Table of contents exchange of letters with the minister executive summary

EVENTS OF 4 JULY 2018 .............................................................................. 152

Download 5.91 Mb. View original pdf Page 88/329 Date 27.11.2023 Size 5.91 Mb. #62728

26 EVENTS OF 4 JULY 2018 .............................................................................. 152 26.1 Discovering queries to the SCM database ................................................... 152 Informing Katherine and the Citrix Team ................................................... 153 Detecting active queries to the SCM database ............................................. 154 Terminating unusual queries to the SCM database ...................................... 155 Attempts to locate Workstation Band linking up with Benjamin ............... 155 Comparing and drawing links between the uses of Workstation Bin June 2018 and 4 July 2018 ................................................................................... 156 Further investigations by Ernest into the SQL query and the use of the AA. account ......................................................................................................... 157 26.8 Ernest’s reasons for not reporting the incident ............................................ 158 Wees reasons for not reporting the incident ............................................... 159 Query from Katherine about reporting the matter ....................................... 160 Preventing further queries to the SCM database from the SGH Citrix servers .......................................................................................................... 161 Implementing scripts on the SCM database to block malicious queries ..... 161 Changing the password of the AA. account ................................................ 162 Assessment of IHiS’ incident response on 4 July 2018 ............................... 162 27 EVENTS OF 5 TO 8 JULY 2018 .................................................................... 165 27.1 Meeting at am on 5 July 2018 between the Security and Citrix Teams 165 Detecting an active login to Citrix Server 2 and disabling the SA. account on the morning of 5 July 2018 .......................................................................... 166 Implementing a firewall rule to block all connections to the SCM database from any SGH Citrix server on 5 July 2018 ................................................ 167 Enforcing the use of Privileged Access Management to access the SGH Citrix servers from 5 July 2018 ................................................................... 167 Forensic examination of Workstation B ...................................................... 167 Download 5.91 Mb. Share with your friends: