Cyber defence

profilezetnetalu
Week7CyberDefenceandCountermeasures.zip
Home>Computer Science homework help>Cyber defence

Week 7 Cyber Defence and Countermeasures/cf_anchor_hosp_scenario.docx

CU_Horiz_RGB

CU_Horiz_RGB IT4070

Anchor Hospital Scenario

You are a network specialist hired by Anchor Hospital to address network infrastructure vulnerabilities. Your initial work is broad and expected to encompass the following:

Understanding the network.

Firewalls.

Physical security.

Cloud solutions.

Intrusion detection.

VPN solutions.

Incident response and countermeasures.

Policy and regulatory issues.

Network exposure assessment and control.

Company Information

Anchor Hospital is a small independent care facility in a stand-alone building that houses its IT staff and assets in the basement. The IT infrastructure and staff of six serve 1,200 employees and other users.

Physical Security

The hospital is on a 10-acre campus in an urban neighborhood. Its IT-related physical security consists of:

A contracted security firm, which supplies two 24/7 guards: one of whom conducts hourly foot patrols, and the second who monitors cameras and performs additional security-related functions.

High-definition cameras that record continuously, located at all points of building entry and sensitive access points including the server room.

Three locked data-center doors requiring key card access that records all traffic. All staff have access cards for their respective departments; only IT staff, janitors, and upper management have access to the IT facility.

IT Overview

Network

Hospital connected to the Internet.

Network segmented into virtual LANs for medical data, IT, and finance user groups.

Hardware

Windows 2008 domain servers: email, file/print, data servers.

Routers connect switches to VLANs.

Switches connect desktops and servers to network.

Web server located in the DMZ.

100 antimalware-protected Windows XP workstations with Internet access.

Wireless access point.

Software

Windows firewall on a workstation at the edge of the network.

SNORT intrusion detection system (IDS), located in front of the Windows firewall.

MS Office installed on workstations.

Enterprise-level proprietary medical software.

Oracle Enterprise Resource Planning (ERP) software.

2017 version of free AVG Antivirus.

1

2

Week 7 Cyber Defence and Countermeasures/cf_lab_template.docx

CU_Horiz_RGB

CU_Horiz_RGB Remove or Replace: Header Is Not Doc Title

Lab Template

Learner Name:

Lab Screenshots and Narrative

Insert and title all lab screenshots in the order they were taken. Briefly describe what you learned or observed in the lab below each screenshot. Be specific.

[Screenshot section, Step #]

[Screenshot section, Step #]

[Screenshot section, Step #]

[Screenshot section, Step #]

[Add as necessary]

1

2

Week 7 Cyber Defence and Countermeasures/cf_sec_inc_template.docx

CU_Horiz_RGB

CU_Horiz_RGB Remove or Replace: Header Is Not Doc Title

Anchor Hospital Security Incident Report

Incident Report #: IT4070-A.

Incident Reported Date:

Incident Reported Time: 12:00 AM EST

Technician Assigned: [Your Name]

Incident Details

Incident Location:

Attack Type: Denial of service

Internal Systems Likely Affected:

Containment Steps Taken: [Include all steps you would take.]

Countermeasures Deployed:

Recommended Noncountermeasure Control to Mitigate Future Attacks:

1

2

Week 7 Cyber Defence and Countermeasures/Cyber Defence- Week 7.docx

Discussion – 1 page

Countermeasures

Countermeasures generally include activities that can prevent incidents from recurring. Some in the security community would include counterattack among the countermeasures available to an incident response team.

Discuss the following:

· Activities that constitute countermeasures.

· Potential advantages of engaging in countermeasures.

· Potential challenges to engaging in countermeasures.

· Legal implications of engaging and aggressive counterattack as a countermeasure.

Assignment –

Incident Response and Report

Overview

In this assignment you write an incident response report—a critical skill in IT security.

Scenario

Imagine that you are on duty as a first responder in the Anchor Hospital IT department. You receive complaints that users cannot send or receive email. Your initial investigation reveals that your network has been compromised by a denial of service attack (DoS). It is your job to identify systems that could be impacted, contain the attack, deploy immediate countermeasures, complete an incident response report (note you fill out the report as if you had actually taken the steps you are advocating), and recommend measures to prevent recurrence.

Instructions

· Populate the Lab Template (linked in Resources) with your screenshots and describe briefly but specifically what you learned from or observed in the lab.

· Use the Incident Response Report Template (linked in Resources) to document your actions in the wake of the incident described above. By completing it you address the following assignment criteria:

. Identify systems that are likely to be affected by a DoS attack.

. Describe appropriate steps to contain the DoS attack.

. Identify two countermeasures and detail why they are appropriate. 

. Describe a noncountermeasure control that is effective for mitigating similar future attacks.

· Submit the completed Lab and Incident Response Report Templates.