Scenario: Your company has been hacked. What now?

Key Points
Here's a list of key points that are covered in this scenario:

  • IP Scheme
  • Workstation Security
    • Turning off unnecessary services
    • Internet access policies
    • Anti-Virus considerations
  • Intrusion Detection / Prevention
    • Man-in-the-middle prevention using ARPwatch
    • Firewall Settings
    • The DMZ
  • Why do you need this security?

The Scenario
To set things up this is a basic scenario that could happen to anyone. I'll be using the fake name of "InterPath."

On April 11th, 2008 InterPath Financial Institution (IFI) was broken into by hackers. They breached into our main headquarters where we maintain all of our customers personal information. We are unsure of what they took, changed, or if they still have access to our computer systems. We have informed all of our customers who's data was stored at the main headquarters. We have about 25,000 customers 15,000 of which are stored at our main headquarters. This is unacceptable and we don't know the damage that's been done.

The company, InterPath, has three locations. The headquarters, a call center, and a marketing center. The network's infrastructure is going to be entirely redesigned to include a nice way to transparently monitor everything that goes on. I've come up with a network diagram for each.

Main Headquarters, Las Vegas, NV

Network Diagram of Main Headquarters

Customer Service Call Center, Mesa, AZ

Network Diagram for Call Center

Marketing Center, Phoenix, AZ

Network Diagram for Marketing

All three locations are connected through a high-bandwidth internet connection using IPSec over Layer 2 Tunneling Protocol (L2TP).

To read my entire solution to this problem, which goes into much more detail, there is a PDF file attached below. Please feel free to read it and give me any feedback.

PDF icon scenario.pdf710.46 KB