7025CEM Intrusion Detection and Response

    Need Solution - Download from here



    7025CEM Assignment Help

    Intrusion Detection and Response Assignment help

    Module Learning Outcomes Assessed:
    1. Critical awareness of the legal, ethical and professional issues involved in incident response investigation.
    2. Evaluate and apply appropriate technological solutions and processes in the detection, management and
    investigation of information and system security incidents.
    3. Critically evaluate and apply digital forensic methodology to cyber security incidents and commercial
    investigation; establish an audit trail, documenting a digital investigation from a legal and professional
    perspective.
    4. Ensure all actions undertaken are Association of Chief Police Officers (ACPO) Principles of
    Digital Evidence compliant.

    Instructions
    Coursework Motivation
    This coursework is designed to assess your research and analytical abilities. Often, in the course of your
    career, you will find that you are faced with new technologies and concepts. Such situations will require
    you to conduct research and investigation to evaluate new tools and techniques. This requires a degree
    of independence of thought, and building confidence in new approaches based on technical design.
    Your analytical abilities will be called into question almost daily and you will often be faced with
    challenges under economic, social, legal and ethical constraints.

    Writing Guidance
    This coursework requires you to answer ALL questions. The questions should be answered in the given
    order in a single report. You do not need to provide an abstract.

    This document is for Coventry University students for their own use in completing their
    assessed work for this module and should not be passed to third parties or posted on any
    website. Any infringements of this rule should be reported to
    facultyregistry.eec@coventry.ac.uk.

    Be clear and precise with the use of terminology. So, for example, terms such as data, traffic, packets,
    messages and information are often used interchangeably. Note that these are different terms and
    convey different meaning in different contexts.

    It is highly recommended that you read the questions carefully before answering. Illustrations are
    encouraged, but should be clearly labelled and relevant to use. Otherwise it may not help clarity and
    cause confusion.

    Client Network
    The network, shown in Figure 1, represents a client network that you are called to handle. Your role, as
    a network security evaluation specialist, is to help the client design and build an effective evaluation
    and monitoring solution. Your client has specific requirements that need to be met and expects you to
    address some of the technical and legal challenges involved. The client owns all the data created,
    processed, stored and communicated on the networked systems, some of which is sensitive.
    The network is designed such that various services are spread out on server farms. The three server
    farms host server nodes vie respective gateway nodes numbered 3,4 and 5. Gateway nodes 8-13
    connect to client nodes (several hundred) distributed across subnets.

    The nature of service traffic is a combination of web services (for external customer enquiries and
    ecommerce), and various application services for use within the organisation. Some of the services
    need to be accessible from the outside world.

    The nodes are diverse in their configuration and with different levels of access to services and the
    outside world (internet) which is accessible by gateway node 0. Nodes 1, 2, 6 and 7 serve for the
    purpose of intermediary routing within the network. Nodes 14 and 15 are a series of APs providing
    WiFi networking to the offices.

    This document is for Coventry University students for their own use in completing their
    assessed work for this module and should not be passed to third parties or posted on any
    website. Any infringements of this rule should be reported to
    facultyregistry.eec@coventry.ac.uk.

    The client is involved in innovation and product development within the defence and security sector
    serving clients ranging from government departments, multinational firms and foreign agencies. The
    nature of activity lends itself to sabotage and intellectual property theft. The collaborative nature of
    the organisation also means that it hosts development teams from other partners from a variety of
    countries.

    Your role has specific deliverables and you are asked to prioritise the activities (set out in the
    questions) detailed below. You have a few weeks to present a report to the technical leadership of
    the client on these matters.

    For the sake of consistency, in your answers, specific locations should be referred to by the labels
    used above. It would be wise to label and help clarify particular locations that you refer to including
    particular interfaces on the firewall, routers (as there are multiple), links between routers and
    switches and so on.

    If you need to make any assumptions in addition to the brief given above, (e.g. any particular security
    software or hardware already deployed on the network, or what services are running on a particular
    subnet), you should clearly specify these in a section called ‘Assumptions’ at the beginning of your
    report. The assumptions section does not count toward the word limit.

    Assignment
    Question 1: Detecting reconnaissance (25 Marks, 1000 words)
    The client is particularly vulnerable to insider attacks including sabotage (disruption and destruction)
    and espionage (stealing sensitive information). To detect any such attacks, it is important that the
    client has effective measures in place.

    You are asked to evaluate the level of exposure for servers from insiders. Of particular interest here is
    network reconnaissance (scanning and enumeration) activity that originates internally.

     Briefly explain how potential intruders (insider of the network) can collect and use
    reconnaissance data for malicious purposes?

     Describe what data would you prefer to collect and at what points on the network? You are
    expected to adopt a systematic approach where you justify why are you collecting the various
    types of data and where?

     To support the above activity, what tools would you use and what type of activity would you
    configure to detect? Your answer is expected to prescribe tools that the client may wish to
    use and adopt in the future. Your client would appreciate suggestions for configuration of
    such tools to assist in efficient collection, logging and analysis of data collected.

     This is a high volume network and parts of it get very busy at peak times. Any activity of
    collecting traffic from the network would be a challenge. In the context of above activity,
    discuss relevant strategies to help overcome the problem of scale.

    Question 2: Session Data collection (15 Mark, 500 words)

    This document is for Coventry University students for their own use in completing their
    assessed work for this module and should not be passed to third parties or posted on any
    website. Any infringements of this rule should be reported to
    facultyregistry.eec@coventry.ac.uk.

    By |2023-01-17T08:44:21+00:00January 17th, 2023|Categories: Information Technology, IT Management|Tags: |0 Comments

    Leave A Comment