Malicious Network Activity Report CST 620 [name] [date] 2 EVENT [Describe what you were tasked to do. Include the types of information attacks you were tasked to examine. ID possible cyberattacks such as: • • • Spoofing/cache poisoning attacks Session hijacking Man-in-the-middle attacks] TARGET AND PROFILE [Describe FS-ISAC and the bank institution] 3 OVERVIEW OF NETWORK ARCHITECTURE [Provide a network architecture overview in both diagram and written forms. Be sure to include the following in your overview: • • • • • • • • Describe various data transmission components 1) User Datagram protocol (UDP) 2) Transmission Control Protocol/Internet protocol (TCP/IP) 3) Internet Packets 4) IP addresses schemes 5) Well-known ports and applications Address 1) Sender or source that transmits a message 2) Encoder used to code messages 3) Medium or channel that carries message 4) Decoding mechanisms used 5) Receiver or destination of messages Describe 1) Intrusion Detection and prevention Systems (IDS/IPS) 2) Firewalls that have been established Link operating systems and software/hardware components in network, firewall and IDS that make up bank’s implemented network defense ID how banks use firewalls and IDS/IPS. Include the difference between these technologies Include these areas 1) Network infrastructure information 2) IP address schemes 3) Involve IP addressing assignment model information 4) Public and private addressing and addressing allocations 5) ID potential risks in setting up IP address scheme Research firewalls and IDS/IPS ID well-known ports and applications being used. Include the risk associated with those identified and possibly targeted 4 NETWORK TRAFFIC MONITORING AND RESULTS • • ID False negatives and false positives 1) Review resources on false positives and false negatives 2) ID risks to network traffic analysis and remediation a) ID what these are b) How they are determined c) How they are tested d) Which is riskier to health of the network 2) Describe your analysis about testing for false negatives and false positives a) Using tools such as IDS and firewalls b) Recommendations for the banks c) Statistical analyses of false positives and false negatives from results in the lab d) How they can reduce these values ID Anomalous Source and Destination IP Addresses 1) ID risks to network traffic analysis and remediation a) ID what these are b) How they are determined c) How they are tested d) Which is riskier to health of the network 2) Describe your analysis about testing for anomalous IP addresses a) Using tools such as IDS and firewalls b) Statistical analyses of anomalous IPs from results in the lab c) Traffic volume patterns with date and time corroborations d) How they can reduce these values] RECOMMENDED REMEDIATION STRATEGIES [describe your recommendations for remediation of the previous identified risks and problems. Include the following: • • Cyber offensive operation - Honeypots 1) Describe what they are 2) How to set up an operation using one 3) What security and protections mechanisms need to be in place 4) What are indicators in network traffic would lead you to believe they are working Explain other detection tools and techniques 1) Do independent research 2) Explain what other tools and techniques you can use to detect these signatures] 5 REFERENCES [create a list of all references use in paper and IAW APA style format] Joint Net Defense Bulletin CST 620 [name] [date] 2 Introduction [give a brief introduction of what the bulletin is about] Testing Results [give a summary of your analysis of false negatives/positives. Also give analysis of anomalous source and destination IP network addresses. Include information related to traffic volume patterns with date and time corroborations. Add other significant details as you find interesting to others.] Recommendations [define other tools and techniques that one could use to combat against the false positives/negatives and anomalous IP traffic patterns found. May have to do some independent research.] Contact Information [provide a brief statement about getting help from FS-ISAC or FBI. Also include information on how to contact them to include telephone number and email addresses.]
Purchase answer to see full attachment