Reference no: EM132228570 , Length: word count:2000
Project -
In Project, we'll be continuing our work with reading and reviewing PCAPs as it is essential for a security analyst to understand how to do this and to be very familiar with Wireshark.
Situation 1 -
Situation: Cry Baby Businessman
You've just arrived for an afternoon shift at your company's Security Operations Center (SOC). As you enter the building, you're walking down the main hallway, and you hear someone crying from one of the office rooms nearby.
You follow the noise and find it coming from a fancy office. Poking your head in the door, you see the owner's son sitting at his desk, still crying.
When you ask what's wrong, he replies, "My computer's telling me my files are locked, and I have to pay money to get them back!"
You ask him if he has any backups.
He blinks and replies, "Backwhat?"
You shake your head and say he's out of luck. He cries again and eventually quiets down. He then asks, "How did this happen?"
"Sounds like ransomware," you tell him. "I need to get to work, but I'm one of the SOC analysts here."
He blinks again and says, "Ransomwhat?"
You stare at him for a second then say, "I'm part of the team that monitors network alerts for suspicious activity There's bound to be an alert on what happened. Let me look into it for you."
He pouts, stomps his foot, and says, "I want to know who did this!"
While you might not be able to tell him who did it, you can surely figure out how the infection happened. You review the network alerts and see there's only one IP address with anything related to ransomware activity. You query all alerts for his IP address, and you retrieve network traffic from that IP for the appropriate timeframe.
Students should:
1. Download this PCAP and review these alerts
2. Review the sample analysis discussing these questions:
- Date and time of the activity.
- A brief description of what happened to crybaby businessman's computer.
Situation 2 -
Situation: Email Roulette
You're working as an analyst at a Security Operations Center (SOC) for a Thanksgiving-themed company.
One quiet evening, you hear someone knocking at the SOC entrance. As you answer the door, an exhausted mail server technician stumbles in and quickly falls to the floor. He whispers in a shaky voice, "Mail filters are down... Spam everywhere..."
As you help him up, he looks to the sky and yells, "The gates of hell have opened!"
The technician immediately collapses again and softly whispers, "The horror... The horror..."
The mail filter outage lasted throughout the next day. Fortunately, very few incidents were reported. But one example caught your eye.
During the mail filter outage, one of the company employees decided to play "email roulette." The employee opened one of the malicious emails from his inbox and treated it as a legitimate message.
Students should:
1. Download this PCAP and open these emails
2. Review the sample analysis discussing these questions:
- Date and approximate time of the infection.
- The infected computer's IP address.
- The infected computer's MAC address.
- The infected computer's host name.
- Which email the employee opened.
Complete a 3-5 page reflection (double spaced) for Situation 1 and a 3-5 page reflection (double spaced) for Situation 2. Given these sample incident reports, write about what you learned, what you have questions about, what you researched as part of this review, and anything else you feel is relevant.
Attachment:- Assignemnt Files.rar