Reference no: EM132238624 , Length: word count:2500
Assignment - Project
In this project, we will complete our work with reading and reviewing PCAPs as it is essential for a security analyst to understand how to do this and to be very familiar with Wireshark. Additionally, will set up a honeypot in their Kali Linux installation.
Part 1 -
Situation: A Very Special One
Students should:
1. Download this PCAP and review these alerts
2. Review the sample analysis discussing these questions:
- Document the date, start time and end time of the pcap in UTC (GMT).
- Document the IP address of the three hosts in the pcap.
- Document the mac address of the three hosts in the pcap.
- Document the type of computer (Windows, Mac, Android, etc) fore each of the three hosts in the pcap.
- Determine which host(s) were infected.
- Document the family (or families) of malware based on indicators from the pcap.
- Document the root cause for any infections noted in the pcap.
Complete a 3-5 page reflection (double spaced) for Situation 1. Given these sample incident reports, write about what you learned, what you have questions about, what you researched as part of this review, and anything else you feel is relevant. Later in the course, you will be asked to complete an incident report on a given PCAP but this project is meant to mature the exercise of packet analysis and incident reporting.
Part 2 -
In Part 2 of Project, students are to follow the guidance in your book and in the video below on how to create a honeypot within Kali Linux. Students should provide screen shots as needed showing the setup process of the honeypot and that the honeypot is working. Finally, students should complete a 3-5 page reflection discussing that they learned/found, what you have questions about, and what additional research you conducted for this project.
Attachment:- Assignment Files.rar