Assignment: Malicious Activity
You are a manager of a Web development team for a fictional international delivery service. Please give your fictional business a name, and provide a sentence or two of background information about the company. Your team maintains all of the e-commerce servers, including creating and updating all of the content on the Web pages and the database that stores customer information. These are mission critical servers.
You have 4 clustered nodes that are used for load balancing. These nodes are located in 4 cities around the globe. Two are in the USA, one is in Europe, and one is in Asia.
The choices of cities and countries is yours:
Node1: City___________Country___________
Node2: City___________Country___________
Node3: City___________Country___________
Node4: City___________Country___________
Each site is interconnected, and gets regular updates from the home office, located in a different city & country that you will choose.
A TCPDUMP is scheduled daily so the team can analyze real time traffic using WireShark. A team member alerts you to a potential problem found in <NODE OF YOUR CHOICE> capture. There is an alarming amount of activities from port 40452, which shows a redirect to the index.php page instead of the login.php page. It appears this node has been compromised with a SQL Injection Attack. You rely on these sites so you are unable to shut down all e-commerce activities.
For this Assignment, please write a report to the new CEO. Describe your network as you have set it up. Describe your reasoning for the way you distributed the network. Then, in fully-developed explainations, address each of the following:
The specific course learning outcomes associated with this assignment are:
Note: Use quality resources and assignment will be check for plagiarism.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.
Points: 175 |
Assignment 1: Malicious Activity |
|||
Criteria |
Unacceptable Below 70% F |
Fair 70-79% C |
Proficient 80-89% B |
Exemplary 90-100% A |
1. Explain the immediate steps you would instruct your team to use to contain the attack, and also to maintain the service to the e-commerce site. Weight: 30% |
Did not submit or incompletely explained the immediate steps you would instruct your team to use to contain the attack, and also to maintain the service to the e-commerce site. |
Partially explained the immediate steps you would instruct your team to use to contain the attack, and also to maintain the service to the e-commerce site. |
Satisfactorily explained the immediate steps you would instruct your team to use to contain the attack, and also to maintain the service to the e-commerce site. |
Thoroughly explained the immediate steps you would instruct your team to use to contain the attack, and also to maintain the service to the e-commerce site. |
2. Summarize the steps required to mitigate all future occurrences of this type of attack, and how to verify the vulnerability has been rectified. Weight: 30% |
Did not submit or incompletely summarized the steps required to mitigate all future occurrences of this type of attack, and did not summarize how to verify the vulnerability has been rectified. |
Partially summarized the steps required to mitigate all future occurrences of this type of attack, and partially summarized how to verify the vulnerability has been rectified. |
Satisfactorily summarized the steps required to mitigate all future occurrences of this type of attack, and satisfactorily summarized how to verify the vulnerability has been rectified. |
Thoroughly summarized the steps required to mitigate all future occurrences of this type of attack, and thoroughly summarized how to verify the vulnerability has been rectified. |
3. Evaluate the OWASP Top 10 2017 and list three more potential vulnerabilities. Provide specific mitigation strategies to address each risk. Weight: 30% |
Did not submit or incompletely evaluated the OWASP Top 10 2017 and list three more potential vulnerabilities. Did not provide specific mitigation strategies to address each risk. |
Partially evaluated the OWASP Top 10 2017 and list three more potential vulnerabilities. Partialy provided specific mitigation strategies to address each risk. |
Satisfactorily evaluated the OWASP Top 10 2017 and list three more potential vulnerabilities. Satisfactorily provided specific mitigation strategies to address each risk. |
Thoroughly evaluated the OWASP Top 10 2017 and list three more potential vulnerabilities. Thoroughly provided specific mitigation strategies to address each risk. |
5. Provide four (4) quality references Weight: 5% |
No references provided. |
Does not meet the required number of references; some or all references poor quality choices. |
Meets number of required references; all references high quality choices. |
Exceeds number of required references; all references high quality choices. |
7. Clarity, writing mechanics, and formatting requirements Weight: 5% |
More than 6 errors present |
5-6 errors present |
3-4 errors present |
0-2 errors present |