In the lab activity for this discussion, you assumed different roles. After logging into the lab environment, you proceeded to “Launching an Attack” as a hacker. Once you completed that portion of the lab, you assumed the role of a defender and began the “Collecting Incident Response Data” portion of the lab. You then completed the lab as a defender by collecting log data and analyzing it. For this discussion, let’s add to the scenario as follows:
As part of your system audit, you realize that you have identified a successful remote login from a suspicious IP address located in North Korea. This is a suspicious address because your organization has no ties to North Korea, and no personnel are over there for vacation or business-related travel.
In your initial post, discuss what next steps you should take as a defender.