Worm and distributed denial of service ddos agent infestation

Below are the guidelines that needs to be taken into consideration to build action plan and attached word document is the Project that needs to be completed!

On a Tuesday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent. The COMPUTER SECURITY INCIDENT HANDLING GUIDE 54 organization has already incurred widespread infections before antivirus signatures become available several hours after the worm started to spread. The following are additional questions for this scenario:

1. How would the incident response team identify all infected hosts?
2. How would the organization attempt to prevent the worm from entering the organization before antivirus signatures were released?
3. How would the organization attempt to prevent the worm from being spread by infected hosts before antivirus signatures were released?
4. Would the organization attempt to patch all vulnerable machines? If so, how would this be done?
5. How would the handling of this incident change if infected hosts that had received the DDoS agent had been configured to attack another organization’s website the next morning?
6. How would the handling of this incident change if one or more of the infected hosts contained sensitive personally identifiable information regarding the organization’s employees?
7. How would the incident response team keep the organization’s users informed about the status of the incident?
8. What additional measures would the team perform for hosts that are not currently connected to the network (e.g., staff members on vacation, offsite employees who connect occasionally)?Tentative Schedule: Day #1 Friday 5:00 pm until 10:00 pm -Intro-Welcome!! - Resources -Attendance -Break into teams/groups (We will create groups when we meet on Friday) -Discuss project - Assessment – 5 points Day #2 Saturday 8:00 am until 10:00 pm (lunch at 12 – 1 and dinner at 5:00 – 6:30 breaks) - Attendance/Assessment (assessments may be any time during the day) - Break into teams/groups - Work on project -Teams will prepare to complete projects on Saturday and present projects on Sunday - Assessment – 5 points Day #3 Sunday 8:00 am until 1:30 pm - Attendance/Discussion Board - Team presentations - Practical Connection Assignment after Presentations – 50 points (5% of your final grade). If you leave before this is assigned, you will NOT be able to take it later. - Student Sign-out Project Details: You are part of an incident response team. Each group has been assigned an incident from Appendix A in the NIST SP 800-61, Rev. 2 document. You need to respond to this incident by completing 4 deliverables: 1) Incident Response Team Charter – 50 points. Textbook has guidelines beginning on page 330. Minimum page length 3 double-spaced pages. 2) Action Plan – 50 points. Teams will respond to a specific incident. Groups have been assigned the following Incidents. Each Group will develop an Incident Response Plan with a minimum page length of 3 double-spaced pages addressing the following security incident. Be certain to include the questions in the scenario, as well as the General Questions in the Appendix: • • • Group 1 – Scenario 2: Worm and Distributed Denial of Service (DDoS) Agent Infestation Group 2 – Scenario 3: Stolen Documents Group 3 – Scenario 4: Compromised Database Server • • • • • • Group 4 – Scenario 5: Unknown Exfiltration Group 5 – Scenario 6: Unauthorized Access to Payroll Records Group 6 – Scenario 8: Telecommuting Compromise Group 7 – Scenario 10: Peer-to-Peer File Sharing Group 8 – Scenario 11: Unknown Wireless Access Point Group 9 – Scenario 1: Domain Name System (DNS) Server Denial of Service (DoS) 3) Incident Response Plan - 50 points. A minimum of 5 pages Incident Response Plan will be developed that addresses IRT members and their tasks, and generic procedures for Incident Response (beginning page 342 - 347 and in the SP 800-61). 4) Presentation – 50 points. Each group will present a summary of their deliverables (all members must present). The presentation will consist of, at least, a title page with list of group members, and one or two slides for each section. Presentations should not be longer than 30 minutes per group, otherwise they will be marked down. All team members MUST be present for ALL of the presentations, and not talking during the presentations - or their presentation will be marked down 20%. There will be time after the presentations are completed for you to polish and submit your group papers. The four parts are worth a total of 200 points and will based on the following: • Meets Standard Criteria • Completeness/content • Logic of Processes and Actions (Thoroughness) • Alignment of the Incident Response Plan and Action Plan in addressing guidelines in the text and NIST SP 800-61 • Completeness of the Topic • Presentation Delivery The total number of points from the Residency (260) will be weighted as 60% of your final grade. ...