In Case study number one (Dhillon, 2007), Stellar University(SU), which is public education institution, had a system breach in its Information Systems(IS). The IS of SU contained many types of IT such as Mainframe, AS400, Linux, VAX, Unix, AIX, Windows(3.1 and up to 2003), Apple, RISC boxes Storage Area Networks(SAN), Network Attached Storage(NAS) and much more. Sadly, SU has had a security breach on some of its systems. Even though everything was fixed but there are issues that need to be discussed about this breach. The first issue is adequacy of organization's long-term counter attack actions. The second issue is helpfulness of immediate counter attack actions. Hopefully, the discussion will be concise and to the point.
Adequacy of Organization's Long-term Counter Attack Actions
Sadly, the measures SU IS staff has taken were not adequate enough. The post-mortem check they conducted to determine the what and why of the breach was not done in a formal fashion. It was basically, a written summary presented to the management, along with an analysis of how to avoid such future breaches of similar type presented to the System Administrators(SAs). It was done in several steps. First, after viewing monitoring tool logs the SAs decided to put the Anti-Virus(AV) program in the watch list of services so they would be alerted when a hacker for instance disables the AV. Still, this step will not prevent the intrusion! This is another proof that the actions were not adequate enough. Another step is the quick change of password policy from temporary to permanent. This step, even though, is good, however, it came too late, because it should have been implemented from the beginning. One more step they taken was to the elimination of multiple IDs belonging to a single user. This also should have been prevented in the security policy from the beginning. The last step, even though still under review by SAs, is the scripted manual deletion of automatically created administrative shares on each server based...