Scenario: An intern employee names James has found a USB on the ground coming into work, he wants to find the owner. He plugs the USB drive into his workstation computer and the drive appears to be empty. He sees that the command prompt flashes open and closes. Unknowingly he just executed a worm or botnet into the network. He informs you (the CIO) that he believes that he has unleashed a worm.
Task: How would you track, and remove the worm the network?
Areas to consider:
What ports or port types will have unusual activity.
Respond to at least 2 other students with at least a 100-word reply about their Primary Task Response regarding items you found to be compelling and enlightening. To help you with your discussion, please consider the following questions:
What did you learn from your classmate's posting?
What additional questions do you have after reading the posting?
What clarification do you need regarding the posting?
What differences or similarities do you see between your posting and other classmates' postings?