Week 7 Cyber Defence
A contracted security firm, which supplies two 24/7 guards: one of whom conducts hourly foot patrols, and the second who monitors cameras and performs additional security-related functions.
High-definition cameras that record continuously, located at all points of building entry and sensitive access points including the server room.
Three locked data-center doors requiring key card access that records all traffic. All staff have access cards for their respective departments; only IT staff, janitors, and upper management have access to the IT facility.
IT Overview
Network
Hospital connected to the Internet.
Network segmented into virtual LANs for medical data, IT, and finance user groups.
Hardware
Windows 2008 domain servers: email, file/print, data servers.
Routers connect switches to VLANs.
Switches connect desktops and servers to network.
Web server located in the DMZ.
100 antimalware-protected Windows XP workstations with Internet access.
Wireless access point.
Software
Windows firewall on a workstation at the edge of the network.
SNORT intrusion detection system (IDS), located in front of the Windows firewall.
MS Office installed on workstations.
Enterprise-level proprietary medical software.
Oracle Enterprise Resource Planning (ERP) software.
2017 version of free AVG Antivirus.
1
2
Week 7 Cyber Defence and Countermeasures/cf_lab_template.docx
CU_Horiz_RGB
CU_Horiz_RGB Remove or Replace: Header Is Not Doc Title
Lab Template
Learner Name:
Lab Screenshots and Narrative
Insert and title all lab screenshots in the order they were taken. Briefly describe what you learned or observed in the lab below each screenshot. Be specific.
[Screenshot section, Step #]
[Screenshot section, Step #]
[Screenshot section, Step #]
[Screenshot section, Step #]
[Add as necessary]
1
2
Week 7 Cyber Defence and Countermeasures/cf_sec_inc_template.docx
CU_Horiz_RGB
CU_Horiz_RGB Remove or Replace: Header Is Not Doc Title
Anchor Hospital Security Incident Report
Incident Report #: IT4070-A.
Incident Reported Date:
Incident Reported Time: 12:00 AM EST
Technician Assigned: [Your Name]
Incident Details
Incident Location:
Attack Type: Denial of service
Internal Systems Likely Affected:
Containment Steps Taken: [Include all steps you would take.]
Countermeasures Deployed:
Recommended Noncountermeasure Control to Mitigate Future Attacks:
1
2
Week 7 Cyber Defence and Countermeasures/Cyber Defence- Week 7.docx
Discussion – 1 page
Countermeasures
Countermeasures generally include activities that can prevent incidents from recurring. Some in the security community would include counterattack among the countermeasures available to an incident response team.
Discuss the following:
· Activities that constitute countermeasures.
· Potential advantages of engaging in countermeasures.
· Potential challenges to engaging in countermeasures.
· Legal implications of engaging and aggressive counterattack as a countermeasure.
Assignment –
Incident Response and Report
Overview
In this assignment you write an incident response report—a critical skill in IT security.
Scenario
Imagine that you are on duty as a first responder in the Anchor Hospital IT department. You receive complaints that users cannot send or receive email. Your initial investigation reveals that your network has been compromised by a denial of service attack (DoS). It is your job to identify systems that could be impacted, contain the attack, deploy immediate countermeasures, complete an incident response report (note you fill out the report as if you had actually taken the steps you are advocating), and recommend measures to prevent recurrence.
Instructions
· Populate the Lab Template (linked in Resources) with your screenshots and describe briefly but specifically what you learned from or observed in the lab.
· Use the Incident Response Report Template (linked in Resources) to document your actions in the wake of the incident described above. By completing it you address the following assignment criteria:
. Identify systems that are likely to be affected by a DoS attack.
. Describe appropriate steps to contain the DoS attack.
. Identify two countermeasures and detail why they are appropriate.
. Describe a noncountermeasure control that is effective for mitigating similar future attacks.
· Submit the completed Lab and Incident Response Report Templates.
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."
