You are currently working in a research wing for a standard SOC (Security Operations Center). The SOC keeps analytics on the current trends within the network. Your team will be assigned a current issue that has been seen at the border of the network, trying to infiltrate the organizations network/systems. Upon being assigned your item, it will be your job to go out and search OSINT (Open Source Intelligence) for more information on the attack being observed. This could be a single port number, a series of attacks that has been identified, or an IP address to research and identify; your professor will assign this. Your deliverable will be a 5 page APA style research report with your findings. Discover current attacks being performed through this port, or current state of a known scanning suite. Find sources, if possible, source code of attacks that are known to exploit this weakness and break down the code. List known services on the affected ports that are associated and current attacks being performed on these services (list any CVE findings and briefly list and explain). Look at SNORT rules that watch for these attacks and list that SID.
Finally, to wrap-up your research, present the current risk level associated with this threat. Use the FAIR methodology to derive your threat assessment. The attached FAIR PDF will walk you through your analysis. To complete the FAIR document:
Step 1: Asset at Risk will be the organization’s primary e-commerce web server.
Step 2: You will provide this answer based on your research.
Step 3: You will provide this answer based on your research; however, keep in mind how many times per day this is scanning the network, which will be given to your when you receive your topic.
Step 4: You will provide this answer based on your research.
Step 5: Assume the e-Commerce server is fully up-to-date and running the following base software: Red Hat Linux, Apache, MariaDB, Drupal, PHP and is hardened based on base NIST recommendations for operations.
Step 6-7: Calculate
Step 8: Assume Moderate
Step 9: Assume Moderate
Step 10: Calculate and create this chart in excel with the appropriate item highlighted. Include this chart in your paper and presentation.
You can choose 1 of the following topics:
China Chopper Scans
Peppa Pig Scans
C99 Web Shell
Petya and PetyaWrap
Wicked (Mirai Variant)
Miori (Mirai Variant)
For this week, you will be working through the steps of an affinity diagram. Choose one of the following problem statements:
Power outages cause downtime
Malicious code causes systems to crash and production loss
Hardware failure causes data loss on the database server
Once you pick a statement, generate ideas and brainstorm based on this article:
For your peer responses, pick 2 and group the ideas based on step 3.