Task 1: Systematic Information Environments
It is important to understand the opinion of an information system expert and how it relates to the IS environment. Information systems professionals focus on integrating IT solutions and business processes to meet the information needs of businesses and other organizations, and enable them to achieve their objectives in an effective and efficient way. This ethical perspective on “information technology” emphasizes information and sees technology as a tool for generating, processing and distributing the necessary information(Musa,2019). Professionals in this field are primarily concerned with information that can help companies define and achieve the goals of computer systems and the processes that can be implemented using information technology. Information systems specialists often work in large and complex private and public organizations, and correspondingly large and complex information systems. They understand technical and organizational factors, and information and technology-driven business processes can help the company determine how it can deliver a competitive advantage(Beasley,2014).
All business activities are driven by innovation, and regularly when organizations use innovation in their tasks, it offers an upper hand. We have seen many major digital assaults and information spills as of late. Present day web the executives’ conditions are further developed than traditional network safety draws near. Be that as it may, numerous data resources and specialized administrations are dependent upon a wide scope of digital protection hazards, including information spills. Organizations need to execute information security principles and consistence to shield information from obscure digital assaults and shock assaults. This network safety system improves the security of delicate information so it tends to be effectively identified in case of an unexpected assault (when it happens, why it happens, and where it happens).
Organizations are utilizing ‘essential’ security principles as cyber bullying episodes keep on expanding. Organizations have introduced encryption for secure information move to manage firewalls, IDS/IPS, VPN, weakness programming, fix the executives programming, antivirus programming, antispyware programming and all conceivable digital assaults. Be that as it may, organizations have encountered various focused on cyber-attacks, and these cyborotics proceed to increment, and each time the business encounters various degrees of inward and outer security chances. Data security is basic to looking after secrecy, trustworthiness and information accessibility(Beasley,2015).
Security Strategy areas given below
Prevention
Prevention has long been the preferred method to prevent cybercriminals from malicious companies. This cyber-attack occurred due to improper implementation of security standard and data security compliance. Businesses should primarily focus on preventing unauthorized access and releasing sensitive information.
Deterrence
Cyber defence provides greater flexibility and increased options from traditional prevention methods developed in the nuclear age of the Cold War. In addition to traditional retaliation, cyber security includes options such as taking legal action and making networks invisible, flexible, and interdependent.
Detection
Threat detection is the practice of analysing the entire area of the security ecosystem to identify any malicious activity that could compromise the network. If a threat is detected, mitigation efforts should be implemented to properly neutralize the threat.
Protection
Cyber security refers to the body of technologies, processes, and procedures designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.IT Security Managers work as an organization’s experts in cyber security security, detection, response and recovery. However, the responsibilities of an IT security manager vary depending on the size of the company.
Response
The aim is to handle the situation in a way that minimises damage and reduces the time and cost of recovery. When developing a response plan for organisations, we need to teach staff how to respond and take immediate action.
Task 2: Implementation and management of offensive Cyber Operations
Dangerous Internet activity refers to computer activity. To disrupt, deny, degrade, and / or destroy. Dangerous cyber activities usually take place in several stages.
Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy target computers, information systems or networks.
An attack should not be considered a cyber-activity automatically, but may indicate its direct and indirect effect on the conflict. It reveals a complex relationship between task excellence and strategic success. Well-written code can provide excellent tactical value, but does not guarantee strategic value, while failed use of cyber capability can provide strategic gains. An example of this malicious logic is the viper malware targeting the world’s largest oil company, the malware had multiple coding errors and was poorly executed. Given Iran’s broader conflict situation and posture in the region, it could have made a positive contribution. At the very least, Iran has shown that it does not want others to retreat immediately(Luiijf,2015).
This deployment showed Iran’s military diligence and improved its political position compared to other states. Cyber activities refer to the response of governments and organizations to cybercrime, terrorism and war, and include computer network security, exploitation and attack. To date, cyber activities have been primarily defensive, with attackers taking the initiative (Sanders,2017). Many strategies call for the establishment of a cyber-security operation center (TSO, 2009) and a better understanding of attacks.
Research on cyber-attacks will improve the scientific understanding of how attackers act, why they choose specific targets, and the tools and technologies they use. This advanced understanding can then be used to implement better defenses. This includes responding to an (upcoming) attack by a counter-attack or neutralizing it before the attack begins.
Task 3: Substantial investigations under the context of situational awareness
Situational awareness (SA) lets decision-makers have the facts and understanding available in an organization to make informed decisions in the course of their work. It can be primarily based on helping individuals and organizations in the cyber world secure their properties, or it can be more far-reaching. SA makes it possible for a company to get relevant information, incorporate the information, and disseminate it to help people make informed choices.
Protecting Organizational Assets
There are many properties that even the smallest companies have to defend from cyber attacks. Prioritizing safeguards for certain properties is a requirement in an understaffed, underfunded, and over-compromised environment. Prioritizing must take place in
- Security hardening of individual devices and particular parts of networks or business units
- Reactions to compromises
- Hiring for particular positions
Policies and Governance
Good policies and governance are provided as the backbone of asset security. The standards and business needs of the company determine the activities are security problems. The stricter the rules, the easier it is to spot a violation of them and, in the first place, the easier it is to avoid a breach(Raj,2018).
The stronger the awareness of how individual assets will be used, by whom, and when, the more likely it is that a breach will be completely avoided, and when they occur, the quicker security breaches will be detected.
Security Functions
Security features reflect the methods organizations use to safeguard their resources. Technical elements, organised procedures, and organic methods are part of protection functions. They cover the complete asset, protective, and event lifecycles. These functions are also dispersed through several teams, but other functions need to be notified by the data they each produce. Security function practises are constantly changing the world and can also influence the goals and efficacy of other roles, both security and enterprise(Bagyalakshmi,2018)
About Situational Awareness
perception, comprehension, projection, and resolution to the OODA loop of “observe, orient, decide, and act.” Such models are good for understanding the definition of situational awareness, but their functional application to cyber security is not always apparent(Tosh,2017).
In terms of four elements, situation awareness:
- Know what is supposed to be.
- Pursue what it is.
- Infer when does not fit when it should be and is.
- About the discrepancies, do something.
An enterprise’s cyber security situation
- Legal users of systems and devices that are internal and public-facing
- Registered equipment and what it is used for
- Processes and applications that have been accepted, where they are permitted and how they represent the organization
The more reliable the details available to security officials, the easier it would be for them to infer and do something about whether there are security concerns. Accurate data means providing well-defined security protocols, efficient access controls, up-to-date inventories, and accurate diagrams of the network.
The first is to collect data on organizational purpose (what organizations mean to allow to accomplish their goals). The second one is about investigating what is really going on in the business. Security teams do not track all of cyberspace directly; they must use different resources available to them to establish insight into the cyberspace arena, which is geographically dispersed and essentially invisible. In future blog posts, we will go into greater depth on how to achieve the visibility, but the general idea is to control
- Devices, processes/applications and users that are observed
- What recognised vulnerabilities exist for the computers, procedures, and applications observed
- How improvements are made in the use of different systems and devices
- For systems, computers, and users, what usage patterns and cycles exist
The approach here incorporates information from sensing points and combines the information in a way that makes it beneficial for security feature support analysts to infer when it does and does not fit.
When something happens that shouldn’t happen, a security problem arises. Certain inference approaches are Violation of direct policy Historical data deviations (significant changes in what is) unusual outliers in outlier-detection studies appear Identification of Newness Matching Strategy, Technique, and Process (TTP)
Organizations must ensure that the portion of the company responsible for the assets concerned is routed and resolved with details about the results and that they consider ways to avoid such problems in the future.
Situational Awareness Process
The process of gathering relevant information from throughout the enterprise, integrating it into functional intelligence, and re-disseminating it to help people make informed decisions in the organisation is situational awareness. Efficient knowledge of circumstances needs(Koepke,2017)
- Individuals that have good coordination through business units and the ability to interpret and make sense of diverse information,
- Supporting technologies for the processing, review and storage of vast volumes of data and
- The ability to map subsets of findings in a manner that suits priorities and allows the best use of resources with the corresponding sub-set of meaning.
Indeed, even in the best-financed, most develop organizations, there are data holes in understanding what the current circumstance is and what it ought to be. Successful situational mindfulness is accordingly to comprehend what information upgrade is, which will permit experts to cause productive suppositions with the data they to have and to comprehend the restrictions of the suspicions they can make.
Task 4: Designing and developing a cyber-defense environment
Cyber Security Deliverables and Program Roles
Statistical analysis (network boundaries, active nodes, external sources, type of traffic and protocols)
Statistical analysis (network boundaries, active nodes, external sources, type of traffic and protocols)
NetBIOS Name Server (NBNS)000
The Netflix name service is part of Netflix above the DCP protocol. NBNS similarly functions as DNS. It translates the understandable human name to the IP address (e.g., www.wireshark.org to 65.208.228.223). NBNS protocol service is very limited. Already has a flat namespace on NetBIOS. NBNS only supports IPv4 addresses, and it does not support IPv6.
Here we find the NetBIOS name server (NBNS)
NetBIOS Name Server List (NBNS) in Wireshark Captures
| IP | DNS Server | Names |
| 192.168.1.254 | 192.168.1.255 | HOME |
| 192.168.1.82 | 192.168.1.255 | OLGA-HP
UOD ISATAP ISATAP.HOME WPAD __MSBROWSE__ |
NetBIOS Name Server List (NBNS)
DNS Communication LIST
Domain Name System (DNS) The main part of the Internet that translates domain names into IP addresses, and we can say that it provides a system to match domain names (the website you are looking for) with integers (the IP address of the website). Access any Internet-connected device, such as computers, mobiles, laptops, and servers
DNS List in Wireshark Captures
| IP | DNS Server | Names |
| 192.168.1.200 | 192.168.1.254 | google.com
www.google.com www.google.co.uk clients1.google.co.uk 173.197.90.146.in-addr.arpa 173.197.90.146.dyn.plus.net |
DNS LIST
Connections Endpoint Stats in Wireshark Captures
One end point is remote computer devices that are physically connected to the network. For example, servers, workstations, Internet-of-Things (IoT), desktops, laptops, smartphones, and tablets can all be considered endpoints.
Modern endpoint security solutions have been upgraded to follow modern cyber security frameworks such as endpoint detection and response (ETR), malicious exploitation detection, anti-virus and device control.
| IPv4 Endpoints | IPv6 Endpoints |
| TCP Endpoints | UDP Endpoints |
| From | To | Bytes |
| 192.168.1.200 | 173.197.90.146.dyn.plus.net (146.90.197.173) | 2 Mb |
| 173.197.90.146.dyn.plus.net (146.90.197.173) | 192.168.1.200 | 2 Mb |
| clients-cctld.l.google.com (173.194.41.87) | 192.168.1.200 | 12 Kb |
| 192.168.1.82 | 192.168.1.255 | 8 Kb |
| 192.168.1.1 | 192.168.1.255 | 4 Kb |
| 192.168.1.254 | 192.168.1.255 | 4 Kb |
| 192.168.1.200 | clients-cctld.l.google.com (173.194.41.87) | 2 Kb |
| 192.168.1.254 | 192.168.1.200 | 2 Kb |
| www.google.com (173.194.41.80) | 192.168.1.200 | 2 Kb |
| 192.168.1.200 | 192.168.1.254 | 966 |
| 192.168.1.200 | www.google.com (173.194.41.80) | 823 |
| 192.168.1.200 | google.com (173.194.41.69) | 819 |
| 192.168.1.82 | 255.255.255.255 | 712 |
| google.com (173.194.41.69) | 192.168.1.200 | 705 |
| 192.168.1.200 | 93.174.93.4 | 667 |
| 0.0.0.0 | 255.255.255.255 | 651 |
| 192.168.1.1 | 224.0.0.1 | 600 |
| 192.168.1.254 | 224.0.0.1 | 600 |
| 192.168.1.200 | 92.97.179.244 | 494 |
| 192.168.1.200 | 86.149.163.137 | 430 |
| 192.168.1.200 | 83.137.2.148 | 422 |
| 93.174.93.4 | 192.168.1.200 | 307 |
| 207.106.176.186 | 192.168.1.200 | 240 |
| 83.137.2.148 | 192.168.1.200 | 215 |
| 92.97.179.244 | 192.168.1.200 | 202 |
| 192.168.1.200 | 82.20.73.232 | 200 |
| 86.149.163.137 | 192.168.1.200 | 144 |
| 192.168.1.200 | 207.106.176.186 | 120 |
| 86.130.152.131 | 192.168.1.200 | 80 |
| 60.28.27.14 | 192.168.1.200 | 48 |
| fe80::70fe:2f59:2a3c:62fa | ff02::1 | 32 |
| 192.168.1.200 | 60.28.27.14 | 28 |
Connections Endpoint Stats
| IP | Host Name |
| 146.90.197.173 | 173.197.90.146.dyn.plus.net |
| 173.194.41.64 | google.com |
| 173.194.41.65 | google.com |
| 173.194.41.66 | google.com |
| 173.194.41.67 | google.com |
| 173.194.41.68 | google.com |
| 173.194.41.69 | google.com |
| 173.194.41.70 | google.com |
| 173.194.41.71 | google.com |
| 173.194.41.72 | google.com |
HOSTS
Network: Top 21 connections between 22 nodes
Pictures Available in Wireshark Captures
image-jfif.endianness
Pictures Available in Wireshark Captures
SMB Host Announces
SMB is a protocol for sharing server newsgroups, files, printers, serial ports and communication summaries, labeled tubes, and mail slots between computers.
Server Message Block (SMB) is a network protocol that allows users to communicate with remote computers and servers – to use their resources or to share, open and edit files. It is also referred to as the Server / Client protocol because the server has a resource that can be shared with the customer.
SMB Host Announces in Wireshark Captures
| IP | Host Announce | NetBIOS Destination | OS | Types | Comment |
| 192.168.1.254 | BTHUB3 | HOME | Workstation,Server,Print Queue Server,Xenix Server,NT Workstation,Potential Browser,Backup Browser | BT | |
| 192.168.1.82 | OLGA-HP | UOD | Windows 7 or Windows Server 2008 R2 | Workstation,Server,Print Queue Server,NT Workstation,Backup Browser | |
SMB Host Announces
ARP Attacks
Target MAC address
Target IP address
Target MAC address
Target IP address
ARP Attacks
90:01:3B:C1:BC:C8 (Sagemcom Broadband SAS) – FF:FF:FF:FF:FF:FF (1)
|
||||||||||||||||||||||||||
| 8C:70:5A:B5:5C:F8 (Intel Corporation) – FF:FF:FF:FF:FF:FF (4) | ||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
| 3C:81:D8:56:F8:F0 (Sagemcom Broadband SAS) – FF:FF:FF:FF:FF:FF (3) | ||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
| 00:1C:23:4B:2E:02 (Dell Inc.) – 3C:81:D8:56:F8:F0 (Sagemcom Broadband SAS) (4) | ||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
ARP Attacks
Ethernet Devices communications
Reference
- Musa, A., Abubakar, A., Gimba, U.A. and Rasheed, R.A., 2019, December. An Investigation into Peer-to-Peer Network Security Using Wireshark. In 2019 15th International Conference on Electronics, Computer and Computation (ICECCO) (pp. 1-6). IEEE.
- Beasley, C., Venayagamoorthy, G.K. and Brooks, R., 2014, March. Cyber security evaluation of synchrophasors in a power system. In 2014 Clemson University Power Systems Conference (pp. 1-5). IEEE.
- Goodwin, C., Nicholas, J.P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., Massagli, A., Mckay, A., Mckitrick, P., Neutze, J. and Storch, T., 2015. A framework for cybersecurity information sharing and risk reduction. Microsoft.
- Luiijf, E. and Klaver, M., 2015, March. On the sharing of cyber security information. In International Conference on Critical Infrastructure Protection (pp. 29-46). Springer, Cham.
- Walls, A., Perkins, E. and Weiss, J., 2013. Definition: Cybersecurity. Retrieved from Gartner. com website: https://www. gartner. com/doc/2510116/def inition-cybersecurity.
- Sanders, C., 2017. Practical packet analysis: Using Wireshark to solve real-world network problems. No Starch Press.
- Raj, G., Sharma, S. and Choudhury, T., 2018, August. Load Analysis In SDN For Distributed Topologies. In 2018 Second International Conference on Green Computing and Internet of Things (ICGCIoT) (pp. 648-653). IEEE.
- Bagyalakshmi, G., Rajkumar, G., Arunkumar, N., Easwaran, M., Narasimhan, K., Elamaran, V., Solarte, M., Hernández, I. and Ramirez-Gonzalez, G., 2018. Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools. IEEE Access, 6, pp.57144-57151.
- Tosh, D.K., Shetty, S., Sengupta, S., Kesan, J.P. and Kamhoua, C.A., 2017, May. Risk management using cyber-threat information sharing and cyber-insurance. In International conference on game theory for networks (pp. 154-164). Springer, Cham.
- Koepke, P., 2017. Cybersecurity information sharing incentives and barriers. Sloan School of Management at MIT University.
