ST 620 California Packet Capture and Intrusion Detection Prevention Systems Case

Swamped with your writing assignments? We'll take the academic weight off your shoulders. We complete all our papers from scratch. You can get a plagiarism report upon request just to confirm.


Order a Similar Paper Order a Different Paper

Description

Introduction to Packet Capture and Intrusion Detection Prevention Systems

You are a network analyst on the fly-away team for the FBI’s cybersecurity sector engagement division. You’ve been deployed several times to financial institutions to examine their networks after cyberattacks, ranging from intrusions and data exfiltration to distributed denial of services to their network supporting customer transaction websites.

A representative from the Financial Services Information Sharing and Analysis Center, FS-ISAC, met with your boss, the chief net defense liaison to the financial services sector, about recent reports of intrusions into the networks of banks and their consortium.

He’s provided some of the details of the reports in an email. “Millions of files were compromised, and financial officials want to know who entered the networks and what happened to the information. At the same time, the FS-ISAC has seen extensive distributed denial of service disrupting the bank’s networks, impacting the customer websites, and blocking millions of dollars of potential transactions,” his email reads.

You realize that the impact from these attacks could cause the downfall of many banks and ultimately create a strain on the US economy. In the email, your chief asks you to travel to one of the banks and using your suite of network monitoring and intrusion detection tools, produce two documents—a report to the FBI and FS-ISAC that contains the information you observed on the network and a joint network defense bulletin to all the banks in the FS-ISAC consortium, recommending prevention methods and remediation against the types of malicious traffic activity that they may face or are facing.

Network traffic analysis and monitoring help distinguish legitimate traffic from malicious traffic.

Step 1: Create a Network Architecture Overview

As part of your assignment to report on prevention methods and remediation techniques for the banking industry, you would have to travel to the various bank locations and gain access to their networks. However, you must first understand the network architecture of these banks.

Provide a network architecture overview along with diagrams. Your overview can be fictitious or based on an actual organization. The goal is to provide an understanding of the network architecture.

Describe the various data transmission components. Select the links below to review them:

  1. User Datagram Protocol (UDP)
  2. Transmission Control Protocol/Internet Protocol (TCP/IP)
  3. internet packets
  4. IP address schemes
  5. well-known ports and applications

Address the meaning and relevance of information, such as:

  1. the sender or source that transmits a message
  2. the encoder used to code messages
  3. the medium or channel that carries the message
  4. the decoding mechanisms used
  5. the receiver or destination of the messages

Describe:

  1. the intrusion detection system (IDS)
  2. the intrusion prevention system (IPS)
  3. the firewalls that have been established
  4. the link between the operating systems, the software, and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks.

Identify:

  1. how banks use firewalls
  2. how banks use IDSs
  3. the difference between these technologies

Include:

  1. the network infrastructure information
  2. the IP address schemes that will involve the IP addressing assignment model
  3. the public and private addressing and address allocations
  4. potential risks in setting up the IP addressing scheme

Here are some resources to review:

Identify:

  1. any well-known ports and applications that are used
  2. risks associated with those ports and applications being identified and possibly targeted

Add your overview to your report.

In the next step, you will identify network attacks and ways to monitor systems to prevent these attacks.

Network administrators must protect networks from intrusions. This can be done using tools and techniques that use past traffic data to determine what should be allowed and what should be blocked. In the face of constantly evolving threats to networks, network administrators must ensure their intrusion detection and prevention systems are able to analyze, monitor, and even prevent these advanced threats.

In this project, you will research network intrusion and prevention systems and understand their use in a network environment. You will also use monitoring and analysis technologies in the Workspace to compile a Malicious Network Activity Report for financial institutions and a Joint Network Defense Bulletin for a financial services consortium.

The following are the deliverables for this project:

Deliverables

  • Malicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
  • Joint Network Defense Bulletin: A one- to two-page double-spaced document.
  • Lab Report: A Word document sharing your lab experience along with screenshots.

There are eight steps to complete the project. Most steps in this project should take no more than two hours to complete, and the entire project should take no more than two weeks to complete. Begin with the workplace scenario and continue to Step 1, “Create a Network Architecture Overview.”

Competencies

Your work will be evaluated using the competencies listed below.

  • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
  • 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
  • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
  • 1.4: Tailor communications to the audience.
  • 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
  • 2.2: Locate and access sufficient information to investigate the issue or problem.
  • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
  • 2.4: Consider and analyze information in context to the issue or problem.
  • 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
  • 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
  • 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
  • 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.
  • 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.
  • 8.5: Obtain knowledge and skills to conduct a postmortem analysis of an incident and provide sound recommendations for business continuity.
  • 9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.

    Step 2: Identify Network Attacks

    In the previous step, you provided an overview of the network architecture. In this step, you will identify possible cyberattacks such as spoofing/cache poisoning, session hijacking, and man-in-the-middle attacks.Provide techniques for monitoring these attacks using knowledge acquired in the previous step. Review the following resources to gain a better understanding of these particular cyberattacks:

    One way to monitor and learn about malicious activities on a network is to create honeypots.Propose a honeypot environment to lure hackers to the network and include the following in your proposal:

    1. Describe a honeypot.
    2. Explain how a honeypot environment is set up.
    3. Explain the security and protection mechanisms a bank would need for a honeypot.
    4. Discuss some network traffic indicators that will tell you that your honeypot trap is working.

    Include this information in your final report. However, do not include this information in the bulletin to prevent hackers from being alerted about these defenses.Then, continue to the next step, where you will identify false negatives and positives.

    Step 3: Identify False Positives and False Negatives

    You just identified possible information security attacks. Now, identify the risks to network traffic analysis and remediation. Review the resources on false positives and false negatives and discuss the following:

    1. Identify what are false positives and false negatives.
    2. How are false positives and false negatives determined?
    3. How are false positives and false negatives tested?
    4. Which is riskier to the health of the network, a false positive or a false negative?

    Describe your analysis about testing for false negatives and false positives using tools such as IDSs and firewalls, and include this as recommendations for the banks in your public service Joint Network Defense Bulletin.Discuss the concept of performing statistical analysis of false positives and false negatives.Explain how banks can reduce these issues.Research possible ways to reduce these events and include this information as recommendations in the Malicious Network Activity Report.Network intrusion analysis is often done with a tool such as Snort. Snort is a free and open-source intrusion detection/prevention system program. It is used for detecting and preventing malicious traffic and attacks on networks, analysis, and education. Such identification can be used to design signatures for the IDS, as well as to program the IDS to block this known bad traffic.Network traffic analysis is often done using tools such as Wireshark. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development and education. Cybersecurity professionals must know how to perform network forensics analysis.In the next step, you will analyze network traffic.

    Step 4: Analyze Network Traffic

    In the previous step, you identified and analyzed risks related to false negatives and false positives. For this step, you will analyze network traffic, conduct network forensics analysis, and identify malicious network addresses.Enter Workspace and perform the network traffic analysis. During this step, you will also develop proposed rules to prevent against known malicious sites and to test for these signatures.

    Professionals in the Field

    This program of study has exposed you to a variety of cybersecurity tools. Can you summarize what these tools do? Can you discuss their use in new situations? Can you do this for both technical and nontechnical staff?As you progress in your career, you will likely need to sway people who hold authority over cybersecurity decisions. These people may know very little about cybersecurity, but they will understand their own goals within the organization.It’s not enough to just be well-versed on the technical side; sometimes you must be able to explain in understandable terms how a computing platform will be affected by a breach.

    Step 5: Determine Sensitivity of Your Analysis

    In the previous step, you completed network analysis. In this step, you will determine which information to include in which document.Information appropriate for internal consumption may not be appropriate for public consumption. The Joint Network Defense Bulletin may alert criminals of the network defense strategy. Therefore, be careful about what you include in this bulletin.Once you have assessed the sensitivity of the information, include appropriate information in your Malicious Network Activity Report.Then, include appropriate information in the Joint Network Defense Bulletin in a way that educates the financial services consortium of the threat and the mitigating activities necessary to protect against that threat.

    Step 6: Explain Other Detection Tools and Techniques

    In the previous step, you included appropriate information in the proper document. In this step, perform independent research and briefly discuss what other tools and techniques may be used to detect these signatures.Provide enough detail so that a bank network administrator could follow your explanation to deploy your system in production. Include this information in the Joint Network Defense Bulletin.Next, move to the next step, where you will organize and complete your report.

    Step 7: Complete Malicious Network Activity Report

    Now that you have gathered all the data for your Malicious Network Activity Report, it is time to organize your report. The following is a suggested outline:

    1. Introduction: Describe the banking institution and the issue you will be examining.
    2. Overview of the Network Architecture
    3. Network Attacks
    4. Network Traffic Analysis and Results
    5. Other Detection Tools and Techniques
    6. Recommended Remediation Strategies

    Submit your report to the Assignments folder in the final step. You are now ready for the last piece of this project, the Joint Network Defense Bulletin.

    Step 8: Create the Joint Network Defense Bulletin

    In this step, you will create the Joint Network Defense Bulletin. Compile the information you have gathered, taking care to eliminate any sensitive bank-specific information. The Joint Network Defense Bulletin is an educational document for the financial services consortium. This bulletin should be addressed to the FBI chief and the FS-ISAC representative.Here is a list of the final deliverables for Project 2.

    Deliverables

  • Malicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
  • Joint Network Defense Bulletin: A one- to two-page double-spaced document.

Submit all deliverables to the Assignments folder below.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

  • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
  • 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
  • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
  • 1.4: Tailor communications to the audience.
  • 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
  • 2.2: Locate and access sufficient information to investigate the issue or problem.
  • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
  • 2.4: Consider and analyze information in context to the issue or problem.
  • 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
  • 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
  • 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
  • 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.
  • 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.
  • 8.5: Obtain knowledge and skills to conduct a postmortem analysis of an incident and provide sound recommendations for business continuity.
  • 9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.
  • ATTACHED TAMPLATES
  • Joint Network
    Defense Bulletin
    Create a 1-2 page
    educational public service announcement (PSA) / Bulletin that will got to all
    the banks in the FS-ISAC financial bank consortium. Take
    care to eliminate any information that could identify any particular bank.

    There have been recent
    reports of intrusions into the networks of banks and their consortium. In this PSA/Bulletin recommend prevention
    methods and remediation against the types of malicious traffic activity that
    they may face or are facing.
  • A few suggestions:
    Discuss risks observed
    to network traffic analysis.
  • Discuss IDS
    and firewalls and testing for false negatives and false positives.
  • Discuss network IP addresses and protocols
    and relate them to network architecture.
  • Discuss observations from Wireshark that could emphasize your
    recommendations.
  • Explain in a few
    paragraphs what other tools and techniques (besides Wireshark and Snort) the
    bank consortium may use to detect malicious IP addresses / signatures.
  • Provide enough detail so that a bank network
    administrator could follow your explanation to deploy your system in
    production. ISAC that contains the
    information you observed on the network and a joint network defense bulletin to
    all the banks in the FS-ISAC consortium, recommending prevention methods and
    remediation against the types of malicious traffic activity that they may face
    or are facing. The bulletin will be
    provide separately from the report. This
    report will provide a network architecture overview and will discuss data
    transmission components, security attacks, techniques for monitoring such
    attacks, and cyber offensives, intrusion detection (IDS) and intrusion
    prevention (IPS) systems, firewalls, and risks to network traffic analysis and
    remediation.
    Network Architecture Overview
    You traveled to the banks’ locations and gained access to
    their network operations.
    Network
    Diagram
  • Discuss the network diagram here but put the diagram itself
    at the bottom of this plan in the “Figures” section. Refer to Figure X (assign a number) and
    discuss the network architecture. Your
    overview can be based on fictitious information, or you can model network
    architecture from a real researched bank.
    Data
    Transmission Components
  • Discuss various data transmission components such as: UDP,
    TCP/IP, Internet Packets, IP address schemes, and well-known ports and
    applications.
    Relevance
    of Information
    Address the meanings and relevance of information, such as
    the sender or source that transmits a message, the encoder used to code
    messages, the medium or channel that carries the message, the decoding
    mechanisms that were used, and the receiver or destination of the messages.
    Intrusion
    Detection and Intrusion Prevention
  • Describe the intrusion detection (IDS) and intrusion
    prevention (IPS) systems used and the firewalls that have been established.
    Make sure to link the operating systems and the software and hardware
    components in the network, firewall, and IDS that make up the network defense
    implementation of the banks’ networks. Identify how the banks are using
    firewalls and how they are using IDSs, and identify the difference between
    these technologies. Include the network infrastructure information and the IP
    address schemes, which will involve the IP addressing assignment model, and the
    public and private addressing and address allocations.
    Potential
    Risks
    Identify potential risks in setting up the IP addressing
    scheme. Identify any well-known ports
    and applications that are being used and the risk associated with those being
    identified, and possibly targeted. This
    portion can be made up of fictitious information, or you can use information
    from research.
  • Information
    Security Attacks

    Possible Cyberattacks
    Using information from your network
    architecture overview, identify possible cyberattacks such as spoofing/cache
    poisoning attacks, and session hijacking attacks including but not limited to
    man-in-the-middle attacks. Also provide
    techniques for monitoring against these attacks.
    Proposed Cyber Offensive Operation
    Discuss how you would lure the hackers
    to honeypots.
  • Describe what a honeypot
    is, how to set up an operation using a honeypot, and what security and
    protections mechanisms would need to be in place if a bank agreed to set up a
    honeypot. What are some indicators in
    network traffic that would lead you to conclude that your honeypot trap has
    worked? Report these from
    Wireshark.
    False
    Negatives and False Positives Encryption
  • Discuss false
    positives and false negatives — identify what these are, how they are
    determined, how they are tested, and which is riskier to the health of the
    network. Then, identify the posed risks
    to the cryptographic systems as a result of these gaps, including but not
    limited to crypto attacks.
    Statistical Analyses – Workspace
    Discuss the statistical analyses of
    false positives and false negatives from the results in Workspace, from the
    banks’ networks, and how they can reduce these values. Use fictitious values
    but research possible ways to reduce these events, and include as recommendations
    here in this section.
    IP Network Addresses
    Discuss your lab work and results from
    Wireshark in this section. If you want
    to include the lab figures in the report (rather than separate as you can do),
    then please put them all at the bottom of this plan in the “Figures”
    section. Refer to Figure X (assign a
    number) and discuss them to emphasize your points on network IP addresses, the
    types of protocols that are running, and relate them to the network
    architecture you provided in the earlier section of the report.
    Include analysis of the source and
    destination IP addresses that seem anomalous in nature, the traffic volume
    patterns with date and time corroborations, and other significant details of
    the network traffic analysis here in this section.
    Network Forensics Analysis
    Discuss your lab work and results from
    Snort in this section. If you want to
    include the lab figures in the report (rather than separate as you can do),
    then please put them all at the bottom of this plan in the “Figures” section. Refer to Figure X (assign a number) and
    discuss them to emphasize your points on network forensics analysis and
    malicious IP addresses.
    Identify malicious IP addresses and discuss
    how they can be used to design signatures for the IDS, programming the IDS to
    block this known bad traffic. Discuss
    some of your lab work where you develop proposed Snort signatures to prevent
    against those known bad sites and test these signatures. Provide some improvements to the performance
    of the signature.
  • Conclusion
    This Malicious Network Activity Report provided a network
    architecture overview and discussed data transmission components, security
    attacks, techniques for monitoring such attacks, and cyber offensives,
    intrusion detection (IDS) and intrusion prevention (IPS) systems, firewalls,
    and risks to network traffic analysis and remediation. From here discuss your overall conclusions
    and recommendations…
  • References
    Aleisa, N. (2015). A comparison of the 3DES and AES encryption
    standards. International Journal
    of Security and Its Applications
    9(7). doi: 10.14257/ijsia.2015.9.7.21
    Defense Human Resource Activity. (n.d.). Common Access Card (CAC) Security. Retrieved from
    http://cac.mil/common-access-card/cac-security
    Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Computer Security: Guide to integrating
    forensic techniques into incident response: Recommendations of the National
    Institute of Standards and Technology
    (Special Publication 800-86).
    Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspe…
    Reith, M., Carr, C., & Gunsch, G. (2002). An examination of
    digital forensic models. International
    Journal of Digital Evidence, 1
    (3), 1-12. Retrieved from
    http://www.just.edu.jo/~Tawalbeh/nyit/incs712/digi…
    Tables
    Table 1
    Demographic Data on
    All 178 Respondents

    Population Description Male Female Total
    Age ≤ 29 Years (N = 23) 20.7% (N = 10) 14.9% (N = 33) 18.5%
    Age 30-45 Years (N = 34) 30.6% (N = 29) 43.3% (N = 63) 35.3%
    Age 46-59 Years (N = 44) 39.6% (N = 24) 35.8% (N = 68) 38.2%
    Age 60 Years or older (N = 10) 09.0% (N = 04) 06.0% (N = 14) 07.9%
    Experience 05 Years Exact (N = 15) 13.5% (N = 10) 14.9% (N = 25) 14.0%
    Experience 06-10 Years (N = 30) 27.0% (N = 21) 31.3% (N = 51) 28.6%
    Experience 11-19 Years (N = 38) 34.2% (N = 26) 38.8% (N = 64) 35.9%
    Experience ≥ 20 Years (N = 28) 25.2% (N = 10) 14.9% (N = 38) 21.3%

    Table 2
    Measures of Central
    Tendency and Variation

    N
    Statistic
    R
    Statistic
    M
    Statistic
    SD
    Statistic
    Variance
    Statistic
    Skewness
    Statistic
    Skewness
    Std. Error
    Gender 178 1 1.38 .486 .236 .515 .182
    Age 178 3 2.35 .872 .761 -.034 .182
    Experience 178 3 2.65 .970 .942 -.176 .182
    Valid N 178

    Figures

    Figure 1.
    Hospital
    Information Support System.

Writerbay.net

We offer CUSTOM-WRITTEN, CONFIDENTIAL, ORIGINAL, and PRIVATE writing services. Kindly click on the ORDER NOW button to receive an A++ paper from our masters- and PhD writers.

Get a 10% discount on your order using the following coupon code SAVE10


Order a Similar Paper Order a Different Paper