Company XYZ has suffered leaks of internally distributed confidential documents. Ann the network
security analyst has been tasked to track down the culprit. She has decided to embed a four letter
string of characters in documents containing proprietary information. Which of the following initial
steps should Ann implement before sending documents?
A.
Store one of the documents in a honey pot
B.
Start antivirus scan on all the suspected computers
C.
Add a signature to the NIDS containing the four letter string
D.
Ask employees to report suspicious behaviors
Badly written question. Does Ann need to send anything? … And to whom???
She would be better placing the document as data at rest and see what happens. Anyways…
We can eliminate B and D from the onset. So it is between
A- Store one of the documents in a honey pot
C- Add a signature to the NIDS containing the four letter string
Short for network intrusion detection system, NIDS is a system that attempts to detect hacking activities, denial of service attacks or port scans on a computer network or a computer itself. … The NIDS can monitor incoming, outgoing, and local traffic
Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This terminology originates from anti-virus software, which refers to these detected patterns as signatures.
So by creating a document with an embedded four letter string letters, it is possible to use NIDS to see any network traffic with that particular signature and see where it leads.
0
0