.png)
Eliminate the Threat Posed by Remote Access
·
Is the risk identified as remote access?
·
Verify that the access belongs to organisation's
environment
·
Identify a compromised system
o
Analyse available log files and find signs of
unauthorised access to the system.
o
Expand the scope of the analysis to ensure no
other systems are affected by an attacker.
o
If you can't find any evidence of unauthorised
access to company resources- still access is related to organisations resources,
§
Conduct an investigation for insider activity.
·
If identified, the remote access point, disable
remote access.
o
To eliminate the possibility of unauthorized
access to infrastructure future
§
Fix any vulnerabilities found
§
Disable accounts if the intruder gained access
using known credentials
§
Ensure that all the latest patches are installed
·
Investigate actions performed through remote
access
o
Analyse available log files and check the
activity of the account
·
Prepare remediation and lessons learned document
o
Conduct root-cause analysis to ensure that all
possible methods to prevent the incident from happening again.
o
Analyse whether your current threat model is
relevant. Review your current procedures and policies and compliance with
security controls.
o
Analyse the organisation's current prevention
measures, such as intrusion detection systems, and antimalware solutions.
o
Review accesses and rights.
o
Eliminate vulnerabilities.
o
Change passwords for affected accounts and
systems and enforce a strict password policy.
o
Monitor network traffic to detect if an attacker
attempts to initiate a connection again.
o
Continue monitoring the Dark Web to find
re-publications of the same breaches on different forums.
o
Implement a program to improve staff awareness
in information security, and conduct periodic training to monitor the awareness
of each employee.
Post a Comment