Assignment 2: LASA 2: Analysis of an Intrusion Detection System Report
This assignment builds upon the scenario introduced in LASA 1, from the organization Open Water Diving and Scuba Institute (OWDSI). Specifically, your focus will be on preparing a second supplemental report of approximately 8–10 pages that discusses the organization's intrusion detection system (IDS) and some of the recent reports from this system.
OWDSI's network engineers and system administrators have reported a number of strange network behaviors and system outages. A variety of traffic has been captured in response to this. In addition, network engineers report that the school is seeing very high levels of traffic from a wide variety of hosts and that this traffic is causing outages of the school's public-facing web server and other internal computer systems.
Management has requested that you review the network traffic to determine whether the institution's IDS and intrusion prevention systems (IPSs) can be used to prevent inbound attacks that are being detected. Your manager has requested that you analyze the detected attacks and create a report that describes each attack. Explain the threat it presents and whether the use of an IDS or an IPS is a suitable response.
The following is a compiled list of odd network behaviors reported by network engineers and system administrators of OWDSI:
- Network traffic analysis shows that a single host is opening hundreds of secure shell (SSH) sessions to a single host every minute.
- Network traffic shows that hundreds of hosts are constantly sending only synchronized (SYN) packets to a single web server on campus.
- A system administrator reports that a single host is attempting to log on to a campus SSH server using different user name and password combinations thousands of times per day.
- A new PDF-based exploit is announced that uses a malformed PDF to exploit Microsoft Windows XP systems.
- Campus users are receiving e-mails claiming to be from the campus helpdesk. The e-mails ask for users to send their user names and passwords to retain access to their e-mails.
- A domain name system (DNS) changer malware package has been located on one of the servers.
- A zero-day vulnerability has been announced on the primary campus backup software's remote administration interface.
- A virus is being sent via e-mail to campus users.
In a Microsoft Word document, prepare an 8- to 10-page report that addresses the various system irregularities. Your report should consist of the following:
- A cover page
- A table of contents
- An executive summary
- Develop an overview of the organization's key system issues and your recommended remedies
- System irregularities
- Identify and describe each attack listed
- Include an explanation of what each attack is trying to accomplish
- Analysis and recommendations
- Discuss how each of the vulnerabilities could be a potential issue and what the symptoms of each include
- Recommend how to address each of the nine odd network behaviors as described in the assignment scenario above. Justify your responses
- Determine whether an IDS could or should be used to detect each attack and whether each should be blocked using an IPS. Justify your responses
Note: Utilize at least three scholarly or professional sources (beyond your textbook) in your paper. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources (i.e., in APA format); and display accurate spelling, grammar, and punctuation.
- By the due date assigned, save your document as M5_A2_Lastname_Firstname.doc and submit it to the Submissions Area.
LASA 2 Grading Criteria and Rubric
All LASAs in this course will be graded using a rubric. This assignment is worth 300 points. Download the rubric and carefully read it to understand the expectations.
Assignment 2 Grading CriteriaMaximum PointsDeveloped an overview of the organization's key system issues and your recommended remedies.44Identified and described each attack listed and explained what each attack is trying to accomplish.44Discussed how each of the vulnerabilities could be a potential issue and what symptoms of each include.44Recommended how to address each of the nine odd network behaviors. Justified your responses.52Determined whether an IDS could or should be used to detect each threat and whether each should be blocked using an IPS. Justified your responses.52Wrote in a clear, concise, and organized manner; demonstrated ethical scholarship in accurate representation and attribution of sources; and displayed accurate spelling, grammar, and punctuation.64 Total:300
Other samples, services and questions:
When you use PaperHelp, you save one valuable — TIME
You can spend it for more important things than paper writing.