Assignment: LASA: Analysis of an Intrusion Detection System Report
This assignment builds upon the scenario introduced in LASA 1, from the organization Open Water Diving and Scuba Institute (OWDSI). Specifically, your focus will be on preparing a second supplemental report of approximately 8-10 pages that discusses the organization's intrusion detection system (IDS) and some of the recent reports from this system.
Scenario:
OWDSI's network engineers and system administrators have reported a number of strange network behaviors and system outages. A variety of traffic has been captured in response to this. In addition, network engineers report that the school is seeing very high levels of traffic from a wide variety of hosts and that this traffic is causing outages of the school's public-facing web server and other internal computer systems.
Management has requested that you review the network traffic to determine whether the institution's IDS and intrusion prevention systems (IPSs) can be used to prevent inbound attacks that are being detected. Your manager has requested that you analyze the detected attacks and create a report that describes each attack. Explain the threat it presents and whether the use of an IDS or an IPS is a suitable response.
The following is a compiled list of odd network behaviors reported by network engineers and system administrators of OWDSI:
1. Network traffic analysis shows that a single host is opening hundreds of secure shell (SSH) sessions to a single host every minute.
2. Network traffic shows that hundreds of hosts are constantly sending only synchronized (SYN) packets to a single web server on campus.
3. A system administrator reports that a single host is attempting to log on to a campus SSH server using different user name and password combinations thousands of times per day.
4. A new PDF-based exploit is announced that uses a malformed PDF to exploit Microsoft Windows XP systems.
5. Campus users are receiving e-mails claiming to be from the campus helpdesk. The e-mails ask for users to send their user names and passwords to retain access to their e-mails.
6. A domain name system (DNS) changer malware package has been located on one of the servers.
7. A JavaScript vulnerability is being used to exploit browsers via ad networks on major news sites, resulting in systems being infected with malware.
8. A zero-day vulnerability has been announced on the primary campus backup software's remote administration interface.
9. A virus is being sent via e-mail to campus users.
Tasks:
In a Microsoft Word document, prepare an 8- to 10-page report that addresses the various system irregularities. Your report should consist of the following:
• A cover page
• A table of contents
• An executive summary
o Develop an overview of the organization's key system issues and your recommended remedies
• System irregularities
o Identify and describe each attack listed
o Include an explanation of what each attack is trying to accomplish
• Analysis and recommendations
o Discuss how each of the vulnerabilities could be a potential issue and what the symptoms of each include
o Recommend how to address each of the nine odd network behaviors as described in the assignment scenario above. Justify your responses
o Determine whether an IDS could or should be used to detect each attack and whether each should be blocked using an IPS. Justify your responses
• References
Note: Utilize at least three scholarly or professional sources (beyond your textbook) in your paper. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources (i.e., in APA format); and display accurate spelling, grammar, and punctuation.