Joe analyzed the following log and determined the security team should implement which of the
following as a mitigation method against further attempts?
Host 192.168.1.123
[00: 00: 01]Successful Login: 015 192.168.1.123 : local
[00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124
A.
Reporting
B.
IDS
C.
Monitor system logs
D.
Hardening
In here we can see a number of unsuccessful login attempts using a Remote Desktop Connection (using the RDP protocol) from a computer with the IP address 192.168.1.124.
Someone successfully logged in locally. This is probably an authorized login (for example, Joe logging in).
INCORRECT ANSWERS:
A. Reporting – Reporting and monitoring the situation will not stop people from succeding in their attacks. This is an admin task and cannot be construed as a MITIGATION.
B. – IDS – An IDS – Intrusion Detection System will detect an intrusion, but will not stop it
C. Monitor system logs – Monitoring the logs will not stop people from succeding in their attacks.
Monitor system logs- Reporting and monitoring the situation will not stop people from succeding in their attacks. This is an admin task and cannot be construed as a MITIGATION.
So the real possible answer is where an ACTIVE approach was taken, namely: Hardening
Hardening is the process of securing a system. We can harden (secure) the system by either disallowing remote desktop connections altogether or by restricting which IPs are allowed to initiate remote desktop connections.
0
0