Which of the following is the BEST indicator of a successful external intrusion into computer systems?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The BEST indicator of a successful external intrusion into computer systems is spikes in the number of login failures (Option D). Here's why:
External intrusion is a security breach that occurs when an unauthorized person gains access to an organization's system or network from outside. The goal of an external intrusion is usually to steal sensitive information, cause damage, or disrupt normal operations.
Indicators of an external intrusion can be both technical and non-technical. Technical indicators refer to specific events or actions that are detected by security controls such as firewalls, intrusion detection systems, or security information and event management (SIEM) tools. Non-technical indicators refer to unusual behavior or patterns that may indicate an intrusion but are not detected by security controls.
In this case, the options provided are technical indicators of a successful external intrusion. Let's evaluate each option to see why spikes in the number of login failures is the BEST indicator:
Option A: Unexpected use of protocols within the DMZ A DMZ (Demilitarized Zone) is a network segment that separates an organization's internal network from the external network, such as the Internet. The DMZ typically contains servers that are accessible from both internal and external networks, such as web servers, email servers, or FTP servers. If an attacker successfully breaches the DMZ, they may use unexpected protocols to communicate with the servers in the DMZ. However, this may not always be an indicator of a successful intrusion since legitimate users may also use unexpected protocols for legitimate reasons.
Option B: Unexpected increase of malformed URLs A URL (Uniform Resource Locator) is the address of a web page on the Internet. A malformed URL is a URL that contains errors or is improperly formatted. Malformed URLs may indicate an attempt by an attacker to exploit a vulnerability in a web application. However, an unexpected increase in malformed URLs may not always be an indicator of a successful intrusion since legitimate users may also accidentally enter malformed URLs.
Option C: Decrease in the number of login failures A decrease in the number of login failures may indicate that an attacker has successfully gained access to the system and no longer needs to guess usernames and passwords. However, this may not always be an indicator of a successful intrusion since legitimate users may also experience a decrease in login failures due to increased familiarity with the system or the use of password managers.
Option D: Spikes in the number of login failures Spikes in the number of login failures is the BEST indicator of a successful external intrusion into computer systems. This is because when an attacker attempts to gain access to a system, they typically try multiple username and password combinations. This results in a spike in the number of login failures. A sudden and significant increase in the number of login failures is a strong indication that an attacker is attempting to gain access to the system. The organization should investigate this immediately to prevent a successful breach.
In conclusion, spikes in the number of login failures is the BEST indicator of a successful external intrusion into computer systems. Organizations should monitor their systems for this indicator and take immediate action to investigate any spikes in login failures.