Incident Response
Overview Complete a lab and respond to a series of questions. Prepare a 3–4 page report that outlines an incident response plan.
It is often said that people are the weakest link in network security. Attackers attempt to manipulate a user into performing some action, such as clicking on an illicit e-mail link, providing sensitive information, or downloading an attachment. An attacker may also use social engineering techniques in the footprinting state of their attack. For example, many people reveal information that is useful to attackers on social media. A skilled attacker can leverage this information to increase the effectiveness of their attacks. The best firewall will not keep an attacker out of your network if they can trick a user into providing their network credentials. Once a security incident has occurred, it is important to have an incident response plan in place so that the corrective actions are taken to contain the threat.
SHOW LESS
Resources Suggested Resources
The resources provided here are optional. They provide helpful information about the topics in this unit. You may use other resources of your choice to prepare for this assessment; however, you will need to ensure that they are appropriate, credible, and valid. The Supplemental Resources and Research Resources, both linked from the left navigation menu in your courseroom, provide additional resources to help support you.
Incident Response The following resources provide information on the topic of incident response and may be useful in completing this assessment.
Oriyano, S-P. (2014). H a c k e r t e c h niq u e s , t o ols , a n d in cid e n t h a n dlin g (2nd ed.). Burlington, MA: Jones & Bartlett Learning. A v aila ble f r o m t h e b o o k s t o r e . Chapter 14, “Incident Response.” Shannon, M. (2017). CISM: Components of an incident response plan [Video]. Skillsoft Ireland. Shannon, M. (2016). CISA: Security incident handling and response [Video]. Skillsoft Ireland. Shannon, M. (2017). CISM: Techniques to test the incident response plan [Video]. Skillsoft Ireland.
[u07v1] Unit 7 Virtual Resource 1 Lab Activity
The following lab activity is required to complete Assessment 7.
Assessment 7 Lab: Analyzing Network Traffic to Create a Baseline Definition. Section 2: Applied Learning. Part 1: Capture Network Traffic using TCPdump Utility. Part 2: Capture Network Traffic with Wireshark. Part 3: Transfer Files using Tftpd64 and Filezilla. Part 4: Analyze a Packet Capture with Wireshark. Part 5: Analyze a Packet Capture File with NetWitness Investigator.
Tutorials Support Log Out Travis Pickle
4/19/2021 Assessment 7 – IT-FP4071 – Spring 2021 – Section 01
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_317032_1&content_id=_9865529_1&mode=reset 2/3
Note:
It may take you up to 2 hours to complete this required lab activity. Be sure you allow enough time to complete it.
Jones & Bartlett Learning Technical Support If you have technical issue pertaining to accessing the virtual labs, contact Jones & Bartlett Learning
Technical Support:
E-mail: support@jblearning.com Phone: 1-800-832-0034, option 5.
Optional If you have difficulty completing the required lab activity, you may want to complete Section 1, “Hands-On” before you attempt Section 2.
Assessment Instructions
Instructions This assessment is a lab that you must complete and a report for senior executive leadership in your organization. Be sure you read the instructions for the entire assessment carefully to make sure you address all requirements fully.
Complete the Analyzing Network Traffic to Create a Baseline Definition lab. As you go through the lab, be sure to:
Perform all screen captures as the lab instructs and paste them into a Word document.
In the s a m e Word document:
Explain the concepts and procedures associated with analyzing network traffic by addressing the following: Explain the differences and similarities between Wireshark and NetWitness. Explain the steps in the TCP three-way handshake.
Describe the process for determining Wireshark network traffic packet counts.
Explain the relevance of protocol analyzers to information security professionals. Explain baseline analysis. What is it? What is it used for? Explain the difference between internal and external network traffic. Describe the difference between TCP and UDP.
Now apply what you learned in the lab to the following scenario.
Scenario and Your Role Information security incidents are stressful events for security practitioners. Inevitably, you will be faced with responding to an incident at some point in your career. Imagine that you discover that your organization’s network has been hacked. Indicators of compromise (IoC) include known hacking tools, modified file permissions, and multiple connections to an unknown network.
Root cause analysis shows that the attackers gained access to the network through the demilitarized zone (DMZ) from a compromised web server. A contributing factor in this attack is that the intrusion detection system (IDS) was misconfigured.
You must prepare a report on the incident for the CISO.
Requirements Continue working in the same document; simply start your report on a new page with an appropriate heading.
Tutorials Support Log Out Travis Pickle
4/19/2021 Assessment 7 – IT-FP4071 – Spring 2021 – Section 01
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_317032_1&content_id=_9865529_1&mode=reset 3/3
In your 3–4 page report, address the following:
Outline an incident response plan for this type of attack. Describe the concepts and strategies you would include in this plan. Explain the purpose of a baseline analysis in an incident response plan. Explain how you will test your incident response plan.
Additional Requirements Include a title page and references page. The length will vary depending on how you paste your screen captures. The report should be 3–4 pages in length. Cite at least two current, relevant professional resources. Follow current APA style and format for references. Use Times New Roman, 12 points, double-spaced.
How to use the scoring guide
Incident Response Scoring Guide
Use the scoring guide to enhance your learning.
VIEW SCORING GUIDE
[u07a1] Incident Response
Complete a lab and respond to a series of questions. Prepare a 3–4 page report that outlines an incident response plan. Assessment Submit
This button will take you to the next available assessment attempt tab, where you will be able to submit your