Network Security Consultant Report on PCAP File Analysis

Scenario

1. To evaluate critically how services are delivered to one another in a secure manner and perform security management and configuration of a network and a distributed system;

2. To analyse, evaluate and synthesise methods by which computers within a distributed system communicate and appraise the threats and vulnerabilities that exists in a distributed system

Assessment Task:

Scenario:

You are acting in the role of a Network Security consultant for an organization. It has been brought to your attention suspicious activity occurred on a machine and may have been attacked.

Network traffic has been captured on the machine the machine has internet access, where the user appeared to be browsing websites along with inputting a username and password. Additionally, there is no IPv4 forwarding rules configured that permit traffic originating in the external network, that allow for forwarding onto the internal network. A PCAP file is provided of the incoming and outgoing connections.

You are requested to produce a report based upon your analysis of the PCAP file (provided separately):

Identify if a scan was conducted. If a scan had been conducted then:

·Identify the source of the scan, and whether this was an internal or external attack? Discuss why you think this may or may not have been the case? (5 marks)

·Identify if any of the ports were found to be open

·Was any sensitive information found, i.e. username, password.

·Reasoning and evidence of this along with the website address

·Was the login successful?

·List all the IP addresses identified along with the domain address

Note: Please be aware that all the above tasks must be supported with screenshots evidences of the filters that have been used along with adequate explanation *

Also, your report for this part should cover:

·Introduction and outline of the problem(s).

·Clarity in presentation of report. Appropriate format, punctuation and grammar.

·Bibliography and references to USW Harvard standard. journals try to back everything up.  

·Source of scan. – IP address of person who did the scan. Is scan internal or external. Explain how it is internal or external. If there’s a scan then there is attack. Discuss.

·Use tools – NMAP, Wireshark

·Need to find if any username or password from traffic?

·Are there any website addresses visited? Show all the website addresses, URLs for the websites.

·Was the log in successful?

·List all the IP addresses identified

*Need to include screenshots of filters used and explain/reflection.

Tips

1)Read the file

2)Sketch it out to understand

Part B (from content delivered by Dr Muhammad Usman)

Task 1: Carry out protocol analysis of any one security protocol (such as encryption, authentication, etc.). The protocol analysis should focus on at least two properties.

Task 2: You are hired as a security architect for a HealthTech organisation which provides Internet-of-Medical-Things driven micro-services to different healthcare service providers across the Wales regions. You are asked to carry out attack analysis of the part of the ICT infrastructure using IEEE 802.15.4 and ZigBee protocol stack. The names of the layers are PHY; MAC; Network and Application. Your analysis must elucidate following aspects:

·Name of an advance attack type with description regarding how that attack is launched on a particular layer.                              

·Your solution, within the context of the HealthTech organisation, to prevent from each of the above-mentioned attacks in the future.

·A detailed network diagram showing the locations of attacks within the ICT infrastructure of the HealthTech organisation.

Portfolio Requirements

Please mention how many words your report contains in on the cover page.

You are encouraged to use figures and tables (correctly labelled) within your report.  It should be presented in a standard academic format using numbered and headed sections, page numbers and Table of Contents.  An appendices section can be used if necessary. Where applicable it should include citations and quotes, referenced correctly using the USW Harvard referencing format and a reference page listing your sources.  

You should submit your report in PDF format.