Reference no: EM133873595 , Length: word count:2000

Introduction to Cyber Security

Assessment - Proactive Security Measures

Type - Simulation and Report

Task

Demonstrate your understanding of key cyber security concepts aligned with learning outcomes LO2, LO3, and LO4. You will utilise open-source cyber security tools to assist an organisation with the Preparation stage of the Incident Response Lifecycle.

LO2: Identify vulnerabilities and threats pertaining to the IT infrastructure of organisations.
LO3: Recommend risk mitigation strategies to address cyber security vulnerabilities and threats.
LO4: Analyse privacy, legal, ethical and security issues and solutions related to the IT infrastructure and use of technologies in organisations.

Assessment Description

This assessment is designed to simulate industry practices for using open-source cyber security tools for network security and threat detection. You will apply hands-on skills using the Elasticsearch, Logstash, Kibana (ELK) Stack, as well as Snort, which functions as both an intrusion detection system and intrusion prevention system (IDS/IPS).

This assessment is completed in two parts:

Part A: Tool configuration
Conduction during your Week 12 workshop.
You will configure security tools to meet four (4) specific objectives within 2.5 hours. These objectives would have been covered in Workshops 9 and 10.
At the end of the session, you will present your configurations to your learning facilitator for verification.

Part B: Documentation
The report must include screenshots of configurations and brief explanations detailing how each objective was achieved.

Assessment Instructions

Preparation
Ensure you have your laptop with VirtualBox installed and a Linux Mint set up with ELK Stack and Snort. You should already have these tools from Workshops 9 and 10. Get online assignment help from Ph.D. experts!
Review Workshops 9 and 10 to understand:
The purpose of each tool
How to configure them to meet security objectives
Configuration - (Part A: In-Class Assessment)
Arrive early to your Week 12 class to settle in and receive final instructions. Ensure your laptop is fully charged.
You will be assigned four (4) objectives to configure.
For each objective:
Identify the relevant tool.
Configure the tool to meet the objective.
Once you have completed all four objectives, present your configurations to your learning facilitator.
After presenting, take clear screenshots of your work. Each screenshot must also capture:
The time and date (visible in your taskbar)
A text editor displaying your name and student number
Documentation - (Part B: myKBS Submission)
Compile your screenshots into a Microsoft Word file.
Separate the screenshots per objective and then provide a brief description of the configuration and what the outcome would be (i.e. How does the configuration meet the objective?).

Assessment

Configure any four (4) out of the following objectives:
1. Configure Snort to generate an alert if more than 3 failed SSH login attempts occur within 10 minutes.
2. Modify Snort to drop HTTP requests that attempt to access to example.com.
3. Configure Snort to trigger an alert when an HTTP POST request includes a file larger than 500KB.
4. Set up an ELK log filter in Kibana to only display logs where HTTP status code = 404.
*5. Create a chart in Kibana to display the top 10 source IPs generating the most logs.
*6. Set up an ELK alert to trigger when there are more than 5 failed logins from the same IP within 15 minutes.
*7. Modify a Logstash pipeline to extract source IP, HTTP method, and response code from logs.
*8. Configure ELK to automatically delete logs older than 7 days to save disk space.

Note: need only last four parts.