Warning: include(/home/smartonl/royalcustomessays.com/wp-content/advanced-cache.php): failed to open stream: No such file or directory in /home/smartonl/royalcustomessays.com/wp-settings.php on line 95

Warning: include(): Failed opening '/home/smartonl/royalcustomessays.com/wp-content/advanced-cache.php' for inclusion (include_path='.:/opt/alt/php56/usr/share/pear:/opt/alt/php56/usr/share/php') in /home/smartonl/royalcustomessays.com/wp-settings.php on line 95
Firewall log analyze – RoyalCustomEssays

Firewall log analyze

Cardiac Cycle and Output
November 5, 2018
Emergency cycles and activities
November 5, 2018
0

 

For this assignment, It is firewall log analyze,   imagine yourself as an investigator and you need to write a report about the case;
1) you have to look at the file that I attached carefully because that what we need to analyze.
2) answer those question below according to the file that I attached and place them in the report while answering them, You can open this through Microsoft word or notepad then take a screenshot of the evidence from the file while writing the report.

“step back and look at the bigger picture where network traffic is concerned. This is necessary for any network forensic analyst. Your job is to analyze a month of connection activity to and from a network by analyzing the firewall logs.
Produce a full quality report that addresses the following questions:
1)What are the high-level trends in connectivity to/from the server? What type of traffic was growing/decreasing?
2).What possible evidence of malware is there? What types? What are the malware trends you can observe?
3)What types of reconnaissance activity did you notice? What do you think attackers were looking for? What are some prominent sources of such activity in the files?
4)What are the different scan patterns that you can notice? Do you think all come from different attack tools? Address/note any long term (“low and slow”) scanning activity.
5)Was the network compromised during the observed time period? How do you know?
6)If you’d obtain such firewall logs from a production system, what source IPs or groups of such IPs would you focus on as a highest threat?
7)What systems were attacked the most? What ports were open on each of them? Why do you think machines with close IP addresses were attacked differently?
8)Provide some high-level metrics about the data (such as most frequently targeted ports, etc) and make some conclusions based on them.

All the question need to be answered while writing the full details report with time and date of starting the examination or work, tools for open the file or while use it when you analyze the file, every little thing need to be documented with a picture or screenshot of the work. In case if any information used outside the work it needs to cite it in the paragraph and the reference page too. Please please use simple English language because I am weak in English and the writer needs to answer me in case if I have any question or comment regarding the work.

Place Order