Using the pcap data and log files provided with this assignment (107MB). Apply what has been learned throughout the course, tools such as Wireshark with its display filters and Snort with its rules/signatures, on-line resources such as centralops.net, and Internet research to analyze the packet data and write a detailed report of what transpired. Your report should include who attacked, what was attacked, what actions (tools, tactics, and procedures) the attacker took to attempt their malicious actions, were they successful? Include the proof for each of your findings and also a potential mitigation Acme, Inc’s IT Security team can implement to prevent future attacks like those you detected, for example a rule that can be used with Snort. Note: There may be more than one incident of malicious activity. While you have been provided with some web server logs, your report should include what other sources of data you would want from the Acme, Inc system/network administrators to further your investigation.
Scenario: Acme, Inc System Administrators detected an attack against a company web server that resulted in a web site defacement and there were also some unusual server and network activity. Acme, Inc’s internal network uses 192.168.200.0/24. The web server is at 192.168.200.144, listens on port 80. 192.168.200.2 is the IP for Acme’s gateway to the Internet.
Hint: Based on what we’ve learned hackers look to escalate their privileges on the system, and get access as an administrator in Windows or the super-user ‘root’ in Linux.
The post Cyber Security Question appeared first on learnedprofessors.