Reference no: EM133921491 , Length: word count:500

Cyber Security

Assessment - Proactive Security Measures

Assessment - Simulation and Report

Task

Demonstrate your understanding of key cyber security concepts aligned with learning outcomes LO2, LO3, and LO4. You will utilise open-source cyber security tools to assist an organisation with the Preparation stage of the Incident Response Lifecycle.

LO2: Identify vulnerabilities and threats pertaining to the IT infrastructure of organisations.
LO3: Recommend risk mitigation strategies to address cyber security vulnerabilities and threats. Get expert-level assignment help in any subject.
LO4: Analyse privacy, legal, ethical and security issues and solutions related to the IT infrastructure and use of technologies in organisations.

Assessment Description

This assessment is designed to simulate industry practices for using open-source cyber security tools for network security and threat detection. You will apply hands-on skills using the Elasticsearch, Logstash, Kibana (ELK) Stack, as well as Snort, which functions as both an intrusion detection system and intrusion prevention system (IDS/IPS).

Part A: Tool configuration
Conduction during your Week 12 workshop.
You will configure security tools to meet four (4) specific objectives within 2.5 hours. These objectives would have been covered in Workshops 9 and 10.
At the end of the session, you will present your configurations to your learning facilitator for verification.

Part B: Documentation
You will submit a final report via myKBS by Week 13.
The report must include screenshots of configurations and brief explanations detailing how each objective was achieved.

Assessment Instructions

Preparation
Ensure you have your laptop with VirtualBox installed and a Linux Mint set up with ELK Stack and Snort. You should already have these tools from Workshops 9 and 10.
Review Workshops 9 and 10 to understand:
The purpose of each tool
How to configure them to meet security objectives
Configuration - (Part A: In-Class Assessment)
Arrive early to your Week 12 class to settle in and receive final instructions. Ensure your laptop is fully charged.
You will be assigned four (4) objectives to configure.
For each objective:
Identify the relevant tool.
Configure the tool to meet the objective.
Once you have completed all four objectives, present your configurations to your learning facilitator.
After presenting, take clear screenshots of your work. Each screenshot must also capture:
The time and date (visible in your taskbar)
A text editor displaying your name and student number
Documentation - (Part B: myKBS Submission)
Compile your screenshots into a Microsoft Word file.
Separate the screenshots per objective and then provide a brief description of the configuration and what the outcome would be (i.e. How does the configuration meet the objective?).

Assessment
Configure any four (4) out of the following objectives:

Configure Snort to generate an alert if more than 3 failed SSH login attempts occur within 10 minutes.
Modify Snort to drop HTTP requests that attempt to access to example.com.
Configure Snort to trigger an alert when an HTTP POST request includes a file larger than 500KB.
Set up an ELK log filter in Kibana to only display logs where HTTP status code = 404.
Create a chart in Kibana to display the top 10 source IPs generating the most logs.
Set up an ELK alert to trigger when there are more than 5 failed logins from the same IP within 15 minutes.
Modify a Logstash pipeline to extract source IP, HTTP method, and response code from logs.
Configure ELK to automatically delete logs older than 7 days to save disk space.