IT 643 Final Project Guidelines and Rubric

Overview

You work for Strategic Security Consulting Group (SSCG). Recently, one of your clients located in Los Angeles, North Star Software Developers (NSSD), called with a big problem. NSSD’s strategic security goals include protecting the software development process and code as well as sensitive client information from internal and external breaches. Some of its network servers were compromised, resulting in the possible loss of personal information and credit card numbers of purchasers of the company’s software products. It is not presently known whether this attack came from inside or outside of the company. NSSD is currently dealing with this problem as best as it can, but it needs your company to help prevent this from happening again in the future.

You have been assigned to create a training manual for NSSD’s IT personnel in which you test, describe, and recommend a variety of network security tools that, when used properly, will mitigate both the risk of future breaches and the effects of a breach when it takes place.

Given the above scenario, you will also create an executive overview that describes the appropriate areas of concern from your research in this course. This should be written in language that can be understood by a nontechnical audience of company management and stakeholders.

In this assignment, you will demonstrate your mastery of the following course outcomes:

• Interpret results of network and vulnerability scans for identifying security vulnerabilities
• Implement appropriate methods that protect against and address network threats and vulnerabilities using appropriate risk mitigation techniques
• Categorize the severity of security incidents using industry best practices for determining the appropriate immediate response
• Recommend timely countermeasures that minimize the consequences of current security incidents
• Communicate response and mitigation strategies that align with an organization’s strategic goals

Prompt

Specifically, the following critical elements must be addressed:

Network Assessment and Defense Training Manual:

1. Executive Overview
   1. Create a brief description of the purpose of the manual that is in consumable terms for the stakeholders. Be sure you address the company’s strategic security goals and the value of the policy changes or updates.
   2. Assess the role of network defense methods and strategies for securing the network. Support your findings with research and experience from the lab exercises.
   3. Evaluate the role of mitigation methods and strategies in reducing security risk. Support your findings with research and experience from the lab exercises.
   4. Summarize the role of incident response methods and strategies in minimizing the impact of breaches. Support your findings with research and experience from the lab exercises.
2. Training ManualFor each section of the training manual, develop guidelines for employees to select and employ specific software, tools, and methods to address the elements of the section topic. Your guidelines serve as recommendations of specific tools and criteria for determining when to use these tools. Each section should include relevant screenshots to support the instructions.
   1. Traffic Analysis: Based on the labs used for traffic analysis, address the tools, methods, and techniques related to traffic analysis. Be sure to provide screenshots for the output elements that support the following areas:
      1. Create guide materials for identifying vulnerabilities and potential threats through interpreting output from packet capturing tools.
      2. Recommend the alert response procedures required for traffic anomalies identified through monitoring network traffic and examining logs.
   2. Firewalls: Based on the labs associated with firewalls, address the tools, methods, and techniques related to perimeter defense using firewalls. Be sure to provide screenshots for the output elements that support the following areas:
      1. Illustrate the process of rule creation and firewall configuration.
      2. Outline the steps for segmenting networks. Be sure to describe the benefits of the segmenting strategies.
      3. Explain the process and criteria for blocking, allowing, and filtering traffic.
      4. Create guidelines for the implementation of methods for detecting attacks.
   3. Intrusion Detection: Describe the configuration of intrusion detection systems, specifically addressing the following:
      1. Whitelisting and blacklisting
      2. IDS placement
      3. Summarize the key aspects of monitoring, logging (auditing), and alerting using intrusion detection systems
   4. Vulnerability Assessment
      1. Illustrate the proper implementation of port scanning, device scanning, and penetration testing and detection for conducting vulnerability assessments.
      2. Explain how to interpret the output of a vulnerability scan to identify weaknesses.
   5. Network Assessment
      1. Illustrate the processes of detecting rogue devices, detecting malicious connections, and viewing network topologies to identify network weakness.
      2. Explain how to interpret the output of network scans to identify weaknesses.
   6. Auditing and Log Collection
      1. Recommend appropriate company-approved tools that minimize the consequences of incident events, and include appropriate rationale and justification.
   7. Tools Overview: Provide a brief summary of the key company-approved tools, represented by those used in the lab exercises. In your summary, identify the importance of and rationale for selecting these tools.

What to Submit

Make sure to incorporate all of the feedback you have received throughout the course, along with adding your executive overview to your submission. For this assignment, you must follow these formatting guidelines: 12-point Times New Roman font, and APA references and citations.

See rubric attached..