Step 1: Create a Network Architecture Overview
You travel to the banksâ€™ locations and gain access to their network operations. They use Wireshark to analyze the packets traveling their networks. Read thisÂ WiresharkÂ resource to learn more about the tool. You will provide a network architecture overview in both diagram and written formats. Your overview can be based on fictitious information, or you can model network architecture from research, citing your source using APA format. This overview is outside of the lab requirements but a part of better understanding a network.
In the overview, you will describe the various data transmission components. Select the links below to review them:
- User Datagram Protocol (UDP)
- Transmission Control Protocol/Internet Protocol (TCP/IP)
- Internet packets
- IP address schemes
- well-known ports and applications
You will also address the meanings and relevance of information, such as the sender or source that transmits a message, the encoder used to code messages, the medium or channel that carries the message, the decoding mechanisms that were used, and the receiver or destination of the messages.
Your overview will describe the intrusion detection (IDS) and intrusion prevention (IPS) systems used and the firewalls that have been established. Make sure to link the operating systems and the software and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banksâ€™ networks. Identify how the banks are using firewalls and how they are using IDSs, and identify the difference between these technologies. Include the network infrastructure information and the IP address schemes, which will involve the IP addressing assignment model, and the public and private addressing and address allocations. Identify potential risks in setting up the IP addressing scheme. Here are some resources for you to review:
- intrusion detection & prevention (IDS/IPS) systems
Identify any well-known ports and applications that are being used and the risk associated with those being identified, and possibly targeted. This portion can be made up of fictitious information, or you can use information from research, citing your source using APA format.
When your overview is complete, add it to your report.
In the next step, you will identify information security attacks and ways to monitor systems to prevent these attacks.
Step 2: Identify Information Security Attacks
In the previous step, you provided an overview of the network architecture. For this step, using the fictitious or the model network architecture and IDS and firewalls, identify possibleÂ cyberattacksÂ such as spoofing/cache poisoning attacks, and session hijacking attacks including but not limited to man-in-the-middle attacks. Using knowledge acquired in the previous step, provide techniques for monitoring against these attacks. Review the following resources to gain a better understanding of these particular cyberattacks:
- session hijacking:Â spoofing/cache poisoning attacks
- man-in-the-middle attacks
The FS-ISAC representative has asked you to propose a cyber offensive operation and to lure the hackers toÂ honeypotsÂ (click the link to read more). escribe what a honeypot is, how to set up an operation using a honeypot, and what security and protections mechanisms would need to be in place if a bank agreed to set up a honeypot. What are some indicators in network traffic that would lead you to conclude that your honeypot trap has worked? Report these from Wireshark.
You will use the identified information on security attacks, the techniques for monitoring such attacks, and cyber offensives such as honeypots as part of your report to the FBI and the FS-ISAC.