Toggle navigation
Home
Ask A Question
Answer Questions
Users
Support/FAQ
Login
Register
704internetsecurity.docx
Details
Question Title:
SIEM, Firewall and Security as a Service
View the Question
Preview - Click download on the question page for the full document.
<!DOCTYPE html PUBLIC "-//ABISOURCE//DTD XHTML plus AWML 2.2//EN" "http://www.abisource.com/2004/xhtml-awml/xhtml-awml.mod"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:awml="http://www.abisource.com/2004/xhtml-awml/"> <head> <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" /> <title> Abiword HTML Document </title> </head> <body> <div> <p> <span style="font-weight:bold;font-size:16pt;font-family:'Times New Roman'">Assignment 3: SIEM, Firewall and Security as a Service</span> </p> <p> <span style="font-weight:bold;font-size:18pt;font-family:'Times New Roman'">OBJECTIVES:</span> </p> <p> </p> <p> <span style="font-weight:bold;font-size:16pt;font-family:'Times New Roman'">Objective#1 Use a demo SIEM to explore the function of SIEM</span> </p> <p> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffffff">If you are concerned about installing any of the software in these projects on your regular computer you can instead install the software in the Windows virtual machine </span> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';background:#ffff00">or AWS</span><span style="font-size:12pt;font-family:'Times New Roman'">.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffffff">Using AlienVault SIEM Tools Security and Information Event Management (SIEM) product consolidates real-time monitoring and management of security information along with an analysis and reporting of Security events. In this activity, you access online AlienVault, a SIEM product 1. Use your web browser to go to cybersecurity.att.com. Click on the ONLINE DEMO button in top right of the screen. You will need to fill in a form before you can get to the demo. The system will create a login for you.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <img style="width:165.9mm; height:103.7mm" src="704internetsecurity.docx.txt_files/rId8.png" title="" alt="" align="" /></p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman'">Enter the Live Site to check out the demo.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-weight:bold;font-size:14pt;font-family:'Times New Roman';background:#d3d3d3">Mini-activity 1: Explore the attacks</span><span style="font-weight:bold;font-size:14pt;font-family:'Times New Roman'"></span></p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">The Alienvault online demo appears. Click on the Dashboards Overview and you will see the overview. Go to the Alarms by Intent session and choose one alarm. Click into the event. What is the event about? What is the vulnerability of the event? Please printscreen together with your answers. What are the recommendations for suggestions regarding how to mitigate this attack? Is the information helpful?</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <img style="width:165.9mm; height:103.7mm" src="704internetsecurity.docx.txt_files/rId9.png" title="" alt="" align="" /></p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:14pt;font-family:'Times New Roman';background:#d3d3d3">Mini-activity 2: Create filtering rules</span> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">Then go back to the main page of the demo. Select SETTINGS>RULES and create the following filter rules:</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">RULE1: Filter all DNS TCP traffic from the source IP 24.114.114.23 to the destination IP 25.123.123.11.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">RULE2: Filter all UDP NTP traffic from the source IP 11.11.23.12 to and destination country is CA.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <img style="width:165.9mm; height:103.7mm" src="704internetsecurity.docx.txt_files/rId10.png" title="" alt="" align="" /></p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">Display each rule setting by screenshot.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">Save the rules and go back to the settings to verify if the rules have been created.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <img style="width:165.9mm; height:103.7mm" src="704internetsecurity.docx.txt_files/rId11.png" title="" alt="" align="" /></p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-weight:bold;font-size:14pt;font-family:'Times New Roman';color:#222222;background:#d3d3d3">Mini-activity 3: Vulnerability scan</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">Do you know how to do a vulnerability scan using the SIEM tool? If so, please explain the steps and shown the screenshot.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-weight:bold;font-size:16pt;font-family:'Times New Roman';color:#222222">Objective #2 Firewall</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:14pt;font-family:'Times New Roman'">(This activity is directly copy from reference the textbook lab 6-2)</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">In this project, you edit configuration settings on Windows Firewall.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">Windows Firewall uses three different profiles: domain (when the computer is connected to a Windows domain), private (when connected to a private network, such as a work or home network), and public (used when connected to a public network, such as a public Wi-Fi). A computer may multiple pro so that a business laptop computer may use the domain profile at work, the private profile when connected to the home network, and the public profile when connected to a public Wi-Fi network. Windows asks whether a network is public or private when you first connect to it.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">1. Click Start, click the search icon, and enter Firewall.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">2. Click Windows Firewall Control panel.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">3. Click Turn Windows Firewall on or off. Be sure that the Windows Firewall is turned on for both private and public networks,</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">4. Under Public network settings check Block all Incoming connections, including those in the list of allowed apps. This provides an extra level of security when using a public network such as a free Wi-Fi network by preventing a malicious incoming connection from another computer on the network. Click OK</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">5 To allow an inbound connection from an installed application in the left pane click Allow an app or feature through Windows Firewall.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">6 Each program or feature of Windows can be chosen to allow an incoming connection on public or private networks. Click Allow another app.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">7 From here you can select an app that will permit an incoming connection. Because this is a security risk, click Cancel and then OK</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">8. Now check the configuration properties of Windows Firewall. Click Advanced settings.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">9. Click Properties in the right pane.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">10. Note the settings on each of the profiles by clicking the Domain Profile, Private Profile, and Public Profile tabs</span><span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffff00">. Is there any difference in the settings between these</span><span style="font-size:12pt;font-family:'Times New Roman';color:#222222"></span><span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffff00">profiles? Why?</span><span style="font-size:12pt;font-family:'Times New Roman';color:#222222"></span></p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">11. On each tab under Settings, click Customize. Be sure that Display a notification is set to Yes.</span><span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffff00">Why would this be important?</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">12. Click OK to return to the Windows Firewall with Advanced Security page</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">13. In addition to being application-aware, Windows Firewall also can be configured firewall rules. Click Outbound Rules in the left pane to block a program from reaching for the Internet.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">14. In the right pane, click New Rule.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">15. Click Port and then click Next.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">Note</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">In addition to ports, the Windows Firewall also can block by program (Program) or even by program, port, and IP address (Custom).</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">16. If necessary, click TCP.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">17. Next to Specific remote ports: enter 80. Click Next. 18. If necessary, click Block the connect. Click Next.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">19. Be sure that this new rule applies to all three domains. Click Next.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">20. Under Name: enter Blocking Port 80. Click Finish</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffff00">21. Now open a web browser and try to connect to a http site. What happens? Why?</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222;background:#ffff00">22. Now open a web browser and try to connect to a https site. What happens? Why?</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">22. Click the Back button to return to the Windows Firewall screen and click Action and Restore Default Policy to disable this rule. If a warning dialog box appears, click Yes. Click OK</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">23. Select Outbound Rules in the left pane. In the right pane, click New Rule</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">24. Click Custom and Next</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">25. If necessary, click All programs and Next.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">26. Note that you can configure a firewall rule based on protocol, protocol number,</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">port, and remote port.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">27. Click Cancel</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman';color:#222222">28. Close all windows.</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-weight:bold;font-size:16pt;font-family:'Times New Roman';color:#222222">Objective #3 Security as a Service</span> </p> <p style="text-align:justify"> </p> <p style="text-align:justify"> <span style="font-size:12pt;font-family:'Times New Roman'">Today a lot of security company offer security as a service in their cloud platform. Do your research and find one vendor who provides security as a service. Describe in you own wordings what services they are offering to the customer. What kind of mitigation they can provide during the attack. Please include all references.</span> </p> <p awml:style="footer"> </p> <p awml:style="footer"> </p> <p class="default_text" style="text-align:right" awml:style="Default Text"> </p> <p awml:style="footer"> </p> <p awml:style="footer"> </p> <p class="default_text" style="text-align:right" awml:style="Default Text"> </p> <p awml:style="footer"> <div> </div> <p awml:style="footer"> </p> <p class="default_text" style="text-align:right" awml:style="Default Text"> </p> <p awml:style="footer"> </p> </p> </div> </body></html> ">
