In this step, you will create the Joint Network Defense Bulletin. Compile the information you have gathered, taking care to eliminate any sensitive bank-specific information. The Joint

Joint Network Defense Bulletin 2

Joint Network Defense Bulletin 2

Joint Network Defense Bulletin

Brithon Johnson

Cybersecurity, The University of Maryland University College CBR 620 7641

Professor Jay Gamble

Overview

This joint network defense bulletin is the result of coordinated efforts of the Federal Bureau of Investigation (FBI) cyber security sector engagement division and Financial Services Information Sharing and Analysis Center (FS-ISAC). Working with the U.S. financial sector the FBI and FS-ISAC identified areas of compromise associated with network intrusions occurring at various banks in the U.S. Details of the intrusions reported millions of files compromised and banks customer websites and a blockage of potential transactions worth millions of dollars. It is believed these attackers have maintained a presence on networks to further network exploitation.

Description

The specific type of attacks on the financial institutions have been described as multiple distributed denial of service attacks (DDoS), spoofing, cache poisoning, session hijacking and man in the middle attacks (MITM). The effects of these attacks resulted in the disruption of flow within the financial institutions network, website manipulation and significant system downtime. Additionally, the MITM attacks were able to manipulate software and install malware on the network. These attacks can degrade a network in many ways, so if an administrator recognizes changes in system performance within the network, it is recommended network administrators review all security logs and conduct a network traffic analysis. IF indicators of malware are discovered, take proper precautions to remove the malware. A review of the network traffic will vary as some traffic will seem malicious, whereas other traffic will be legitimate.

Mitigation Recommendations

It is recommended administrators and security teams use the following best practices to mitigate and prevent attacks to their system networks.

· Continue to monitor well-known ports such as ports 21, 25, 22, 53 and 80. If specific well-known ports can be closed without affecting operation, it is recommended to close those ports.

· Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software (CISA, 2017).

· Implement the use of honeypots, upgrade firewalls to include signatures and dynamic IP addressing

· Utilize other networking tools such as Metasploit, Snort and Nmap that aides in detecting and reporting malicious activity

Implement these additional signature rules to intrusion detection and prevention systems to detect malicious activity. These signatures should be used only for analysis and not to replace current institution signatures. Be advised, the possibility of false positives will remain.

· alert tcp any any -> any any (msg:"Malicious SSL 01 Detected";content:"|17 03 01 00 08|"; pcre:"/x17x03x01x00x08.{4}x04x88x4dx76/"; rev:1; sid:2;) (CISA, 2017)

· alert tcp any any -> any any (msg:"Malicious SSL 02 Detected";content:"|17 03 01 00 08|"; pcre:"/x17x03x01x00x08.{4}x06x88x4dx76/"; rev:1; sid:3;) (CISA, 2017)

Additional information and resources can be found on your local FBI website or contacting an office and speaking to a representative.

References

CISA. (2017, November 14). HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL | CISA. Us-Cert.Cisa.Gov. https://us-cert.cisa.gov/ncas/alerts/TA17-318A

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.