Scribd
Upload
343 views4 pages

16.2.6 Lab - Research Network Security Threats

The document discusses exploring the SANS website to research recent network security threats. It involves 3 parts - exploring SANS resources, identifying recent threats from the @Risk newsletter, and researching and presenting on the WannaCry ransomware attack. The document provides background on SANS and instructions for the lab activities.

Uploaded by

ht79247
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
343 views4 pages

16.2.6 Lab - Research Network Security Threats

The document discusses exploring the SANS website to research recent network security threats. It involves 3 parts - exploring SANS resources, identifying recent threats from the @Risk newsletter, and researching and presenting on the WannaCry ransomware attack. The document provides background on SANS and instructions for the lab activities.

Uploaded by

ht79247
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab - Research Network Security Threats

Link clip guide : https://drive.google.com/file/d/1oauWTdOhhFC16eA2mwoWaGU4qJh-


6XGr/view?usp=drivesdk

Objectives
Part 1: Explore the SANS Website
Part 2: Identify Recent Network Security Threats
Part 3: Detail a Specific Network Security Threat

Background / Scenario
To defend a network against attacks, an administrator must identify external threats that pose a danger
to the network. Security websites can be used to identify emerging threats and provide mitigation
options for defending a network.
One of the most popular and trusted sites for defending against computer and network security threats
is SysAdmin, Audit, Network, Security (SANS). The SANS site provides multiple resources, including a
list of the top 20 Critical Security Controls for Effective Cyber Defense and the weekly @Risk: The
Consensus Security Alert newsletter. This newsletter details new network attacks and vulnerabilities.
In this lab, you will navigate to and explore the SANS site, use the SANS site to identify recent network
security threats, research other websites that identify threats, and research and present the details
about a specific network attack.

Required Resources

• Device with internet access


• Presentation computer with PowerPoint or other presentation software installed

Instructions

Part 1: Exploring the SANS Website


In Part 1, navigate to the SANS website and explore the available resources.

Step 1: Locate SANS resources.


Search the internet for SANS. From the SANS home page, click on FREE Resources.
Question:
List three available resources.
Reading Room, Webcasts, Newsletters, Blogs, Top 25 Software Errors, 20 Critical Controls,
Security Policies

© 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
Lab - Research Network Security Threats

Step 2: Locate the link to the CIS Critical Security Controls.


The CIS Critical Security Controls linked on the SANS website are the culmination of a public-private
partnership involving the Department of Defense (DoD), National Security Association, Center for
Internet Security (CIS), and the SANS Institute. The list was developed to prioritize the cyber security
controls and spending for DoD. It has become the centerpiece for effective security programs for the
United States government. From the Resources menu, select Critical Security Controls, or similar.
The CIS Critical Security Controls document is hosted at the Center for Internet Security (CIS) web site
and requires free registration to access. There is a link on the CIS Security Controls page at SANS to
download the 2014 SANS Critical Security Controls Poster, which provides a brief description of each
control.
Question:
Select one of the Controls and list implementation suggestions for this control.
Critical Control 5: Malware Defenses. Employ automated tools to continuously monitor
workstations, servers, and mobile devices. Employ anti–malware software and signature auto-
update features. Configure network computers to not auto-run content from removable media

Step 3: Locate the Newsletters menu.


Question:
Highlight the Resources menu, select Newsletters. Briefly describe each of the three newsletters
available.
SANS NewsBites is a semiweekly high-level executive summary of the most important news
articles that have been published on computer security during the last week. Each news item is
very briefly summarized and includes a reference on the web for detailed information, if possible

Part 2: Identify Recent Network Security Threats


In Part 2, you will research recent network security threats using the SANS site and identify other sites
containing security threat information.

Step 1: Locate the @Risk: Consensus Security Alert Newsletter Archive.


From the Newsletters page, select Archive for the @RISK: The Consensus Security Alert. Scroll down
to Archives Volumes and select a recent weekly newsletter. Review the Notable Recent Security
Issues and Most Popular Malware Files sections.
Question:
List some recent vulnerabilities. Browse multiple recent newsletters, if necessary.
Remote Code Execution (RCE)

Step 2: Identify sites providing recent security threat information.


Questions:
Besides the SANS site, identify some other websites that provide recent security threat information.

© 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
Lab - Research Network Security Threats

List some of the recent security threats detailed on these websites.


ThreatpostType

Part 3: Detail a Specific Network Security Attack


In Part 3, you will research a specific network attack that has occurred and create a presentation
based on your findings. Complete the form below based on your findings.

Step 1: Complete the following form for the selected network attack.
WannaCry ransomware
Name of attack:
CryptoWormDates
Type of attack:
July 2001 May 2017
Dates of attacks:
Estimated 200,000 computers in 150 countries
Computers / Organizations affected:

How it works and what it did:


WannaCry is a ransomware cryptoworm, which targeted computers running the Microsoft Windows
operating system by encrypting data and demanding ransom payments in the Bitcoincryptocurrency. The
worm is also known as WannaCrypt, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor. It is
considered a network worm because it also includes a “transport” mechanism to automatically spread
itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access,
and the DoublePulsar tool to install and execute a copy of itself. WannaCry versions 0, 1, and 2 were
created using Microsoft Visual C++ 6.0.

Mitigation options:
Issued by Microsoft for the Windows operating system

References and info links:


CSO Online

Step 2: Follow the instructor’s guidelines to complete the presentation.

© 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
Lab - Research Network Security Threats

Reflection Questions
1. What steps can you take to protect your own computer?

Include keeping the operating system and applications up to date with patches and service packs,
using a personal firewall, configuring passwords to access the system and bios, configuring
screensavers to timeout and requiring a password, protecting important files by making them read-
only, and encrypting confidential files and backup files for safe keeping.

2. What are some important steps that organizations can take to protect their resources?

Include the use of firewalls, intrusion detection and prevention, hardening ofnetwork devices,
endpoint protection, network vulnerability tools, user education, and security policy development.

Name: Pham Le Gia Han


Student ID: SE196412

End of Document

© 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy