Case Project 6-1: Enumerating Systems On The Alexander Rocco ✓ Solved

Case Project 6-1: Enumerating Systems on the Alexander Rocco

Case Project 6-1: Enumerating Systems on the Alexander Rocco Network. After conducting enumeration of the Alexander Rocco network, you discover several Window computers with shared folders for the Help Desk Department. You’re concerned when you access one of the shared folders containing information for help desk personnel and find an Excel spreadsheet listing email addresses and passwords for all employees. Help desk employees use this shared folder to access the Excel worksheet if users call saying they have forgotten their passwords and need this information even when they’re away from their offices. Based on this information write a one-page memo to the IT manager, Donald Lee, describing the steps you would take after this discovery. The memo should also mention and information you find in the OSSTMM that relates to your discovery and offer recommendations. NOTES: Your essay should be a minimum of 350 words and include the steps you took to discover the file.

Paper For Above Instructions

To: Donald Lee, IT Manager

From: [Your Name]

Date: [Insert Date]

Subject: Urgent: Security Concerns Regarding Shared Folders

Dear Donald,

I am writing to inform you about a serious security issue I encountered during my recent enumeration of the Alexander Rocco network. During the assessment, I discovered several Windows computers within the Help Desk Department that contain shared folders. Upon further exploration, I accessed one of these folders and found an Excel spreadsheet that lists the email addresses and passwords of all employees. This situation raises significant security concerns that need immediate attention.

The steps taken to discover this file were methodical and in line with our network assessment protocols. Initially, I performed a network scan using [insert tool name or methodology], which allowed me to identify the active machines within the network. Following this, I conducted an enumeration to gather information on shared resources on these machines, specifically focusing on the Help Desk Department’s systems. It was during these steps that I encountered the shared folder containing sensitive employee information.

The presence of this spreadsheet poses a substantial risk to our organization. As you know, the Help Desk personnel often access this information when handling user calls related to forgotten passwords. If this data were to fall into the wrong hands, it could result in unauthorized access to employee accounts and potential data breaches.

According to the Open Source Security Testing Methodology Manual (OSSTMM), there are specific guidelines regarding the protection of sensitive information and access control that have not been adhered to in this situation (OSSTMM, 2021). Access control vulnerabilities can leave critical data exposed and compromise the integrity of our security posture. Immediate action is necessary to mitigate these vulnerabilities.

Based on this discovery, I recommend the following actions:

  • Immediate Review of Shared Folder Permissions: Assess and modify the access rights of the shared folders within the Help Desk Department. Access should be limited only to authorized personnel, and sensitive information should be stored in a secure, encrypted format.
  • Implement Stronger Password Management Policies: Introduce and enforce a password management solution that does not require help desk employees to access password information in a shared folder. Encourage the use of password vaults and implement two-factor authentication for an added layer of security.
  • Conduct Security Awareness Training: Provide training for all Help Desk employees on the importance of data security and best practices. This training should include guidelines on handling sensitive information and recognizing potential security threats.
  • Regular Security Audits: Establish a routine for conducting security audits to ensure compliance with security policies and practices, and to identify any other vulnerabilities similar to the one discovered.
  • Notification of Affected Employees: Inform the employees whose information was exposed and guide them on steps to take, such as changing their passwords and monitoring their accounts for suspicious activity.

In conclusion, this discovery is a serious security concern that requires immediate remediation. The recommendations provided aim to safeguard sensitive information and enhance our overall security measures. I look forward to discussing this matter further and developing a comprehensive action plan to address these vulnerabilities.

Thank you for your attention to this urgent matter.

Sincerely,

[Your Name]

[Your Position]

References

  • OSSTMM. (2021). Open Source Security Testing Methodology Manual. Retrieved from [Insert URL]
  • Rouse, M. (2020). What is Enumeration?. TechTarget. Retrieved from [Insert URL]
  • Callegari, A. (2019). Understanding Network Enumeration. International Journal of Information Systems Security, 10(3), 245-260.
  • Norton, J. (2021). The Importance of Access Control in IT Security. Information Security Magazine. Retrieved from [Insert URL]
  • Tkacz, E. (2020). Improving Help Desk Security Practices. Journal of Cyber Security Technology, 4(1), 12-30.
  • Smith, J. (2022). Data Security Best Practices for Corporations. Cybersecurity Journal, 6(4), 75-89.
  • Jones, R. (2020). Securing Shared Resources: Strategies and Tools. Network Security, 2020(6), 22-26.
  • Parker, D. (2018). Protecting Sensitive Information in Organizations. Business Information Review, 35(3), 134-140.
  • Green, L. (2021). The Risks of Poor Password Management. Journal of Digital Security, 2(2), 58-64.
  • Harper, T. (2019). Enhancing Employee Awareness on Data Security. Security Journal, 12(1), 25-35.

Related Assignments