Cyber Attack & Ethical Hacking

[ Cyber Attack & Ethical Hacking     

01a1] Unit 1 Assignment 1

Week 7

· Analyzing Network Traffic to Create a Baseline Definition (Assignment)

Instructions

To demonstrate your understanding of core concepts and procedures presented in this unit, you are required to complete the Analyzing Network Traffic to Create a Baseline Definition lab, linked in the course room.

1. Compare and contrast Wireshark and NetWitness.

2. Explain the steps in the TCP three-way handshake.

3. List the IP address and protocols types from the Wireshark capture.  What Wireshark function can list the different protocols by LAN segment?

4. Describe the process for determining Wireshark network traffic packet counts.

5. Describe the relevance of protocol analyzers to information security professionals.

6. What is baseline analysis?

7. Compare and contrast internal and external network traffic. What is the relevance of each?

8. From your lab results, list each protocol and whether it uses TCP or UDP. 

9. What is the difference between TCP and UDP?

Refer to the Analyzing Network Traffic to Create a Baseline Definition scoring guide to ensure that your work meets the grading criteria for this assignment.

Submit your assignment by midnight Sunday (CST).

Submission Requirements

· Written communication: Writing should be clear and well organized, with no technical writing errors, as expected of a business professional.

· Format: Typed, double-spaced lines.

· Font: Times New Roman, 12 points.

[u07d1] Unit 7 Discussion 1

Social Engineering (1-page Discussion)

Introduction

Social engineering is often utilized by attackers to increase the effectiveness of their attack. Attackers often prey on victims by exploiting emotional responses such as fear, empathy, curiosity, or helpfulness to trick them into performing some action or revealing information. Understanding the techniques used in these attacks is important to mitigation efforts. User training and awareness programs that teach employees how to spot these attacks is a key component of any security program.

Instructions

In a security risk assessment, it was discovered that a malicious insider had convinced employees to reveal confidential company information. The attacker used this information, as well as information found on social media, to target technical support personnel and system administrators. The attacker then sent specially crafted phishing e-mails and eventually tricked a system administrator into installing a malware designed to compromise passwords. The attacker was able to gain access to a privileged account before the exploit was discovered. 

For this discussion post, write a report for senior-level management describing the steps you would take to mitigate future social engineering attacks. 

[u07d2] Unit 7 Discussion 2

Intrusion Detection Systems and Incidence Response

(1-page Discussion)

 

Introduction

Information security incidents are stressful events for security practitioners. Inevitably, you will be faced with responding to an incident at some point in your career. While you may not be able to prevent every incident, creating a plan will assist you in responding appropriately. It is important to create this plan before an incident happens. Documenting lessons learned after an incident is equally important. Naturally, incidents will be stressful but proper planning will allow you to respond correctly.

Instructions

Employees of XYZ Corporation were astonished to discover their network had been hacked. Indicators of compromise (IoC) included known hacking tools, modified file permissions, and multiple connections to an unknown network. 

Root cause analysis showed that the attackers had gained access to the network through the demilitarized zone (DMZ) from a compromised web server. A contributing factor in this attack was that the intrusion detection system (IDS) had been misconfigured. 

Initiate a discussion describing:

· Concepts, ideas, and thoughts you would include in the incident response plan for this attack.

· A list of testing suites you will use to test your incident response plan.