Our Previous Samples

Restructuring Status Report

Overview

Organizations always need to enhance their security through network protection. They must hire people with the right skills or train the team in charge of protecting the network. Companies can grow or downsize rapidly, and their network configurations need to adapt just as quickly. A strong traffic flow policy will help the company manage these changes. The focus of this project is creating a traffic flow policy that includes firewall rules.

As a cybersecurity analyst, you must develop different forms of technical expertise, including the ability to complete discrete tasks. The ability to take a holistic view of security and be mindful of the global effects of configurations on a system is equally important. This expertise will help you better understand an organization’s security posture as a whole.

For this project, you will use the virtual sandbox to create a proof of concept for the upcoming organizational restructuring. 

The project incorporates one milestone, which will be submitted in Module Five. Use instructor feedback on your pre-planning milestone to reconfigure the network in your lab this week. The project will be submitted in Module Seven.

In this assignment, you will demonstrate your mastery of the following competency:

• Implement a traffic flow policy based on organizational security strategy

Scenario

Congratulations! You got the job! You are a cybersecurity analyst with a company that is restructuring. Your manager has asked you to use the virtual sandbox from your interview to create a proof of concept of a network configuration that reflects the new organizational structure. Use the network reconfiguration plan you already created to develop a restructuring status report that documents your technical work and thoughts on how this work improves the organization’s overall security posture.

Prompt

Open the CYB 310 Sandbox, click on the GNS3 icon, and select Project Three from the Projects Library list. Note: You must complete this project in one sitting, as the lab environment is non-persistent. Be aware of your time as you complete the lab. You can extend your lab when the time warning appears.

You must address the following rubric criteria:

1. Network Reconfiguration: Include the following screenshots:
   1. Network diagram
   2. Port assignment and VLAN assignment for each switch
2. Traffic Flow Configuration: Include screenshots of the following:
   1. Configure a firewall rule to allow port 80 HTTP from the WAN to the FTP server.
   2. Configure a firewall rule to allow port 443 HTTPS from the WAN to the FTP server.
   3. Configure a firewall rule to block port 80 HTTP from the WAN to any other system.
   4. Configure a firewall rule to block port 443 HTTPS from the WAN to any other system.
3. Organizational Security Strategy
   1. Explain how the security posture of the organization has been improved by the restructuring.
   2. Describe how the tenets of the CIA triad (confidentiality, integrity, and availability) are affected by the restructuring.

Project Three Network Reconfiguration Specifications Spreadsheet

 Project Three Milestone - GNS3

Traffic flow policies take into consideration all of the communications within a system. When you are dealing with a computer network, the firewall policy is mandated by the traffic flow policy. The integration of firewall policies into the global traffic flow policies provides a description of what communications are permitted through the firewall. The firewall policy is an intricate component of a well-configured traffic flow policy.

Evaluating the firewall policies and communications provides a deeper examination of part of a traffic flow policy. Looking at best practices and implementation strategies of firewalls provides a foundation to enhance a traffic flow policy. This will prepare you to develop the best defensive strategy for communications on a network.

For your initial post, evaluate the Summary of Recommendations sections of NIST’s Guidelines on Firewalls and Firewall Policy in this module’s resources. Incorporate at least two possible traffic flow considerations to add to the recommendations in any section. Your recommendations can range from minimal tweaks to out-of-the-box thinking.

In your response posts, compare your recommendations with your peers.

IDS Analysis Paper

Overview

There are different ways to implement intrusion detection system (IDS) technologies. You must stay up-to-date with industry literature about mitigation strategies and malware remediation so that you know how to prevent an attack. Cybersecurity is a field that can change daily, so you will continue learning and growing even after you complete your degree program. Evolving with the field and staying up to date are critical aspects for success and excellence in this field.

It is important to recognize that IDS is not a one-size-fits-all tool. An IDS can be configured in three different ways: 

1. It can test for anomalies.
2. It can be heuristic-based.
3. It can be a hybrid of the two. 

Configuring the IDS to meet specific business needs will reduce the amount of time an analyst needs to explore log files and other information the IDS generates. The analyst should be left to handle the alerts generated by the properly configured system.

When implementing controls to protect a system, you must always consider confidentiality, integrity, and availability, using your proactive mindset to develop the best protection for the system. It is important to examine possible indicators of an attack and how other aspects of a system can be affected. Malware is a great example of an attack that affects all tenets of the confidentiality, integrity, and availability (CIA) triad.

For this project, you will create an IDS Analysis Paper that examines the interaction of the CIA triad security objectives and an IDS configuration. Your analysis should explain the practical application of IDSes in a scenario that you choose.

The project incorporates one stepping stone, which will be submitted in Module Four. The project will be submitted in Module Six.

In this assignment, you will demonstrate your mastery of the following competency:

• Implement an intrusion detection system (IDS)

Prompt

You must address the following rubric criteria: 

1. IDS and Security Objectives—Critical Thinking Questions
   1. What component of an IDS is best prepared to help with the loss of confidentiality?
   2. What are the indicators of malware that an IDS could detect that may result in the loss of integrity?
   3. How can an IDS be used to detect the loss of availability?
2. Configuring an IDS—Scenario Based Questions
   1. Create a brief fictitious scenario of a company that resides within two buildings. Include a short profile of its data assets, industry, and size. For example, Southern New Hampshire High School has an administration building and an academic building. Its industry is education, and there are 500 students and employees. The data assets it protects are student records and employee records.
   2. Identify two components that you would implement to provide the best IDS protection for your fictitious company. Justify your response.

Network Evaluation Report

Overview

How do you become good at any skill? You practice it over and over until it becomes second nature. Troubleshooting computer and network problems is a skill that evolves over your career. As you practice identifying and troubleshooting network issues, you will become really good at finding problems and developing solutions. These skills are a critical component of systems thinking and the adversarial mindset.

Cybersecurity analysts and network engineers work side by side to build the strongest network defense possible. As a security analyst, you might be asked to help with network protection from time to time. Your ability to understand and troubleshoot emerging problems is key to protecting a system.

For this project, you will assume the role of a job candidate. As part of the interview process, you are asked to troubleshoot hypothetical issues in a network. You will create a network evaluation report that documents your findings for the interviewers.

The project will be submitted in Module Six.

By completing this assignment, you will demonstrate your mastery of the following competency:

• Identify and troubleshoot deficiencies related to network security

Scenario

You are interviewing for a cybersecurity analyst position. As part of the interview process, the company tests all candidates’ troubleshooting capabilities. The company provides you with a GNS3 virtual network and asks you to demonstrate your troubleshooting skills. Open the CYB 310 Sandbox environment and click on the GNS3 icon. Open the Project One file to complete the assignment. 

Select two challenges from the list below and provide recommendations for how you would address them.

Challenges:

1. The PC used for remote access should be designated to the internal file server PC and currently has all access to the entire internal network.
2. There are no password policy best practices in use, and the users in the network have passwords that never expire.
3. Users in individual departments can access and log into computers in other departments within the network.

Prompt

You must address the following rubric criteria: 

1. Network Evaluation Report
   1. Challenge One
      1. Identify the potential cause of the selected challenge.
      2. Explain your approach to resolving the challenge. Justify your response.
   2. Challenge Two
      1. Identify the potential cause of the selected challenge.
      2. Explain your approach to resolving the challenge. Justify your response.

Network Reconfiguration Pre-planning

Overview

Pre-planning is an industry exercise used in many different Information Technology (IT) related activities. The most common pre-planning exercises used in IT are new technology implementation or network reconfiguration. In this milestone, you will plan the network reconfiguration requirements needed for Project Three, which is due in Module Seven. For Project Three, you will reconfigure a network and provide a status report to your manager. You will use the instructor’s feedback on this assignment to help you properly reconfigure the network. Project Three is a time-based exercise in the CYB 310 Sandbox lab. Having a plan before you begin your reconfiguration exercise will save you time. This project emulates very real deadlines for go-live dates that you will encounter in the IT industry. This type of planning will help you meet those dates and reduce the need for complex troubleshooting later.

This milestone will also help you better understand the flow of traffic in the network. It requires you to think through the traffic flow using the VLANs to visualize the flow of traffic through each department. Visualizing the network traffic is important because you will also create a traffic flow policy for the edge firewall in Project Three.

Scenario

Congratulations! You are the leading candidate for the cybersecurity analyst position. The company is restructuring. Your last step in the interview process is to use the virtual sandbox to create a proof of concept of a network configuration that reflects the new organizational structure. The IT manager has provided a network configuration planning template you will use to complete this task. 

Prompt

Open the CYB 310 Sandbox, click on the GNS3 icon, and select Project Three Milestone from the Projects Library list. Review the current network state and use the environment to complete the Network Reconfiguration Planning Template, which is linked in the What to Submit section. A link to the sandbox is in Module Five of the course.

You must address the following rubric criteria:

1. Network Reconfiguration Notes
   1. Customer Experience Department: Identify the number of PCs and number of switches
   2. HR Department: Identify the number of PCs and number of switches
   3. Network Servers: Identify the number of server(s), the number of switches, and the number of routers
   4. Backbone (Network Device Infrastructure): Determine the network connections of your future state network reconfiguration.

Web Application Firewalls

Overview

Throughout this program, you have studied firewall rules, access control, and how different types of network communication can impact an organization. Now, you will build on these skills and explore web application firewalls.

In this assignment, you will investigate the capabilities and strengths of web application firewalls. These next-generation firewalls are not used as pervasively as basic firewalls. However, it is important to anticipate more widespread use of these in the industry. Understanding web application firewalls will prepare you for the technology that evolves after them. This course will not ask you to create web application firewall rules; however, as you are shaping the traffic, challenge yourself to think about how you could affect the traffic flow if you did create rules for this layer of the OSI model.

Prompt

Using the module’s resources on Snort packages and your other readings from this course, you will explore the capabilities and security benefits of web application firewalls.

You must address the following rubric criteria: 

1. Firewall Fundamentals
   1. Compare the different functions of a web application firewall and a basic firewall.
   2. Identify where a web application firewall and a basic firewall operate in the layers of the OSI model.
   3. Discuss the significance of the layers for responding to threats.
2. Layered Security Strategy
   1. Describe the organizational security needs that would prompt the use of a web application firewall.
   2. Discuss how a web application firewall assists with the overall defense in depth strategy of an organization.
3. CIA Triad
   1. Explain how the web application firewall specifically addresses one tenet of the CIA triad (confidentiality, integrity, and availability).

Module Five Lab Worksheet Guidelines

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet template and complete the subsequent labs:

• Closing Ports and Unnecessary Services

Prompt

Complete the Module Five Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Five of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

CYB 310 Module Five Lab Worksheet Word Document

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information.

Project Two Stepping Stone Guidelines

Exploring IDS Best Practices

Overview

For this stepping stone, you will explore intrusion detection system (IDS) best practices. You can discover best practices through trial and error, hands-on experience, or staying abreast of emerging trends and research. This assignment and Project Two will focus on the theoretical aspect of IDS best practices. 

After reviewing the module resources, you will identify IDS components you can use to analyze network traffic patterns. IDS components can encompass mitigation strategies and practices. Each organization has different monitoring needs. Therefore, IDS technology must be customized to an organization. Setting up an IDS draws on your adversarial mindset because vulnerabilities vary by organization. You can set up alerts using IDS and determine if an alert warrants further investigation. As a cybersecurity analyst, you must determine alert validity. You must actively use your knowledge of security fundamentals and the confidentiality, integrity, and availability (CIA) triad to make informed decisions. The best recommendations come from a deep understanding of an environment and a systems-thinking approach.

Prompt

Using the CYB 310 Project Two Stepping Stone Template, you must address the following rubric criteria:

1. IDS Best Practices Table
   1. Identify 5 components of an IDS.
   2. Explain what each component detects.
   3. Using your adversarial mindset, identify what a threat actor could accomplish if you were not monitoring each component.
   4. Explain which tenet of the security (CIA) triad is most affected by each component.
2. Application Question
   1. A small business start-up in the finance sector with one office location has identified a need for better network protection. It has identified IDS as a great low-cost solution. What IDS components would you recommend the company implement? Justify your response with at least two recommended components.

What to Submit

Submit your completed Project Two Stepping Stone Template. Your submission should be 1 to 2 pages in length. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

 Project Two Stepping Stone Template Word Document

Module Four Lab Worksheet Guidelines

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet template and complete the subsequent labs:

• Identifying and Analyzing Network Host Intrusion Detection System Alerts
• Intrusion Detection Using Snort
• Detecting Malware and Unauthorized Devices

Prompt

Complete the Module Four Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Four of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

Module Four Lab Worksheet Word Document

Lab: Identifying & Analyzing Network Host Intrusion Detection System Alerts

Lab: Intrusion Detection Using Snort

Detecting Malware and Unauthorized Devices

IDS technology is designed to protect your system in a reactionary way by monitoring the internal network for discrepancies or anomalies. The purpose of the IDS is to alert the security specialist that there is an issue with the system. The security specialist will then begin the incident response procedures.

For your initial post, select a host intrusion detection system (HIDS) or a network intrusion detection system (NIDS) and use your adversarial mindset to explain the attack you would execute to circumvent the system if you were an attacker. Justify your selection.

In your response posts, assuming your peer's attack was successful, what changes would you make to the IDS settings to detect their attack?

Sample Post

Hello everyone,

Intrusion Detection Systems (IDS) are critical in a cybersecurity strategy, identifying and alerting administrators to potential threats. In particular, Network Intrusion Detection Systems (NIDS) monitor network traffic to detect anomalies. However, no system is foolproof, and attackers often exploit weaknesses in NIDS to infiltrate systems undetected. This discussion explores a common technique used to circumvent an NIDS, focusing on evasion through packet fragmentation while drawing on real-world examples to highlight the practical implications. 

Packet fragmentation is a widely known evasion technique targeting NIDS. In this approach, attackers divide malicious payloads into smaller packets that conform to standard traffic patterns. The fragmented packets can bypass inspection thresholds or confuse detection algorithms, especially if the NIDS is configured with insufficient reassembly capabilities. For example, the 2010 attack against the South Korean defense network utilized fragmented packets to bypass perimeter NIDS, demonstrating the efficacy of this technique (Kim et al., 2012). Tools like FragRoute enable attackers to automate fragmentation, emphasizing the need for robust NIDS configurations. 

Another notable case involved the infamous Stuxnet malware. By leveraging fragmented packets and obfuscating payloads, Stuxnet circumvented monitoring systems to infiltrate critical infrastructure (Langner, 2013). These examples underscore the importance of advanced NIDS solutions capable of reconstructing fragmented packets accurately and analyzing their content in real time. 

In conclusion, while NIDS provides significant protection against unauthorized access, adversaries can exploit configuration weaknesses and limitations in detection mechanisms. Packet fragmentation exemplifies the sophistication of evasion techniques, as demonstrated in high-profile cases like Stuxnet and the South Korean defense breach. Organizations must invest in updated NIDS solutions and proactive monitoring to mitigate these threats effectively. Cybersecurity professionals can better secure their networks against such vulnerabilities by understanding adversarial methods. 

References: 

Kim, J., Park, S., & Lee, H. (2012). Advanced evasion techniques for intrusion detection systems. Journal of Computer Security, 20(1), 25-36. 

Langner, R. (2013). To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve. Langner Group. 

Scarfone, K., & Mell, P. (2012). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94. 

Sample Reponse

Hi [peer's name],

Thank you for the post and examples provided of a successful attack using packet fragmentation to evade an IDS. It is especially fascinating to hear about an attack that was even able to evade government-level detection systems. 

Packet fragmentation seems to be an ongoing issue for even modern IDS systems to handle. From what I can tell, one of the defenses to this kind of attack is to use application-level monitoring with deep packet inspection to look into packets and determine if their contents could be reconstructed as malicious code (EcyberTekTrooper, 2024). Another defense for packet fragmentation techniques is to incorporate anomaly-based detections. Even though fragmented packets may not be flagged as matching malicious code signatures, they are still an anomaly on the network (EcyberTekTrooper, 2024). 

Lastly, it is important to remember that even if an attack technique is able to evade existing detection methods, such as in the case of a zero-day vulnerability, following recommended guidelines and security frameworks will likely lesson the damage of successful attacks. Things like segmented networks, routine network audits, and cultivating a security aware culture are all effective methods for reducing the impact of attacks that evade network detection methods (EcyberTekTrooper, 2024).

Thanks for the great post!

Reference

EcyberTekTrooper. (2024, March 20). Evading Detection with Nmap’s Advanced Packet Fragmentation. Medium. https://medium.com/@flyparamotorguillermo/evading-detection-with-nmaps-advanced-packet-fragmentation-6bf1aec9833b