Cyber Attack & Ethical hacking
[
Cyber Attack & Ethical Hacking
01a1] Unit 1 Assignment 1
Week 8
· Auditing a Wireless Network and Planning for a Secure WLAN Implementation (Assignment 1)
Instructions
To demonstrate your understanding of core concepts and procedures presented in this unit, you are required to complete the Auditing a Wireless Network and Planning for a Secure WLAN Implementation lab, linked in the courseroom.
1. Describe the relevance of airmonng, airodump-ng, aircrack-ng, and aireplay-ng in WLAN applications.
2. Compare and contrast WEP, WPA, and WPA2. Why must wireless network traffic be encrypted?
3. List some techniques to secure WLAN implementations.
4. Explain why wireless network security is so important. Is it of equal importance to organizations and home users?
5. Describe some of the risks, threats, and vulnerabilities associated with wireless networks.
6. Discuss the risks of using public wireless.
7. Explain why an organization needs to have a wireless access policy and explain the importance of wireless site surveys.
Refer to the Auditing a Wireless Network and Planning for a Secure WLAN Implementation scoring guide to ensure that your work meets the grading criteria for this assignment.
Submit your assignment by midnight Sunday (CST).
Submission Requirements
· Written communication: Writing should be clear and well organized, with no technical writing errors, as expected of a business professional.
· Format: Typed, double-spaced lines.
· Font: Times New Roman, 12 points.
[u08a2] Unit 8 Assignment 2
Legal Issues and Honeypot Use (Assignment 2) 3-4 pages
Introduction
In a perfect world, network intrusion prevention measures would be sufficient to prevent any unauthorized network access. Unfortunately, it is impossible to prevent all intrusions. This makes it critical to know when a preventative control has failed. Intrusion detection system and honeypots are two ways an organization can monitor their network for illicit activity. Intrusion detection systems alert an organization to potential illicit activity, while honeypots act as a decoy to lure attackers into an environment where their activities can be closely monitored.
Instructions
Regulations require your organization to perform an annual security assessment, which includes penetration testing. You perform a variety of attacks against the organization’s firewall and can breach the network perimeter. In your exploration of the network, you find evidence of a honeypot. Company policy stipulates that only security administrators can implement and manage honeypots. Company policy also explicitly states that all honeypots must be documented and approved by the chief information security officer (CISO).
You report your findings to the CISO, who asks you to provide a report on honeypots and the legal ramifications of using honeypots within the organization.
Write a 3–4 page report in which you:
· Explain the advantages of using honeypots in securing network infrastructures.
· Explain the disadvantages of using honeypots in securing network infrastructures.
· Describe at least two types of honeypots, providing real-life examples.
· Analyze the legal ramifications of using honeypots within the organization.
Your assignment must be supported by a minimum of three recent, peer-reviewed references. Citations and references must be formatted using current APA style.
Structure your report as follows:
· Title page.
· Introduction.
· The main body (at least three pages); use headings to identify individual sections.
· Summary and conclusion.
· References page. Capella academic integrity standards must be strictly followed.
Assignment Requirements
· Written communication: Writing should be clear and well organized, with no technical writing errors, as expected of a business professional.
· References: Include a minimum of three recent, peer-reviewed references.
· APA Style: Citations and references must be formatted using current APA style.
· Length of the report: A minimum of three, typed, double-spaced pages, excluding the title page and references page.
· Font: Times New Roman, 12 points.
Project Scenario – Computer Forensics
Organization Name: Mega Corp Inc.
With high-visibility breaches in the news impacting such well-known companies as RSA and Sony, the board of directors of Mega Corp has directed the CEO to establish incident response and forensics capabilities that will ensure they are prepared to meet any potential challenges that might come the way of the organization. The CEO wants an independent perspective and has recruited you to be his highly paid consultant. You will provide him with a set of recommendations that he can use to meet the board’s request.
The recommendations you will be expected to provide as the deliverables for this project are:
1. Properly differentiate forensics and incident response activities.
2. Recommend appropriate changes to the existing architecture and IT assets of the project organization.
3. Recommend an appropriate set of preventative controls for implementation in the project organization.
4. Recommend appropriate physical space, incident response, and forensics tools requirements for the project organization and forensics partner.
5. Identify appropriate roles and responsibilities needed for effective forensics incident response for the project organization.
6. Develop appropriate incident classification and response procedures for the project organization.
7. Develop appropriate recommendations for continuous performance improvement of forensics and incident response procedures for the project organization.
High Level Details
Locations:
. Headquarters: Phoenix, Arizona.
. Distribution sites:
New York, San Francisco, and New Orleans.
. Global locations: Germany, India, China, Australia, South Africa, and Dubai.
Employees:
. Phoenix, Arizona: About 1200 users.
. Distribution sites:
. New York: 45 users.
. San Francisco: 30 users.
. New Orleans: 25 users.
· Global locations:
. Germany: 15 users.
. India: 12 users.
. China: 10 users.
. Australia: 8 users.
. South Africa: 6 users.
. Dubai: 5 users.
Main Infrastructure items:
· Hosts: They are primarily Windows XP but there are examples of both Macintosh- and Linux-based systems that have been approved for use at some sites.
· Cisco Routers and Switches: Each site will include their local switches and routers, which will be connected directly to the main data center located at the headquarters in Arizona.
· Firewalls: The headquarters and distribution sites have redundant ASA firewalls at the edge of their network and the global locations rely on the host-based Windows firewalls to protect their systems.
· Intrusion Detection: The malware solution for the organization is purchased and managed by each location and is the only form of IDS that is currently in place.
· Domain servers: Running Windows 2008.
· DNS servers.
· DHCP servers.
· Active Directory.
· Exchange Mail servers.
· File & Print servers.
· ERP system (such as PeopleSoft).
Current Environment
Mega Corp Inc. is a multi-national conglomerate consisting of two primary lines of business. These are:
· Mega Corp Consulting. The security consulting operation is located in the corporate headquarters in Phoenix, with remote partners responsible for sales and consultant oversight housed in offices within the nine sales, warehousing, and distribution centers worldwide.
· Mega Corp Solutions. The security products sales and distribution operations are also located in the corporate headquarters in Phoenix. Sales and solutions support staff are housed in offices within the nine sales, warehousing, and distribution centers worldwide.
Mega Corp owns a large office complex in Phoenix, where it is the sole tenant. The building houses the majority of IT staff and assets, both of which are located in the basement of the building in a secure, environmentally controlled space. The exception is first-level support, which is outsourced to India and shares space with the sales and warehousing functions in the country.
Remote sales, warehousing and distribution centers are all located in commercial space settings in shopping malls. They are spaces with separate entrances and exits that have common walls with the neighboring businesses. Some of the locations have a common basement or attic space that they share as storage space with the existing businesses in the mall. These locations will include your backbone network devices (routers, switches), domain controllers, DNS, mail servers, and firewall and intrusion detection systems that allow users to work locally in the event of a broader system failure.
Data on the servers is replicated twice a day from your local sites to the global locations to ensure a safe and secure date transactions between sites and help with a speedy data recovery in times of disasters.
The network is segmented into 10 global virtual LANs that logically separate into the following user groups:
· Information Technology.
· Management.
· Finance.
· Human Resources.
· Marketing and Sales.
· Product Development.
· Training.
· Remote Users.
· Security and Facilities Departments.
· All other users.
New system user requests are completed by the site manager via an electronic form located on the company intranet. User management staff completes those requests from their headquarters location and e-mail the site manager with the account and password information. Account ID is the first initial and last name of the employee. Multiples are mitigated through the addition of a 1, a 2, or, if necessary, a 3 at the end of the ID. Temporary passwords repeat the account ID and then require the user to change the password at logon. All users will be hosted in the main Active Directory servers, which will be designated as the corporate domain system for all hosts in the company.
Project Objectives
To successfully complete this project, you will be expected to:
· Properly differentiate forensics and incident response activities.
· Recommend appropriate changes to the existing architecture and IT assets of the project organization.
· Recommend an appropriate set of preventative controls for implementation in the project organization.
· Recommend appropriate physical space, incident response, and forensics tools requirements for the project organization and forensics partner.
· Identify appropriate roles and responsibilities needed for effective forensics incident response for the project organization.
· Develop appropriate incident classification and response procedures for the project organization.
· Develop appropriate recommendations for continuous performance improvement of forensics and incident response procedures for the project organization.
Week 8
· Remote Data Acquisition (3 pages)
After completing the virtual labs in this unit’s Studies, write a short paper that describes the following:
· The steps you followed to complete the lab.
· Any and all information you discovered through the lab that may be helpful in recreating events.
· How these tools might be integrated into an overall incident response plan.
· How MegaCorp can ensure that these tools are not being used by unauthorized users for malicious purposes.
When complete, submit your documents in the assignment area.
[u08d1] Unit 8 Discussion 1
Considering Remote Data Acquisition (1-page Discussion)
The CEO of MegaCorp comes to see you on the advice of the CIO who was impressed with your previous assistance to the organization. He and the other senior managers have been considering consolidation of all IT management activities either by moving them in-house at their corporate location or by outsourcing them to Berbee. He would like you to explain to him how these centralized staff would be capable of conducting investigations at the other sites that would not have local support and what the potential issues might be for those who have to conduct these remote investigations. Discuss what advice you would offer the CEO in terms of the pros and cons of centralizing staffing and the risks and benefits associated with remote data acquisition.