This step includes a mandatory lab exercise. The teams should work together on the exercise, relying on each
other’s expertise in the subject area of the exercise. The findings will be included in your team’s Security
The attack continues. Now the CIO reports high-volume activity shutting down web access to the summit and
to the attending nations’ government websites. In addition, the volume impact has also caused latency in third-party websites whose processes and data sharing are linked to the summit and to the nations’
Your team now enters Workspace to analyze the .pcap files the CIOs had provided. You will analyze the .pcap
files to understand some of the conditions that may have led to this high-volume traffic, an apparent DoS
Complete This Lab
lab instructions (you will need to reference them is called NetworkDefense.pdf
The lab was already done by myself.
It is attached as Lab2.doc. All you need to do is clean it up and make it presentable in APA format. I have
done the majority of the work here for this. Just spruce it up proof read if you please?
•You’ll also notice there were question in the NetDef lab I answered them just make sure you do not re-order
•Also added in some references to help you with it.
Use all the information to help with step 12.
Project 2: Nations Behaving Badly
Step 12: Share the Cyber Defense Information With Nations
Note text in blue here will be attached as references.
Now that you have analyzed the .pcap contents, you and your team of analysts will prepare mitigation (risk
analysis and mitigation) for this current attack as well as any future attacks. You will also provide risk
countermeasure implementation to a data exfiltration attack. Compile these strategies in a FVEY Indicator
Sharing Report to be shared with your FVEY allies. Include Snort rules signatures and prepare rules for
firewalls that would have prevented the data exfiltration attack. Review these resources on intrusion detection
and prevention (IDS/IPS) systems and IDS/IPS classification to refresh your understanding of communications
and network security, intrusion detection, and intrusion prevention.
Your report should include the following:
• other possible sources of vulnerabilities and best practices to protect endpoints.
• indicators for data exfiltration.
• methods for protection in bring your own device (BYOD) mobile security.
• an explanation of the importance of authorization and authentication mechanisms like CAC-PIV card readers.
Review these resources on common access card (CAC) and multifactor authentication technologies if you
need a refresher.
• best practices for database protection (data loss prevention), which serves as the backbone to information
sharing and communications. How can obfuscation and masking be used to ensure database security?
You don’t want to just build a wall and block everything. Your team has conducted a risk assessment and
developed an approach. In your report, share the tools, methods, and the actual net defenses your nation
team has used.
In Project 1, your team identified the nations performing the malicious activities. At this point, it is necessary to
protect the network and defend against the attacks. You must devise a plan and pull from the suite of net
defense tools available to you. For intrusion detection and prevention, you must program rule sets in firewalls.
Now that your nation team has identified the bad actors, your nation will then build out Snort rules based on
the traffic you have analyzed to allow the permitted communications while keeping out malicious traffic andactivities.
Once your team has completed the sharing report, post it to the FVEY discussion where other nation teams
can view it.
Submission for Project 2: FVEY Indicator Sharing Report
Additionally please use the:
Here is Project 2, Step 9 add to Step 10. If you have any suggestions or improvements you see that are
needed, please let me know and I’ll get those done.