Networking Assignment: Incident Response, Forensics, and Encryption

Verified

Added on 2023/05/28

AI Summary

This networking assignment solution provides a detailed overview of several key security concepts. It begins by outlining the incident response procedure, including preparation, identification, containment, investigation, eradication, recovery, and follow-ups. It also discusses factors to consider in business continuity and disaster recovery plans, such as Maximum Tolerable Downtime (MTD) and Recovery Point Objective. The solution defines data breaches and details the procedures in data forensics, including policy development, evidence assessment, acquisition, examination, documentation, and reporting. Furthermore, it offers a comparative analysis of malware, social engineering, application, and wireless attacks, along with mitigation techniques. The importance of DNS and SNMP security is explained, with recommendations for securing networks against DNS and SNMP attacks. The assignment also covers practical tasks like configuring interfaces, enabling secret passwords on routers, and creating user access. Finally, it explores digital certificates, public key encryption, and SSL certificates, comparing conventional and public key encryption methods.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Networking
[Year]
TEMAOS | [Company address]

Question 1
Incident response procedure in brief.
The incident response procedure is made up of seven stages, they include:
 Preparation- this stage involves identifying what are the possible triggers to incidents,
and identifying the recovery procedure to resuming back to the normal sate. This phase
also involves establishing security policies. In addition, proper training is carried out in
this stage.
 Identification- this stage involve realizing the actual incident. The incidents may occur
as unusual or unexpected activities within or trying to enter a system.
 Containment- this only happens when the actual incident has been identified. It involves
keeping the incident at only the affected region thus reducing the scope of the incident.
 Investigation-this phase involve critically examining the situation so as to determine
what certainly happened to the system.
 Eradication-this phase involve removing the issue form the system. It is made up of two
tasks; the first one is conducting a clean up to remove the corrupted components and
secondly is reporting to the affected parties.
 Recovery-this is where the firm tries to resume back to its normal for. This stage
involves restoring the system functionalities and validating that the system is running as
usual.
 Follow-ups-this phase is the last one and is usually involves doing a reverberation of the
incident response procedure to determine the effectiveness of the procedure.
Factors needed to be considered while doing the business continuity plan of your
organization including disaster recovery plan
 Maximum Tolerable Downtime (MTD)-this is thinking of the maximum time that it
would take if your system is down to start losing customers or losing money.
 Recovery Point Objective- this is the point in time that a firm is looking to return its
data to while referencing the point in time that your system went off or was shutdown
(Ponnapalli, & Pullela,2010).
 Recovery Time Objective- this is the total time taken for a firm to carry out its data
recovery.
What do you understand by data breach?
Data Breach-this is a confirmed attack to the sensitive data of an organization. It is when the
information of a system is accessed through unauthorized procedures (Howarth, 2013).
The procedures in data forensics include:
 Policy and procedure development-this involves putting down rules and regulations
that govern the data in an organization.

 Evidence Assessment-this process involve evaluating to get a clear understanding the
possible evidences to cyber-crime.
 Evidence Acquisition-as the name suggests, this stage involves discovering the
evidences used to carry out the malicious activities.
 Evidence Examination-this is critically inspecting the evidence to determine the role
they plaid in carrying out cyber-crime activities.
 Documentation and Reporting-this is giving a detail and comprehensive documentation
of the information gathered from examining the evidences.
Provide a comparative analysis between Malware, Social engineering, Application and
wireless attack with the mitigation techniques or recommendations
A malware is a collective term that is used to name any malicious code, it is mostly used to gain
money and it cannot harm the physical hardware of a system. On the other hand, social
engineering attack is aimed to manipulating people to perform task in order to access a system.
Application attack is an attack where a malicious person uses the functionalities in an
application; they misuse the order in which an operation takes place. Wireless attacks is a
destructive action on the wireless information and systems.
Explain why DNS and SNMP security is important for any network. Provide necessary
recommendations for securing your network from DNS and SNMP attack
DNS security will prevent the user of a search engine form being directed to bogus site that can
act as gate ways to security attacks (Maino, Fine, Kuffel, & Zavalkovsky,2011). On the other hand
SNPM security prevents unauthorized user of a system for getting information of a network or
even controlling remote devises in a network
Preventive measures for preventing DNS attacks include:
 Regularly review your DNS
 Ensure your DNS servers are updated
 Obscure your BIND version
 Prevent DNS Zone transfers
 Make use of DDOS mitigation providers in your system
 Deploy a two-factor authentication protocol
The preventive measure for SNMP attacks include:
 Ensuring that the SNMPv3 are configured to the highest security level
 Make sure that the credentials of the network administrator are well configured
 Prevent unauthorized computers by using Access Control List
 Keep your network systems up-to-date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Question 2 : Configuring of the interfaces.
Devices layout
Task 1: R 1 Configuration

Router 2 Configuration
R3 int configuration

Radius server configuration
Task 2 :Enabling the secrete passwords in the routers (Finseth, 2009). ).
Secret passwords were enable using the above codes in each router.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Task 3 :Creating user access in R1.
Logging in using telnet.

Task 4 Configuring R-2
Router configured with the username Admin_Jasmin and password.

Tacacs server configured (Droms, Sudan, Desai, Chapman, & Krishnan).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Question 3
Task one.
The Syslog server is added
Router three configured with the timesatamp

Task 3
Task 4

Configuration of the location

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Task 5
Creation of the ips rules

Task 6
Changing the ips rule.

Task 7
Configuration of the interface.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Modify the signature Task 9

Question 4:

Task 1.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Task 2
Task 3

Task 4
Interface allocation
Task 5 vpn connectivity

Questi0on 5
What is a digital certificate? Explain how public key encryption works in the digital
certificate. Compare between conventional and public key encryption method, in your
opinion which is the better from a security point of view
Digital certificate- this is an electronica passcode or password that enable persons or
organizations to communicate over a network without compromising the security of data using a
public key infrastructure (PKI)
The public key encryption works with the use of a pair of keys that are generated by long
algorithms. One of the keys is private that is only contained by the owner of the key whereas the
other one is a public key that can be owned by anyone (Pruss, et 2015). The sender of a message
encrypts the message and only the corresponding public key can decrypt the message.
Comparison between conventional and public key encryption- in the conventional encryption,
there is only one key that is used to encrypt and decrypt the message whereas the public key
encryption has two keys; a private key for encryption and a public key for decryption. The
conventional encryption method id more secure since the key is private compared to the public
encryption where the decryption key can be accessed by anyone.
Analyze the SSL (Secure Socket Layer) certification of any bank in New Zealand and
answer the following questions:
I. Thirty nine months maximum period will the period of the certificate
II. The Public Key Infrastructure encryption algorithm will be used to create the signature
III. A certificate owner is a firm or individual who owns a website, whereas an issuer is a
Certificate authority i.e.
IV. - 38 Willis St, Wellington, 6011, New Zealand

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

References
Droms, R. E., Sudan, M., Desai, S. H., Chapman, J. T., & Krishnan, R. S. (2011). U.S. Patent No.
7,941,512. Washington, DC: U.S. Patent and Trademark Office.
Finseth, C. (2009). An access control protocol, sometimes called TACACS (No. RFC 1492).
Howarth, A. G. (2013). U.S. Patent No. 8,604,910. Washington, DC: U.S. Patent and Trademark Office.
Maino, F., Fine, M., Kuffel, I., & Zavalkovsky, A. (2011). U.S. Patent No. 7,992,193. Washington, DC: U.S.
Patent and Trademark Office.
Ponnapalli, R. V., & Pullela, V. (2010). U.S. Patent No. 7,861,076. Washington, DC: U.S. Patent and
Trademark Office.
Pruss, R. M., King, M. L., Fitzgerald, J., Hess, T., Grayson, M., Hovey, D., ... & Murty, K. S. R. C.
(2010). U.S. Patent No. 7,720,960. Washington, DC: U.S. Patent and Trademark Office.