Network Evaluation Report

Overview

How do you become good at any skill? You practice it over and over until it becomes second nature. Troubleshooting computer and network problems is a skill that evolves over your career. As you practice identifying and troubleshooting network issues, you will become really good at finding problems and developing solutions. These skills are a critical component of systems thinking and the adversarial mindset.

Cybersecurity analysts and network engineers work side by side to build the strongest network defense possible. As a security analyst, you might be asked to help with network protection from time to time. Your ability to understand and troubleshoot emerging problems is key to protecting a system.

For this project, you will assume the role of a job candidate. As part of the interview process, you are asked to troubleshoot hypothetical issues in a network. You will create a network evaluation report that documents your findings for the interviewers.

The project will be submitted in Module Six.

By completing this assignment, you will demonstrate your mastery of the following competency:

• Identify and troubleshoot deficiencies related to network security

Scenario

You are interviewing for a cybersecurity analyst position. As part of the interview process, the company tests all candidates’ troubleshooting capabilities. The company provides you with a GNS3 virtual network and asks you to demonstrate your troubleshooting skills. Open the CYB 310 Sandbox environment and click on the GNS3 icon. Open the Project One file to complete the assignment. 

Select two challenges from the list below and provide recommendations for how you would address them.

Challenges:

1. The PC used for remote access should be designated to the internal file server PC and currently has all access to the entire internal network.
2. There are no password policy best practices in use, and the users in the network have passwords that never expire.
3. Users in individual departments can access and log into computers in other departments within the network.

Prompt

You must address the following rubric criteria: 

1. Network Evaluation Report
   1. Challenge One
      1. Identify the potential cause of the selected challenge.
      2. Explain your approach to resolving the challenge. Justify your response.
   2. Challenge Two
      1. Identify the potential cause of the selected challenge.
      2. Explain your approach to resolving the challenge. Justify your response.

Network Reconfiguration Pre-planning

Overview

Pre-planning is an industry exercise used in many different Information Technology (IT) related activities. The most common pre-planning exercises used in IT are new technology implementation or network reconfiguration. In this milestone, you will plan the network reconfiguration requirements needed for Project Three, which is due in Module Seven. For Project Three, you will reconfigure a network and provide a status report to your manager. You will use the instructor’s feedback on this assignment to help you properly reconfigure the network. Project Three is a time-based exercise in the CYB 310 Sandbox lab. Having a plan before you begin your reconfiguration exercise will save you time. This project emulates very real deadlines for go-live dates that you will encounter in the IT industry. This type of planning will help you meet those dates and reduce the need for complex troubleshooting later.

This milestone will also help you better understand the flow of traffic in the network. It requires you to think through the traffic flow using the VLANs to visualize the flow of traffic through each department. Visualizing the network traffic is important because you will also create a traffic flow policy for the edge firewall in Project Three.

Scenario

Congratulations! You are the leading candidate for the cybersecurity analyst position. The company is restructuring. Your last step in the interview process is to use the virtual sandbox to create a proof of concept of a network configuration that reflects the new organizational structure. The IT manager has provided a network configuration planning template you will use to complete this task. 

Prompt

Open the CYB 310 Sandbox, click on the GNS3 icon, and select Project Three Milestone from the Projects Library list. Review the current network state and use the environment to complete the Network Reconfiguration Planning Template, which is linked in the What to Submit section. A link to the sandbox is in Module Five of the course.

You must address the following rubric criteria:

1. Network Reconfiguration Notes
   1. Customer Experience Department: Identify the number of PCs and number of switches
   2. HR Department: Identify the number of PCs and number of switches
   3. Network Servers: Identify the number of server(s), the number of switches, and the number of routers
   4. Backbone (Network Device Infrastructure): Determine the network connections of your future state network reconfiguration.

Web Application Firewalls

Overview

Throughout this program, you have studied firewall rules, access control, and how different types of network communication can impact an organization. Now, you will build on these skills and explore web application firewalls.

In this assignment, you will investigate the capabilities and strengths of web application firewalls. These next-generation firewalls are not used as pervasively as basic firewalls. However, it is important to anticipate more widespread use of these in the industry. Understanding web application firewalls will prepare you for the technology that evolves after them. This course will not ask you to create web application firewall rules; however, as you are shaping the traffic, challenge yourself to think about how you could affect the traffic flow if you did create rules for this layer of the OSI model.

Prompt

Using the module’s resources on Snort packages and your other readings from this course, you will explore the capabilities and security benefits of web application firewalls.

You must address the following rubric criteria: 

1. Firewall Fundamentals
   1. Compare the different functions of a web application firewall and a basic firewall.
   2. Identify where a web application firewall and a basic firewall operate in the layers of the OSI model.
   3. Discuss the significance of the layers for responding to threats.
2. Layered Security Strategy
   1. Describe the organizational security needs that would prompt the use of a web application firewall.
   2. Discuss how a web application firewall assists with the overall defense in depth strategy of an organization.
3. CIA Triad
   1. Explain how the web application firewall specifically addresses one tenet of the CIA triad (confidentiality, integrity, and availability).

Module Five Lab Worksheet Guidelines

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet template and complete the subsequent labs:

• Closing Ports and Unnecessary Services

Prompt

Complete the Module Five Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Five of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

CYB 310 Module Five Lab Worksheet Word Document

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information.

Project Two Stepping Stone Guidelines

Exploring IDS Best Practices

Overview

For this stepping stone, you will explore intrusion detection system (IDS) best practices. You can discover best practices through trial and error, hands-on experience, or staying abreast of emerging trends and research. This assignment and Project Two will focus on the theoretical aspect of IDS best practices. 

After reviewing the module resources, you will identify IDS components you can use to analyze network traffic patterns. IDS components can encompass mitigation strategies and practices. Each organization has different monitoring needs. Therefore, IDS technology must be customized to an organization. Setting up an IDS draws on your adversarial mindset because vulnerabilities vary by organization. You can set up alerts using IDS and determine if an alert warrants further investigation. As a cybersecurity analyst, you must determine alert validity. You must actively use your knowledge of security fundamentals and the confidentiality, integrity, and availability (CIA) triad to make informed decisions. The best recommendations come from a deep understanding of an environment and a systems-thinking approach.

Prompt

Using the CYB 310 Project Two Stepping Stone Template, you must address the following rubric criteria:

1. IDS Best Practices Table
   1. Identify 5 components of an IDS.
   2. Explain what each component detects.
   3. Using your adversarial mindset, identify what a threat actor could accomplish if you were not monitoring each component.
   4. Explain which tenet of the security (CIA) triad is most affected by each component.
2. Application Question
   1. A small business start-up in the finance sector with one office location has identified a need for better network protection. It has identified IDS as a great low-cost solution. What IDS components would you recommend the company implement? Justify your response with at least two recommended components.

What to Submit

Submit your completed Project Two Stepping Stone Template. Your submission should be 1 to 2 pages in length. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

 Project Two Stepping Stone Template Word Document

Module Four Lab Worksheet Guidelines

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet template and complete the subsequent labs:

• Identifying and Analyzing Network Host Intrusion Detection System Alerts
• Intrusion Detection Using Snort
• Detecting Malware and Unauthorized Devices

Prompt

Complete the Module Four Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Four of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

Module Four Lab Worksheet Word Document

Lab: Identifying & Analyzing Network Host Intrusion Detection System Alerts

Lab: Intrusion Detection Using Snort

Detecting Malware and Unauthorized Devices

IDS technology is designed to protect your system in a reactionary way by monitoring the internal network for discrepancies or anomalies. The purpose of the IDS is to alert the security specialist that there is an issue with the system. The security specialist will then begin the incident response procedures.

For your initial post, select a host intrusion detection system (HIDS) or a network intrusion detection system (NIDS) and use your adversarial mindset to explain the attack you would execute to circumvent the system if you were an attacker. Justify your selection.

In your response posts, assuming your peer's attack was successful, what changes would you make to the IDS settings to detect their attack?

Sample Post

Hello everyone,

Intrusion Detection Systems (IDS) are critical in a cybersecurity strategy, identifying and alerting administrators to potential threats. In particular, Network Intrusion Detection Systems (NIDS) monitor network traffic to detect anomalies. However, no system is foolproof, and attackers often exploit weaknesses in NIDS to infiltrate systems undetected. This discussion explores a common technique used to circumvent an NIDS, focusing on evasion through packet fragmentation while drawing on real-world examples to highlight the practical implications. 

Packet fragmentation is a widely known evasion technique targeting NIDS. In this approach, attackers divide malicious payloads into smaller packets that conform to standard traffic patterns. The fragmented packets can bypass inspection thresholds or confuse detection algorithms, especially if the NIDS is configured with insufficient reassembly capabilities. For example, the 2010 attack against the South Korean defense network utilized fragmented packets to bypass perimeter NIDS, demonstrating the efficacy of this technique (Kim et al., 2012). Tools like FragRoute enable attackers to automate fragmentation, emphasizing the need for robust NIDS configurations. 

Another notable case involved the infamous Stuxnet malware. By leveraging fragmented packets and obfuscating payloads, Stuxnet circumvented monitoring systems to infiltrate critical infrastructure (Langner, 2013). These examples underscore the importance of advanced NIDS solutions capable of reconstructing fragmented packets accurately and analyzing their content in real time. 

In conclusion, while NIDS provides significant protection against unauthorized access, adversaries can exploit configuration weaknesses and limitations in detection mechanisms. Packet fragmentation exemplifies the sophistication of evasion techniques, as demonstrated in high-profile cases like Stuxnet and the South Korean defense breach. Organizations must invest in updated NIDS solutions and proactive monitoring to mitigate these threats effectively. Cybersecurity professionals can better secure their networks against such vulnerabilities by understanding adversarial methods. 

References: 

Kim, J., Park, S., & Lee, H. (2012). Advanced evasion techniques for intrusion detection systems. Journal of Computer Security, 20(1), 25-36. 

Langner, R. (2013). To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve. Langner Group. 

Scarfone, K., & Mell, P. (2012). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94. 

Sample Reponse

Hi [peer's name],

Thank you for the post and examples provided of a successful attack using packet fragmentation to evade an IDS. It is especially fascinating to hear about an attack that was even able to evade government-level detection systems. 

Packet fragmentation seems to be an ongoing issue for even modern IDS systems to handle. From what I can tell, one of the defenses to this kind of attack is to use application-level monitoring with deep packet inspection to look into packets and determine if their contents could be reconstructed as malicious code (EcyberTekTrooper, 2024). Another defense for packet fragmentation techniques is to incorporate anomaly-based detections. Even though fragmented packets may not be flagged as matching malicious code signatures, they are still an anomaly on the network (EcyberTekTrooper, 2024). 

Lastly, it is important to remember that even if an attack technique is able to evade existing detection methods, such as in the case of a zero-day vulnerability, following recommended guidelines and security frameworks will likely lesson the damage of successful attacks. Things like segmented networks, routine network audits, and cultivating a security aware culture are all effective methods for reducing the impact of attacks that evade network detection methods (EcyberTekTrooper, 2024).

Thanks for the great post!

Reference

EcyberTekTrooper. (2024, March 20). Evading Detection with Nmap’s Advanced Packet Fragmentation. Medium. https://medium.com/@flyparamotorguillermo/evading-detection-with-nmaps-advanced-packet-fragmentation-6bf1aec9833b

CJ 4440 Quiz #2: Week #6: November 18 - November 24, 2024

Score for this attempt: 10 out of 10

Submitted Nov 22 at 10:51pm

This attempt took 7 minutes.

Question 1                                                                             1 / 1 pts
1. Sinn Fein, left-wing Irish republican party political objective is to end the British control in Northern Ireland.

• True
• False

 
Question 2                                                          1 / 1 pts
2. Which U.S. President ignored Russian action in the south Caucasus region because Vladimir Putin support the U.S. role in combating terrorism?

1) Bill Clinton

2) George Bush

3) Barrack Obama

4) Donald Trump

 
Question 3                                                     1 / 1 pts
3. Which data is incorrect about The Patrice Lumumba University, known as "Killer College"?

A) Located in Russia, near Moscow

B) Established as an educational asset to the Third World countries of Africa and Asia

C) Established in 1960

D) Carlos the Jackal once attended as a student

 
Question 4                                                          1 / 1 pts
4. France is known as a center for international terrorism in Europe.

• True
• False

 
Question 5                                                          1 / 1 pts
5. The population of Yugoslavia were split along ethnic lines into how many republics?

A) Three

B) Four

C) Five

D) Six

 
Question 6                                                               1 / 1 pts
6. Former PLO leader Sheikh Ahmed Yassin stated, "Peace for us means the destruction of Israel. We are preparing for an all out war which will last for generations."

• True
• False

 
Question 7                                                        1 / 1 pts
7. How many of the 9-11 terrorists were born in Saudi Arabia?

A) 20

B) 19

C) 18

D) 17
 
Question 8                                                   1 / 1 pts
8. Who created the Islamic State in Iraq and the Levant?

A) Anwar al-Awlaki

B) Abu Bakr al-Baghdad

C) Abu Musab al-Zarqawi

D) Sayed Mahdi al-Hakim

Question 9                                                          1 / 1 pts
9. The Arab Spring was an antigovernment protest, uprisings, and armed rebellions that spread across the Middle East in early 2010.

• True
• False

 
Question 10                                                        1 / 1 pts
10. Hezbollah is a Shia Muslim militant group based in Gaza.

• True
• False

CJ 4440 Midterm: Week #5: November 11 - November 17, 2024

Score for this quiz: 23 out of 25 *

Submitted Nov 15 at 5:51pm

This attempt took 45 minutes.

Question 1                                                             1 / 1 pts
1. Which data is incorrect about the Patrice Lumumba University, known as "Killer College?"

• A) Located in Russia, near Moscow
• B) Established as an educational asset to the Third World countries of Africa and Asia
• C) Established in 1960
• D) Carlos the Jackal once attended as a student

 
Question 2                                                                           1 / 1 pts
2. According to the United Nation, the United States failed and allowed the genocide in Rwanda in 1994.

•   True 
•   False 

 
Question 3                                                                            1 / 1 pts
3. Former PLO leader Sheikh Ahmed Yassin stated, "Peace for us means the destruction of Israel. We are preparing for an all our war which will last for generations."

•   True 
•   False 

 
Question 4                                                                1 / 1 pts
4. Frances is known as a center for international terrorism in Europe.

• True 
• False 

 
Question 5                                                                    1 / 1 pts
5. The population of Yugoslavia were split along ethnic lines into how many republics?

• A) Three
• B) Four
• C) Five
• D) Six

 
Question 6                                                                    1 / 1 pts
6. Based on your reading which of the government agency listed define terrorism as "is intended to produce fear in someone other than the victim"?

• A) Federal Bureau of Investigation (FBI)
• B) U.S. Department of Defense (DOD)
• C) U.S. Department of State
• D) U.S. Department of Homeland Security (DHS)

 
Question 7                                                                    1 / 1 pts
7. Law enforcement and intelligence agencies are experiences most problems in the twenty-first century with detection, infiltration, and prevention of what type of terrorist?

• A) Jihadist
• B) State-sponsor
• C) Lone Wolf
• D) Islamic Jihad

 
Question 8                                                                   1 / 1 pts
8. Based on required reading, which violent acts are defined as terrorist incidents?

• A) 1941 Attack on Pearl Harbor, 1995 Oklahoma City Bombing, and 2000 Bombing of the USS Cole
• B) 1995 Oklahoma City Bombing & 2000 Bombing of the USS Cole
• C) 1941 Attack on Pearl Harbor & 2000 Bombing of the USS Cole
• D) 1941 Attack on Pearl Harbor & 1995 Oklahoma City Bombing

 
Question 9                                                                          1 / 1 pts
9. Identify the reasons for RCMP and CSIS joint investigation failures that span over twenty years regarding the bombing of Air India Flight 182, the worst act of terrorism in Canadian history (Spindlove & Simensen, 2018).

• A) Lack of intelligence and investigative tools
• B) Interference and mismanagement of the investigation
• C) Lack of investigative tools
• D) Lack of intelligence tools

 
Question 10                                                                        1 / 1 pts
10. Under Homeland Security Presidential Directive 6, the Department of Homeland Security Secretary established Terrorist Screening Centers (TSCs) in September 2003 to consolidate the watch list for the lawful use of terrorist information in screening processes.

• True 
• False 

 
Question 11                                                           13 / 15 pts
11. Based on your reading about the lack of intelligence gathering authority that allowed 9-11 and the United States' response by enacting the Patriot Act in 2001 and the creation of the Department of Homeland Security in 2003, should there be more or less authority given to law enforcement to detect and prevent future attacks by potential radicalized immigrants and American citizens within the United States? To receive full credit, a well-written essay will have between 400 and 500 words, with at least three (3) in-text citations and three (3) different references listed below the essay. Your well-written essay response must be relevant and provide an analysis of the justification for the position with data on the implementation or lack of significant results from the use of the Patriot Act since 2001. While this question is similar to a discussion board, it requires an essay response, not a discussion board posting.
Excellent grammar with references and in-text citations is required, with attention to the accurate use of quotations.

Students are reminded to use only their work production for this assignment with strict attention to the following plagiarism policy:

Plagiarism

Don’t plagiarize (and that includes use of text spinning tools, paraphrasing tools, and AI tools that generate papers). Plagiarism will lead to a “zero” on the assignment and/or an “F” in the class, at my discretion, and in some cases, a recommendation to the Dean of Student Services for your suspension from the University.  Bottom line:  if you use someone else’s ideas, cite.  If you use someone else’s words, QUOTE.  Here’s a short interactive plagiarism tutorial  Links to an external site.from Acadia University. 

Graded Answer:

Sept 2001 terrorist attacks identified significant challenges in the US intelligence and law enforcement systems, bringing about policy changes like the USA PATRIOT Act of 2001 and the creation of the DHS in 2003. The provisions of the act involved roving wiretaps, National Security Letters (NSLs) to get records without the court’s approval, and the so-called “lone wolf clause” that permits spying of unrelated individuals from terror suspected. These tools were integrated into the counterterrorism framework to enhance national security through the virtue of preventive investigations. The authors point out that the Act has prevented certain terror attacks, including Najibullah Zazi’s projected bombing of the New York City subway ...

CYB 310 Project One Stepping Stone 

Network Troubleshooting Practice

Overview

Troubleshooting practice will help you develop the adversarial mindset that is essential for a cybersecurity analyst to have. Troubleshooting any situation helps prepare you to handle similar situations when they arise. The faster you can fix an issue, the less likely it is to cause harm throughout the event. In a sandbox environment, it is easy to experiment with causing and solving problems to test your peers or other members of an organization. You can also use a sandbox to challenge your skills and test your network defense competence. The GNS3 environment provides a virtual network that also incorporates host operating systems. The environment gives you the ability to interface with the operating systems of devices.

For this stepping stone, you will practice network troubleshooting in a sandbox environment. The sandbox is a safe place to practice your skills, as you won’t have to worry about damaging a production environment. You will use the same sandbox environment for Project One.

Scenario

You are interviewing for a cybersecurity analyst position. As part of the interview process, the company tests all candidates’ troubleshooting capabilities. The company provides you with a GNS3 virtual network in a sandbox environment and asks you to demonstrate your troubleshooting skills. Open the CYB 310 Sandbox and click on the GNS3 icon. Open the Project One Stepping Stone file to troubleshoot and resolve the following issues:

1. Only users in the Sales and Customer Service departments need access to the Customer Data folder on the CS FTP server. The Human Resources department users should not have access. 
2. Three of the four workstations in the Human Resources department cannot ping the Cloud IP address due to an IP address or switch misconfiguration. Find and correct the misconfigurations.

Prompt

You must address the following rubric criteria:

1. Network Deficiencies
   1. Issue One 
      1. Identify the configuration error causing the issue by providing appropriate screenshot(s).
      2. Troubleshoot the issue and provide screenshots of a resolution.
      3. Explain your approach to troubleshooting the issue and justify your resolution.
   2. Issue Two
      1. Identify the configuration error causing the issue by providing appropriate screenshot(s).
      2. Troubleshoot the issue and provide screenshots of a resolution.
      3. Explain your approach to troubleshooting the issue and justify your resolution.

What to Submit

Your submission should be 2 to 3 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.