Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

glass
pen
clip
papers
heaphones

ISSC 642 Central Texas College Malicious Network Activity Discussion

ISSC 642 Central Texas College Malicious Network Activity Discussion

Hello,

This is a two part questions. First I will need the discussion question answer which will be below in bold, 300 words APA format. For those response I will need two responses of at least 175 words each.

Network activity can be classified as normal, suspicious, or malicious. How is network activity differentiated? Provide examples.



Part two

Student one:

Network activity can be classified as normal, suspicious, or malicious. How is network activity differentiated? Provide examples.

What an organization first must do is create a network baseline. This is done through the study of normal network activity with assets, users, and interaction by the network systems. This creates patterns such as when users are mostly on or now much data on a day to day basis is generated. At this point, we will be able to identify network activity as normal due to the baseline of what was classified as normal. When the network is analyzed, anything the deviates from this baseline is going to be classified as suspicious. Depending on the network capture, at this point, is can also be classified as malicious. A further investigation will need to take place and an analysis of the network capture will be conducted to further classify if suspicious or malicious.

A signature scan can passively scan the network with its database of signatures. This is important in network monitoring because if the signature matches anything on the network, it can flag a network capture and block certain network traffic before it enters the organization’s intranet or leaves. Intrusion detection and prevention systems monitor the network and utilizes a baseline to determine whether the network traffic is normal, suspicious, or malicious.

Examples of suspicious activities would be a user deviating from normal work hours. If this user works 8-5 and is now logged in at 0300, this may cause a flag and be classified as suspicious activity. Another example would be an unusual amount of data from a certain workstation or the organization as a whole. Again, this would be off the baseline that was conducted to determine if this is suspicious.

Examples of malicious activity would be a sudden loss of network activity. This could be the starting point of a DDoS attack. Another example would also be connections to the organizations network from unusual places and locations. Additionally, as I talked about users making connections during unusual times, as it could first be deemed suspicious, it could easily turn into malicious due to such attacks as privilege escalation or social engineering.

I look forward to reading all your comments and hope you have a great rest of your week.

Reference

Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond intrusion detection. Boston, MA: Addison-Wesley.

Network traffic provides early indication of malware infection. (2017, May 22). Retrieved April 6, 2020, from https://www.sciencedaily.com/releases/2017/05/1705…

Von Ogden, J. (2018, June 12). Monitoring for Suspicious Network Activity. Retrieved April 6, 2020, from https://www.cimcor.com/blog/monitoring-for-suspici…

Student two:

Bejtlich (2005) states that there are three classification of network activities. They are normal, suspicious and malicious. Normal network activity is the baseline of what the analyst expects to see in the network. But what is normal network activities? According to Gates (2019), normal network activities is a baseline of previous network activities that have been ruled to be normal. To determine if network activities is normal the analyst will be looking at three factors: First “who are communications occurring between – source/destination IP”, second “what are those communications – protocol, port, frequency, volume”, third “at what time should communications be occurring – time of day”

Suspicious network activity is anything that is not normal traffic within the system. Suspicious network traffic is analyzed to determine what caused the abnormality in the network traffic, and to determine if the traffic was malicious, unintentional or a new baseline forming. Malicious traffic is anything that is intended to harm your network.

Examples of suspicious activities but not necessarily malicious activities that the analyst will need to look at are employees starting to use remote access or logging in at different times of the day (e.g. this pandemic as created a “new” baseline normal for a lot of networks with so many people working from home). Suspicious activities that goes right to malicious would be detection of malware or a virus. Suspicious activities that could go either way are abnormal database activities, file configuration changes and unauthorized port access (Ogden, 2016).

References:

Bejtlich, Richard. The Tao of Network Security Monitoring: Beyond Intrusion Detection. [Chegg]. Retrieved from https://ereader.chegg.com/#/books/9780132702041/

Gates, N. (2019, December 17). Normal Network Traffic – Traffic Analysis. Retrieved from https://www.nicgates.com/post/normal-network-traffic

Ogden, J. (2016, June 02). Identifying Suspicious Network Changes: 8 Red Flags to Watch For. Retrieved from https://www.cimcor.com/blog/identifying-suspicious-network-changes-red-flags

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Writers Hero only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Writers Hero are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Writers Hero is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Writers Hero, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.