Reference no: EM133684824
Networks and Cybersecurity Frameworks
Assignment: Project analysis of data traffic flows
Assignment Overview
This assignment has been designed to allow you to develop the ability to identify and analyse data traffic flows between devices. You will engage with the following authentic scenario and follow the instructions.
You will be given a pcap file as part of the scenario. Within this pcap file you will determine valid data traffic flows, hence indirectly detecting data traffic flows that may be malicious or that support the scope of the investigation you will be undertaking. Read the Assignment details to find out more.
Assignment Details
Finmed Financial Fusion
Finmed Financial Fusion is a banking organisation based in Melbourne, Australia. The bank is highly respected in Victoria and is the sponsor of the annual Finmed Cup, a local racing event. The CEO, Naomi Jacobs, is a rising star in the banking world and is determined to give Finmed a bit of a makeover and further enhance its reputation, with the eventual goal of opening branches in other states.
You can read more about Finmed at the following websites:
FinMed credit card (2021) courtesy of Swinburne Online
Finmed Fusion Financial. (Finmed Fusion Financial 2020)
Finmed Fusion Financial - the runway to good credit. (Finmed Fusion Financial 2020)
The bank has had some trouble recently with some internal staff fighting. A list of staff whose accounts need further investigation and analysis has been created from an internal investigation:
- Naomi Jacobs: CEO
- Katie Fitsimmons: CISO
- Janet Williams: CFO
- Takachi Kovacs: Security Architect
- John Corbit: Legal
- Bill Paxton: Operations Manager
- Rory Carmichael: Marketing
- Kara Jackson: Senior Accountant
- Shannon Johnson: Portfolio Manager
Last week, an alert was flagged that a potential malware file had been found on an FTP server. The server is used by all staff of the financial institution (approximately 50 staff).
Head Office has called your firm in to investigate. You are relatively new to cybersecurity work but luckily you have had some excellent recent teaching and some great refresher courses from Immersive Labs, as part of your on the job training.
The IT team, acting under the direction of an internal investigation by Head Office, did a network capture of the network and have provided this file Finmed Financial (pcap 66 KB) to you.
As the contractor investigating the incident, you need to determine the circumstances of the incident and provide a 1500 word written report and a 15 minute video presentation, outlining what is in the report and what it means.
You will present both the report and the video to Senior Management and the Board of Directors. You should remember when presenting the video report particularly that not all of the audience will have your level of knowledge regarding cybersecurity-you should endeavour to communicate the issues you will present clearly, to a non-technical audience.
Work your way through the following steps to ensure that you meet the requirements of this assignment:
Step 1: Download the Finmed Financial (pcap 66 KB).
Step 2: Write a report identifying the data traffic flows (via Wireshark) within the capture file. Include the identified data traffic flows within your report.
Step 3: Analyse and investigate itemised traffic flows with appropriate references.
Step 4: Create a 15 minute video that talks the Board of Directors through what you have discovered in a non- technical way, while making clear what the key issues are.
Assignment tips
Tip 1: As you are analysing the Finmed Financial (PCAP 66 KB) file, write a network diagram as you go along. You can do it on paper, on a Word document, or create it online using (2021). You can start a workspace for free adding as much information as you like. The following diagram can help you understand what is going on in the network and to know what to look
for. Hint, you can also use the image in your presentation. See the Example diagram.
Tip 2: In this assignment, you need to determine the circumstances of incident. Find out what was happening at the moment. For example, one of the staff downloaded malware or hacker sent malware at the moment via mail etc. It will help you to keep your report more organized.
Tip 3: As you are analysing the file, include ‘Data Traffic Flows' and identify the same in Finmed Financial (PCAP 66 KB) file. For example, Mr. John logged in at 3 PM Tuesday with IP address 192.38..., with MAC address 01A..., downloaded mickey mouse image at 8 PM, logged off at 9 PM.
Tip 4: View the marking guide when you select the heading 'Assignment criteria' to see a detailed breakdown of how your work will be assessed. This is an excellent place to start your preparations for this assignment. Refer back to the marking guide frequently to make sure you are meeting the requirements.