Networking Assignment: Incident Response, Forensics, and Encryption

Verified

Added on 2023/05/28

AI Summary

This networking assignment solution provides a detailed overview of several key security concepts. It begins by outlining the incident response procedure, including preparation, identification, containment, investigation, eradication, recovery, and follow-ups. It also discusses factors to consider in business continuity and disaster recovery plans, such as Maximum Tolerable Downtime (MTD) and Recovery Point Objective. The solution defines data breaches and details the procedures in data forensics, including policy development, evidence assessment, acquisition, examination, documentation, and reporting. Furthermore, it offers a comparative analysis of malware, social engineering, application, and wireless attacks, along with mitigation techniques. The importance of DNS and SNMP security is explained, with recommendations for securing networks against DNS and SNMP attacks. The assignment also covers practical tasks like configuring interfaces, enabling secret passwords on routers, and creating user access. Finally, it explores digital certificates, public key encryption, and SSL certificates, comparing conventional and public key encryption methods.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Networking
[Year]
TEMAOS | [Company address]

Question 1
Incident response procedure in brief.
The incident response procedure is made up of seven stages, they include:
 Preparation- this stage involves identifying what are the possible triggers to incidents,
and identifying the recovery procedure to resuming back to the normal sate. This phase
also involves establishing security policies. In addition, proper training is carried out in
this stage.
 Identification- this stage involve realizing the actual incident. The incidents may occur
as unusual or unexpected activities within or trying to enter a system.
 Containment- this only happens when the actual incident has been identified. It involves
keeping the incident at only the affected region thus reducing the scope of the incident.
 Investigation-this phase involve critically examining the situation so as to determine
what certainly happened to the system.
 Eradication-this phase involve removing the issue form the system. It is made up of two
tasks; the first one is conducting a clean up to remove the corrupted components and
secondly is reporting to the affected parties.
 Recovery-this is where the firm tries to resume back to its normal for. This stage
involves restoring the system functionalities and validating that the system is running as
usual.
 Follow-ups-this phase is the last one and is usually involves doing a reverberation of the
incident response procedure to determine the effectiveness of the procedure.
Factors needed to be considered while doing the business continuity plan of your
organization including disaster recovery plan
 Maximum Tolerable Downtime (MTD)-this is thinking of the maximum time that it
would take if your system is down to start losing customers or losing money.
 Recovery Point Objective- this is the point in time that a firm is looking to return its
data to while referencing the point in time that your system went off or was shutdown
(Ponnapalli, & Pullela,2010).
 Recovery Time Objective- this is the total time taken for a firm to carry out its data
recovery.
What do you understand by data breach?
Data Breach-this is a confirmed attack to the sensitive data of an organization. It is when the
information of a system is accessed through unauthorized procedures (Howarth, 2013).
The procedures in data forensics include:
 Policy and procedure development-this involves putting down rules and regulations
that govern the data in an organization.

 Evidence Assessment-this process involve evaluating to get a clear understanding the
possible evidences to cyber-crime.
 Evidence Acquisition-as the name suggests, this stage involves discovering the
evidences used to carry out the malicious activities.
 Evidence Examination-this is critically inspecting the evidence to determine the role
they plaid in carrying out cyber-crime activities.
 Documentation and Reporting-this is giving a detail and comprehensive documentation
of the information gathered from examining the evidences.
Provide a comparative analysis between Malware, Social engineering, Application and
wireless attack with the mitigation techniques or recommendations
A malware is a collective term that is used to name any malicious code, it is mostly used to gain
money and it cannot harm the physical hardware of a system. On the other hand, social
engineering attack is aimed to manipulating people to perform task in order to access a system.
Application attack is an attack where a malicious person uses the functionalities in an
application; they misuse the order in which an operation takes place. Wireless attacks is a
destructive action on the wireless information and systems.
Explain why DNS and SNMP security is important for any network. Provide necessary
recommendations for securing your network from DNS and SNMP attack
DNS security will prevent the user of a search engine form being directed to bogus site that can
act as gate ways to security attacks (Maino, Fine, Kuffel, & Zavalkovsky,2011). On the other hand
SNPM security prevents unauthorized user of a system for getting information of a network or
even controlling remote devises in a network
Preventive measures for preventing DNS attacks include:
 Regularly review your DNS
 Ensure your DNS servers are updated
 Obscure your BIND version
 Prevent DNS Zone transfers
 Make use of DDOS mitigation providers in your system
 Deploy a two-factor authentication protocol
The preventive measure for SNMP attacks include:
 Ensuring that the SNMPv3 are configured to the highest security level
 Make sure that the credentials of the network administrator are well configured
 Prevent unauthorized computers by using Access Control List
 Keep your network systems up-to-date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question 2 : Configuring of the interfaces.
Devices layout
Task 1: R 1 Configuration

Router 2 Configuration
R3 int configuration

Radius server configuration
Task 2 :Enabling the secrete passwords in the routers (Finseth, 2009). ).
Secret passwords were enable using the above codes in each router.