28 Dec Introduction To Packet C

Introduction To Packet Capture And Intrusion Detection Prevention Systems

You are a network analyst on the fly-away team for the FBI’s cybersecurity sector engagement division. You’ve been deployed several times to financial institutions to examine their networks after cyberattacks, ranging from intrusions and data exfiltration to distributed denial of services to their network supporting customer transaction websites. A representative from the Financial Services Information Sharing and Analysis Center, FS-ISAC, met with your boss, the chief net defense liaison to the financial services sector, about recent reports of intrusions into the networks of banks and their consortium.

He’s provided some of the details of the reports in an email. “Millions of files were compromised, and financial officials want to know who entered the networks and what happened to the information. At the same time, the FS-ISAC has seen extensive distributed denial of service disrupting the bank’s networks, impacting the customer websites, and blocking millions of dollars of potential transactions,” his email reads.

You realize that the impact from these attacks could cause the downfall of many banks and ultimately create a strain on the US economy. In the email, your chief asks you to travel to one of the banks and using your suite of network monitoring and intrusion detection tools, produce two documents—a report to the FBI and FS-ISAC that contains the information you observed on the network and a joint network defense bulletin to all the banks in the FS-ISAC consortium, recommending prevention methods and remediation against the types of malicious traffic activity that they may face or are facing.

Network traffic analysis and monitoring help to distinguish legitimate traffic from malicious traffic. Network administrators must protect networks from intrusions. This can be done using tools and techniques that use past traffic data to determine what should be allowed and what should be blocked. In the face of constantly evolving threats to networks, network administrators must ensure their intrusion detection and prevention systems are able to analyze, monitor, and even prevent these advanced threats.

In this project, you will research network intrusion and prevention systems and understand their use in a network environment. You will also use monitoring and analysis technologies in the Workspace to compile a Malicious Network Activity Report for financial institutions and a Joint Network Defense Bulletin for a financial services consortium.

The following are the deliverables for this project:

Deliverables

•Malicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

•Joint Network Defense Bulletin: A one- to two-page double-spaced document.

Step 1: Create a Network Architecture Overview

You travel to the various bank locations and gain access to their networks. However, you must first understand the network architecture of these banks.

Provide a network architecture overview along with diagrams. Your overview can be fictitious or based on an actual organization. The goal is to provide an understanding of the network architecture.

Describe the various data transmission components. Select the links below to review them:

1.User Datagram Protocol (UDP)

2.Transmission Control Protocol/Internet Protocol (TCP/IP)

3.Internet packets

4.IP address schemes

5.well-known ports and applications

Address the meaning and relevance of information, such as:

a.The sender or source that transmits a message

b.The encoder used to code messages

c.The medium or channel that carries the message

d.The decoding mechanisms used

e.The receiver or destination of the messages

Describe:

a.The intrusion detection system (IDS)

b.The intrusion prevention system (IPS)

c.The firewalls that have been established

d.The link between the operating systems, the software, and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks.

Identify:

a.How banks use firewalls

b.How banks use IDSs

c.The difference between these technologies

Include:

a.The network infrastructure information

b.The IP address schemes that will involve the IP addressing assignment model

c.The public and private addressing and address allocations

d.Identify potential risks in setting up the IP addressing scheme

Here are some resources to review:

•Intrusion detection & prevention (IDS/IPS) systems

•Firewalls

Identify:

a.Any well-known ports and applications that are used

b.The risks associated with those ports and applications being identified and possibly targeted

Add your overview to your report.

In the next step, you will identify network attacks and ways to monitor systems to prevent these attacks.

Step 2: Identify Network Attacks

In the previous step, you provided an overview of the network architecture. In this step, you will identify possible cyberattacks such as spoofing/cache poisoning, session hijacking, and man-in-the-middle attacks.

Provide techniques for monitoring these attacks using knowledge acquired in the previous step. Review the following resources to gain a better understanding of these particular cyberattacks:

•Session hijacking: spoofing/cache poisoning attacks

•Man-in-the-middle attacks

One way to monitor and learn about malicious activities on a network is to create honeypots.