CYB_310_6-2_Project_Two_Submission_Joshua_Minnick
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
310
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
4
Uploaded by CommodoreWombatMaster597
6 – 2 Project Two Submission: IDS Analysis Paper
Joshua Minnick
Information Technology Department, Southern New Hampshire University
CYB-310 Network Defense
Professor Kevin Kenna
February 18, 2024
1
I. IDS and Security Objectives—Critical Thinking Questions
A.
What component of an IDS is best prepared to help with the loss of confidentiality?
The component of an IDS best prepared to help with the loss of confidentiality is an analyzer. Analyzers compare the data collected by sensors in the system to known threat signatures or normal activity patterns to assess for any possibly malicious activity. Analyzers can recognize suspicious activity and alert a cybersecurity professional who can perform further analysis of the activity and determine if a breach has occurred or if this activity was a false positive for an attack. If a breach is found to have occurred, confidentiality has been breached and the cybersecurity professional can take the proper steps to respond. B.
What are the indicators of malware that could be detected by an IDS that may result in the loss of integrity?
An IDS can detect abnormal traffic patterns, known attack signatures, anomalies in normal network behavior, unauthorized access, and changes in the integrity of files. All of these are indicators that integrity may have been compromised and could alert a cybersecurity professional who can perform further analysis of the data and determine if an attack has occurred and if the integrity of the network and its components has been compromised.
C.
How can an IDS be used to detect the loss of availability?
One way an IDS can be used to detect the loss of availability is through traffic monitoring. An IDS can monitor traffic and establish a baseline of expected network traffic during normal operations. If the IDS is monitoring traffic
2
and detects a sudden drop in network activity when the network would normally be processing traffic, the IDS could alert to abnormal traffic patterns which could be an indication of a loss of availability.
II.
Configuring an IDS—Scenario Based Questions
A.
Fictitious scenario
M and M Fishing Guides is a company that offers guided fishing tours on Lake Eufaula. The industry is tourism and the company employees 250 employees between two buildings, the administrative building, and the lakeside guide house where all tours begin. The data protected is customers’ personal information including payment methods and addresses for merchandise to be delivered as well as personal data for all employees.
B.
Two Components of IDS
The first component I would implement to protect employees and customers data is the use of sensors to gather information on the organization’s network. Sensors are a vital part of any IDS system because sensors collect data packets traveling into the network and can inspect packets for any malicious code as well as monitor for any unauthorized users attempting to gain access to the network. Sensors provide an essential service for an IDS and without them a threat actor could breach the organization's network without being detected putting all employee and customer personal data at risk.
The second component I would implement is an analyzer to compare the data collected by the sensors. An analyzer can compare the data collected by the sensors and compare this data to known threat signatures as well as the activity 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
patterns normally observed in network behavior. If a known threat signature is detected, the IDS can alert a system administrator or cybersecurity professional so
the proper steps to block further access or extraction of protected data can be taken. If any abnormal activity is detected, the same alerts can be made, and the same professionals can take action to protect personal data. The combination of sensors and an analyzer are only basic components of an IDS that can assist any organization in protecting data from unauthorized access. There are many more components that can and should be a part of any IDS used by any organization. Sensors and an analyzer form the basic protection scheme of collecting data and processing this data through filters to ensure the proper protections are maintained and the proper responses can be made whenever any malicious activity is detected.
4