Homework answers / question archive / introduction (Brief discussion on the scenario, your company, and your role) – 2 Marks Asset identification (one of the assets is, Radar network) - 2 Marks Threat assessment and modelling (provide a diagram with detailed discussion on each threat you have identified) – 4 Marks Risk assessment (risk should be assessed based on the criticality of the assets and threat intelligence, you can use one of the Framework i

introduction (Brief discussion on the scenario, your company, and your role) – 2 Marks Asset identification (one of the assets is, Radar network) - 2 Marks Threat assessment and modelling (provide a diagram with detailed discussion on each threat you have identified) – 4 Marks Risk assessment (risk should be assessed based on the criticality of the assets and threat intelligence, you can use one of the Framework i

Statistics

Share With

---

introduction (Brief discussion on the scenario, your company, and your role) – 2 Marks

1. Asset identification (one of the assets is, Radar network) - 2 Marks
2. Threat assessment and modelling (provide a diagram with detailed discussion on each threat you have identified) – 4 Marks
3. Risk assessment (risk should be assessed based on the criticality of the assets and threat intelligence, you can use one of the Framework i.e. NIST), while assessing risks you should do some research to get some historical attack data – 4 Marks

 

2. Statistical analysis for situational awareness

1. Briefly discuss PCAP file properties – 1 mark
2. Protocol hierarchy  - 1 Mark
3. Find Internal and external nodes – 1 mark
4. Write a script using tshark combined with any other utilities that can be found in the lab’s VMs (grep, ls, cut, sed etc) that performs the following functions:

1) Creates the following lists and adds them to files called IPA and IPB,

I.  A list of the IP addresses of the computers outside the 192.168.1.0/24 range which interacted with the server at 192.168.1.200. (file IPA) – 3 Marks

ii.  A list of the IP addresses of the computers outside the 192.168.1.0/24 range which sent a SYN packet to the 192.168.1.200 server to any port excluding the following ports (file IPB): - 80 for those students with a student number ending with an ODD number (1,3,5,7,9). 8081 for those students with a student number ending with an EVEN number (2,4,6,8,0). - 3 Marks

The files should contain nothing but the IP addresses you found.

3. Activity narrative, attack identification and technical explanation

1. Identify at least one attack using Wireshark extra marks are available (maximum 4 marks) for detecting more than one attack. – 4 Marks
2. Discuss the attack in detail, why you think its attack, how it was initiated, what activity it had performed, what were the potential consequences etc. – 5 Marks
3. Extract one .exe file from the PCAP using Wireshark and analyse using one of the online tools and discuss the results. 2 Marks
4. Create a colouring rule for Wireshark to identify null and one for fin scan. 2 marks 
5. Using Tshark or wireshark, create a script that searches inside the title or the content of the dumped files of the http traffic for the word:– 4 Marks

•  “root” or “admin” for those students with a student number ending with an EVEN number (2,4,6,8,0)
• “password” or “passwd” for those students with a student number ending with an ODD number (1,3,5,7,9)

Then create a file called “suspectfiles” that lists the names of the files found – 2 Marks

6. Discuss the results for any suspicious activity. – 2 Marks

4. Attack mitigation

1. Provide an attack mitigation plan for the attacks that you have found in the earlier section. Use references, discuss the mitigation method standard and guidelines. – 6 Marks

Create the following set of defensive measures:

2. Disable the networking interface and display a message to the user that it has been done. – 2 Marks
3. Add the IP address from the IPB file you created earlier to the appropriate file so that it cannot contact your host after having created a backup of the file and display a message showing the location of the backup file. 2 Marks
4. Prompt the user with the following prompt to re-enable the networking interface and restore the backup of the file. 3 Marks

“Would you like to restore the system to its initial condition? Y/N”

Make sure that only Y/y or N/n are accepted.

5. Conclusion

Write a brief conclusion.

6. References
7. Appendix