cst 630 7631 advanced cyber exploitation and mitigation
Project 2 Start Here
Transcript
Today’s companies face many different security challenges to their networks, and a company’s incident manager needs to be ready to respond to potential threats. Some of those threats can occur from the actions of well-intentioned employees who fail to follow security protocols, and others can arise from disgruntled workers who may be able to access accounts on personal devices long after leaving an organization.
Wireless devices and bring your own device (BYOD) computing in the workplace often increase productivity and convenience, but such ubiquitous access to resources can be a significant threat to organizational security, and BYOD computing adds another layer of concern for the incident manager.
Remote management, such as tracking and data swipes, helps to locate devices containing company data and to eliminate any unauthorized viewing of that data. Authentication, access controls, and strong encryption are just some of the security measures that need to be part of a secure wireless network and mobile device management practices in the workplace. However, security will need to evolve in order to protect against employees who may have malicious intent. It will need to include behavior cues as well as effective countermeasures, as the need for greater employee availability drives more wireless computing and BYOD integration in the workplace.
For this project, you will take a close look at the variety of threats facing an incident manager as you develop a cybersecurity incident report (CIR) for management with an executive summary, along with an executive briefing for a company. For details on the length of the assignments, see the final step of the project.
There are seven steps to complete the project. Each step will highlight the types of threats you will encounter. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than two weeks to complete. Begin with the workplace scenario, and then continue to Step 1.
Deliverables
cybersecurity incident report (CIR), slides to support executive briefing
Competencies
Your work will be evaluated using the competencies listed below.
1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writerâ€s ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
1.7: Create neat and professional looking documents appropriate for the project.
1.8: Create clear oral messages.
2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
2.2: Locate and access sufficient information to investigate the issue or problem.
2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
2.4: Consider and analyze information in context to the issue or problem.
2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately.
8.3: Responds to incidents through threat mitigation, preparedness, and response and recovery approaches to preserve life, property, and information security. Investigates, analyzes, and continuously improves relevant response activities and practices.
8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.
8.5: Obtain knowledge and skills to conduct a post-mortem analysis of an incident and provide sound recommendations for business continuity.
Security Plan
Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company’s wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks.
Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section “Wireless and BYOD Security Plan.”
Click the following link to learn more about security management: Security Management.
In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You’ve completed your wireless and BYOD security plan. Now it’s time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee’s movements by using various tools and techniques. You know the location and time stamps associated with the employee’s mobile device.
How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices.
Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title “Tracking Suspicious Behavior.”
In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR.
Step 3: Develop a Continuous Improvement Plan
Now that you’ve completed the section on tracking suspicious behavior for your CIR, you are confronted with another situation in the workplace.
You receive a memo for continuous improvement in the wireless network of your company, and you are asked to provide a report on the wireless network used in your company. You have been monitoring the activities on the WPA2. Provide for your leadership a description of wired equivalent privacy and also Wi-Fi protected access networks, for education purposes. Include the pros and cons of each type of wireless network, as well as WPA2.
Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Include this for leadership. Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company.
Include your responses as part of the CIR with the title “Continuous Improvement Plan.”
In the next step, you will look at yet another workplace scenario, and you will use that incident to show management how remote configuration management works.
Step 4: Develop Remote Configuration Management
You’ve completed the continuous improvement plan portion of the CIR. Now, it’s time to show how your company has implemented remote configuration management.
Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company’s network. Then, consider the following scenario:
An undocumented device is found on the company network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee’s device. How would you show proof that the device was removed?
Include your responses as part of the CIR with the title “Remote Configuration Management.”
In the next step, you will illustrate how you investigate possible employee misconduct.
Step 5: Investigate Employee Misconduct
In this portion of your CIR report, you will show how you would investigate possible employee misconduct. You have been given a report that an employee has recorded logins during unofficial duty hours. The employee has set up access through an ad-hoc wireless network. Provide a definition of ad hoc wireless networks and identify the threats and vulnerabilities to a company. How could this network contribute to the company infrastructure and how would you protect against those threats? Use notional information or actual case data and discuss.
Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented. From your position as an incident manager, how would you detect an employee connecting to a self-configuring network or an ad hoc network? Provide this information in the report. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not? How would you validate that the user is working outside of business hours?
Include your responses as part of the CIR with the title “Employee Misconduct.”
In the next step, you will use lab tools to analyze wireless traffic.
Step 6: Analyze Wireless Traffic
You’ve completed several steps that you will use to present your CIR. In this step, as part of a virtual lab, you will analyze wireless traffic.
You are given access to precaptured files of wireless traffic on the company network. This is another way to monitor employee behavior and detect any malicious behavior, intentional or even unintentional.
Complete This Lab
Here are some resources that will help you complete the lab:
Accessing the Virtual Lab Environment: Navigating the Workspace and the Lab Setup.
Review the Workspace and Lab Machine Environment Tutorial
Lab Instructions: Incident Response Lab Exercise
Self-Help Guide: Workspace: Getting Started and Troubleshooting
Getting Help: To obtain lab assistance, email GraduateCyber@umuc.edu using the following template in the body of your email.
Your full name:
Your user ID:
Preferred email:
Your course and section number:
Detailed description of the issue that you are experiencing:
Machine type (PC, tablet, mobile device):
OS type and version:
Browser type and version:
Provide any information related to the issue that you are experiencing and attach any screenshot that you may be able to produce related to the issue.
Include your responses from the lab as part of the CIR with the title “Wireless Traffic Analysis.”
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writerâ€s ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
1.7: Create neat and professional looking documents appropriate for the project.
1.8: Create clear oral messages.
2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
2.2: Locate and access sufficient information to investigate the issue or problem.
2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
2.4: Consider and analyze information in context to the issue or problem.
2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately.
8.3: Responds to incidents through threat mitigation, preparedness, and response and recovery approaches to preserve life, property, and information security. Investigates, analyzes, and continuously improves relevant response activities and practices.
8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.
8.5: Obtain knowledge and skills to conduct a post-mortem analysis of an incident and provide sound recommendations for business continuity.
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount! Use Discount Code “Newclient” for a 15% Discount!NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
The post cst 630 7631 advanced cyber exploitation and mitigation appeared first on Superb Professors.
For any questions, feedback, or comments, we have an ethical customer support team that is always waiting on the line for your inquiries.