SlideShare a Scribd company logo

Packet capture and network traffic analysis

CARMEN ALCIVAR
CARMEN ALCIVAR

This document contains a lab assignment from Carmen Alcivar's Foundations of Information Assurance course at Northeastern University. The assignment includes summaries of two labs - Lab 9 on packet capture and traffic analysis, and Lab 10 on implementing an information security policy. Lab 9 involved using tools like Wireshark to analyze network traffic and identifying malware indicators. Lab 10 focused on configuring group policies and password policies through the domain controller. Screenshots were provided as evidence of completing the lab steps.

1 of 18
Download to read offline
<Carmen Alcivar> NORTHEASTERN UNIVERSITY 360 Huntington Ave, Boston, MA. LAB ASSIGNMENT 10 – FOUNDATIONS OF INFORMATION ASSURANCE (IA5010)
Contents Lab #9: Performing Packet Capture and Traffic Analysis ...............................................................2 a. Assessment Sheet........................................................................................................................2 b. Challenge Question.....................................................................................................................3 c. Screenshots: ................................................................................................................................4 Lab #10: Implementing an Information Systems Security Policy.................................................16 a. Assessment Sheet......................................................................................................................16 b. Challenge Question...................................................................................................................16 c. Screenshots: ..............................................................................................................................16
Lab #9: Performing Packet Capture and Traffic Analysis a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <3/27/16> Lab Assessment Questions & Answers 1. What is the main difference between a virus and a Trojan? A Trojan will masquerade as a seemingly useful program while actually compromising system security and possible acting as a “back door” allowing additional hack tools and access to the system. A standard “virus” is a program that will spread from one computer to another in any variety of means, taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay undetected. Virus:Attaches to an executable file, requires human action to spread. Trojan: Appears useful but damages system, requires human action to run, do not self-replicate. http://www.webopedia.com/DidYouKnow/Internet/virus.asp 2. A virus or malware can impact which of the three tenets of information systems security (confidentiality, integrity, or availability)? In what way? Trojans and Viruses impact all three tenets of information systems security.  Confidentiality: Malware can grant unauthorized access to the compromised machine and network.  Integrity: Malware is able to steal and modify data.  Availability: Viruses and malware tend to slow performance and availability to applications and data. 3. Why is it recommended to do an antivirus signature file update before performing an antivirus scan on your computer? Given the fact that virus and malware appear almost every day, usually antivirus vendors update their profiles once or twice a week. So, in order to ensure that systems are covered by the most updated version of antivirus, these such be updated constantly, the antivirus signature should be updated before the scanning. 4. Why might your coworker suggest encrypting an archive file before e- mailing it? My co-worker’s suggestion on encrypting an archive file before emailing it so this way, if the file is captured by any hacker, they won’t be able to see the content of the file. 5. What kind of network traffic can you filter with the Windows Firewall with Advanced Security? The Advanced Security feature from the Windows Firewall can filter incoming and outgoing traffic and it can block unauthorized traffic to the local computer. Several types of profiles can be configured based on the types of connection such as if one is connected to a network at the office, or
connected at home, or at a public location, such as the local coffee shop. Using the Advanced Security profiles, network traffic can be filtered based on Active Directory users and group, both source and destination IP addresses, port number, specific programs and services 6. What are typical indicators that your computer system is compromised? Signs of malware include degraded system performance, unusual services and network traffic, altered or removed system logs, missing or inactive anti- virus, and any number of application anomalies 7. What elements are needed in a workstation domain policy regarding use of antivirus and malicious software prevention tools? Managing system services is an important element in a given organization’s security program. Other elements include (but are not limited to) standardized configurations and settings based on organization-wide security policy definition, a layered security strategy to mitigate the threat from coming or entering into the IT infrastructure, email filtering/quarantining, frequency of anti-virus and malicious software prevention tool updates, as well as operating system and application updates to close known vulnerabilities. b. Challenge Question 1. True or false: Encrypted files cannot be inspected by an anti-virus program. Explain your answer. This is true because anti-virus software cannot open encrypted files for scanning. 2. You learned in the lab that AVG, and similar anti-virus programs, cannot scan for viruses within a zipped file. Research best practices for handling archive files in a network environment and make recommendations for ensuring integrity of the data stored on the network. Files can be scanned before being zipped. This way we can ensure those have been securely treated before compression. Also, after compression, those can be encrypted. In order to manage data stored in the network, it is necessary to identify data to be archived and to have deletion policies including data lifecycle management consideration. The archiving policy should include the criteria for archiving data and making considerations for each data type. Mechanisms of archiving should be identified, type of media to be used, duration of storage and who will have access to it. http://www.ibm.com/support/knowledgecenter/SSMLQ4_8.1.0/com.ibm.nex.opti md.install.doc/apxD_Security/opinstall-c-archive_file_security.html https://docs.oracle.com/cd/B12037_01/network.101/b10777/protnet.htm http://searchstorage.techtarget.com/feature/Data-archiving-best-practices-Policies- planning-and-products
3. Research Widows services. Using the screen captures you made in Part 2 of the lab, identify at least three services that could be disabled safely. Explain your choices.  Windows Time: if your computer doesn’t have access to the Internet then you don’t need to update the system time from online servers. You can safely disable this service. But if you do, then this service will keep your system time accurate. Safe setting: Manual;  Certificate Propagation: if you don’t use SmartCards (sometimes used in large organizations), it is safe to disable this service. Safe setting: Manual;  Microsoft iSCSI Initiator Service: iSCSI is an abbreviation for Internet Small Computer System Interface - an IP-based storage networking standard for linking data storage facilities. It allows client computers to access data over long distances on remote data centers, by using existing infrastructure (ex. over LAN, Internet). iSCSI devices are disks, tapes, CDs, and other storage devices on another networked computer that you can connect to. Sometimes these storage devices are part of a network called a storage area network (SAN). Unless you need to connect to iSCSI devices, it is safe to disable this service. Safe setting: Manual; http://www.digitalcitizen.life/which-windows-services-are-safe-disable-when c. Screenshots: Part 1: [Deliverable Lab Step 23]: a screen shot showing the contents of the Virus Vault [Deliverable Lab Step 26] a screen capture showing the empty Virus Vault
Part 2: [Deliverable Lab Step 3] a screen capture showing the complete list of services on the Extended tab (the default view)
[Deliverable Lab Step 5] a screen capture showing the complete list of services on the Standard tab
[Deliverable Lab Step 10] a screen capture showing the updated list of services on the Extended tab Part 3: [Deliverable Lab Step 7] a screen capture showing the Enabled column for the File and Printer Sharing (Echo Request – ICMPv4-In) rule
[Deliverable Lab Step 15] a screen capture showing the new FileZilla Server rule
Lab #10: Implementing an Information Systems Security Policy a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <3/27/16> Lab Assessment Questions & Answers 1. What is the correct command syntax to force GPO settings? a. /force GPO b. gpupdate /now c. gpupdate /force (answer) d. policyupdate /force 2. Why is it important to set a strict password policy as part of your security template? A Strict password policy is the first step to implement a comprehensive security program. Weak passwords allow unauthorized access to networks and everything within such as sensitive documents, proprietary code, and accounting files stored on it. A strong policy itself is not enough. Policies should be accompanied with continuous monitoring for login success and failures in order to detect mischief on the network. An overabundance of failures from a particular user account can indicate a brute force attack. At the same time, successful accesses at odd times are suspicious especially when a staff is on vacation. 3. Why is it important to bring standalone systems into the Domain? Standalone systems must be brought into the Active Directory domain to help with good password management practices and to prevent unauthorized access to network resources. 4. What was the command line syntax to connect as the root user to 172.30.0.11 using PuTTY? putty root@172.30.0.11 -pw toor 5. Name five different Windows password policies? · Users must change passwords every 30 days · Users may not reuse any of the last 5 passwords · Passwords may be reset at any time · Password must be a minimum of 10 characters · Password must meet basic complexity · Enforce Domain Policy over Organizational Unit Policy · Users must be “locked out” for 10 minutes, after failing to log in 3 times in a row · All login successes and failures must be logged b. Challenge Question c. Screenshots: Part 1: [Deliverable Lab Step 29]: a screen shot showing the newly configured Domain password policies
[Deliverable Lab Step 36] a screen shot showing the configured Account Lockout Policies Part 3: [Deliverable Lab Step 33] screen capture that shows the whomai command results. It is showing current directory

Recommended

Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Kuldeep Padhiyar
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
NACHA Compliance
NACHA ComplianceNACHA Compliance
NACHA Compliance
EComplish
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
samrat saurabh
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
Evernym
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Bitcoin in a Nutshell
Bitcoin in a NutshellBitcoin in a Nutshell
Bitcoin in a Nutshell
Daniel Chan
 

Recommended

Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Kuldeep Padhiyar
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
NACHA Compliance
NACHA ComplianceNACHA Compliance
NACHA Compliance
EComplish
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
samrat saurabh
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
Evernym
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Bitcoin in a Nutshell
Bitcoin in a NutshellBitcoin in a Nutshell
Bitcoin in a Nutshell
Daniel Chan
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffing
guestfa1226
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
Yoram Orzach
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
From Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use Cases
From Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use CasesFrom Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use Cases
From Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use Cases
Neo4j
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
Kanika Gupta
 
Vpn
VpnVpn
Vpn
saisravanthi11
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Hyperledger fabric 20180528
Hyperledger fabric 20180528Hyperledger fabric 20180528
Hyperledger fabric 20180528
Arnaud Le Hors
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & Hospitality
Evernym
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
LakshmiSamivel
 
01 - Introduction to Hyperledger : A Blockchain Technology for Business
01 - Introduction to Hyperledger : A Blockchain Technology for Business01 - Introduction to Hyperledger : A Blockchain Technology for Business
01 - Introduction to Hyperledger : A Blockchain Technology for Business
Merlec Mpyana
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
Farah M. Altufaili
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
Torsten Lodderstedt
 
Port forward
Port forwardPort forward
Port forward
lyndyv
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Networking / Internet and Web Technologies
Networking / Internet and Web TechnologiesNetworking / Internet and Web Technologies
Networking / Internet and Web Technologies
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Video Quality Measurements
Video Quality MeasurementsVideo Quality Measurements
Video Quality Measurements
Yoss Cohen
 
Intro to Algebra II
Intro to Algebra IIIntro to Algebra II
Intro to Algebra II
teamxxlp
 

More Related Content

What's hot

Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
Kanika Gupta
 
Port forward
Port forwardPort forward
Port forward
lyndyv
 

What's hot (20)

OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffing
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
From Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use Cases
From Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use CasesFrom Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use Cases
From Queries to Algorithms to Advanced ML: 3 Pharmaceutical Graph Use Cases
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
Vpn
VpnVpn
Vpn
 
Firewall
FirewallFirewall
Firewall
 
Hyperledger fabric 20180528
Hyperledger fabric 20180528Hyperledger fabric 20180528
Hyperledger fabric 20180528
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & Hospitality
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
01 - Introduction to Hyperledger : A Blockchain Technology for Business
01 - Introduction to Hyperledger : A Blockchain Technology for Business01 - Introduction to Hyperledger : A Blockchain Technology for Business
01 - Introduction to Hyperledger : A Blockchain Technology for Business
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
Port forward
Port forwardPort forward
Port forward
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Networking / Internet and Web Technologies
Networking / Internet and Web TechnologiesNetworking / Internet and Web Technologies
Networking / Internet and Web Technologies
 

Viewers also liked

Top 10 senior administrative officer interview questions and answers
Top 10 senior administrative officer interview questions and answersTop 10 senior administrative officer interview questions and answers
Top 10 senior administrative officer interview questions and answers
annababy1245
 
Virtualization In Software Testing
Virtualization In Software TestingVirtualization In Software Testing
Virtualization In Software Testing
Colloquium
 
Digital Platform Selection Best Practices
Digital Platform Selection Best PracticesDigital Platform Selection Best Practices
Digital Platform Selection Best Practices
edynamic
 
E leave management-system
E leave management-systemE leave management-system
E leave management-system
Arti Sehgal
 
Top 10 safety engineer interview questions and answers
Top 10 safety engineer interview questions and answersTop 10 safety engineer interview questions and answers
Top 10 safety engineer interview questions and answers
TomCruise789
 

Viewers also liked (20)

Video Quality Measurements
Video Quality MeasurementsVideo Quality Measurements
Video Quality Measurements
 
Intro to Algebra II
Intro to Algebra IIIntro to Algebra II
Intro to Algebra II
 
Orbital Notation
Orbital NotationOrbital Notation
Orbital Notation
 
Top 10 senior administrative officer interview questions and answers
Top 10 senior administrative officer interview questions and answersTop 10 senior administrative officer interview questions and answers
Top 10 senior administrative officer interview questions and answers
 
Virtualization In Software Testing
Virtualization In Software TestingVirtualization In Software Testing
Virtualization In Software Testing
 
Vendor quality management
Vendor quality managementVendor quality management
Vendor quality management
 
Digital Platform Selection Best Practices
Digital Platform Selection Best PracticesDigital Platform Selection Best Practices
Digital Platform Selection Best Practices
 
Analysis of water pollution presentaion by m.nadeem ashraf
Analysis of water pollution presentaion by m.nadeem ashrafAnalysis of water pollution presentaion by m.nadeem ashraf
Analysis of water pollution presentaion by m.nadeem ashraf
 
Hands-On Lab: Let's Build an ITSM Dashboard
Hands-On Lab: Let's Build an ITSM DashboardHands-On Lab: Let's Build an ITSM Dashboard
Hands-On Lab: Let's Build an ITSM Dashboard
 
Defining Workplace Safety
Defining Workplace SafetyDefining Workplace Safety
Defining Workplace Safety
 
Str581 final exam part 1
Str581 final exam part 1Str581 final exam part 1
Str581 final exam part 1
 
Which test cases to automate
Which test cases to automateWhich test cases to automate
Which test cases to automate
 
Chem Lab Report (1)
Chem Lab Report (1)Chem Lab Report (1)
Chem Lab Report (1)
 
E leave management-system
E leave management-systemE leave management-system
E leave management-system
 
PL/SQL Unit Testing Can Be Fun!
PL/SQL Unit Testing Can Be Fun!PL/SQL Unit Testing Can Be Fun!
PL/SQL Unit Testing Can Be Fun!
 
Catalogo de Productos Nutrilite (Amway)
Catalogo de Productos Nutrilite (Amway)Catalogo de Productos Nutrilite (Amway)
Catalogo de Productos Nutrilite (Amway)
 
Telecom Roaming Overview
Telecom Roaming OverviewTelecom Roaming Overview
Telecom Roaming Overview
 
Hydraulic intensifier
Hydraulic intensifierHydraulic intensifier
Hydraulic intensifier
 
Top 10 safety engineer interview questions and answers
Top 10 safety engineer interview questions and answersTop 10 safety engineer interview questions and answers
Top 10 safety engineer interview questions and answers
 
Healthcare Revenue Cycle Management
Healthcare Revenue Cycle ManagementHealthcare Revenue Cycle Management
Healthcare Revenue Cycle Management
 

Similar to Packet capture and network traffic analysis

Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
Brianna Johnson
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
aksit_services
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
Nuuko, Inc.
 
CNS599NLEN_RiskAssessment
CNS599NLEN_RiskAssessmentCNS599NLEN_RiskAssessment
CNS599NLEN_RiskAssessment
Taishaun Owens
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
LinkedIn
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
backdoor
 

Similar to Packet capture and network traffic analysis (20)

Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Solution managment and monitoring services.docx
Solution managment and monitoring services.docxSolution managment and monitoring services.docx
Solution managment and monitoring services.docx
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
CNS599NLEN_RiskAssessment
CNS599NLEN_RiskAssessmentCNS599NLEN_RiskAssessment
CNS599NLEN_RiskAssessment
 
Cyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentCyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK Government
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
 

More from CARMEN ALCIVAR

Population Health - HEDIS - Health Plan
Population Health - HEDIS - Health PlanPopulation Health - HEDIS - Health Plan
Population Health - HEDIS - Health Plan
CARMEN ALCIVAR
 
example of sql injection
example of sql injectionexample of sql injection
example of sql injection
CARMEN ALCIVAR
 
encryption and hash algorithms
encryption and hash algorithmsencryption and hash algorithms
encryption and hash algorithms
CARMEN ALCIVAR
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
CARMEN ALCIVAR
 
Utilization Management
Utilization ManagementUtilization Management
Utilization Management
CARMEN ALCIVAR
 
HL7 decoding _Alcivar_C
HL7 decoding _Alcivar_CHL7 decoding _Alcivar_C
HL7 decoding _Alcivar_C
CARMEN ALCIVAR
 

More from CARMEN ALCIVAR (6)

Population Health - HEDIS - Health Plan
Population Health - HEDIS - Health PlanPopulation Health - HEDIS - Health Plan
Population Health - HEDIS - Health Plan
 
example of sql injection
example of sql injectionexample of sql injection
example of sql injection
 
encryption and hash algorithms
encryption and hash algorithmsencryption and hash algorithms
encryption and hash algorithms
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
 
Utilization Management
Utilization ManagementUtilization Management
Utilization Management
 
HL7 decoding _Alcivar_C
HL7 decoding _Alcivar_CHL7 decoding _Alcivar_C
HL7 decoding _Alcivar_C
 

Packet capture and network traffic analysis

  • 1. <Carmen Alcivar> NORTHEASTERN UNIVERSITY 360 Huntington Ave, Boston, MA. LAB ASSIGNMENT 10 – FOUNDATIONS OF INFORMATION ASSURANCE (IA5010)
  • 2. Contents Lab #9: Performing Packet Capture and Traffic Analysis ...............................................................2 a. Assessment Sheet........................................................................................................................2 b. Challenge Question.....................................................................................................................3 c. Screenshots: ................................................................................................................................4 Lab #10: Implementing an Information Systems Security Policy.................................................16 a. Assessment Sheet......................................................................................................................16 b. Challenge Question...................................................................................................................16 c. Screenshots: ..............................................................................................................................16
  • 3. Lab #9: Performing Packet Capture and Traffic Analysis a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <3/27/16> Lab Assessment Questions & Answers 1. What is the main difference between a virus and a Trojan? A Trojan will masquerade as a seemingly useful program while actually compromising system security and possible acting as a “back door” allowing additional hack tools and access to the system. A standard “virus” is a program that will spread from one computer to another in any variety of means, taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay undetected. Virus:Attaches to an executable file, requires human action to spread. Trojan: Appears useful but damages system, requires human action to run, do not self-replicate. http://www.webopedia.com/DidYouKnow/Internet/virus.asp 2. A virus or malware can impact which of the three tenets of information systems security (confidentiality, integrity, or availability)? In what way? Trojans and Viruses impact all three tenets of information systems security.  Confidentiality: Malware can grant unauthorized access to the compromised machine and network.  Integrity: Malware is able to steal and modify data.  Availability: Viruses and malware tend to slow performance and availability to applications and data. 3. Why is it recommended to do an antivirus signature file update before performing an antivirus scan on your computer? Given the fact that virus and malware appear almost every day, usually antivirus vendors update their profiles once or twice a week. So, in order to ensure that systems are covered by the most updated version of antivirus, these such be updated constantly, the antivirus signature should be updated before the scanning. 4. Why might your coworker suggest encrypting an archive file before e- mailing it? My co-worker’s suggestion on encrypting an archive file before emailing it so this way, if the file is captured by any hacker, they won’t be able to see the content of the file. 5. What kind of network traffic can you filter with the Windows Firewall with Advanced Security? The Advanced Security feature from the Windows Firewall can filter incoming and outgoing traffic and it can block unauthorized traffic to the local computer. Several types of profiles can be configured based on the types of connection such as if one is connected to a network at the office, or
  • 4. connected at home, or at a public location, such as the local coffee shop. Using the Advanced Security profiles, network traffic can be filtered based on Active Directory users and group, both source and destination IP addresses, port number, specific programs and services 6. What are typical indicators that your computer system is compromised? Signs of malware include degraded system performance, unusual services and network traffic, altered or removed system logs, missing or inactive anti- virus, and any number of application anomalies 7. What elements are needed in a workstation domain policy regarding use of antivirus and malicious software prevention tools? Managing system services is an important element in a given organization’s security program. Other elements include (but are not limited to) standardized configurations and settings based on organization-wide security policy definition, a layered security strategy to mitigate the threat from coming or entering into the IT infrastructure, email filtering/quarantining, frequency of anti-virus and malicious software prevention tool updates, as well as operating system and application updates to close known vulnerabilities. b. Challenge Question 1. True or false: Encrypted files cannot be inspected by an anti-virus program. Explain your answer. This is true because anti-virus software cannot open encrypted files for scanning. 2. You learned in the lab that AVG, and similar anti-virus programs, cannot scan for viruses within a zipped file. Research best practices for handling archive files in a network environment and make recommendations for ensuring integrity of the data stored on the network. Files can be scanned before being zipped. This way we can ensure those have been securely treated before compression. Also, after compression, those can be encrypted. In order to manage data stored in the network, it is necessary to identify data to be archived and to have deletion policies including data lifecycle management consideration. The archiving policy should include the criteria for archiving data and making considerations for each data type. Mechanisms of archiving should be identified, type of media to be used, duration of storage and who will have access to it. http://www.ibm.com/support/knowledgecenter/SSMLQ4_8.1.0/com.ibm.nex.opti md.install.doc/apxD_Security/opinstall-c-archive_file_security.html https://docs.oracle.com/cd/B12037_01/network.101/b10777/protnet.htm http://searchstorage.techtarget.com/feature/Data-archiving-best-practices-Policies- planning-and-products
  • 5. 3. Research Widows services. Using the screen captures you made in Part 2 of the lab, identify at least three services that could be disabled safely. Explain your choices.  Windows Time: if your computer doesn’t have access to the Internet then you don’t need to update the system time from online servers. You can safely disable this service. But if you do, then this service will keep your system time accurate. Safe setting: Manual;  Certificate Propagation: if you don’t use SmartCards (sometimes used in large organizations), it is safe to disable this service. Safe setting: Manual;  Microsoft iSCSI Initiator Service: iSCSI is an abbreviation for Internet Small Computer System Interface - an IP-based storage networking standard for linking data storage facilities. It allows client computers to access data over long distances on remote data centers, by using existing infrastructure (ex. over LAN, Internet). iSCSI devices are disks, tapes, CDs, and other storage devices on another networked computer that you can connect to. Sometimes these storage devices are part of a network called a storage area network (SAN). Unless you need to connect to iSCSI devices, it is safe to disable this service. Safe setting: Manual; http://www.digitalcitizen.life/which-windows-services-are-safe-disable-when c. Screenshots: Part 1: [Deliverable Lab Step 23]: a screen shot showing the contents of the Virus Vault [Deliverable Lab Step 26] a screen capture showing the empty Virus Vault
  • 6. Part 2: [Deliverable Lab Step 3] a screen capture showing the complete list of services on the Extended tab (the default view)
  • 7.
  • 8.
  • 9.
  • 10. [Deliverable Lab Step 5] a screen capture showing the complete list of services on the Standard tab
  • 11.
  • 12.
  • 13.
  • 14.
  • 15. [Deliverable Lab Step 10] a screen capture showing the updated list of services on the Extended tab Part 3: [Deliverable Lab Step 7] a screen capture showing the Enabled column for the File and Printer Sharing (Echo Request – ICMPv4-In) rule
  • 16. [Deliverable Lab Step 15] a screen capture showing the new FileZilla Server rule
  • 17. Lab #10: Implementing an Information Systems Security Policy a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <3/27/16> Lab Assessment Questions & Answers 1. What is the correct command syntax to force GPO settings? a. /force GPO b. gpupdate /now c. gpupdate /force (answer) d. policyupdate /force 2. Why is it important to set a strict password policy as part of your security template? A Strict password policy is the first step to implement a comprehensive security program. Weak passwords allow unauthorized access to networks and everything within such as sensitive documents, proprietary code, and accounting files stored on it. A strong policy itself is not enough. Policies should be accompanied with continuous monitoring for login success and failures in order to detect mischief on the network. An overabundance of failures from a particular user account can indicate a brute force attack. At the same time, successful accesses at odd times are suspicious especially when a staff is on vacation. 3. Why is it important to bring standalone systems into the Domain? Standalone systems must be brought into the Active Directory domain to help with good password management practices and to prevent unauthorized access to network resources. 4. What was the command line syntax to connect as the root user to 172.30.0.11 using PuTTY? putty root@172.30.0.11 -pw toor 5. Name five different Windows password policies? · Users must change passwords every 30 days · Users may not reuse any of the last 5 passwords · Passwords may be reset at any time · Password must be a minimum of 10 characters · Password must meet basic complexity · Enforce Domain Policy over Organizational Unit Policy · Users must be “locked out” for 10 minutes, after failing to log in 3 times in a row · All login successes and failures must be logged b. Challenge Question c. Screenshots: Part 1: [Deliverable Lab Step 29]: a screen shot showing the newly configured Domain password policies
  • 18. [Deliverable Lab Step 36] a screen shot showing the configured Account Lockout Policies Part 3: [Deliverable Lab Step 33] screen capture that shows the whomai command results. It is showing current directory