GB Bank is a fictitious local bank located in the Liverpool, UK. The bank suffered several security breaches in recent months.

On January 22, 2022, an ex-employee who was recently fired, gained access to the banks internal WLAN network using the passphrase set on the wireless router and shared among the banks employees.

On January 24, 2022, the ex-employee was able to access the banks network-attached storage (NAS) to download backup files that contained company secrets and deleted nearly 120,000 customer records.

On February 10, 2022, after gathering information on key employees working from home, hackers called some employees over the phone, impersonated the banks IT administrator, and persuaded them to disclose their account credentials.

(a)

i) Describe what a canary token is and how it can be used to detect the breach that occurred on January 24, 2022.

[5 marks]

ii) Describe what WPA-Enterprise Mode is and how it would have been useful in preventing the breach that occurred on January 22, 2022.

[5 marks]

(b)

i) What type of social engineering attack occurred on February 10, 2022? Describe ONE (1) method to prevent this type of attack.

[5 marks]

ii) Write Snort rule headers for the following scenarios on the companys network:

Trigger an alert for any FTP login attempts destined for port 21 on host 10.10.10.157 with the message FTP failed login

Block and log any TCP packets destined for port 22 on host 10.10.10.157 with the message unauthorized SSH authentication attempt.

Log any TCP packets destined for port 3389 on host 10.10.10.157.

Block but do not log any ping packets destined for the 10.10.10.0/16 network.