This course is an overview of information assurance and security topics for network administrators who must implement securit
This course is an overview of information assurance and security topics for network administrators who must implement security strategies to protect their organization from exposure to the Internet; network designers also create security-conscious designs. Learners identify and apply strategies to guard against hackers and forms of viruses, use firewalls and gateways, and build authentication skills and encryption techniques. Learners identify methods for attacking a network system and validate defenses against them.
This course introduces information security assurance concepts and practices appropriate for beginning IT professionals whose job it is to implement security strategies that protect organizations from exposure to system threats and vulnerabilities.
Topics explore ways for IT professionals to incorporate security-conscious designs for various aspects of organizational security. Labs require you to employ strategies designed to guard against hackers and viruses, affording the opportunity for hands-on exploration of access control, authentication and encryption techniques, common methods for attacking a network system, and related topics.
Overview
Assessment 6
Principio del formulario
Final del formulario
Performing Packet Capture and Traffic Analysis
Overview
There are times when the inexplicable happens and as an administrator you are not sure what is happening. When these situations arise, it is valuable to have tools, such as packet capture and analysis tools, at your disposal so that you can conduct an efficient analysis. These types of tools can also come at a cost due to the type of data, potentially confidential data, that is captured. Additionally, monitoring and access approvals are key components to ensure data capture activities occur in a compliant manner.
In this assessment you complete and submit screen captures from the Performing Packet Capture and Traffic Analysis lab and write policies for Monitoring and Access Request Approvals.
Preparation
Do the following using items found in the Resources:
· Download the Assessment X Template. Use this Word template for assessment submission.
· Open the Performing Packet Capture and Traffic Analysis lab, available in this unit, and read the introduction.
· Review the Course Security Scenario document found in the Resources for context when writing your security policies in Part 2.
Kaltura
For Part 2 of this assessment, you may choose to create your presentation using Kaltura. To learn how to use Kaltura, refer to the Using Kaltura tutorial linked in the Resources.
Note: If you require the use of assistive technology or alternative communication methods to participate in these activities, please contact Disability Services to request accommodations.
Instructions
Part 1 – Complete All of Sections 1 and 2 of the Performing Packet Capture and Traffic Analysis Lab
Note: not all sections mentioned in the lab's directions are required for this assessment.
Do the following:
1. Complete "Section 1: Hands-on Demonstration" and submit the following screenshots:
. Part 1 Step 43, 53.
. Part 2 Step 18.
. Part 3 Step 11.
· Complete "Section 2: Applied Learning" and submit the following screenshots:
. Part 1 Step 23, 30.
. Part 2 Step 18.
. Part 3 Step 5.
· Based on the data collected in the lab, compare and contrast the uses of NetWitness Investigator and Wireshark. Include a discussion of the value of the data collected for each.
Part 2 – Security Planning: Monitoring and Access Request Approvals Presentation.
Write the following using information found in the Course Security Scenario as context.
1. Monitoring (1 page).
2. Monitoring (1–2 pages).
Create a 10–15 minute presentation (using a common presentation software of your choice) that describes Monitoring and Access Request Approvals policies that you would recommend to stakeholders interested in organizational security for the company described in the Course Security Scenario. Your presentation must include audio narration with supporting visual depictions.
Consider the following scoring guide criteria as you complete your assessment:
· Provide required screenshots that document lab completion.
· Create a monitoring policy that is appropriate for the Course Security scenario.
· Create an access request approvals policy that is appropriate for the Course Security scenario.
· Compare and contrast the uses of NetWitness Investigator and Wireshark and the value of the data collected.
· Create a presentation that accurately communicates a security plan to stakeholders.
Additional Instructions
Place your written work and all screenshots from Part 1 (make sure to include the step number associated with each screenshot) in the Assessment X Template. Submit a zip file containing both the Assessment X Template and the Part 2 presentation file.
,
Overview
OVERVIEW
Complete and submit screen captures from the Performing Packet Capture and Traffic Analysis lab and write policies for Monitoring and Access Request Approvals.
By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and assessment criteria:
· Investigate security threats and system vulnerabilities.
. Write a password monitoring policy that is appropriate for the Course Security scenario.
. Compare and contrast the uses of NetWitness Investigator and Wireshark.
· Design mechanisms that control unauthorized access to private information.
. Provide required screenshots that document lab completion.
. Write an access request approvals policy that is appropriate for the Course Security scenario.
· Communicate effectively.
. Create a presentation that accurately communicates a security plan to stakeholders.
CONTEXT
Auditing, testing and monitoring are staples in today's information technology landscape. Testing is needed to ensure our products (and the products of others we use) are secure in our specific environments. Auditing is needed so that we own the governance needed to ensure ongoing, continuous security and compliance. Monitoring is needed to ensure that our operational controls are in place to detect, act and react, as needed.
Examples, Guides, and Templates
. Provides background and context for writing your security policies in Part 2 of the course assessments.
· Assessment X Template.
. Refer to this guide if you choose to use Kaltura for your presentation later in this assessment.
SHOW LESS
Suggested Resources
The resources provided here are optional and support the assessment. They provide helpful information about the topics. You may use other resources of your choice to prepare for this assessment; however, you will need to ensure that they are appropriate, credible, and valid. The Supplemental Resources and Research Resources, both linked from the left navigation menu in your courseroom, provide additional resources to help support you.
· Cloud.gov. (n.d.). Continuous monitoring strategy. Retrieved from https://cloud.gov/docs/ops/continuous-monitoring
. This provides guidance for creating a security monitoring strategy.
· UAB. (2016). HIPAA core policy: Information systems and network access . Retrieved from http://www.uab.edu/policies/content/Pages/UAB-AD-POL-0000724.aspx
. This is a real-world health care example of an access approval policy.
· Kim, D., & Solomon, M. G. (2018). Fundamentals of information systems security (3rd ed.). Burlington, MA: Jones & Bartlett.
. Chapter 7, Information Systems Security," pages 217–249.
,
IT-FP4803 – System Assurance Security
Assessment [number here] Template
Part 1: Lab Exercise
|
Screenshots: Insert and title (with step number) all screenshots in the same order as the order specified in the assessment directions. |
Part 1.3 Response: |
Part 2: Security Planning
|
[Enter content for Part 2 of the assessment here – make sure to label your work appropriately)] [Item 2.1]:[Item 2.2]: |
1
2
,
IT-FP4803 – Systems Assurance Security
Course Security Scenario
Course assignments require you to address security assurance issues. Use the information in scenario below to complete your course security policy planning assignments. The scenario is relatively simple, so make sure to state any assumptions that you make to fill in gaps when necessary for substantiating positions taken in your assignment work.
Background
You have been hired as an information assurance and compliance consultant at a large health system called Laskondo Healthcare. The organization is comprised of three (3) hospitals, 1,000 licensed beds, 8,000 employees, of which 1,750 are medical staff, and over 2,000 volunteers.
As a healthcare system, Laskondo manages and transmits a considerable amount of confidential data, including protected health information (PHI) on behalf of its patients. This data is often transmitted between and with external healthcare professionals and offices, as well as suppliers and vendors, as needed. Additionally, data is often shared within the three system hospitals.
Upon starting the job, you quickly understand that information security and compliance have not been properly implemented or governed.
Laskondo is lacking organization-wide standardized policies and strategic plans that adequately address system security assurance. In a recent audit, there were findings that the security controls in place at all three hospital facilities were lacking from a HIPAA-compliant perspective. Additionally, proper business continuity efforts have yet to be developed, implemented or tested, leaving the organization with unwanted risk of major disruption or incident.
The CIO has recognized that there are systemic policy weaknesses and has asked you to draft new organizational system assurance security policies that adequately guide the organization in the areas listed below using modern systems assurance security policies, practices and techniques.
Policy Areas:
· Acceptable Use.
· Workstation Security.
· Password Management.
· Logging Standards.
· Vulnerability Management.
· Patch Management.
· Logical Access Control.
· Physical Access Control.
· Separation of Duties.
· Change Control Management.
· Monitoring.
· Access Request Approvals.
· Business Continuity Planning.
· Incident Response Procedures.
· Encryption Usage in a regulated healthcare environment.
· Remote Access.
· Network Device Security.
· Intrusion Detection.
· Application Security and Testing.
Technical Details
The high-level technical infrastructure details of the organization are as follows:
· Networking devices
· Firewalls (1 in each hospital)
· Routers / Switches (multiple in each hospital)
· Servers
· Baremetal – VMware ESX 5.5 (5).
· Baremetal – CentOS 7.3 (Qty 15).
· Baremetal – Windows Server 2012 R2 (Qty 35).
· Virtual – CentOS Linux (Qty 50).
· Virtual – Windows Server 2012 R2 (Qty 125).
· Workstations
· Windows 10 desktop systems, various models (Qty 250).
1
2
,
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Before You Begin
Welcome! The Virtual Security Cloud Labs are your opportunity to gain valuable hands-on experience with professional-grade tools and techniques as you work through the guided lab exercises provided in the on-screen lab manual. The use of virtualization enables you to perform all of the tasks in the lab manual in a live environment without putting your personal device or institution's assets at risk. Before you begin the guided lab exercises, please review the following preparation checklist.
1. Run the System Checker. The System Checker will confirm that your browser and network connection are ready to support virtual labs.
2. Review the Common Lab Tasks document. This document provides an overview of the virtual lab environment and outlines several of the recurring tasks you may need to complete your lab exercise.
3. When you've finished, use the Disconnect button to end your session and create a StateSave. To end your lab session and save your work, click the Disconnect button in the upper-right corner of the Lab View toolbar. When prompted, assign a name for your StateSave (we recommend using the Section, Part, and Step number where you stopped) and click Continue. Please note that a StateSave will preserve any changes written to disk in your lab session. A StateSave will not preserve any open windows or active processes, similar to restarting your computer. If you close your browser window without disconnecting, your lab session will automatically end after 5 minutes.
4. Technical Support is here to help! Our technical support team is available 24/7 to help troubleshoot common issues. Please note that the 24/7 support team is Level 1 only, and cannot assist with questions about lab content or the array of software used in the labs. If you believe you’ve identified an error in the lab guide or a problem with the lab environment, your ticket will be escalated to the Jones & Bartlett Learning product team for review. In the meantime, we recommend resetting the lab (Options > Reset) or reaching out to your instructor for assistance.
Page 1 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Introduction
It is critical that security administrators have a clear understanding of the type and volume of traffic that is considered “normal” on their networks. They must also have the ability to detect anomalous traffic which could indicate a past or ongoing attack. Two tools that can prove very useful are packet capturing tools and traffic analyzers. Wireshark is a popular tool for capturing network traffic in promiscuous mode. Wireshark is analogous to the TCP Dump tool found on Linux. Wireshark is able to filter though large amounts of data quickly and help an administrator understand a full “conversation” between systems at the packet level. NetWitness is a popular tool from RSA that can read saved TCP Dump and Wireshark packet captures. Tools like Wireshark are used to capture data packets over time (continuously or overnight). The data it captures can then be imported via a .pcap file to NetWitness Investigator where it cleanly parses and displays the data for analysis by the administrator. One of the most important tools needed for information systems security practitioners is a packet capture and protocol analysis tool. Wireshark is a freeware tool providing basic packet capture and protocol decoding capabilities. NetWitness Investigator provides security practitioners with a deep packet inspection tool used for examining everything from the data link layer up to the application layer. In this lab, you will use common applications to generate traffic and transfer files between the machines in this lab. You will capture data using Wireshark and review the captured traffic at the packet level. Then, you will use NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing a complete packet capture, to review the same traffic at a consolidated level.
Learning Objectives
Upon completing this lab, you will be able to:
1. Use Wireshark to capture live IP, ICMP, TCP, and UDP traffic from Telnet, FTP, TFTP, and SSH sessions
2. Use Wireshark and NetWitness Investigator as a protocol analysis tool
3. Analyze the packet capture data in both Wireshark and NetWitness Investigator and be able to identify the traffic generated in the lab
4. Examine captured packet traces to view clear text and ciphertext
Page 2 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Lab Overview
Each section of this lab is assigned at your instructor’s discretion. Please consult your instructor to confirm which sections you are required to complete for your lab assignment. SECTION 1 of this lab has three parts, which should be completed in the order specified.
1. In the first part of the lab, you will generate common network traffic using protocols such as Telnet, Secure Shell (SSH), File Transfer Protocol (FTP), and Remote Desktop Protocol (RDP).
2. In the second part of the lab, you will use Wireshark to analyze the data captured in Part 1 of this lab.
3. In the third part of the lab, you will use NetWitness Investigator to analyze the same Wireshark packet capture you saved in Part 2.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. Finally, you will explore the virtual environment on your own in SECTION 3 of this lab. You will answer questions and complete challenges that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.
Topology
This lab contains the following virtual devices. Please refer to the network topology diagram below.
vWorkstation (Windows Server 2016) TargetWindows02 (Windows Server 2016) Cisco Router (Cisco IOS Emulator) LAN Switch 1 (Cisco IOS Emulator) LAN Switch 2 (Cisco IOS Emulator)
Page 3 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Tools and Software
The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab.
NetWitness Investigator PuTTY Tftpd64 Wireshark
Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your instructor: SECTION 1:
1. Lab Report file including screen captures of the following;
yourname_tftp.txt in the Tftpd64 directory; the FileZilla window displaying the successful file transfer; captured file transfer in the Wireshark window; password information for the yourname_S1_Collection;
Page 4 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
2. Files downloaded from the virtual environment:
yourname_S1_PacketCapture.pcap;
3. Any additional information as directed by the lab:
none;
4. Lab Assessment (worksheet or quiz – see instructor for guidance)
SECTION 2:
1. Lab Report file including screen captures of the following:
yourname_S2_tftp.txt in the Tftpd64 directory; the FileZilla window displaying the successful file transfer; captured file transfer in the Wireshark window; NetWitness session detail for the yourname_S2_tftp.txt file transfer;
2. Files downloaded from the virtual environment:
yourname_S2_PacketCapture.pcap; yourname_S2_Collection.xml;
Page 5 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
3. Any additional information as directed by the lab:
the Wireshark frame number of the transferred file.
SECTION 3:
1. Analysis and Discussion 2. Tools and Commands 3. Challenge Exercise
Page 6 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Section 1: Hands-On Demonstration
Note: In this section of the lab, you will follow a step-by-step walk-through of the objectives for this lab to produce the expected deliverable(s).
1. On your local computer, create the Lab Report file. Frequently performed tasks, such as how to create the Lab Report file, make screen captures, and download files from the lab, are explained in the Common Lab Tasks document. You should review these tasks before starting the lab.
2. Proceed with Part 1.
Part 1: Generate Network Traffic
Note: In the next steps, you will start a Wireshark packet capture and open and close several common tools to generate traffic and transfer files between machines in this lab. Wireshark will continue running in the background until you manually stop the capture process later in this lab. You will analyze the captured packets in the second part of this lab.
1. On the vWorkstation desktop, double-click the Connections folder.
2. In the Connections folder, double-click the TargetWindows02 RDP shortcut to open a remote connection to TargetWindows02. If prompted, type the following credentials and click OK.
Username: Administrator Password: [email protected]!
The remote desktop opens with the IP address of TargetWindows02 (172.30.0.10) in the title bar at the top of the window.
3. From the TargetWindows02 taskbar, click the Wireshark icon (a blue shark fin) to open the
Page 7 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Wireshark application. Wireshark is a protocol analyzer tool (sometimes called a “packet sniffer”). It is used to capture IP traffic from a variety of sources. The main screen of Wireshark includes details about the current capture configuration. From this screen, analysts can select recently used filters from the drop-down menu, or type a custom filter command to quickly sort the captured data.
Wireshark main screen
4. From the Wireshark menu bar, click Capture and select Options to open the Capture Interfaces window.
5. In the Capture Interfaces window, click the Manage Interfaces button to open the Manage Interfaces dialog box.
6. In the Manage Interfaces dialog box, verify that the Student and Npcap Loopback Adapter interfaces are selected, as shown in the following figure. The student interface is the lab environment that you are working in. Selecting this interface ensures that Wireshark can analyze traffic from areas of the network that are visible to students.
Page 8 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Student interface
7. Click OK to close the Manage Interfaces dialog box.
8. In the Capture Interfaces window, verify that the Enable promiscuous mode on all interfaces checkbox is selected. Promiscuous mode allows Wireshark, or any other application, to capture packets destined to any host on the same subnet or virtual LAN (VLAN). Without this option selected, Wireshark would only capture packets to and from the TargetWindows02 machine.
Page 9 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Verify promiscuous mode
9. In the Capture Interfaces window, hold down Ctrl and click the Student and Npcap Loopback Adapter interfaces to select both interfaces.
10. In the Capture filter for selected interface box, type not port 3389 to filter out the packets that are generated between the vWorkstation and TargetWindows02 systems as part of the RDP connection.
Page 10 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Select interfaces
11. Click Start to close the Capture Interfaces window and begin the packet capture.
Note: In the next steps, you will generate traffic for Wireshark to capture.
12. Minimize the remote TargetWindows02 connection to return to the vWorkstation desktop.
13. On the vWorkstation taskbar, right-click the Windows Start icon and select Run from the menu.
14. In the Run dialog box, type cmd and click OK to open a command prompt window.
15. At the command prompt, type ping 172.30.0.10 (the IP address of the TargetWindows02 machine) and press Enter to ping the TargetWindows02 machine. You will see four successful replies from 172.30.0.10.
Page 11 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Ping TargetWindows02
16. At the command prompt, type exit and press Enter to close the command prompt window.
17. Restore the remote TargetWindows02 connection.
18. Minimize the Wireshark window.
19. On the TargetWindows02 desktop, double-click the putty icon to start the PuTTY application.
20. In the Host Name (or IP address) box, type 172.16.8.5 (the IP address for LAN Switch 1).
21. In the Connection type section, click the Telnet radio button, then click Open to launch a terminal console on the host machine using an unsecure Telnet connection.
Page 12 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Configure PuTTY for Telnet
22. At the login prompt, type the following credentials, and press Enter after each entry:
Login: cisco Password: cisco
Once successfully logged in, the command prompt, 172.16.8.5/LanSwitch1>, is displayed.
Page 13 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Unsecure login
23. In the terminal console window, type quit and press Enter to close the terminal console session to LAN Switch 1.
24. On the TargetWindows02 desktop, double-click the putty icon to start the PuTTY application again.
25. In the Host Name (or IP address) box, type 172.16.20.5, the IP address for LAN Switch 2.
26. In the Connection type section, click the SSH radio button, then click Open to launch a terminal console on the host machine using the Secure Shell (SSH) protocol.
Page 14 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Configure PuTTY for SSH
27. At the login prompt, type the following credentials and press Enter after each entry:
Login: cisco Password: cisco
Page 15 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
Secure login
28. In the terminal console window, type quit and press Enter to close the terminal console session to LAN Switch 2.
29. On the TargetWindows02 desktop, double-click the Tftpd64 icon to launch the Tftpd64 application. The Tftpd64 application uses TFTP (Trivial File Transfer Protocol) to send (put) or receive (get) files between computers.
30. In the Tftpd64 window, click the Browse button, then scroll to the top of the Browse for Folder list, select Desktop, and click OK. This will change the Current Directory field to C:UsersAdministratorDesktop.
31. From the Server interfaces drop-down menu, select 172.30.0.10 (the IP address for TargetWindows02) to establish TargetWindows02 as a TFTP server. The local TFTP server will now listen on UDP port 69 on the 172.30.0.10 interface for a file
Page 16 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
transfer. In the next steps, you will transfer a file to the directory shown in the Current Directory box using TFTP.
Start the TFTP64 Server
32. Minimize the remote TargetWindows02 connection to return to the vWorkstation desktop. If necessary, minimize the Connections folder.
33. On the vWorkstation desktop, right-click anywhere and select New > Text Document from the context menu.
34. With New Text Document highlighted, type yourname_tftp, replacing yourname with your own name, and press Enter to name the new file.
Page 17 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
35. On the vWorkstation desktop, double-click the yourname_tftp file you just created to open it in Notepad.
36. In the Notepad window, type This is a test of TFTP, then select File > Exit from the Notepad menu and click Save when prompted.
37. On the vWorkstation taskbar, right-click the Windows Start icon and select Run from the menu.
38. In the Run dialog box, type cmd and click OK to open a command prompt window.
39. At the command prompt, type tftp 172.30.0.10 put c:usersadministratordesktopyourname_tftp.txt and press Enter to transfer the file to the TargetWindows02 desktop. You will see confirmation of a successful TFTP file transfer of the TFTP.txt from the vWorkstation desktop to TargetWindows02.
TFTP file transfer confirmation
Page 18 of 59
Performing Packet Capture and Traffic Analysis Fundamentals of Information Systems Security, Third Edition – Lab 05
40. At the command prompt, type exit and press Enter to close the command prompt window.
41. Restore the remote TargetWindows02 connection.
42. In the Tftpd64 window, click the Show Dir button to confirm the file transfer.
Successful TFTP transfer
43. Make a screen capture showing yourname_tftp.txt in the Tftpd64 directory and paste it into your Lab Report file.
44. Click Close to close the directory window.
45. Close the Tftpd64 window.
46. On the TargetWindows02 desktop, double-click the FileZilla Server Interface icon to launch the FileZilla Server application.
47. Minimize the remote TargetWindows02 connection to return to the vWorkstation.
48. On the vWorkstation taskbar, click the FileZilla icon to launch the FileZilla Client application.
Page 19 of 59
Perf
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
