Unit 19 Homework: Protecting VSI from Future Attacks Scenario In the previous class, you set up your SOC and monitored attacks from JobeCorp. Now, you will need to design mitigation strategies to...

1 answer below »

Unit 19 Homework: Protecting VSI from Future Attacks



Scenario


In the previous class, you set up your SOC and monitored attacks from JobeCorp. Now, you will need to design mitigation strategies to protect VSI from future attacks.


You are tasked with using your findings from the Master of SOC activity to answer questions about mitigation strategies.



System Requirements


You will be using the Splunk app located in the Ubuntu VM.



Logs


Use the same log files you used during the Master of SOC activity:



  • Windows Logs

  • Windows Attack Logs

  • Apache Webserver Logs

  • Apache Webserver Attack Logs




Part 1: Windows Server Attack


Note: This is a public-facing windows server that VSI employees access.



Question 1



  • Several users were impacted during the attack on March 25th.

  • Based on the attack signatures, what mitigations would you recommend to protect each user account? Provide global mitigations that the whole company can use and individual mitigations that are specific to each user.



Question 2



  • VSI has insider information that JobeCorp attempted to target users by sending "Bad Logins" to lock out every user.

  • What sort of mitigation could you use to protect against this?



Part 2: Apache Webserver Attack:



Question 1



  • Based on the geographic map, recommend a firewall rule that the networking team should implement.

  • Provide a "plain english" description of the rule.

    • For example: "Block all incoming HTTP traffic where the source IP comes from the city of Los Angeles."



  • Provide a screen shot of the geographic map that justifies why you created this rule.



Question 2




  • VSI has insider information that JobeCorp will launch the same webserver attack but use a different IP each time in order to avoid being stopped by the rule you just created.




  • What other rules can you create to protect VSI from attacks against your webserver?



    • Conceive of two more rules in "plain english".

    • Hint: Look for other fields that indicate the attacker.





Guidelines for your Submission:


In a word document, provide the following:



  • Answers for all questions.

  • Screenshots where indicated

Answered 2 days AfterJul 26, 2021

Answer To: Unit 19 Homework: Protecting VSI from Future Attacks Scenario In the previous class, you set up your...

Breeze Prakash answered on Jul 28 2021
148 Votes
Unit Q1 Ans:
A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server.
A DDoS attack is launched from numerous compromised devices, often distributed globally in what is referred to as a botnet. It is distinct from other denial of service (DoS) attacks, in that it uses a single Internet-connected device (one network connection) to flood a target with malicious traffic. This nuance is the main reason for the existence of these two, somewhat different, definitions.
Volume Based Attacks
Includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
Protocol Attacks 
Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in packets per second (Pps).
Application Layer Attacks 
Includes low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second (Rps).
Question 2
· VSI has insider information that JobeCorp attempted to target users by sending "Bad Logins" to lock out every user.
· What sort of mitigation could you use to protect against this?
Ans:
A wide range of technologies are available to web application developers when implementing authentication mechanisms:
· HTML forms-based authentication
· Multifactor mechanisms, such as those combining passwords and physical tokens
· Client SSL certificates and/or smartcards
· HTTP basic and digest authentication
· Windows-integrated authentication using NTLM or Kerberos
· Authentication services
Administrative passwords may in fact be weaker than the password policy allows. They may have been set before the policy was in force, or they may have been set up through a different application or interface.
In this situation, any serious attacker will use automated techniques to attempt to guess passwords, based on lengthy lists of common values. Given today's bandwidth and processing capabilities, it is possible to make...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?