analysis of cybersecurity cyber security 2

analysis of cybersecurity cyber security 2

Attached sample : just for your reference… Please do not copy anything of it.

2. Basic direction for selecting two tools : Please do NOT choose the tools in the example(snort and kippo)

3. testing environment : ubuntu on vmware( user name : jayk )

4. special request : step by step instruction to install the two tools. I would like to make the environment on my computer.

Word length – body : 3000

Assignment : Apply analytical framework to cybersecurity capabilities, in order to bridge the gap between available technologies and desirable security properties. In doing so, understand and grasp the concepts and terminologies in this field, and gain experience in exploiting existing knowledge bases toward specific control objectives.

Instructions:

1. Understand technical characteristics. Pick two open-source tools for security assessment and control from different categories, e.g.:

a. Network Intrusion Detection System (Snort, Bro, etc.)

b. Host Intrusion Detection System (OSSEC, etc.)

c. Web Application Firewall (mod_security, etc.)

d. Honeypot (Kippo, etc.)

e. Security Information and Event Management (Cyberoam iView, etc.)

f. Network Vulnerability Scanner (nessus, etc.)

and understand their technical characteristics – i.e., what is the input and output, how they interact with, analyze, or aggregate input, and how they interact with operators. Use publicly available resources to help your understanding, e.g., manuals, white papers, slides, source code, and configuration examples.

Install and use these tools in your environment if possible. Confine the use of vulnerability scanner or other potentially offensive software within your own environment, e.g., by using virtual machines or physical separation.

2. Analyze cybersecurity capabilities. Based on the understanding of technical characteristics, discuss and analyze where they are effective (vulnerabilities, threats, risks), their limits, and identify residual risks (Note that we will introduce these concepts and terminologies in the class). You may combine or contrast the two tools that you have chosen, in order to develop unique views. In order to elaborate the discussion and analysis, use existing threat models (e.g., STRIDE) and existing risk management standard (ISO/IEC 27001). You may also use CVE, CWE and CAPEC to derive examples in your discussion. In your analysis, identify requirements to people (administrators, operators) and process (e.g., reporting duties, periodicity) in order to develop cybersecurity capabilities at organization level.

3. Report Writing. Prepare a comprehensive report which incorporates results of investigation, discussion and analysis from previous steps. Your ability to correctly use terminologies, existing models, knowledge base standards and risk management standards will be evaluated during our review. Organize your report for readability and integrity, and create Appendices wherever appropriate.