Scripting for Automation

Overview

It is important to familiarize yourself with a variety of Linux commands. One approach to accomplish this task is to practice different commands. In this assignment, you will apply the commands explored in previous activities to complete specific requirements. In many cases, creating a baseline image for a device is a common practice for implementing security standards. Although the application of these commands to creating a baseline may not be directly clear, many of them are useful actions in creating a baseline; an understanding of the structure and capabilities of what the command is attempting to do can be used in a larger picture to secure a system.

Scenario

Your organization has recently acquired a number of assets as the result of a merger. Your manager has asked you to develop a script to create a baseline for these newly acquired computer assets. Complete the Milestone One Worksheet, including screenshots of results; you will find the worksheet linked in Module Three of your course. In addition, develop a single executable script to implement this new baseline configuration to meet the following requirements:

• Change time zone to Pacific/Tahiti Time
• Set date/time to 6:00 a.m. on March 1 of this year
• Create a user group called CYB300
• Create a new local user with the following parameters:
  1. Username: First-Name-Last-Name
  2. Password: Password123
  3. Add user to the CYB300 group
• Display a list of running processes beginning with “n” and send them to a text file named “n_Services.txt”
• Export Bash history to a text file named “CYB_300_History_Firstname_Lastname.txt”

Prompt

Submit the completed Milestone One Worksheet with screenshots of each configuration requirement and your final executable script. You will find the worksheet linked in the milestone assignment in Module Three of your course. You will be working in the CYB 300 Sandbox environment. Specifically, you must address the following critical elements:

1. Change time zone to Pacific/Tahiti Time. Provide a screenshot of the Linux shell environment showing the successful configuration.
2. Set date/time to 6:00 a.m. on March 1 of this year. Provide a screenshot of the Linux shell environment showing the successful configuration.
3. Create a new local user that meets the requirements. Provide a screenshot of the Linux shell environment showing the successful configuration.
4. Create a text file containing the list of running processes beginning with “n”. Provide a screenshot of the Linux shell environment showing the successful results.
5. Export Bash history to a text file named “CYB_300_History_Firstname_Lastname.txt”. Provide a screenshot of the Linux shell environment showing the successful results.
6. Create a single executable script that contains all the Bash script statements. Provide a screenshot of the Linux shell environment showing the successful completion of the script.

CYB 300 Milestone One Worksheet

For each required script element, a command is given that will display the results of the script. Use this validation command as the source for your screenshot. Complete this worksheet by replacing the bracketed phrases in the Bash Script Statement and Screenshot columns with the relevant information.

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information. For all screenshots, include your name in the command line.

Lab: Customize or Write Simple Scripts

Exercise 1: Customize or Write Simple Scripts

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information. For all screenshots, include your name in the command line.

Lab: Linux Scripting Techniques

Exercise 3: Create a Non-Interactive Script

Exercise 4: Create an Interactive Script

Exercise 5: Create Scripts Using Loops and Conditions

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information. For all screenshots, include your name in the command line.

Lab: Securing Linux Devices

Exercise 1: Secure an Alma Device

Exercise 2: Secure an Ubuntu Device

In your initial post, briefly introduce yourself. Next you will consider encryption, a major component of system and communication security. Encryption is essential to secure all forms of data communications. As a professional and a consumer, you must be aware of how technologies are integrated and the different layers of protection that exist. Describe an example of how encryption is used in your daily life.

In your response posts to your peers, use the lens of a security professional to discuss the strengths and weaknesses of the encryption in their examples.

Sample Response

Hello everyone my name is [your names here], I am currently serving active duty in the U.S Navy as a recruiter. I am originally from New Jersey but I am now stationed in Houston. Only have a couple of more classes to go until I have my degree and that day can't come fast enough. But to answer the discussion post. The way in which encryption plays a role in my daily life, is when I am using online banking. When logging into my bank account either by website or app. Encryption is used to make sure my connection is secure, so that my sensitive data like my login and account details are not compromised.

Using this course's cyber playbook, submit a screenshot of the item that you feel is the most valuable to you (now or in the future) and explain your reasoning.

Note: If you have not yet set up your cyber playbook or if you have questions about its use, refer to the Cyber Playbook document for more information about this required element.

Review this list of artifacts recommended for inclusion and feel free to add additional artifacts from the course you find valuable.

• 3-4 Project One Stepping Stone: Network Troubleshooting Practice
• 4-4 Project Two Stepping Stone: Exploring IDS Best Practices
• Module Five Resource: OWASP Best Practices: Use of Web Application Firewalls

Guidelines for Submission: Submit a screenshot from your current playbook and two to three sentences in a Microsoft Word document or the equivalent.

Graded Solution

Explanation

I feel “Exploring IDS Best Practices" was the most valuable to me because it bridges the gap between theoretical knowledge and practical application in securing networks and systems. Learning how to effectively implement and manage IDS helps me develop critical skills for detecting and mitigating cyber threats, which is essential in today’s ever-evolving cybersecurity landscape. This knowledge directly supports my future career goals, such as becoming a Security Analyst, and aligns with the principles of the CIA triad by strengthening confidentiality, integrity, and availability. Additionally, mastering IDS best practices provides me with a strong foundation to explore advanced topics like threat intelligence and anomaly-based detection, ensuring I am well-prepared for both academic success and my future in cybersecurity.

In this course, you have examined network defense and mitigation strategies. Through these exercises, you have developed a baseline of skills needed to be proficient in network defense. This is great news! However, cybersecurity rapidly changes and your skills will need to evolve. This is an exciting part of working in this field. You will be met every day with different challenges ranging from network attacks to an insider threat. The options are endless.

A large part of network security is system maintenance. This includes incident response procedures, keeping your skills up to date, and continuous development of your adversarial mindset.

For your initial post, explain how you plan on keeping your skill set current or further developing your adversarial mindset to enhance your capabilities in assisting with incident response. Include links to resources or professional organizations to support your response.

In your response posts, explain how you could use the resources your peer identified to enhance your skill set.

Restructuring Status Report

Overview

Organizations always need to enhance their security through network protection. They must hire people with the right skills or train the team in charge of protecting the network. Companies can grow or downsize rapidly, and their network configurations need to adapt just as quickly. A strong traffic flow policy will help the company manage these changes. The focus of this project is creating a traffic flow policy that includes firewall rules.

As a cybersecurity analyst, you must develop different forms of technical expertise, including the ability to complete discrete tasks. The ability to take a holistic view of security and be mindful of the global effects of configurations on a system is equally important. This expertise will help you better understand an organization’s security posture as a whole.

For this project, you will use the virtual sandbox to create a proof of concept for the upcoming organizational restructuring. 

The project incorporates one milestone, which will be submitted in Module Five. Use instructor feedback on your pre-planning milestone to reconfigure the network in your lab this week. The project will be submitted in Module Seven.

In this assignment, you will demonstrate your mastery of the following competency:

• Implement a traffic flow policy based on organizational security strategy

Scenario

Congratulations! You got the job! You are a cybersecurity analyst with a company that is restructuring. Your manager has asked you to use the virtual sandbox from your interview to create a proof of concept of a network configuration that reflects the new organizational structure. Use the network reconfiguration plan you already created to develop a restructuring status report that documents your technical work and thoughts on how this work improves the organization’s overall security posture.

Prompt

Open the CYB 310 Sandbox, click on the GNS3 icon, and select Project Three from the Projects Library list. Note: You must complete this project in one sitting, as the lab environment is non-persistent. Be aware of your time as you complete the lab. You can extend your lab when the time warning appears.

You must address the following rubric criteria:

1. Network Reconfiguration: Include the following screenshots:
   1. Network diagram
   2. Port assignment and VLAN assignment for each switch
2. Traffic Flow Configuration: Include screenshots of the following:
   1. Configure a firewall rule to allow port 80 HTTP from the WAN to the FTP server.
   2. Configure a firewall rule to allow port 443 HTTPS from the WAN to the FTP server.
   3. Configure a firewall rule to block port 80 HTTP from the WAN to any other system.
   4. Configure a firewall rule to block port 443 HTTPS from the WAN to any other system.
3. Organizational Security Strategy
   1. Explain how the security posture of the organization has been improved by the restructuring.
   2. Describe how the tenets of the CIA triad (confidentiality, integrity, and availability) are affected by the restructuring.

Project Three Network Reconfiguration Specifications Spreadsheet

 Project Three Milestone - GNS3

Traffic flow policies take into consideration all of the communications within a system. When you are dealing with a computer network, the firewall policy is mandated by the traffic flow policy. The integration of firewall policies into the global traffic flow policies provides a description of what communications are permitted through the firewall. The firewall policy is an intricate component of a well-configured traffic flow policy.

Evaluating the firewall policies and communications provides a deeper examination of part of a traffic flow policy. Looking at best practices and implementation strategies of firewalls provides a foundation to enhance a traffic flow policy. This will prepare you to develop the best defensive strategy for communications on a network.

For your initial post, evaluate the Summary of Recommendations sections of NIST’s Guidelines on Firewalls and Firewall Policy in this module’s resources. Incorporate at least two possible traffic flow considerations to add to the recommendations in any section. Your recommendations can range from minimal tweaks to out-of-the-box thinking.

In your response posts, compare your recommendations with your peers.

IDS Analysis Paper

Overview

There are different ways to implement intrusion detection system (IDS) technologies. You must stay up-to-date with industry literature about mitigation strategies and malware remediation so that you know how to prevent an attack. Cybersecurity is a field that can change daily, so you will continue learning and growing even after you complete your degree program. Evolving with the field and staying up to date are critical aspects for success and excellence in this field.

It is important to recognize that IDS is not a one-size-fits-all tool. An IDS can be configured in three different ways: 

1. It can test for anomalies.
2. It can be heuristic-based.
3. It can be a hybrid of the two. 

Configuring the IDS to meet specific business needs will reduce the amount of time an analyst needs to explore log files and other information the IDS generates. The analyst should be left to handle the alerts generated by the properly configured system.

When implementing controls to protect a system, you must always consider confidentiality, integrity, and availability, using your proactive mindset to develop the best protection for the system. It is important to examine possible indicators of an attack and how other aspects of a system can be affected. Malware is a great example of an attack that affects all tenets of the confidentiality, integrity, and availability (CIA) triad.

For this project, you will create an IDS Analysis Paper that examines the interaction of the CIA triad security objectives and an IDS configuration. Your analysis should explain the practical application of IDSes in a scenario that you choose.

The project incorporates one stepping stone, which will be submitted in Module Four. The project will be submitted in Module Six.

In this assignment, you will demonstrate your mastery of the following competency:

• Implement an intrusion detection system (IDS)

Prompt

You must address the following rubric criteria: 

1. IDS and Security Objectives—Critical Thinking Questions
   1. What component of an IDS is best prepared to help with the loss of confidentiality?
   2. What are the indicators of malware that an IDS could detect that may result in the loss of integrity?
   3. How can an IDS be used to detect the loss of availability?
2. Configuring an IDS—Scenario Based Questions
   1. Create a brief fictitious scenario of a company that resides within two buildings. Include a short profile of its data assets, industry, and size. For example, Southern New Hampshire High School has an administration building and an academic building. Its industry is education, and there are 500 students and employees. The data assets it protects are student records and employee records.
   2. Identify two components that you would implement to provide the best IDS protection for your fictitious company. Justify your response.