University Cybersecurity: Monitoring & Intrusion Detection Systems

Verified

Added on 2022/08/25

AI Summary

This assignment delves into the critical aspects of monitoring and intrusion detection systems (IDS) within the context of cybersecurity. It begins by examining a significant incident in the aviation industry, highlighting the importance of robust security measures. The assignment then identifies current threat actors, analyzing their motives, opportunities, and methods, with specific examples. It further explores social engineering attacks and their relationship to the cyber kill chain, emphasizing the stages of a cyberattack from reconnaissance to exfiltration. The core of the assignment focuses on the functionality of IDS/IPS, detailing how they monitor network traffic, identify potential threats, and report incidents to security administrators, including the use of firewalls and DMZs. The assignment also stresses the importance of prioritizing DDoS threats and the role of IDS/IPS in mitigating such attacks, concluding with a discussion of how these systems track connections and verify legitimate traffic. The student has provided a comprehensive overview of the subject matter.

Running head: MONITORING & INTRUSION DETECTION SYSTEMS
MONITORING & INTRUSION DETECTION SYSTEMS
Name of the Student:
Name of the University:
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1MONITORING & INTRUSION DETECTION SYSTEMS
Question 1:-
Enumerate one incident that impacted in a significative way the aviation/air traffic control
industry
Answer:-
The AIBB has assumed that certain of the staff supervisory planes at the nation's air
traffic control towers were not capable of doing so in an initial report on a near-miss over
Nagpur airspace that was unconstrained last month. The airport authority must manage the
actions of thousands of aircraft, save them at safe distances from each other, through them during
departure and arrival from airports, direct them around bad climate and confirm that traffic flows
smoothly with negligible interruptions. The airport authority monitors a flight from leaving to
entry, observing at the several controllers involved, what everyone does, the apparatus they use,
and how they are skilled.
Question 2:-
Enumerate current adversaries (threat actors) and their implications. Write at least two examples
of Means Opportunities and Motives of 2 adversaries in one case
Answer:-
Between these two dissipations are another threat performers that can cause damage to an
airport, counting illegal organizations, disgruntled workers, and hackers (Raymond et al., 2015).
These naturally affect the privacy, integrity, and accessibility of systems and information that
can affect the statement of penetrating records (Roudet, Thurat & Turcot, 2016). According to
the research, once a hacker breaches the IT system, the airport is not only susceptible to outdated

2MONITORING & INTRUSION DETECTION SYSTEMS
IT dangers like ransomware and crypto-miners but also the attacker stirring into the OT system
and injuring these physical arrangements.
Question 3:-
Enumerate some examples of 2 or 3 attacks using social engineering. IN your own words, how
can you explain the relationship with the phases of the cyber kill chain?
Answer:-
The cyber kill chain is a sequence of stages that trace periods of a cyber-attack from the
initial reconnaissance phases to the exfiltration of information (Yadav & Rao, 2015). The kill
chain supports users to recognize and to fight ransomware, security breaks, and advanced
tenacious attacks. There are more than a few core periods in the cyber kill chain. They range
from surveillance to lateral measure to documents exfiltration. All of the standard attack
directions – whether phishing or physical force or the up-to-date strain of malware – trigger
action on the cyber kill chain.
Question 4:-
Answer:-
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) watch the network
constantly, identifying the possible logging information and incidents about them, reporting to
the security administrators about them and stopping incidents. The network traffic would first be
accessed by the router, from there it would be forwarded for firewall (FW) and then split into
demilitarized zone (DMZ) and local users. Firewall that is installed between internal and external
network would filter every incoming as well as outgoing data or traffic (Purwanto & Rahardjo,

3MONITORING & INTRUSION DETECTION SYSTEMS
2017). DMZ would be used as buffer zone for connecting hosts which provide interface to
external network that is untrusted by using internet, while keeping private internal network as
corporate network as isolated and separated form external network.
DDOS threats must get higher priority within security planning. IDS/IPS solution would
help in dealing with DDOS attacks. IDS/IPS system would track every connection for the
inspection as well as store in connection table. All packets would be matched against connection
table for verifying that this was transmitted through legitimate and established connection.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4MONITORING & INTRUSION DETECTION SYSTEMS
References:-
Purwanto, Y., & Rahardjo, B. (2017, July). Multistage process to decrease processing time in
intrusion prevention system. In 2017 3rd International Conference on Wireless and
Telematics (ICWT) (pp. 54-59). IEEE.
Raymond, S. S., Abubakari, A., Jo, H. S., Hong, H. J., & Son, H. K. (2015, October).
Compatibility between LTE and airport surveillance radar in 2700–2900 MHz radar
bands. In 2015 International Conference on Information and Communication Technology
Convergence (ICTC) (pp. 1037-1042). IEEE.
Roudet, J., Thurat, P. E., & Turcot, N. (2016). Airport ground-traffic surveillance systems data
feed innovative comprehensive analysis. Transportation research procedia, 14, 3741-
3750.
Yadav, T., & Rao, A. M. (2015, August). Technical aspects of cyber kill chain. In International
Symposium on Security in Computing and Communication (pp. 438-452). Springer,
Cham.