Scribd
Upload
44 views

03 Laboratory Exercise 2

The document summarizes a security article and provides recommendations to prevent the type of attack described. It discusses the SolarWinds attack, where hackers inserted malicious code into an update for the SolarWinds Orion software platform. This allowed them to access sensitive networks and data from multiple government agencies and private companies over several months before being detected. The summary identifies this as an active attack since the hackers modified and exploited the systems. To prevent such sophisticated attacks, recommendations include regularly updating all software, employing reliable security solutions, using least privilege access, monitoring networks closely, and educating staff.

Uploaded by

xagagoj486
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
44 views

03 Laboratory Exercise 2

The document summarizes a security article and provides recommendations to prevent the type of attack described. It discusses the SolarWinds attack, where hackers inserted malicious code into an update for the SolarWinds Orion software platform. This allowed them to access sensitive networks and data from multiple government agencies and private companies over several months before being detected. The summary identifies this as an active attack since the hackers modified and exploited the systems. To prevent such sophisticated attacks, recommendations include regularly updating all software, employing reliable security solutions, using least privilege access, monitoring networks closely, and educating staff.

Uploaded by

xagagoj486
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

“03 Laboratory Exercise 2 Information Assurance and Security (Data Privacy)”

Members:

Falsario, Reeco Noe Pesario, Meka Ella Tarrazona


Ferolin, Jacqueline Serna, Maria Julia Belen
Fernandez, Julie Ann Taculod, Liam Jessie

Search for an article/web post about a security attack.

Perform the following tasks.

a. Provide the title and link to the article.

Title: "SolarWinds: The more we learn, the worse it looks"


Link:https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-
it-looks/

b. Summarize the article in at least seven (7) sentences. Identify whether the
attack is active or passive
This article discusses the SolarWinds attack, which was a massive cybersecurity breach
affecting several government agencies and private companies in the US. The attack was
discovered in December 2020, but the intruders had access to the victims' networks for months
before being detected. The hackers infiltrated the network by inserting malicious code into a
software update of the SolarWinds Orion platform, which was then distributed to its customers.
Once inside the network, the hackers could move laterally, accessing sensitive data. The attack
was highly sophisticated and well-coordinated, leading experts to believe it was state-sponsored.
This attack is an example of an active attack, as the hackers not only observed but also modified
and exploited the system.

c. List your recommendations to prevent the identified attack.

To prevent such attacks, here are my recommendations:


- Regularly update and patch all software. This includes not just your operating systems, but
also any third-party software you use.
- Use a reliable security solution that can detect and block sophisticated attacks.
- Employ the principle of least privilege, i.e., only granting necessary access rights to users and
applications.
- Regularly back up important data and ensure it can be restored quickly in case of a breach.
- Monitor network traffic for any unusual activity.
- Finally, educate your staff about the importance of cybersecurity and how to recognize
potential threats.

You might also like