Malicious Network Activity Report

*Malicious Network Activity Report: An eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
*Joint Network Defense Bulletin: two-page double-spaced document.
Introduction to Packet Capture and Intrusion Detection Prevention Systems Transcript

You are a network analyst on the fly-away team for the FBI’s cybersecurity sector engagement division. You’ve been deployed several times to financial institutions to examine their networks after cyberattacks, ranging from intrusions and data exfiltration to distributed denial of services to their network supporting customer transaction websites. A representative from the Financial Services Information Sharing and Analysis Center, FS-ISAC, met with your boss, the chief net defense liaison to the financial services sector, about recent reports of intrusions into the networks of banks and their consortium.

He’s provided some of the details of the reports in an email. “Millions of files were compromised, and financial officials want to know who entered the networks and what happened to the information. At the same time, the FS-ISAC has seen the extensive distributed denial of service disrupting the bank’s networks, impacting the customer websites, and blocking millions of dollars of potential transactions,” his email reads.

You realize that the impact of these attacks could cause the downfall of many banks and ultimately create a strain on the US economy. In the email, your chief asks you to travel to one of the banks and using your suite of network monitoring and intrusion detection tools, produce two documents—a report to the FBI and FS-ISAC that contains the information you observed on the network and a joint network defense bulletin to all the banks in the FS-ISAC consortium, recommending prevention methods and remediation against the types of malicious traffic activity that they may face or are facing.

Step 1: Create a Network Architecture Overview
Provide a network architecture overview along with diagrams. Your overview can be fictitious or based on an actual organization. The goal is to provide an understanding of network architecture.

Describe the various data transmission components. Select the links below to review them:

User Datagram Protocol (UDP)
Transmission Control Protocol/Internet Protocol (TCP/IP)
Internet packets
IP address schemes
well-known ports and applications
Address the meaning and relevance of information, such as:

The sender or source that transmits a message
The encoder used to code messages
The medium or channel that carries the message
The decoding mechanisms used
The receiver or destination of the messages
Describe:

The intrusion detection system (IDS)
The intrusion prevention system (IPS)
The firewalls that have been established
The link between the operating systems, the software, and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks.
Identify:

How banks use firewalls
How banks use IDSs
The difference between these technologies
Include:

The network infrastructure information
The IP address schemes that will involve the IP addressing assignment model
The public and private addressing and address allocations
Identify potential risks in setting up the IP addressing scheme
Here are some resources to review:

Intrusion detection & prevention (IDS/IPS) systems
Firewalls
Identify:

Any well-known ports and applications that are used
The risks associated with those ports and applications being identified and possibly targeted

Step 2: Identify Network Attacks
identify possible cyberattacks such as spoofing/cache poisoning, session hijacking, and man-in-the-middle attacks.

Provide techniques for monitoring these attacks using the knowledge acquired in the previous step. Review the following resources to gain a better understanding of these particular cyberattacks:

Session hijacking: spoofing/cache poisoning attacks
Man-in-the-middle attacks
One way to monitor and learn about malicious activities on a network is to create honeypots.

Propose a honeypot environment to lure hackers to the network and include the following in your proposal:

Describe a honeypot.
Explain how a honeypot environment is set up.
Explain the security and protection mechanisms a bank would need for a honeypot.
Discuss some network traffic indicators that will tell you that your honeypot trap is working.
Include this information in your final report. However, do not include this information in the bulletin to prevent hackers from being alerted about these defenses.

Step 3: Identify False Negatives and False Positives

identify the risks to network traffic analysis and remediation. Review the resources on false positives and false negatives and discuss the following:

Identify what are false positives and false negatives.
How are false positives and false negatives determined?
How are false positives and false negatives tested?
Which is riskier to the health of the network, a false positive or a false negative?
Describe your analysis about testing for false negatives and false positives using tools such as IDSs and firewalls, and include this as recommendations for the banks in your public service Joint Network Defense Bulletin.

Discuss the concept of performing statistical analysis of false positives and false negatives.

Explain how banks can reduce these issues.

Research possible ways to reduce these events and include this information as recommendations in the Malicious Network Activity Report.

Network intrusion analysis is often done with a tool such as Snort. Snort is a free and open-source intrusion detection/prevention system program. It is used for detecting and preventing malicious traffic and attacks on networks, analysis, and education. Such identification can be used to design signatures for the IDS, as well as to program the IDS to block this known bad traffic.

Network traffic analysis is often done using tools such as Wireshark. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software, and communications protocol development and education. Cybersecurity professionals must know how to perform network forensic analysis

Step 4: Analyze Network Traffic
develop proposed rules to prevent against known malicious sites and to test for these signatures.

Step 5: Determine the Sensitivity of Your Analysis

determine which information to include in which document.

Information appropriate for internal consumption may not be appropriate for public consumption. The Joint Network Defense Bulletin may alert criminals of the network defense strategy. Therefore, be careful about what you include in this bulletin.

Once you have assessed the sensitivity of the information, including appropriate information in your Malicious Network Activity Report.

Then, include appropriate information in the Joint Network Defense Bulletin in a way that educates the financial services consortium of the threat and the mitigating activities necessary to protect against that threat

Step 6: Explain Other Detection Tools and Techniques

perform independent research and briefly discuss what other tools and techniques may be used to detect these signatures.

Provide enough detail so that a bank network administrator could follow your explanation to deploy your system in production. Include this information in the Joint Network Defense Bulletin.

Next, move to the next step, where you will organize and complete your report.

Step 7 Complete Malicious Network Activity Report

The following is a suggested outline:

1 Introduction: Describe the banking institution and the issue you will be examining.
2 Overview of the Network Architecture
3 Network Attacks
4 Network Traffic Analysis and Results
5 Other Detection Tools and Techniques
6 Recommended Remediation Strategies

Step 8: Create the Joint Network Defense Bulletin

create the Joint Network Defense Bulletin. Compile the information you have gathered, taking care to eliminate any sensitive bank-specific information. The Joint Network Defense Bulletin is an educational document for the financial services consortium. This bulletin should be addressed to the FBI chief and the FS-ISAC representative.

Calculate your order
275 words
Total price: $0.00

Top-quality papers guaranteed

54

100% original papers

We sell only unique pieces of writing completed according to your demands.

54

Confidential service

We use security encryption to keep your personal data protected.

54

Money-back guarantee

We can give your money back if something goes wrong with your order.

Enjoy the free features we offer to everyone

  1. Title page

    Get a free title page formatted according to the specifics of your particular style.

  2. Custom formatting

    Request us to use APA, MLA, Harvard, Chicago, or any other style for your essay.

  3. Bibliography page

    Don’t pay extra for a list of references that perfectly fits your academic needs.

  4. 24/7 support assistance

    Ask us a question anytime you need to—we don’t charge extra for supporting you!

Calculate how much your essay costs

Type of paper
Academic level
Deadline
550 words

How to place an order

  • Choose the number of pages, your academic level, and deadline
  • Push the orange button
  • Give instructions for your paper
  • Pay with PayPal or a credit card
  • Track the progress of your order
  • Approve and enjoy your custom paper

Ask experts to write you a cheap essay of excellent quality

Place an order