Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/binhnhu1409/cybersecurity_analyzenetworkattack

In this activity, I identified the likely cause of the service interruption.
https://github.com/binhnhu1409/cybersecurity_analyzenetworkattack

cybersecurity cybersecurity-education network-analysis network-attack

Last synced: about 1 month ago
JSON representation

In this activity, I identified the likely cause of the service interruption.

Host: GitHub
URL: https://github.com/binhnhu1409/cybersecurity_analyzenetworkattack
Owner: binhnhu1409
Created: 2023-10-16T19:48:26.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2023-10-17T18:33:39.000Z (about 1 year ago)
Last Synced: 2023-10-18T09:02:20.389Z (about 1 year ago)
Topics: cybersecurity, cybersecurity-education, network-analysis, network-attack
Homepage:
Size: 49.8 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Cybersecurity_AnalyzeNetworkAttack

## Scenario

You work as a security analyst for a travel agency that advertises sales and promotions on the company’s website. The employees of the company regularly access the company’s sales webpage to search for vacation packages their customers might like.

One afternoon, you receive an automated alert from your monitoring system indicating a problem with the web server. You attempt to visit the company’s website, but you receive a connection timeout error message in your browser.

You use a packet sniffer to capture data packets in transit to and from the web server. You notice a large number of TCP SYN requests coming from an unfamiliar IP address. The web server appears to be overwhelmed by the volume of incoming traffic and is losing its ability to respond to the abnormally large number of SYN requests. You suspect the server is under attack by a malicious actor.

You take the server offline temporarily so that the machine can recover and return to a normal operating status. You also configure the company’s firewall to block the IP address that was sending the abnormal number of SYN requests. You know that your IP blocking solution won’t last long, as an attacker can spoof other IP addresses to get around this block. You need to alert your manager about this problem quickly and discuss the next steps to stop this attacker and prevent this problem from happening again. You will need to be prepared to tell your boss about the type of attack you discovered and how it was affecting the web server and employees.

## Tasks had been done:
- [x] Review the scenario
- [x] Write [incident report](https://github.com/binhnhu1409/Cybersecurity_AnalyzeNetworkAttack/blob/main/Cybersecurity%20incident%20report_network%20attack.pdf)