IT incident response

 

Part A – 

You have found that you have 10 systems in your network that are infected with malware and are members of a botnet. One of the systems is a webserver, the other 9 are desktop systems used by different individuals and departments.

  • Utilizing your Incident Response Plan , detail how you will deal with each system.
  • What preventive measures will you take in the future.

Part B – 

As a team determine the appropriate nmap scans to complete the following:

  • scan for the presence of hosts/devices on a network segment (i.e. x.x.x.x/24)
  • port scan for all devices on a network segment (i.e. x.x.x.x/24)
  • scan for device OS and software versions running on all ports on a network segment (i.e. x.x.x.x/24)