Lab - Research Network Security Threats

Objectives
Part 1: Explore the SANS Website
Part 2: Identify Recent Network Security Threats
Part 3: Detail a Specific Network Security Threat

Background / Scenario
To defend a network against attacks, an administrator must identify external threats that pose a danger to the
network. Security websites can be used to identify emerging threats and provide mitigation options for
defending a network.
One of the most popular and trusted sites for defending against computer and network security threats is
SysAdmin, Audit, Network, Security (SANS). The SANS site provides multiple resources, including a list of the
top 20 Critical Security Controls for Effective Cyber Defense and the weekly @Risk: The Consensus Security
Alert newsletter. This newsletter details new network attacks and vulnerabilities.
In this lab, you will navigate to and explore the SANS site, use the SANS site to identify recent network
security threats, research other websites that identify threats, and research and present the details about a
specific network attack.

Required Resources
 Device with internet access
 Presentation computer with PowerPoint or other presentation software installed

Instructions
Part 1: Exploring the SANS Website
In Part 1, navigate to the SANS website and explore the available resources.

Step 1: Locate SANS resources.

Search the internet for SANS. From the SANS home page, click on FREE Resources.
Question:

List three available resources.

Webcasts, White Papers, Posters and Cheat Sheets

Step 2: Locate the link to the CIS Critical Security Controls.

The CIS Critical Security Controls linked on the SANS website are the culmination of a public-private
partnership involving the Department of Defense (DoD), National Security Association, Center for Internet
Security (CIS), and the SANS Institute. The list was developed to prioritize the cyber security controls and
spending for DoD. It has become the centerpiece for effective security programs for the United States
government. From the Resources menu, select Critical Security Controls, or similar. The CIS Critical
Security Controls document is hosted at the Center for Internet Security (CIS) web site and requires free
registration to access. There is a link on the CIS Security Controls page at SANS to download the 2014 SANS
Critical Security Controls Poster, which provides a brief description of each control.

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
Lab - Research Network Security Threats

Question:

Select one of the Controls and list implementation suggestions for this control.
Critical Control 5: Malware Defenses. Employ automated tools to continuously monitor workstations,
servers, and mobile devices. Employ anti-malware software and signature auto-update features.
Configure network computers to not auto-run content from removable media.

Step 3: Locate the Newsletters menu.

Question:

Highlight the Resources menu, select Newsletters. Briefly describe each of the three newsletters available.

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that
have been published on computer security during the last week. @RISK provides a reliable weekly
summary of newly discovered attack vectors, vulnerabilities with active new exploits, insightful
explanations of how recent attacks worked, and other valuable data. OUCH! is the world’s leading, free
security awareness newsletter designed for the common computer user.

Part 2: Identify Recent Network Security Threats

In Part 2, you will research recent network security threats using the SANS site and identify other sites
containing security threat information.

Step 1: Locate the @Risk: Consensus Security Alert Newsletter Archive.

From the Newsletters page, select Archive for the @RISK: The Consensus Security Alert. Scroll down to
Archives Volumes and select a recent weekly newsletter. Review the Notable Recent Security Issues and
Most Popular Malware Files sections.
Question:

List some recent vulnerabilities. Browse multiple recent newsletters, if necessary.

Malware hidden in Steam download code; Microsoft had multiple vulnerabilities with some being critical level
including one that allows an unauthenticated attacker to leverage a cryptographic protocol vulnerability in
Windows Kerberos to perform remote code execution against the target using a specially crafted application.
Type your answers here.

Step 2: Identify sites providing recent security threat information.

Questions:

Besides the SANS site, identify some other websites that provide recent security threat information.
Type your answers here.
List some of the recent security threats detailed on these websites.
Ty North Korean Hackers Target macOS Using Flutter-Embedded Malware
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
pe your answers here.

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
Lab - Research Network Security Threats

Part 3: Detail a Specific Network Security Attack

In Part 3, you will research a specific network attack that has occurred and create a presentation based on
your findings. Complete the form below based on your findings.

Step 1: Complete the following form for the selected network attack.

Name of attack:
I love you virus

Type of attack:
Trojan

Dates of attacks:
5 May 2000

Department of Justice, Department of Labor, SS Administration,

Computers / Organizations affected:
CIA, ARMY, VA Administration, NASA

How it works and what it did:

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that
infected over ten million Windows personal computers on and after 5 May 2000. It started spreading
as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-
YOU.TXT.vbs".[1] At the time, Windows computers often hid the latter file extension ("VBS", a type
of interpreted file) by default because it is an extension for a file type that Windows knows, leading
unwitting users to think it was a normal text file. Opening the attachment activates the Visual
Basic script. First, the worm inflicts damage on the local machine, overwriting random files (including
Office files and image files; however, it hides MP3 files instead of deleting them), then, it copies itself
to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread
much faster than any other previous email worm.[2][3]Onel de Guzman,[4] a then-24-year-old computer
science student at AMA Computer College[5] and resident of Manila, Philippines, created
the malware. Because there were no laws in the Philippines against making malware at the time of
its creation, the Philippine Congress enacted Republic Act No. 8792, otherwise known as the E-
Commerce Law, in July 2000 to discourage future iterations of such activity. However,
the Constitution of the Philippines prohibits ex post facto laws, and as such de Guzman could not be
prosecuted.[6]

Mitigation options:
Laws were created in the Philippines to prevent and persecute further attempts.

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
Lab - Research Network Security Threats

Name of attack:
I love you virus

References and info links:

https://en.wikipedia.org/wiki/ILOVEYOU

Step 2: Follow the instructor’s guidelines to complete the presentation.

Reflection Questions
1. What steps can you take to protect your own computer?

Keeping software and applications up to date, using a personal firewall, encrypting personal files

2. What are some important steps that organizations can take to protect their resources?
Endpoint protection, network vulnerability tools, user education, and security policy development End of Document

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com