Access over 20 million homework & study documents

Network Security Asigment

Content type
User Generated
Subject
Linux
School
Lewis University
Type
Homework
Rating
Showing Page:
1/15
Network security
Part 1
Security Control Types
With the understanding that Defense in Depth can be broken down into three different security control
types, answer the following questions:
1. Walls, bollards, fences, guard dogs, cameras, and lighting are what type of security
control?
Answer: physical controls
2. Security awareness programs, BYOD policies, and ethical hiring practices are what type of security
control?
Answer: Management Controls
2. Encryption, biometric fingerprint readers, firewalls, endpoint security, and intrusion
detection systems are what type of security control?
Answer: Data protections Access control
Intrusion Detection and Attack indicators
What's the difference between an IDS and an IPS?
Intrusion Detection Systems (IDS): analyze and monitor network traffic for signs that indicate
attackers are using a known cyberthreat to infiltrate or steal data from your network. IDS systems
compare the current network activity to a known threat database to detect several kinds of behaviors
like security policy violations, malware, and port scanners.
Intrusion Prevention Systems (IPS): live in the same area of the network as a firewall, between the
outside world and the internal network. IPS proactively deny network traffic based on a security profile
if that packet represents a known security threat.
What's the difference between an Indicator of Attack and an Indicator of Compromise?

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/15
An IOC is often described in the forensics world as evidence on a computer that indicates that the
security of the network has been breached. Unlike Indicators of Compromise (IOCs) used by legacy
endpoint detection solutions, indicators of attack (IOA) focus on detecting the intent of what
an attacker is trying to accomplish, regardless of the malware or exploit used in an attack. Just like
AV signatures, an IOC-based detection approach cannot detect the increasing threats from malware-free
intrusions and zero-day exploits. As a result, next-generation security solutions are moving to an IOA-
based approach pioneered by CrowdStrike.
The Cyber Kill Chain
Name each of the seven stages for the Cyber Kill chain and provide a brief example of each.
Step 1: RECONNAISSANCE
Step 2: WEAPONIZATION
Step 4: EXPLOITATION
Step 5: INSTALLATION
Step 6: COMMAND AND CONTROL
Step 7: Actions on Objectives
Snort Rule Analysis
Use the Snort rule to answer the following questions:
Snort Rule #1
alert tcp $EXTERNAL_NET any -> $HOME_NET 5800:5820 (msg:"ET SCAN Potential VNC Scan 5800-5820"; flags:S,12;
threshold: type both, track by_src, count 5, seconds 60; reference:url,doc.emergingthreats.net/2002910; classtype:attempted-recon;
sid:2002910; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
1.Break down the Sort Rule header and explain what is happening.
alert tcp $EXTERNAL_NET any -> $HOME_NET 5800:5820 . It scanning ET SCAN Potential VNC Scan 5800-5820"
2. What stage of the Cyber Kill Chain does this alert violate?
Step 2: WEAPONIZATION
3.What kind of attack is indicated?
Emerging threat were founds.
Snort Rule #2

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/15

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 15 pages?
Access Now
Unformatted Attachment Preview
Network security Part 1 Security Control Types With the understanding that Defense in Depth can be broken down into three different security control types, answer the following questions: 1. Walls, bollards, fences, guard dogs, cameras, and lighting are what type of security control? Answer: physical controls 2. Security awareness programs, BYOD policies, and ethical hiring practices are what type of security control? Answer: Management Controls 2. Encryption, biometric fingerprint readers, firewalls, endpoint security, and intrusion detection systems are what type of security control? Answer: Data protections Access control Intrusion Detection and Attack indicators What's the difference between an IDS and an IPS? Intrusion Detection Systems (IDS): analyze and monitor network traffic for signs that indicate attackers are using a known cyberthreat to infiltrate or steal data from your network. IDS systems compare the current network activity to a known threat database to detect several kinds of behaviors like security policy violations, malware, and port scanners. Intrusion Prevention Systems (IPS): live in the same area of the network as a firewall, between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat. What's the difference between an Indicator of Attack and an Indicator of Compromise? An IOC is often described in the forensics world as evidence on a computer ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Anonymous
Excellent resource! Really helped me get the gist of things.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4