CP70044E: A UK-wide Enterprise in Taxation Management with Its Head Office in Leatherhead SURREY: Security Operations & Assurance Assignment, UWL, UK
|University||University of West London (UWL)|
|Subject||CP70044E: Security Operations & Assurance|
Wireshark has two ways of filtering traffic, and (unfortunately) two different languages for specifying the filters. One language and GUI element specify which captured packets to display in Wireshark’s panes; the other specifies which packets to capture.
Captured packets can be further drilled down by display filters. So why filter at the capture state at all? Because on a busy network the memory footprint of Wireshark capturing all packets grows really fast, and the reaction of the GUI grows sluggish.
Wireshark’s “Help > Manual pages > Wireshark Filter” will open a manual for this filtering language in your browser.
As soon as you clear a filter expression, you get all the packets you captured (or are still capturing) displayed back again. Remember, this is only a display filter.
1. a) Start a Wireshark capture and browse to twitter.com. Use display filtering to reduce displayed packets to only those sent and received by your computer. How many sites are you actually interacting with when you interact with Twitter? What are they?
b) If you use Chrome, Firefox, or Safari, your browser occasionally connects to a google.com site that you did not direct it to and tries to download something. It typically does so when you launch the browser process. Observe it does so, captures the attempts, and find out what it is. If you have an objection to using all of these browsers, talk to me.
2. What is the MAC address of your Host? You can find this in the frame level information.
3. List the different protocols that appear in the protocol column in the unfiltered packet-listing window.
4. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packet-listing window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull-down menu, then select Time Display Format, then select Time-of-day.)
5. What is the Internet address of the www.uwl.ac.uk? What is the Internet address of your computer?
Assignment 2: Enterprise Operational Systems Upgrade (note: this is a fictitious scenario)
A UK-wide enterprise in taxation management with its head office in Leatherhead SURREY is looking to enhance its computer systems and reduce its complexity to improve its business processes.
The Enterprise has various offices throughout the United Kingdom.
The Enterprise has grown significantly in recent years and some of its data systems and supporting networking infrastructure have become dated, which may potentially result in security and resilience risks. Additionally, through Brixit concerns, they have just acquired SMEs in France, Germany, and Spain undertaking similar business operations.
The enterprise sees this as an opportunity to develop/enhance present staffing, enhance business operations, and ensure compliance with various regulatory requirements such as GDPR.
A Security Operations Centre (SOC) may form part of this development.
The enterprise you work for offers Security Operations Centre (SOC) services and is looking to develop a SOC focused on supporting and providing security services to Manufacturers.
You as a security operation and assurance consultant have been asked to provide an initial report against such an undertaking to ensure a robust system for future stability, resilience, and confidence by all stakeholders.
Within your considerations, the following needs to be considered:
- Security considerations for the life cycle of the system i.e. various stages of development, implementation, operational, maintenance, and final disposal perspectives.
- Against organisational resilience provide critical considerations for business continuity, back-up, and disaster recovery of the system.
- Provide details of security incident response practices against such a system.
- Provide details of expected security assessment and testing with reasoning against such a system.