a script will be designed to check a system for an item it may be a good idea to estimate how much time doing the items manually would take then compare to the same thing if you had a working script. With my experience, I want to automate something that might be better done manually to prevent errors.

 In the world that we live in there are often people who disagree, some fight it out in twitter or in a boxing ring, however there are some unethical ways people have started silent wars, this includes cyber-attacks on another person’s life or business. In chapter 13 the topic included how to be prepared for threat hunting and uncovering the more difficult attacks. With each attack there is typically a motive, for countries it is often access to sensitive data or disabled a system, for companies it is similar, often companies that run ads for the first time may run into an unintentional DDoS by customers trying to access a resource. The best thing a cybersecurity engineer can do is to help train an maintain systems to filter out the fake traffic versus the real customers.

Within Chapter 12 the biggest thing that I took away was the need for incident response. Any network on the face of the planet that is connected to the world wide web is at risk of being compromised, the best way to manage the risk is to configure a firewall, DMZ, and response plan. When an attack happens there are typically indicators such as multiple failed login attempts, additional system utilization, or systems failing. There should be an SOP or standard operating procedure that is set on what the goal is to minimize the overall impact of an attack, if a single system is a target that system may be isolated or removed network connections. Having account lockout timers can prevent a hacker from using brute-force attacks.