Computer Science Homework Help

Assignment Description

Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the User Domain while network implications remain part of the LAN or LAN-to-WAN Domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems.

Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident.

You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity.

For this assignment, provide the following deliverables:

• Identify two (2) types of security events and baseline anomalies that might indicate suspicious activity.

Always consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events.

Think along the following lines to answer this question:

• How do you obtain a baseline of system or network behavior?
• What is an anomaly in relation to baseline behavior?
• Why might certain anomalies be worth investigating?
• How can traffic have patterns that signify known attacks?
• What do log files help you learn that filtering systems overlook?
• Why can legitimate traffic sometimes seem suspicious?

• Given the list of policy violations and security breaches below, select three (3) and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities.

• A user made unauthorized use of network resources by attacking network entities.
• Open network drive shares allow storage privileges to outside users.
• Sensitive laptop data is unencrypted and susceptible to physical theft.
• Remote users do not have recent patches or current updates.
• Legitimate traffic bearing a malicious payload exploits network services.
• An invalid protocol header disrupts a critical network service.
• Removable storage drives introduce malware filtered only when crossing the network.
• Predictable passwords meet minimum length requirements but remain easily guessable.
• Bad router permissions allow attackers to modify configurations or disrupt traffic.