Reference no: EM132177641

Client: Liberty Vacation Planning Inc. (LVP)

Project: Intrusion Analysis

1. Project Objectives

LVP has installed a pfSense firewall and enabled the Snort IDS to monitor, alert, and react to external threats to the network. After only a few days, the IDS logged a sustained attack. With this Statement of Work, LVP is engaging you to conduct a network incident response review to help determine if the attacks the firewall is sustaining are targeted and effective against their infrastructure. LVP wants you to document this traffic and recommend mitigations. The objectives of this assessment are as follows:

- Review the snort logs to identify and confirm a breach to the network.
- Document the incident.
- Recommend a mitigation for this breach.

2. Project scope

The scope of the intrusion analysis project is as follows:

- The network-connected workstation named Windows7

Note: Any items not listed here are considered out of scope for this project; the addition of out of scope items to the project scope will not be made without prior approval and authorization from LVP and will be handled through change requests or as separate SOWs.

3. Project deliverables

The deliverable(s) for this project are as follows:

a. Analyze the Snort logs

Provide a summary of your findings after reviewing the Snort logs. The summary should include screenshots and descriptions of the following items:

- The timeline (start, finish, and duration) of the attack.
- The source and destination IP of the attack.
- And observed breach(es) that could be ascertained from the logs.

b. Proof of the actual breach

This proof will be provided in the following manner:

- A screenshot showing the breach as displayed within the logs.

c. Recommend a mitigation

- Provide a brief recommendation that describes how the company can mitigate this type of intrusion from this source in the future.

4. Access to system

We have dedicated a Windows workstation on our internal network (Windows7) for use in your review. From the dedicated machine, you may access the pfSense Administrative Console using the browser and the account credentials in the following table.

Use the user account provided in the following table to access our network:

5. Project schedule

All services outlined under the project scope will be completed within two weeks of receiving this statement of Work.

Note: any changes to project objectives or project scope will be handles through change requests or separate SOWs.

6. Authorization

This Statement of Work will serve as written authorization for this assessment activity.

ANALYSIS INSTRUCTIONS

1. Use the lab virtual environment for this assignment where specific instructions for tasks and deliverables are located. After completing the lab, write a lab report that includes all of the required deliverables, screen shots of each operation, and any additional information you gathered.

2. You are also required to include at least one page of written content with a minimum of 2 referenced citations that discusses your findings from each of the lab operations. This can include reasons why the findings are important, actions the organization can take to solve any discovered problems, and any other pertinent information you discovered. This content can be included anywhere in your lab report as long as you meet the one page requirement.

3. Your report must also include Biblical integration that relates a Bible verse, passage, or concept to the assignment. This will count as one of your required citations.

4. APA style references must be included for each citation used.

5. Extra credit sections are not required but, if you complete them, earned points will be used to offset missed sections in the other parts of the lab.

You can use any tools available to you on the lab system, but keep the focus on determining what ports were used to infiltrate the victim system(s), the vulnerable services, methods used by the attacker and any other information pertinent to an investigation.