NAME

REGISTRATION NO MARKS
CLASS/SESSION
CODE/SUBJECT DFS50183 CYBERSECURITY INCIDENT RESPONSE
PRACTICAL TASK 3
LECTURER /100

CLO 1: Trace basic analysis of compromised systems using tools and common
processes (P3, PLO 3)

TOPIC : 4.0 METHODOLOGY FOR INCIDENT RESPONSE AND TRACE NETWORK ATTACK
4.4 TRACE NETWORK ATTACK

DURATION: 3 HOURS
INSTRUCTION: ANSWER ALL THE QUESTIONS

The ICT security unit in Pelita Infrastruktur Sdn Bhd conducts special research on isolation
lab for future deployment of their server infrastructure. The research objective is based on CVE-
2017-0144 which is critical vulnerability in SMB or file share application service on how to
analyze the attack method and how to countermeasure the attack followed by NIST Computer
Incident Handling Lifecycle consist of Preparation, Detection and Containment. The
isolated lab network system diagram with device listing is shown in Figure 1 and Table 1 below:

Figure 1 : Isolated lab network system diagram

Hostname IP address Operating system Description
Deskripsi

Kali_attack 192.168.10.10 Kali Linux VM Kali Linux OS as attack

simulation tools

Snortubtn01 192.168.10.5 Ubuntu Desktop Snort software with Ubuntu Linux

22.04 VM 22.04 operating system VM

DC01 192.168.10.30 Windows Server Server with Active Directory

2012 R2 VM and file sharing (SMBv1)
application.

Table 1 : List of IP address for the host in isolated lab

1. Perform network attacks on vulnerable servers based on CVE-2017-0144 by using

Nmap and Metasploit on kali_attack.

2. Perform analyze .pcap file using generate by Wireshark when a network attack occurs.
3. Construct appropriate Snort IDPS rules.
4. Perform SMB attack countermeasures inside the Windows server 2012 R2.

You need to submit work in a report form. The report must include the:

i. Table of Content
ii. Overview
iii. Evidence analysis
iv. Solutions
v. Conclusion