Threat hunting - Research paper (5 pages) based on case study

Your team currently works as a research wing for a standard SOC (Security Operations Center).  The SOC keeps analytics on the current trends within the network.  Your team will be assigned a current issue that has been seen at the border of the network, trying to infiltrate the organizations network/systems.  Upon being assigned your item, it will be your job to go out and search OSINT (Open Source Intelligence) for more information on the attack being observed.  This could be a single port number, a series of attacks that has been identified, or an IP address to research and identify; your professor will assign this.  Your deliverable will be a 5 page APA style research report with your findings.  Discover current attacks being performed through this port, or current state of a known scanning suite.  Find sources, if possible, source code of attacks that are known to exploit this weakness and break down the code.  List known services on the affected ports that are associated and current attacks being performed on these services (list any CVE findings and briefly list and explain).  Look at SNORT rules that watch for these attacks and list that SID.

Finally, to wrap-up your research, present the current risk level associated with this threat.  Use the FAIR methodology to derive your threat assessment.  The attached FAIR PDF will walk you through your analysis.  To complete the FAIR document:

  • Step 1:  Asset at Risk will be the organization's primary e-commerce web server.
  • Step 2:  You will provide this answer based on your research.
  • Step 3:  You will provide this answer based on your research; however, keep in mind how many times per day this is scanning the network, which will be given to your when you receive your topic.
  • Step 4:  You will provide this answer based on your research.
  • Step 5:  Assume the e-Commerce server is fully up-to-date and running the following base software:  Red Hat Linux, Apache, MariaDB, Drupal, PHP and is hardened based on base NIST recommendations for operations.
  • Step 6-7:  Calculate
  • Step 8:  Assume Moderate
  • Step 9:  Assume Moderate
  • Step 10:  Calculate and create this chart in excel with the appropriate item highlighted.  Include this chart in your paper and presentation.


The paper should be based on " There is an uptick in port 8080 according to SANS Top 10. Why is that being targeted currently? "

Note: See the attachment for case study (FAIR_brag.pdf)

**No Plagiarism** 


Get Help With a similar task to - Threat hunting - Research paper (5 pages) based on case study

Login to view and/or buy answers.. or post an answer
Additional Instructions:

Risk Management Insight FAIR (FACTOR ANALYSIS OF INFORMATION RISK) Basic Risk Assessment Guide FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC NOTE: Before using this assessment guide… Using this guide effectively requires a solid understanding of FAIR concepts ‣ As with any high-level analysis method, results can depend upon variables that may not be accounted for at this level of abstraction ‣ The loss magnitude scale described in this section is adjusted for a specific organizational size and risk capacity. Labels used in the scale (e.g., “Severe”, “Low”, etc.) may need to be adjusted when analyzing organizations of different sizes ‣ This process is a simplified, introductory version that may not be appropriate for some analyses Basic FAIR analysis is comprised of ten steps in four stages: Stage 1 – Identify scenario components 1. Identify the asset at risk 2. Identify the threat community under consideration Stage 2 – Evaluate Loss Event Frequency (LEF) 3. Estimate the probable Threat Event Frequency (TEF) 4. Estimate the Threat Capability (TCap) 5. Estimate Control strength (CS) 6. Derive Vulnerability (Vuln) 7. Derive Loss Event Frequency (LEF) Stage 3 – Evaluate Probable Loss Magnitude (PLM) 8. Estimate worst-case loss 9. Estimate probable loss Stage 4 – Derive and articulate Risk 10. Derive and articulate Risk Risk Loss Event Frequency Probable Loss Magnitude Threat Event Frequency Vulnerability Contact Action Control Strength Threat Capability Primary Loss Factors Secondary Loss Factors Asset Loss Factors Threat Loss Factors Organizational Loss Factors External Loss Factors FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 1 – Identify Scenario Components Step 1 – Identify the Asset(s) at risk In order to estimate the control and value characteristics within a risk analysis, the analyst must first identify the asset (object) under evaluation. If a multilevel analysis is being performed, the analyst will need to identify and evaluate the primary asset (object) at risk and all meta-objects that exist between the primary asset and the threat community. This guide is intended for use in simple, single level risk analysis, and does not describe the additional steps required for a multilevel analysis. Asset(s) at risk: ______________________________________________________ Step 2 – Identify the Threat Community In order to estimate Threat Event Frequency (TEF) and Threat Capability (TCap), a specific threat community must first be identified. At minimum, when evaluating the risk associated with malicious acts, the analyst has to decide whether the threat community is human or malware, and internal or external. In most circumstances, it’s appropriate to define the threat community more specifically – e.g., network engineers, cleaning crew, etc., and characterize the expected nature of the community. This document does not include guidance in how to perform broad-spectrum (i.e., multi-threat community) analyses. Threat community: ______________________________________________________ Characterization FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 2 – Evaluate Loss Event Frequency Step 3 – Threat Event Frequency (TEF) The probable frequency, within a given timeframe, that a threat agent will act against an asset Contributing factors: Contact Frequency, Probability of Action Rating  Description Very High (VH) > 100 times per year High (H) Between 10 and 100 times per year Moderate (M) Between 1 and 10 times per year Low (L) Between .1 and 1 times per year Very Low (VL) < .1 times per year (less than once every ten years) Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 4 – Threat Capability (Tcap) The probable level of force that a threat agent is capable of applying against an asset Contributing factors: Skill, Resources Rating  Description Very High (VH) Top 2% when compared against the overall threat population High (H) Top 16% when compared against the overall threat population Moderate (M) Average skill and resources (between bottom 16% and top 16%) Low (L) Bottom 16% when compared against the overall threat population Very Low (VL) Bottom 2% when compared against the overall threat population Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 5 – Control strength (CS) The expected effectiveness of controls, over a given timeframe, as measured against a baseline level of force Contributing factors: Strength, Assurance Rating  Description Very High (VH) Protects against all but the top 2% of an avg. threat population High (H) Protects against all but the top 16% of an avg. threat population Moderate (M) Protects against the average threat agent Low (L) Only protects against bottom 16% of an avg. threat population Very Low (VL) Only protects against bottom 2% of an avg. threat population Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 6 – Vulnerability (Vuln) The probability that an asset will be unable to resist the actions of a threat agent Tcap (from step 4): CS (from step 5): Vulnerability VH VH VH VH H M H VH VH H M L Tcap M VH H M L VL L H M L VL VL VL M L VL VL VL VL L M H VH Control Strength Vuln (from matrix above): FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 7 – Loss Event Frequency (LEF) The probable frequency, within a given timeframe, that a threat agent will inflict harm upon an asset TEF (from step 3): Vuln (from step 6): Loss Event Frequency VH M H VH VH VH H L M H H H TEF M VL L M M M L VL VL L L L VL VL VL VL VL VL VL L M H VH Vulnerability LEF (from matrix above): FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 3 – Evaluate Probable Loss Magnitude Step 8 – Estimate worst-case loss Estimate worst-case magnitude using the following three steps: ‣ Determine the threat action that would most likely result in a worst-case outcome ‣ Estimate the magnitude for each loss form associated with that threat action ‣ “Sum” the loss form magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999 Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 9 – Estimate probable loss Estimate probable loss magnitude using the following three steps: ‣ Identify the most likely threat community action(s) ‣ Evaluate the probable loss magnitude for each loss form ‣ “Sum” the magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999 Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 4 – Derive and Articulate Risk Step 10 – Derive and Articulate Risk The probable frequency and probable magnitude of future loss Well-articulated risk analyses provide decision-makers with at least two key pieces of information: ‣ The estimated loss event frequency (LEF), and ‣ The estimated probable loss magnitude (PLM) This information can be conveyed through text, charts, or both. In most circumstances, it’s advisable to also provide the estimated high-end loss potential so that the decision-maker is aware of what the worst-case scenario might look like. Depending upon the scenario, additional specific information may be warranted if, for example: ‣ Significant due diligence exposure exists ‣ Significant reputation, legal, or regulatory considerations exist Risk Severe H H C C C High M H H C C PLM Significant M M H H C Moderate L M M H H Low L L M M M Very Low L L M M M VL L M H VH LEF LEF (from step 7): PLM (from step 9): WCLM (from step 8): Key Risk Level C Critical H High M Medium L Low FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC

Risk Management Insight FAIR (FACTOR ANALYSIS OF INFORMATION RISK) Basic Risk Assessment Guide FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC NOTE: Before using this assessment guide… Using this guide effectively requires a solid understanding of FAIR concepts ‣ As with any high-level analysis method, results can depend upon variables that may not be accounted for at this level of abstraction ‣ The loss magnitude scale described in this section is adjusted for a specific organizational size and risk capacity. Labels used in the scale (e.g., “Severe”, “Low”, etc.) may need to be adjusted when analyzing organizations of different sizes ‣ This process is a simplified, introductory version that may not be appropriate for some analyses Basic FAIR analysis is comprised of ten steps in four stages: Stage 1 – Identify scenario components 1. Identify the asset at risk 2. Identify the threat community under consideration Stage 2 – Evaluate Loss Event Frequency (LEF) 3. Estimate the probable Threat Event Frequency (TEF) 4. Estimate the Threat Capability (TCap) 5. Estimate Control strength (CS) 6. Derive Vulnerability (Vuln) 7. Derive Loss Event Frequency (LEF) Stage 3 – Evaluate Probable Loss Magnitude (PLM) 8. Estimate worst-case loss 9. Estimate probable loss Stage 4 – Derive and articulate Risk 10. Derive and articulate Risk Risk Loss Event Frequency Probable Loss Magnitude Threat Event Frequency Vulnerability Contact Action Control Strength Threat Capability Primary Loss Factors Secondary Loss Factors Asset Loss Factors Threat Loss Factors Organizational Loss Factors External Loss Factors FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 1 – Identify Scenario Components Step 1 – Identify the Asset(s) at risk In order to estimate the control and value characteristics within a risk analysis, the analyst must first identify the asset (object) under evaluation. If a multilevel analysis is being performed, the analyst will need to identify and evaluate the primary asset (object) at risk and all meta-objects that exist between the primary asset and the threat community. This guide is intended for use in simple, single level risk analysis, and does not describe the additional steps required for a multilevel analysis. Asset(s) at risk: ______________________________________________________ Step 2 – Identify the Threat Community In order to estimate Threat Event Frequency (TEF) and Threat Capability (TCap), a specific threat community must first be identified. At minimum, when evaluating the risk associated with malicious acts, the analyst has to decide whether the threat community is human or malware, and internal or external. In most circumstances, it’s appropriate to define the threat community more specifically – e.g., network engineers, cleaning crew, etc., and characterize the expected nature of the community. This document does not include guidance in how to perform broad-spectrum (i.e., multi-threat community) analyses. Threat community: ______________________________________________________ Characterization FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 2 – Evaluate Loss Event Frequency Step 3 – Threat Event Frequency (TEF) The probable frequency, within a given timeframe, that a threat agent will act against an asset Contributing factors: Contact Frequency, Probability of Action Rating  Description Very High (VH) > 100 times per year High (H) Between 10 and 100 times per year Moderate (M) Between 1 and 10 times per year Low (L) Between .1 and 1 times per year Very Low (VL) < .1 times per year (less than once every ten years) Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 4 – Threat Capability (Tcap) The probable level of force that a threat agent is capable of applying against an asset Contributing factors: Skill, Resources Rating  Description Very High (VH) Top 2% when compared against the overall threat population High (H) Top 16% when compared against the overall threat population Moderate (M) Average skill and resources (between bottom 16% and top 16%) Low (L) Bottom 16% when compared against the overall threat population Very Low (VL) Bottom 2% when compared against the overall threat population Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 5 – Control strength (CS) The expected effectiveness of controls, over a given timeframe, as measured against a baseline level of force Contributing factors: Strength, Assurance Rating  Description Very High (VH) Protects against all but the top 2% of an avg. threat population High (H) Protects against all but the top 16% of an avg. threat population Moderate (M) Protects against the average threat agent Low (L) Only protects against bottom 16% of an avg. threat population Very Low (VL) Only protects against bottom 2% of an avg. threat population Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 6 – Vulnerability (Vuln) The probability that an asset will be unable to resist the actions of a threat agent Tcap (from step 4): CS (from step 5): Vulnerability VH VH VH VH H M H VH VH H M L Tcap M VH H M L VL L H M L VL VL VL M L VL VL VL VL L M H VH Control Strength Vuln (from matrix above): FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 7 – Loss Event Frequency (LEF) The probable frequency, within a given timeframe, that a threat agent will inflict harm upon an asset TEF (from step 3): Vuln (from step 6): Loss Event Frequency VH M H VH VH VH H L M H H H TEF M VL L M M M L VL VL L L L VL VL VL VL VL VL VL L M H VH Vulnerability LEF (from matrix above): FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 3 – Evaluate Probable Loss Magnitude Step 8 – Estimate worst-case loss Estimate worst-case magnitude using the following three steps: ‣ Determine the threat action that would most likely result in a worst-case outcome ‣ Estimate the magnitude for each loss form associated with that threat action ‣ “Sum” the loss form magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999 Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 9 – Estimate probable loss Estimate probable loss magnitude using the following three steps: ‣ Identify the most likely threat community action(s) ‣ Evaluate the probable loss magnitude for each loss form ‣ “Sum” the magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999 Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 4 – Derive and Articulate Risk Step 10 – Derive and Articulate Risk The probable frequency and probable magnitude of future loss Well-articulated risk analyses provide decision-makers with at least two key pieces of information: ‣ The estimated loss event frequency (LEF), and ‣ The estimated probable loss magnitude (PLM) This information can be conveyed through text, charts, or both. In most circumstances, it’s advisable to also provide the estimated high-end loss potential so that the decision-maker is aware of what the worst-case scenario might look like. Depending upon the scenario, additional specific information may be warranted if, for example: ‣ Significant due diligence exposure exists ‣ Significant reputation, legal, or regulatory considerations exist Risk Severe H H C C C High M H H C C PLM Significant M M H H C Moderate L M M H H Low L L M M M Very Low L L M M M VL L M H VH LEF LEF (from step 7): PLM (from step 9): WCLM (from step 8): Key Risk Level C Critical H High M Medium L Low FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC

Related Questions

Similar orders to Threat hunting - Research paper (5 pages) based on case study
14
Views
0
Answers
c++ lab 1 intro lab
P ROBLEM STATEMENT: A review and extension of cs132: sort a file with 120 records. However, due to memory restrictions only 20 records may be placed into memory. You are to implement a “quasi” external sort CODE/DIRECTIONS: For the sake of si...
15
Views
0
Answers
Cryptography Assignment C
1. Write two programs that use some of the build-in Cryptographic APIs a. Write one C program that uses Symmetric-Key algorithm b. Write one C program that used Asymmetric-key algorithm c. Use C programming language to write your code d. Make sure tha...
5
Views
0
Answers
DFA&NFA Perl language
Question about DFA and NFA Perl programming for DFA and NFA...
9
Views
0
Answers
Python Coding Homework
Its about python implementation of linguistic computer science. Due to covid its our form of exam this year and I need it till 31st of January. There will be another one of these - maybe you could calculate the price of that one on top of that....