COS30015 - Lab 11

docx

School

Swinburne University of Technology *

*We aren’t endorsed by this school

Course

30015

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

12

Uploaded by ChiefTarsierPerson1015

Report
COS30015-IT security Swinburne University of Technology COS30015-IT security Chat GPT workshop Empowered by ground-breaking advancements in natural language processing and artificial intelligence, ChatGPT has swiftly ascended as an indispensable instrument across a myriad of sectors. Amongst these, the arena where ChatGPT displays extraordinary potential is none other than cybersecurity. In this digitally propelled era, cyber threats continue to evolve, becoming progressively intricate and formidable. Part 1 Threat Detection and Analysis Staying ahead of cybercriminals requires identifying and analysing potential threats, making it a vital component of cybersecurity. With its ability to sift through massive volumes of data, such as logs, network traffic, and system events, Chat GPT excels in detecting patterns and anomalies. Analysing firewall logs – Use ChatGPT to answer the following questions 1.1. What is a firewall log? A firewall log is a record of events and activities that are monitored and managed by a firewall. 1.2. What kind of malicious components can be identified in a firewall log? Traffic patterns, failed login attempts, known malicious IP addresses, unusual port and protocol usage. 1.3. Following is a firewall log example use ChatGPT to identify whether its’s malicious or benign Tip : I have been receiving invalid traffic from a log comp, and the log subtype indicates it has been denied. I am concerned if this traffic is malicious in nature. Can you confirm whether it is indeed malicious? Looks malicious. Kali Linux RedHat Linux Windows XPPro
COS30015-IT security Swinburne University of Technology 1.4. What might be the possible attacks? Could be DoS or DDOS, or a brute force attack. 1.5. What defensive measures can you take to prevent these types of attacks? Firewall config, IDS/IPS, Update software, N/W segmentation, Strong authentication, WAF. 1.6. What is the easiest way to prevent these kinds of attacks? Is it by detection? Or mitigation? Combination of both. 1.7. Now Open your XPPro virtual instance and try to read the access log. Are there any malicious components? [ Start > Run > eventvwr.msc > Windows Logs > Security > access logs ] 1.9. What are your observations? IDK if its meant to show anything but security is empty. 1.10. Modify the above code to view the temporary internet files. 1.8. Create a script that can read the system logs
COS30015-IT security Swinburne University of Technology 1.11. What are your observations 1.12. Now open your Redhat image and try to access www.server.com from the Windows XPPro instance, Open Wireshark and analyse the traffic. What is your observation? Can see three 1.13. Now run the previous script the look into the temp logs. Are there any changes 1.14. Were you equipped with the knowledge to create these kinds of scripts as effectively and efficiently as ChatGPT? 1.15. Discuss how this will be affect into the cybersecurity landscape, who will get most out of this capability? Attackers or Defenders? Both will but attackers more so as it’ll make it way more easier to create malicious code.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
COS30015-IT security Swinburne University of Technology If you want create scripts that pack a punch, you got to have a solid grasp of the relevant fields. Cause, you know, during that lecture, we learned that to get the best answers from GPT, we need to ask super precise questions. So, if you want to take your script game to the next level, you got to dive into those relevant fields and get your question game on point. Generally, the cybersecurity professionals will using following steps to go through the task: Access firewall logs: Obtain access to the firewall logs that record network traffic, including inbound connections. Filter logs: Extract relevant information from the logs and filter out irrelevant entries. Identify authorised connections: Establish a baseline of authorised inbound connections by identifying connections associated with legitimate services or known trusted sources. Look for anomalies: Identify unusual patterns or anomalies in inbound connections, such as connections from suspicious IP addresses, connections to uncommon ports, or multiple failed connection attempts. Check against threat intelligence: Cross-reference the identified connections with known threat intelligence sources to see if any indicators of compromise are associated with malicious activity. Raise alerts and investigate: Alert and investigate any connections that appear to be unauthorised or suspicious to determine the nature of the potential threat. Optional-Now try to use this information to enhance your previous scripts record your results. Part 2: Network Security Conducting a deep scan of the network to identify hidden or stealthy malware infections involves a thorough examination of network devices, systems, and traffic to uncover any malicious presence that may have evaded traditional security measures. While ChatGPT can be a valuable tool in enhancing network security, it is important to note that it should not replace human expertise and should be used in conjunction with other security measures, such as advanced threat detection systems, firewalls, and regular security assessments. 2.1. To which aspects of network security can we use ChatGPT? Analysis of logs, policy guidelines, documentation generation.
COS30015-IT security Swinburne University of Technology 2.2. Open your Windows XPPro image, open Wireshark, and capture packets. Then from your kali instance, try ping into the XPPro. What are your observations? It replies. Can see a large number of Ping requests coming through. YES. 2.3. Is it easy to look into the Wireshark interface and identify potential threats? I guess so. 2.4. What will be the most practical way of looking into the network traffic? Depends on scenario. 2.5. Now, without spending on much more expensive network scanning tools, let’s try to use ChatGPT to analyse the packets and their insights thoroughly.. Copy the wireshark observation an paste it in GPT, ask about possible vulnerabilities.. 2.6. Now, ask GPT to create a script to scan networks. Did it work?
COS30015-IT security Swinburne University of Technology import subprocess def scan_target(target): try: # Run the Nmap command result = subprocess.run(['nmap', '-sn', target], capture_output=True, text=True) # Print the scan results print(result.stdout) # Check for errors if result.returncode != 0: print(f"Error: {result.stderr}") except Exception as e: print(f"An error occurred: {e}") if __name__ == "__main__": # Specify the target IP or range (e.g., '192.168.1.1' or '192.168.1.1- 10') target = input("Enter the target IP or range: ") # Perform the scan scan_target(target) 2.7. What are the requirements that you need to run the script Make sure you have Nmap installed on your Windows machine, and its executable is in the system's PATH. 2.8. If you can setup the environment for the script do it and run it, if you can’t ask about an alternative way(running the commands step by step) 2.9. Record your outputs 2.10. Now let’s discuss the impact of a technically unaware person gaining this network scanning capability. Would it have a positive or negative outcome? Optional task Port scanning involves examining the open ports on a system to identify services or applications running on those ports. It helps determine the network’s strengths and weaknesses from a security perspective. Different port scanning techniques can be employed, such as “vanilla” port scans that scan all ports, or more advanced techniques like strobe scans, stealth scans, or other specialised methods. These techniques vary in their approach and the amount of information they reveal about the target system. So having a little knowledge of the target systems and general attack steps will allow attakers to generate malicious script. Try to generate some and observe the outputs. It’s crucial to note that while network scanning can be used as part of ethical security assessments and vulnerability management, unauthorised or malicious use of network scanning techniques can
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
COS30015-IT security Swinburne University of Technology lead to unauthorised access, disruptions, or other cyberattacks. It’s essential to follow legal and ethical guidelines when performing network scanning activities. Report your results here. Part 3 By combining regular vulnerability scanning with proactive mitigation strategies, organisations can significantly reduce their risk exposure and maintain a more secure network environment. It’s important to note that vulnerability scanning and mitigation are ongoing processes. With the evolving threat landscape, new vulnerabilities can emerge regularly, and organisations must remain vigilant in their efforts to detect and address them promptly. 3.1. Vulnerability scanning 3.1. Ask ChatGPT about the open-source vulnerability scanning tools? What are they? OpenVAS, Nexpose, Nikto, Snort, Faraday. 3.2. What are the tools that can be implemented on linux systems? OpenVAS, Nexpose, Nikto, Snort, Faraday. Basically all of them. 3.5. Now open the kali instance, implement your tool, and ask the steps from GPT.. First 3.6. Were you able to implement it? If so record your new tool’s interface here, if not, what prevented you? 3.7. Run the tool. What were your observations?
COS30015-IT security Swinburne University of Technology 3.8. How much time did it take to implement and run the tool? 3.9. If you didn’t have the GPT, how long will it take to get the results? 3.10. What do you think is this a positive or adverse development? 3.11. Were all target assets effectively identified and included in the vulnerability scan? 3.12. Did the scan configuration align with the defined scope and parameters? 3.13. How comprehensive was the initial scan in detecting vulnerabilities across the target systems?
COS30015-IT security Swinburne University of Technology 3.14. Were the identified vulnerabilities accurately assessed for severity and potential impact? Yes Part 4 - Incident Response and Handling During a cyber attack, efficient communication and coordination among security teams play a critical role. In such scenarios, Chat GPT can serve as a valuable real-time assistant, facilitating seamless collaboration and information sharing within incident response teams. Utilising Chat GPT as a real-time assistant, security teams can enhance their communication and coordination efforts, enabling more effective incident response during cyber attacks. Incident, Consider the following Cyber threat incident that occurred during the Stuxnet APT attack. During the STUXnet APT attack, a series of significant situations unfolded, causing unprecedented disruption and geopolitical implications. This highly sophisticated cyberattack, discovered in 2010, specifically targeted Iran’s nuclear facilities, focusing on industrial control systems. The attackers exploited multiple zero-day vulnerabilities, exploiting weaknesses in Microsoft Windows operating systems and Siemens industrial software. They utilised various propagation techniques, including USB drives and network shares, to infect computers and spread across networks undetected. Employing rootkits, worm-like behaviors, and a modular structure, the malware concealed its presence, propagated stealthily, and delivered its malicious payload. Once infiltrated, STUXnet pinpointed and attacked specific programmable logic controllers (PLCs) manufactured by Siemens, which controlled centrifuges crucial for Iran’s uranium enrichment process. By manipulating the PLC code, the malware forced the centrifuges to operate beyond their limits or slowed them down without detection. This covert sabotage aimed to disrupt Iran’s nuclear program without direct military intervention.The attack’s complexity and sophistication indicated the involvement of nation-state actors with substantial resources and expertise. While the origin of STUXnet remains officially unconfirmed, it is widely believed to have been a collaborative effort between the United States and Israel, with the objective of sabotaging Iran’s nuclear ambitions. During the attack, several potential situations arose. The infected systems experienced malfunctions and erratic behavior, disrupting the normal functioning of the centrifuges. Data manipulation occurred, deceiving operators with false readings and concealing the attackers’ activities. The compromised security posture allowed STUXnet to evade detection, potentially facilitating further cyberattacks or unauthorised access. The presence of the malware caused confusion among operators and technicians responsible for managing the affected systems. Their efforts to understand the source of the issues and implement solutions were impeded, leading to delays in response and recovery . Now let’s think you are the cybersecurity professional that needs to respond to this incident. What will be your incident response and handling plan during this incident? UseChatGPT as your coworker and ask the following questions to create an action plan. 4.1. What are the key roles and responsibilities of individuals involved in the incident response team?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
COS30015-IT security Swinburne University of Technology 4.2. How will the incident response team be notified and alerted in the event of a cyber attack? 4.3. What steps should be taken to isolate and contain the affected systems or network segments? 4.7. How will the incident response team assess the extent and impact of the cyber attack? 4. 8.What are the communication protocols and channels for reporting and escalating the incident internally and externally? 4.9. What tools and technologies are necessary for detecting, analysing, and mitigating the cyber attack? 4.10. How will evidence be collected and preserved for forensic analysis? 4.11. What is the procedure for communicating with affected stakeholders, such as customers, partners, or regulatory bodies?
COS30015-IT security Swinburne University of Technology 4.12. How will the incident response team prioritise response actions based on the severity and potential impact of the attack? 4.13. What is the process for conducting a post-incident review to identify lessons learned and implement improvements to the incident response plan? Now that you have asked the correct questions from ChatGPT use this knowledge to create an action plan…
COS30015-IT security Swinburne University of Technology Part 5 -Optional – experiments [your own Linux image is preferred] Chat GPT Prompts for Cyber Security 1. How can web server logs be reviewed to identify any abnormal HTTP requests or patterns that might indicate a potential attack? 2. What techniques can be used to scan database logs and detect unauthorised access attempts or unusual data queries? 3. How can DNS traffic be analysed to identify signs of domain hijacking or DNS poisoning? 4. What steps should be followed to perform vulnerability scans on network devices and identify potential weaknesses or misconfigurations? 5. What methods can be employed to analyse network traffic patterns and identify any instances of large data exfiltration or unusual data transfers? 6. What measures can be taken to monitor system login attempts and promptly identify bruteforce attacks or any anomalies in login activities? Summary Leveraging Chat GPT prompts for cybersecurity has proven to be incredibly valuable in addressing the constantly evolving digital threats landscape. With the capabilities of artificial intelligence and natural language processing, these prompts offer invaluable insights, guidance, and solutions to strengthen our online security measures. By tapping into this technology, we can enhance our ability to protect against emerging cyber threats and bolster our overall cybersecurity posture.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Review questions and Read CH 12.docx
565_HTN_Lipid_Protocol_Student_Form_SEP22 2 (1) copy copy.docx
(Working From) BSBXTW301_AE_Pro2of2.docx
( Assesment 4 Original )BSBINS404_AE_Sk2of2.docx
BSBINS404_TL_Student Workbook 2023.docx
Data and AI Fundamentals Level 1 Quiz: Attempt review_1.pdf
INF 220 Week 1 Discussion 1.docx
Row 1 Ch24.pdf
WK4Assgn_Glass_T.doc
scope Questions_for_Project_management_exam.docx
Tdavis_Deep Neural Networks_03192021.docx
Tdavis_Cloud Security Threats and Mitigation_03142021.docx