Samples For "CYB 310 Network Defense"

Using this course's cyber playbook, submit a screenshot of the item that you feel is the most valuable to you (now or in the future) and explain your reasoning.

Note: If you have not yet set up your cyber playbook or if you have questions about its use, refer to the Cyber Playbook document for more information about this required element.

Review this list of artifacts recommended for inclusion and feel free to add additional artifacts from the course you find valuable.

• 3-4 Project One Stepping Stone: Network Troubleshooting Practice
• 4-4 Project Two Stepping Stone: Exploring IDS Best Practices
• Module Five Resource: OWASP Best Practices: Use of Web Application Firewalls

Guidelines for Submission: Submit a screenshot from your current playbook and two to three sentences in a Microsoft Word document or the equivalent.

Graded Solution

Explanation

I feel “Exploring IDS Best Practices" was the most valuable to me because it bridges the gap between theoretical knowledge and practical application in securing networks and systems. Learning how to effectively implement and manage IDS helps me develop critical skills for detecting and mitigating cyber threats, which is essential in today’s ever-evolving cybersecurity landscape. This knowledge directly supports my future career goals, such as becoming a Security Analyst, and aligns with the principles of the CIA triad by strengthening confidentiality, integrity, and availability. Additionally, mastering IDS best practices provides me with a strong foundation to explore advanced topics like threat intelligence and anomaly-based detection, ensuring I am well-prepared for both academic success and my future in cybersecurity.

In this course, you have examined network defense and mitigation strategies. Through these exercises, you have developed a baseline of skills needed to be proficient in network defense. This is great news! However, cybersecurity rapidly changes and your skills will need to evolve. This is an exciting part of working in this field. You will be met every day with different challenges ranging from network attacks to an insider threat. The options are endless.

A large part of network security is system maintenance. This includes incident response procedures, keeping your skills up to date, and continuous development of your adversarial mindset.

For your initial post, explain how you plan on keeping your skill set current or further developing your adversarial mindset to enhance your capabilities in assisting with incident response. Include links to resources or professional organizations to support your response.

In your response posts, explain how you could use the resources your peer identified to enhance your skill set.

Restructuring Status Report

Overview

Organizations always need to enhance their security through network protection. They must hire people with the right skills or train the team in charge of protecting the network. Companies can grow or downsize rapidly, and their network configurations need to adapt just as quickly. A strong traffic flow policy will help the company manage these changes. The focus of this project is creating a traffic flow policy that includes firewall rules.

As a cybersecurity analyst, you must develop different forms of technical expertise, including the ability to complete discrete tasks. The ability to take a holistic view of security and be mindful of the global effects of configurations on a system is equally important. This expertise will help you better understand an organization’s security posture as a whole.

For this project, you will use the virtual sandbox to create a proof of concept for the upcoming organizational restructuring. 

The project incorporates one milestone, which will be submitted in Module Five. Use instructor feedback on your pre-planning milestone to reconfigure the network in your lab this week. The project will be submitted in Module Seven.

In this assignment, you will demonstrate your mastery of the following competency:

• Implement a traffic flow policy based on organizational security strategy

Scenario

Congratulations! You got the job! You are a cybersecurity analyst with a company that is restructuring. Your manager has asked you to use the virtual sandbox from your interview to create a proof of concept of a network configuration that reflects the new organizational structure. Use the network reconfiguration plan you already created to develop a restructuring status report that documents your technical work and thoughts on how this work improves the organization’s overall security posture.

Prompt

Open the CYB 310 Sandbox, click on the GNS3 icon, and select Project Three from the Projects Library list. Note: You must complete this project in one sitting, as the lab environment is non-persistent. Be aware of your time as you complete the lab. You can extend your lab when the time warning appears.

You must address the following rubric criteria:

1. Network Reconfiguration: Include the following screenshots:
   1. Network diagram
   2. Port assignment and VLAN assignment for each switch
2. Traffic Flow Configuration: Include screenshots of the following:
   1. Configure a firewall rule to allow port 80 HTTP from the WAN to the FTP server.
   2. Configure a firewall rule to allow port 443 HTTPS from the WAN to the FTP server.
   3. Configure a firewall rule to block port 80 HTTP from the WAN to any other system.
   4. Configure a firewall rule to block port 443 HTTPS from the WAN to any other system.
3. Organizational Security Strategy
   1. Explain how the security posture of the organization has been improved by the restructuring.
   2. Describe how the tenets of the CIA triad (confidentiality, integrity, and availability) are affected by the restructuring.

Project Three Network Reconfiguration Specifications Spreadsheet

 Project Three Milestone - GNS3

Traffic flow policies take into consideration all of the communications within a system. When you are dealing with a computer network, the firewall policy is mandated by the traffic flow policy. The integration of firewall policies into the global traffic flow policies provides a description of what communications are permitted through the firewall. The firewall policy is an intricate component of a well-configured traffic flow policy.

Evaluating the firewall policies and communications provides a deeper examination of part of a traffic flow policy. Looking at best practices and implementation strategies of firewalls provides a foundation to enhance a traffic flow policy. This will prepare you to develop the best defensive strategy for communications on a network.

For your initial post, evaluate the Summary of Recommendations sections of NIST’s Guidelines on Firewalls and Firewall Policy in this module’s resources. Incorporate at least two possible traffic flow considerations to add to the recommendations in any section. Your recommendations can range from minimal tweaks to out-of-the-box thinking.

In your response posts, compare your recommendations with your peers.

IDS Analysis Paper

Overview

There are different ways to implement intrusion detection system (IDS) technologies. You must stay up-to-date with industry literature about mitigation strategies and malware remediation so that you know how to prevent an attack. Cybersecurity is a field that can change daily, so you will continue learning and growing even after you complete your degree program. Evolving with the field and staying up to date are critical aspects for success and excellence in this field.

It is important to recognize that IDS is not a one-size-fits-all tool. An IDS can be configured in three different ways: 

1. It can test for anomalies.
2. It can be heuristic-based.
3. It can be a hybrid of the two. 

Configuring the IDS to meet specific business needs will reduce the amount of time an analyst needs to explore log files and other information the IDS generates. The analyst should be left to handle the alerts generated by the properly configured system.

When implementing controls to protect a system, you must always consider confidentiality, integrity, and availability, using your proactive mindset to develop the best protection for the system. It is important to examine possible indicators of an attack and how other aspects of a system can be affected. Malware is a great example of an attack that affects all tenets of the confidentiality, integrity, and availability (CIA) triad.

For this project, you will create an IDS Analysis Paper that examines the interaction of the CIA triad security objectives and an IDS configuration. Your analysis should explain the practical application of IDSes in a scenario that you choose.

The project incorporates one stepping stone, which will be submitted in Module Four. The project will be submitted in Module Six.

In this assignment, you will demonstrate your mastery of the following competency:

• Implement an intrusion detection system (IDS)

Prompt

You must address the following rubric criteria: 

1. IDS and Security Objectives—Critical Thinking Questions
   1. What component of an IDS is best prepared to help with the loss of confidentiality?
   2. What are the indicators of malware that an IDS could detect that may result in the loss of integrity?
   3. How can an IDS be used to detect the loss of availability?
2. Configuring an IDS—Scenario Based Questions
   1. Create a brief fictitious scenario of a company that resides within two buildings. Include a short profile of its data assets, industry, and size. For example, Southern New Hampshire High School has an administration building and an academic building. Its industry is education, and there are 500 students and employees. The data assets it protects are student records and employee records.
   2. Identify two components that you would implement to provide the best IDS protection for your fictitious company. Justify your response.

Network Evaluation Report

Overview

How do you become good at any skill? You practice it over and over until it becomes second nature. Troubleshooting computer and network problems is a skill that evolves over your career. As you practice identifying and troubleshooting network issues, you will become really good at finding problems and developing solutions. These skills are a critical component of systems thinking and the adversarial mindset.

Cybersecurity analysts and network engineers work side by side to build the strongest network defense possible. As a security analyst, you might be asked to help with network protection from time to time. Your ability to understand and troubleshoot emerging problems is key to protecting a system.

For this project, you will assume the role of a job candidate. As part of the interview process, you are asked to troubleshoot hypothetical issues in a network. You will create a network evaluation report that documents your findings for the interviewers.

The project will be submitted in Module Six.

By completing this assignment, you will demonstrate your mastery of the following competency:

• Identify and troubleshoot deficiencies related to network security

Scenario

You are interviewing for a cybersecurity analyst position. As part of the interview process, the company tests all candidates’ troubleshooting capabilities. The company provides you with a GNS3 virtual network and asks you to demonstrate your troubleshooting skills. Open the CYB 310 Sandbox environment and click on the GNS3 icon. Open the Project One file to complete the assignment. 

Select two challenges from the list below and provide recommendations for how you would address them.

Challenges:

1. The PC used for remote access should be designated to the internal file server PC and currently has all access to the entire internal network.
2. There are no password policy best practices in use, and the users in the network have passwords that never expire.
3. Users in individual departments can access and log into computers in other departments within the network.

Prompt

You must address the following rubric criteria: 

1. Network Evaluation Report
   1. Challenge One
      1. Identify the potential cause of the selected challenge.
      2. Explain your approach to resolving the challenge. Justify your response.
   2. Challenge Two
      1. Identify the potential cause of the selected challenge.
      2. Explain your approach to resolving the challenge. Justify your response.

Network Reconfiguration Pre-planning

Overview

Pre-planning is an industry exercise used in many different Information Technology (IT) related activities. The most common pre-planning exercises used in IT are new technology implementation or network reconfiguration. In this milestone, you will plan the network reconfiguration requirements needed for Project Three, which is due in Module Seven. For Project Three, you will reconfigure a network and provide a status report to your manager. You will use the instructor’s feedback on this assignment to help you properly reconfigure the network. Project Three is a time-based exercise in the CYB 310 Sandbox lab. Having a plan before you begin your reconfiguration exercise will save you time. This project emulates very real deadlines for go-live dates that you will encounter in the IT industry. This type of planning will help you meet those dates and reduce the need for complex troubleshooting later.

This milestone will also help you better understand the flow of traffic in the network. It requires you to think through the traffic flow using the VLANs to visualize the flow of traffic through each department. Visualizing the network traffic is important because you will also create a traffic flow policy for the edge firewall in Project Three.

Scenario

Congratulations! You are the leading candidate for the cybersecurity analyst position. The company is restructuring. Your last step in the interview process is to use the virtual sandbox to create a proof of concept of a network configuration that reflects the new organizational structure. The IT manager has provided a network configuration planning template you will use to complete this task. 

Prompt

Open the CYB 310 Sandbox, click on the GNS3 icon, and select Project Three Milestone from the Projects Library list. Review the current network state and use the environment to complete the Network Reconfiguration Planning Template, which is linked in the What to Submit section. A link to the sandbox is in Module Five of the course.

You must address the following rubric criteria:

1. Network Reconfiguration Notes
   1. Customer Experience Department: Identify the number of PCs and number of switches
   2. HR Department: Identify the number of PCs and number of switches
   3. Network Servers: Identify the number of server(s), the number of switches, and the number of routers
   4. Backbone (Network Device Infrastructure): Determine the network connections of your future state network reconfiguration.

Web Application Firewalls

Overview

Throughout this program, you have studied firewall rules, access control, and how different types of network communication can impact an organization. Now, you will build on these skills and explore web application firewalls.

In this assignment, you will investigate the capabilities and strengths of web application firewalls. These next-generation firewalls are not used as pervasively as basic firewalls. However, it is important to anticipate more widespread use of these in the industry. Understanding web application firewalls will prepare you for the technology that evolves after them. This course will not ask you to create web application firewall rules; however, as you are shaping the traffic, challenge yourself to think about how you could affect the traffic flow if you did create rules for this layer of the OSI model.

Prompt

Using the module’s resources on Snort packages and your other readings from this course, you will explore the capabilities and security benefits of web application firewalls.

You must address the following rubric criteria: 

1. Firewall Fundamentals
   1. Compare the different functions of a web application firewall and a basic firewall.
   2. Identify where a web application firewall and a basic firewall operate in the layers of the OSI model.
   3. Discuss the significance of the layers for responding to threats.
2. Layered Security Strategy
   1. Describe the organizational security needs that would prompt the use of a web application firewall.
   2. Discuss how a web application firewall assists with the overall defense in depth strategy of an organization.
3. CIA Triad
   1. Explain how the web application firewall specifically addresses one tenet of the CIA triad (confidentiality, integrity, and availability).

Module Five Lab Worksheet Guidelines

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet template and complete the subsequent labs:

• Closing Ports and Unnecessary Services

Prompt

Complete the Module Five Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Five of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

CYB 310 Module Five Lab Worksheet Word Document

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information.

Project Two Stepping Stone Guidelines

Exploring IDS Best Practices

Overview

For this stepping stone, you will explore intrusion detection system (IDS) best practices. You can discover best practices through trial and error, hands-on experience, or staying abreast of emerging trends and research. This assignment and Project Two will focus on the theoretical aspect of IDS best practices. 

After reviewing the module resources, you will identify IDS components you can use to analyze network traffic patterns. IDS components can encompass mitigation strategies and practices. Each organization has different monitoring needs. Therefore, IDS technology must be customized to an organization. Setting up an IDS draws on your adversarial mindset because vulnerabilities vary by organization. You can set up alerts using IDS and determine if an alert warrants further investigation. As a cybersecurity analyst, you must determine alert validity. You must actively use your knowledge of security fundamentals and the confidentiality, integrity, and availability (CIA) triad to make informed decisions. The best recommendations come from a deep understanding of an environment and a systems-thinking approach.

Prompt

Using the CYB 310 Project Two Stepping Stone Template, you must address the following rubric criteria:

1. IDS Best Practices Table
   1. Identify 5 components of an IDS.
   2. Explain what each component detects.
   3. Using your adversarial mindset, identify what a threat actor could accomplish if you were not monitoring each component.
   4. Explain which tenet of the security (CIA) triad is most affected by each component.
2. Application Question
   1. A small business start-up in the finance sector with one office location has identified a need for better network protection. It has identified IDS as a great low-cost solution. What IDS components would you recommend the company implement? Justify your response with at least two recommended components.

What to Submit

Submit your completed Project Two Stepping Stone Template. Your submission should be 1 to 2 pages in length. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

 Project Two Stepping Stone Template Word Document