introduction to packet capture and intrusion detection prevention systems

Please use templates provided in files…….

Network traffic analysis and monitoring helps to distinguish legitimate traffic from malicious traffic that could potentially harm the network. Network administrators need to fortify the network from unwanted intrusions, using tools and techniques that use past traffic data to determine what is allowed or what should be blocked in current and future network operations. The challenge is to keep up network traffic analysis and monitoring technologies, and intrusion detection technologies, with the ever-morphing threats continuously attempting to exploit network vulnerabilities.

In this project, you will use monitoring technologies Wireshark and Snort in the Workspace virtual machine to compile a malicious network activity report for financial institutions and a bulletin to a financial services consortium. The report should be eight to 10 pages double-spaced with citations in APA format. The bulletin should be one to two pages double-spaced.

There are eight steps to complete the project. Most steps of this project should take no more than two hours to complete

Step 1: Create a Network Architecture Overview

You travel to the banks’ locations and gain access to their network operations. They use Wireshark to analyze the packets traveling their networks. Read this Wireshark resource to learn more about the tool. You will provide a network architecture overview in both diagram and written formats. Your overview can be based on fictitious information, or you can model network architecture from research, citing your source using APA format. This overview is outside of the lab requirements but a part of better understanding a network.

In the overview, you will describe the various data transmission components. Select the links below to review them:

  1. User Datagram Protocol (UDP)
  2. Transmission Control Protocol/Internet Protocol (TCP/IP)
  3. Internet packets
  4. IP address schemes
  5. well-known ports and applications

You will also address the meanings and relevance of information, such as the sender or source that transmits a message, the encoder used to code messages, the medium or channel that carries the message, the decoding mechanisms that were used, and the receiver or destination of the messages.

Your overview will describe the intrusion detection (IDS) and intrusion prevention (IPS) systems used and the firewalls that have been established. Make sure to link the operating systems and the software and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks. Identify how the banks are using firewalls and how they are using IDSs, and identify the difference between these technologies. Include the network infrastructure information and the IP address schemes, which will involve the IP addressing assignment model, and the public and private addressing and address allocations. Identify potential risks in setting up the IP addressing scheme. Here are some resources for you to review:

Identify any well-known ports and applications that are being used and the risk associated with those being identified, and possibly targeted. This portion can be made up of fictitious information, or you can use information from research, citing your source using APA format.

Step 2: Identify Information Security Attacks

In the previous step, you provided an overview of the network architecture. For this step, using the fictitious or the model network architecture and IDS and firewalls, identify possible cyberattacks such as spoofing/cache poisoning attacks, and session hijacking attacks including but not limited to man-in-the-middle attacks. Using knowledge acquired in the previous step, provide techniques for monitoring against these attacks. Review the following resources to gain a better understanding of these particular cyberattacks:

The FS-ISAC representative has asked you to propose a cyber offensive operation and to lure the hackers to honeypots (click the link to read more). escribe what a honeypot is, how to set up an operation using a honeypot, and what security and protections mechanisms would need to be in place if a bank agreed to set up a honeypot. What are some indicators in network traffic that would lead you to conclude that your honeypot trap has worked? Report these from Wireshark.

You will use the identified information on security attacks, the techniques for monitoring such attacks, and cyber offensives such as honeypots as part of your report to the FBI and the FS-ISAC. This information, however, should not be included in the bulletin so that the hackers will not be alerted to the defenses. However, add this to your final report.

Step 3-5: I will have to perform in a Lab

You just identified possible information security attacks. Now, identify the risks to network traffic analysis and remediation. Review the resources on false positives and false negatives. Identify what these are, how they are determined, how they are tested, and which is riskier to the health of the network.

Step 6: Explain Other Detection Tools and Techniques

The previous step required you to use Snort and Wireshark in Workspace. This step requires you to explain in a few paragraphs what other tools and techniques you may use to detect these signatures. You may have to do independent research to find these tools and techniques. Be sure to cite your sources in APA format. Provide enough detail so that a bank network administrator could follow your explanation to deploy your system in production. Include this information in your bulletin.

After you have researched and compiled the information on other detection tools and techniques, it’s time to move to Step 7, where you will organize and complete your report to the FBI and FS-ISAC.

Step 7: Organize and Complete Your Report

Now that you have gathered all the data for your report, it is time to organize it. Conclude the report and organize your report in sections. The following is a suggestion, but use what is best for the FBI chief and the FS-ISAC representative:

  1. Event: the types of information attacks you have been tasked to examine.
  2. Target and Profile: Here, you will describe FS-ISAC and the bank institution.
  3. Overview of Network Architecture: Explain in a few paragraphs what other tools and techniques you may use to detect this signature. Provide enough detail so that a campus network administrator could follow your explanation to deploy your system in production.
  4. Network Traffic Monitoring and Results
  5. Recommended Remediation Strategies

The report should be an eight- to 10-page double-spaced Word document i with citations in APA format. The page count does not include figures, diagrams, tables or citations.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!