NAME: Joven M.

Noblefranca
SECTION: BSIT - 2105

16.2.6 Lab - Research Network Security Threats

Objectives

● Part 1: Explore the SANS Website

● Part 2: Identify Recent Network Security Threats
● Part 3: Detail a Specific Network Security Threat

Background / Scenario

To defend a network against attacks, an administrator must identify external threats that
pose a danger to the network. Security websites can be used to identify emerging
threats and provide mitigation options for defending a network.

One of the most popular and trusted sites for defending against computer and network
security threats is SysAdmin, Audit, Network, Security (SANS). The SANS site provides
multiple resources, including a list of the top 20 Critical Security Controls for Effective
Cyber Defense and the weekly @Risk: The Consensus Security Alert newsletter. This
newsletter details new network attacks and vulnerabilities.

In this lab, you will navigate to and explore the SANS site, use the SANS site to identify
recent network security threats, research other websites that identify threats, and
research and present the details about a specific network attack
Part 1: Exploring the SANS Website

Search the internet for SANS. From the SANS home page, click on FREE Resources.

List three available resources.

- Reading Room, Webcasts, Newsletters, Blogs, Top 25 Software Errors, 20

Critical Controls, Security Policies

The CIS Critical Security Controls linked on the SANS website are the culmination of
a public-private partnership involving the Department of Defense (DoD), National
Security Association, Center for Internet Security (CIS), and the SANS Institute. The list
was developed to prioritize the cyber security controls and spending for DoD. It has
become the centerpiece for effective security programs for the United States
government. From the Resources menu, select Critical Security Controls, or similar.
The CIS Critical Security Controls document is hosted at the Center for Internet Security
(CIS) web site and requires free registration to access. There is a link on the CIS
Security Controls page at SANS to download the 2014 SANS Critical Security Controls
Poster, which provides a brief description of each control.

Select one of the Controls and list implementation suggestions for this control.

- Critical Control 5: Malware Defenses. Employ automated tools to continuously

monitor workstations, servers, and mobile devices. Employ anti-malware
software and signature auto-update features. Configure network computers to
not auto-run content from removable media.

Highlight the Resources menu, select Newsletters. Briefly describe each of the three
newsletters available.

- SANS NewsBites is a semiweekly high-level executive summary of the most

important news articles that have been published on computer security during the
last week. Each news item is very briefly summarized and includes a reference
on the web for detailed information, if possible.

@RISK provides a reliable weekly summary of (1) newly discovered attack

vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of
how recent attacks worked, and other valuable data

OUCH! is the world’s leading, free security awareness newsletter designed for
the common computer user. Published every month and in multiple languages,
each edition is carefully researched and developed by the SANS Securing The
 Human team, SANS instructor subject matter experts, and team members of the
community. Each issue focuses on and explains a specific topic and actionable
steps people can take to protect themselves, their family and their organization.

Part 2: Identify Recent Network Security Threats

From the Newsletters page, select Archive for the @RISK: The Consensus Security
Alert. Scroll down to Archives Volumes and select a recent weekly newsletter. Review
the Notable Recent Security Issues and Most Popular Malware Files sections.

List some recent vulnerabilities. Browse multiple recent newsletters, if necessary.

- CVE-2023-28787: SQL Injection vulnerability in the Quiz And Survey Master

plugin, allowing attackers to manipulate database queries.
- CVE-2023-23656: Arbitrary file upload vulnerability in the MainWP File Uploader
Extension, enabling unauthorized file uploads.
- MOVEit Transfer Exploit: Zero-day vulnerabilities that led to significant data
breaches.
- Microsoft Exchange Zero-Day: Exploited to target on-premises Exchange
servers.

Besides the SANS site, identify some other websites that provide recent security threat
information.

- Raspberry Robin Malware: Malware spreading through USB devices and internal
networks, enabling persistent attacks.
- Clop Ransomware: Exploiting file transfer software vulnerabilities to exfiltrate
sensitive data.
- APT Exploitation of SAML: Advanced Persistent Threat groups targeting
federated authentication systems to compromise enterprise cloud environments.
- Supply Chain Attacks: Attacks on software providers to infect downstream users,
such as the 3CX Trojan.

List some of the recent security threats detailed on these websites.

Answers will vary.

- Cybersecurity and Infrastructure Security Agency (CISA): cisa.gov

- SecurityWeek: securityweek.com
- CrowdStrike: crowdstrike.com
- BleepingComputer: bleepingcomputer.com
- The Hacker News: thehackernews.com
Part 3: Detail a Specific Network Security Attack
In Part 3, you will research a specific network attack that has occurred and create
a presentation based on your findings. Complete the form below based on your
finding
Reflection Questions

1. What steps can you take to protect your own computer?

- Include keeping the operating system and applications up to date with patches
and service packs, using a personal firewall, configuring passwords to access the
system and bios, configuring screensavers to timeout and requiring a password,
protecting important files by making them read-only, and encrypting confidential
files and backup files for safe keeping.

2. What are some important steps that organizations can take to protect their
resources?

- Include the use of firewalls, intrusion detection and prevention, hardening of

network devices, endpoint protection, network vulnerability tools, user education,
and security policy development.