Threat Analysis and Exploitation
Project 1
| Student Name: | |||
| Date: | |||
| Project 1: Requires the Following THREE Deliverables | Grade | ||
| 1. Security Assessment Report (including relevant findings from Lab) | |||
| 2. Non-Technical Presentation Slides | |||
| 3. Lab Experience Report with Screenshots | |||
| GENERAL OBJECTIVES | Project 1 - Evaluation Criteria | ||
| 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. | |||
| 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. | |||
| 5.4: Identify potential threats to operating systems and the security features necessary to guard against them | |||
| Areas to Improve | |||
| 1. Security Assessment Report | |||
| Discuss all topics below. Consider using the topic headers ( in green) as subheaders to organize your report. | |||
| Purpose and Scope | |||
| Section Objective | To be able to succintly summarize (e.g. to your organization) the reason for performing this security assesment | ||
| Based on your scenario (i.e. hypothetical or real), briefly explain why is there a need for a security assessment in your organization (purpose) and explain which components will be assessed (scope) | |||
| OS Overview | |||
| Section Objective | To be able to explain main concepts of an operating system | ||
| Checklist | In your SAR, provide the leadership of your organization a brief explanation of operating systems (OS) fundamentals and information systems architectures. Include the following: | ||
| 1. Explain the user's role in an OS. | |||
| 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. | |||
| 3. Describe the embedded OS. | |||
| 4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture. | |||
| OS Vulnerabilities | |||
| Section Objective | To be able to discuss/describe OS vulnerabilities | ||
| Checklist | Provide the leadership of your organization with an overview of OS vulnerabilities to include the following: | ||
| 1. Explain Windows vulnerabilities and Linux vulnerabilities. | |||
| 2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. | |||
| 3. Explain the motives and methods for intrusion of MS and Linux operating systems. | |||
| 4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems. | |||
| 5. Describe how and why different corporate and government systems are targets. | |||
| 6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections | |||
| Preparing for the Vulnerability Scan | |||
| Section Objective | To be able to explain the objectives of a vulnerability scan | ||
| Checklist | Provide the leadership of your organization with the following: | ||
| 1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. | |||
| 2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. | |||
| 3. Include a description of the applicable tools to be used, limitations, and analysis. | |||
| 4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS. | |||
| 5. In your report, also discuss: | |||
| the strength of passwords | |||
| any Internet Information Sevices' administrative vulnerabilities | |||
| SQL server administrative vulnerabilities, | |||
| security updates and management of patches as they relate to OS vulnerabilities | |||
| Vulnerability Assessment Tools for OS and Applications (Lab) | |||
| Section Objective | To be able to interpret and integrate the lab results in this SAR | ||
| Checklist | Use the vulnerability scanning tool to complete/determine the following for Window OS: | ||
| 1. Determine if Windows administrative vulnerabilities are present. | |||
| 2. Determine if weak passwords are being used on Windows accounts. | |||
| 3. Report which security updates are required on each individual system. | |||
| 4.The tool provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. | |||
| 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as OpenVAS will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. | |||
| For the Linux OS: | |||
| 1. Determine if Linux vulnerabilities are present. | |||
| 2. Determine if weak passwords are being used on Linux systems. | |||
| 3. Determine which security updates are required for the Linux systems. | |||
| 4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. | |||
| 5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment | |||
| Findings and Recommendations * | |||
| Section Objective | To be able to clearly state your findings and propose mitigation | ||
| Checklist | 1.Include a section where the findings (i.e. your lab findings) and your recommendations are enumerated. This is an important section of your report, since your feedback/report will help the leadership of your organization allocate the necessary resources to ensure the risks you identified will be mitigated. Each finding should have a corresponding recommendation. E.g. Finding 1. It was found that …. Recommendation 1. It is recommended that …. Finding 2.... Recommendation 2...... | ||
| 2. Include a brief risk assessment associated with the security recommendations to propose ways to address the risk either by accepting it, transferring it, mitigating it, or eliminating it. Explain your answer. | |||
| Security Assessment Report Overall Feedback | |||
| Strenghts | |||
| Opportunities | |||
| 2. Presentation Slides (narration not required) | |||
| Section Objective | To be able to, at a high-level, present/summarize the SAR to a leadership audience | ||
| Checklist | Design a presentation directed to the leadership of your organization (technical and non-technical audience) that includes: | ||
| 1. Title Slide | |||
| 2. Use of Readable Fonts and Color | |||
| 3. Summarized SAR | |||
| 4. Summary of Findings and Recommendations at High Level | |||
| Presentation Slides Overall Feedback | |||
| Strenghts | |||
| Opportunities | |||
| 3. Lab Experience Report | |||
| Section Objective | To demonstrate to your professor that you performed and understood the lab for this project | ||
| Checklist | Your lab report should include: | ||
| 1. Summary of lab experience | |||
| 2. Vulnerabilities identified and explained for both Windows and Linux systems | |||
| 3. Provide screenshots of key results for both systems | |||
| 4. Ensure a summary of your results is included in your SAR | |||
| 5. Capture the timestamp when lab was performed | |||
| 6. Ensure the screenprints are readable | |||
| 7. Answer lab questions (when applicable) and integrate results in your SAR and Presentation | |||
| Lab Experience Report Feedback | |||
| Strenghts | |||
| Opportunities | |||
| * Findings and recommendations are the most important information of this type of report. Your audience needs to clearly understand the security issues you found and the mitigation steps (that you recommend) that need to be taken in order to secure (ultimately) the organization's information. | |||
Project 2
| Student Name: | ||
| Date: | ||
| Project 2: Requires the Following THREE Deliverables | Grade | |
| 1. Security Assessment Report (including relevant findings from Lab) | ||
| 2. Risk Assessment Report (compile findings from Project 1 & Project 2) | ||
| 3. Lab Experience Report with Screenshots | ||
| GENERAL OBJECTIVES | Project 2 - Evaluation Criteria | |
| 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. | ||
| 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. | ||
| 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas. | ||
| 1.4: Tailor communications to the audience. | ||
| 1.5: Use sentence structure appropriate to the task, message and audience. | ||
| 1.6: Follow conventions of Standard Written English. | ||
| 5.2: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. | ||
| 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology. | ||
| 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. | ||
| 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. | ||
| 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately. | ||
| Areas to Improve | ||
| 1. Security Assessment Report | ||
| Discuss all topics below. Consider using the topic headers as subheaders to organize your report. | ||
| Purpose and Scope | ||
| OBJECTIVE | To be able to succintly summarize (e.g. to your organization) the reason for performing this security assesment | |
| Based on your scenario (i.e. hypothetical or real), briefly explain why is there a need for this security assessment in your organization (purpose) and explain which components will be assessed (scope). | ||
| Enterprise Network Diagram | ||
| OBJECTIVE | To be able to explain a basic network and its main components | |
| Propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. Discuss the security benefits of your chosen network design. | ||
| Threats & Threat Identification | ||
| OBJECTIVE | To be able to discuss security threats in the context of networks and access control | |
| 1. Identify the potential hacking actors of threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. | ||
| Firewalls and Encryption | ||
| 1. Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. | ||
| 2. Determine the role of firewalls, encryption, and auditing | ||
| 3. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. | ||
| Databases | ||
| 1. RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. | ||
| 2. Discuss the value of using access control, database transaction and firewall log files. | ||
| Passwords | ||
| 1. Provide an analysis of the strength of passwords used by the employees in your organization. | ||
| 2. Are weak passwords a security issue for your organization? | ||
| OPM Case Study | ||
| OBJECTIVE | To be able to explain the OPM breach and discuss lessons learned | |
| 1. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach. | ||
| 2. Differentiate between the external threats to the system and the insider threats. | ||
| 3. Identify where these threats can occur in the previously created diagrams. | ||
| 4. Review the OIG report on the OPM breach (i.e. a historical fact). Use it to justify the need for a security assessment in order to avoid, in your organization, similar situations. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? | ||
| Findings and Recommendations * | ||
| OBJECTIVE | To be able to clearly state your findings and propose mitigation | |
| 1.Include a section where the findings (i.e. your lab findings) and your recommendations are enumerated. This is an important section of your report, since your feedback/report will help the leadership of your organization allocate the necessary resources to ensure the risks you identified will be mitigated. Each finding should have a corresponding recommendation. E.g. Finding 1. It was found that …. Recommendation 1. It is recommended that …. Finding 2.... Recommendation 2...... | ||
| Security Assessment Report Overall Feedback | ||
| Strenghts | ||
| Opportunities | ||
| 2. Risk Assessment Report | ||
| Risk and Remediation | ||
| OBJECTIVE | To be able to explain risk and risk mitigation | |
| 1.What is risk and what is remediation? | ||
| 2. Summarize all the vulnerabilities found in Project 1 and Project 2. List them (e.g. table format) and include: description of each, likelyhood of each event occurring, impact to your organization (e.g. H, M, L), remediation, cost/benefit analysis of remediation for your organization | ||
| 3. Make sure your RAR includes a compilation of all vulnerabilities/threats identified in the labs for Project 1 and Project 2 (i.e. all OS-related and Network-related vulnerabilities) . | ||
| 4. Devise a high-level plan of action with intermin milestones (POAM) | ||
| Risk Assessment Report Feedback | ||
| Strenghts | ||
| Opportunities | ||
| 3. Lab Experience Report | ||
| Lab | ||
| OBJECTIVE | To demonstrate to your professor that you performed and understood the tools for this project | |
| Your report should include: | ||
| 1. Respond to lab questions associated with each Wireshark file provided | ||
| 2. Respond to Nmap questions associated to both target machines | ||
| 3. Answer questions related to OS Fingerprinting | ||
| 4. Include experience associated to multiple host and network scanning | ||
| 5. Provide screenshots of key results associated with items listed above | ||
| 6. Ensure a summary of your results is included in your SAR. Add these findings to the RAR analysis. | ||
| Lab Experience Report Feedback | ||
| Strenghts | ||
| Opportunities | ||
| * Findings and recommendations are the most important information of this type of report. Your audience needs to clearly understand the security issues you found and the mitigation steps (that you recommend) that need to be taken in order to secure (ultimately) the organization's information. | ||
Project 3
| Student Name: | ||
| Date: | ||
| Project 3: Requires the Following FOUR Deliverables | Grade | |
| 1. Team Forming and Completion of Charter | . | |
| 2. Security Assessment Report | ||
| 3. After Action Report | ||
| 4. Presentation Slides (With Narration or In Class Presentation) | ||
| Project Objectives | Project 3 - Evaluation Criteria | |
| 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. | ||
| 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. | ||
| 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments. | ||
| 4.3: Contribute to team projects, assignments, or organizational goals as an engaged member of a team. | ||
| 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis | ||
| Areas to improve | ||
| 1. Team Forming and Completion of Charter | ||
| Upload completed Charter to Team Locker in Classroom & email it to your professor | ||
| 2. Security Assessment Report | ||
| Listen closely to the scenario presented for Project 3 | ||
| Financial Sector | ||
| Role: A representative from the financial services sector, who has discovered the network breach and the cyber attacks. These attacks include distributed denial-of-service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation-state actor. | ||
| Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector. | ||
| Provide submissions from the Information Sharing Analysis Councils related to the financial sector. | ||
| Law Enforcement | ||
| Role: A representative from law enforcement, who has provided additional evidence of network attacks found using network defense tools | ||
| Provide a description of the impact the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector. | ||
| The Intelligence Community | ||
| Role: A representative from the intelligence agency, who has identified the nation-state actor from numerous public and government-provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation-state actor | ||
| Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also include the social engineering methods used by the nation-state actor and their reasons for attacking US critical infrastructure. | ||
| Homeland Security | ||
| Role: A representative from the Department of Homeland Security, who will provide the risk, response, and recovery actions taken as a result of this cyber threat | ||
| Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers. | ||
| Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack. | ||
| Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector. | ||
| Security Assessment Report Feedback | ||
| Strenghts | ||
| Opportunities | ||
| 3. After Action Report | ||
| The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident. | ||
| Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. | ||
| Also discuss the value of using access control, database transaction and firewall log files. | ||
| Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. | ||
| After Action Report Feedback | ||
| Strenghts | ||
| Opportunities | ||
| 4. Presentation (Complete Set of Team Slides and Voice Narration) | ||
| Title Slide | ||
| Use of Readable Fonts and Color | ||
| Summarize SAR and AAR for non-technical audience | ||
| Summarizes Findings and Recommendations at High Level | ||
| Slide Narration or In Class Presentation (5-6 minutes or a portion of report) | ||
| Presentation Slides Feedback | ||
| Strenghts | ||
| Opportunities |
Project 4
| Student Name: | ||
| Date: | ||
| This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission | ||
| Project 4: Requires the Following TWO Deliverables | Grade | |
| 1. Paper | ||
| 2. Lab Experience Report with Screenshots | ||
| Project Objectives | Project 4 - Evaluation Criteria | |
| 1.5: Use sentence structure appropriate to the task, message and audience. | ||
| 1.6: Follow conventions of Standard Written English. | ||
| 1.7: Create neat and professional looking documents appropriate for the project or presentation. | ||
| 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. | ||
| 2.2: Locate and access sufficient information to investigate the issue or problem. | ||
| 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. | ||
| 2.4: Consider and analyze information in context to the issue or problem. | ||
| 3.2: Employ mathematical or statistical operations and data analysis techniques to arrive at a correct or optimal solution. | ||
| 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to-point encryption, and smart cards | ||
| Areas to improve | ||
| 1. Paper | ||
| IT Systems Architecture | ||
| 1. Provide an introductory statement | ||
| 2. In tabular format, provide a Network Security and Vulnerability Threat Table following guidance in Project 4 -> STEP 1 | ||
| 3.Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely: | ||
| LAN security | ||
| Identity management | ||
| physical security | ||
| personal security | ||
| availability | ||
| privacy | ||
| 3. List the security defenses you employ in your organization to mitigate these types of attacks. | ||
| Plan of Protection | ||
| Learn more about the transmission of files that do not seem suspicious but that actually have embedded malicious payload, undetectable to human hearing or vision. This type of threat can enter your organization’s networks and databases undetected through the use of steganography or data hiding. You should include this type of threat vector to an organization in your report to leadership. | ||
| Provide the leadership of your organization with your plan for protecting identity, access, authorization and nonrepudiation of information transmission, storage, and usage | ||
| Data Hiding Technologies | ||
| Describe to your organization the various cryptographic means of protecting its assets.Provide an overview of each of the following. | ||
| Encryption Technologies | ||
| 1. Shift / Caesar cipher | ||
| 2. Polyalphabetic cipher | ||
| 3. One time pad cipher/Vernam cipher/perfect cipher | ||
| 4. Block ciphers | ||
| 5. triple DES | ||
| 6. RSA | ||
| 7. Advanced Encryption Standard (AES) | ||
| 8. Symmetric encryption | ||
| 9. Text block coding | ||
| Data Hiding Technologies | ||
| 1. Information hiding and steganography | ||
| 2. Digital watermarking | ||
| 3. Masks and filtering | ||
| Network Security Vulnerability | ||
| Discuss the following: | ||
| 1. Security architecture of the organization | ||
| 2. the cryptographic means of protecting the assets of the organization | ||
| 3. the types of known attacks against those types of protections | ||
| 4. means to ward off the attacks | ||
| Access Control Based on Smart Card | ||
| Describe how identity management would be a part of your overall security program and create your CAC deployment plan | ||
| Email Security Strategies | ||
| 1. Provide an overview of the types of public-private key pairing, and show how this provides authentication and nonrepudiation. You will also add hashing and describe how this added security benefit ensures the integrity of messaging. | ||
| 2. Briefly describe: PGP, GPG, PKI, digital sig, mobile dev encryption | ||
| 3. Make recommendation for a deployment plan | ||
| Paper Feedback | ||
| Strenghts | ||
| Opportunities | ||
| 2. Lab Experience Report | ||
| 1. Summarize the Lab Experience and Findings | ||
| 2. Responds to the Questions: | ||
| Stego: Compare the file properties of each of the pictures and notice the differences. Explain. | ||
| Encryption/Decryption: Discuss tools and include findings | ||
| 3. Provides Screenshots of Key Results for: | ||
| Stegonography: OpenStego, QuickStego, OurSecret, | ||
| Encryption/Decryption: Bitlocker, AxCrypt, GPG | ||
| Lab Experience Report Feedback | ||
| Strenghts | ||
| Opportunities |
Project 5
| Student Name: | ||
| Date: | ||
| This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission | ||
| GENERAL OBJECTIVES | Project 5- Evaluation Criteria | |
| 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. | ||
| 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response. | ||
| 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement. | ||
| Project 5: Requires the Following TWO Pieces | Grades | |
| 1. Research Paper | ||
| 2. Lab Experience Report with Screenshots | ||
| Areas to Improve | ||
| 1. Research Paper | ||
| Abstract | ||
| Section Objective | To learn to write a research paper abstract | |
| Introduction | ||
| Section Objective | To Introduce a research topic | |
| Digital Forensics Methodology | ||
| Section Objective | To describe/explain the digital forensic methodology | |
| 1. Preparation | ||
| 2. Extraction | ||
| 3. Identification | ||
| 4. Analysis | ||
| Tools and Techniques | ||
| Section Objective | Beyond the methodology, discuss/explain main concepts of digital forensics | |
| 1. Discuss the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase) | ||
| 2. Explain hashing in the context of digital forensics | ||
| 3. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in a court of law? | ||
| Conclusion | ||
| Section Objective | Summarize paper and provide concluding remarks | |
| Paper Feedback | ||
| Strenghts | ||
| Opportunities | ||
| 2. Lab Experience Report | ||
| Summarize the Lab Experience and Findings | ||
| Provides Screenshots of Key Results. Include screen shot of the Image Summary. Use your own name as the 'Examiner' | ||
| Lab Experience Report Feedback | ||
| Strenghts | ||
| Opportunities | ||