Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / You run a medium sized network
You run a medium sized network. Each client machine is part of the same authentication domain - any user within your organisation is able to log onto any client system. The client network is NATted behind a single external IP address.
You receive a report that a server belonging to an unrelated company was attacked from your client network. The report includes a timestamp and a source port from your IP address, but no log of the attack itself occuring.
1) How would you identify which client system was used to perform the attack?
2) How would you identify which user was associated with the attack?
3) What tools could you use to differentiate between this being an attack performed by your user and the user's account having been compromised?
4) What technologies have we discussed that would give you more information that would make it easier to identify the compromise ahead of time instead of having to react to an external report?
