My report will be discussing and analyzing the computer attack that happened at Stellar University (SU). In the first part, I will give a brief about that school and outline its servers. In the second part, I will discuss and analyze the issues that happened in IT department and finally I will add solutions, recommendation and end my report with conclusion and references.
Stellar University (SU) is an urban university that offers amazing majors such as engineering, business, hypnotherapy and health. SU uses many tools such as Mainframe AS 400, Unix, and Linux etc. Also, it has networking infrastructure such as wireless and VPN (Virtual Private Network).
The issue is that SU did not have a qualified staff in IT who could operate and run the system clearly. Moreover, they have low skills in training and low experience that prevented them of being IT professionals which made them walking with no direction. On the other hand, criterions of IT system were not clear due to the tight restriction and updating password policy. These reasons created a shortage in protecting IT system.
The server was an IBM and the upgrade were made to that server in order to maximize space and memory. Additionally, the IBM server warranty has been expired and it did not get renewed. The school management at SU decided to relocate all servers to be at the computer center. The SU was on a budget which made SU laying off some staff and reducing preventive maintenance.
Monday morning in February, The system administrator has seen a weird folder while he was accessing to his account. Right away, he deleted that folder and contacted the operating system administrator at the computer center, but unfortunately another admin logged on on site and the
folder that already deleted by the system administrator, started duplicating itself over and over where the disaster started. The issue is that the new admin account has been created while both of legal administrators were not accessing the server due to the weekend. When the antivirus protection was effective, the actual antivirus that scan viruses had been stopped. The system has been compromised, and a Trojan virus has been implemented.
The Immediate response was the first reaction that has applied by system administrators who decided to disconnect the server from...