Intrusion Detection Case
Essay by ajkd786 • April 30, 2013 • Essay • 371 Words (2 Pages) • 1,552 Views
GOAL: The initial assessment of an incident requires lots of data to be collected and analyzed. On a host that means lots and lots of data. We have talked about many tools that can be use to help analyze incidents. You have had to analyze a capture file from my home network. But, with the advanced persistent threat around every corner how do you know your home computer is safe? You now need to check out your "host" and ensure you have not been compromised. To do that you must install and run Redline from Mandiant:
http://www.mandiant.com/resources/downloads/
If you own a Unix based system you can start with OSSEC (http://www.ossec.net/) or use any of the Windows VMs in ALIAS.
Write a 9 to 12 page paper (single spaced) that details how Redline (or OSSEC) was used to "prove you have no concerns on your host."
If you use any other special tools, explain the use of tools on your system (and the source of the tools), and the way the tools would be used to respond to this "event."
GRADING: This project is worth 100 points. The grade will come from your paper and any supporting documentation with the paper. Papers which clearly describe the steps you took in analyzing your "host" and present your mastery of the tools you use will be graded higher.
COLLABORATION POLICY: No collaboration allowed. The work on the paper will be an individual effort only.
TURN-IN REQUIREMENT: The paper will be due on Monday, 1 April. Papers will be 9 to 12 pages in length. The title page does not count as one of the pages for the report. The bibliography will not count as one of the page requirements. Appendices will not count as pages for the report. If any of your tools used to analyze the event require extensive descriptions you might find it easier to include in an appendix. All references will be properly cited throughout the paper. A hard copy and electronic copy of the paper will be submitted for grading. Please make sure your name is on all items submitted.
...
...