Step 12: Share the Cyber Defense Information with Nations
Now that you have analyzed the PAP contents, you and your team of analysts will prepare mitigation (risk analysis and mitigation) for this current attack as well as any future attack. You will also provide countermeasures risk countermeasure implementation to a D Dos attack. Compile these strategies in a FEY Indicator Sharing Report to be shared with your FEY allies. Include Snort rules signatures and prepare rules for firewalls that would have prevented the D Dos attack. Review these resources on intrusion detection and prevention (IDS/PIS) systems and IDS/PIS classification to refresh your understanding of communications and network security, intrusion detection, and intrusion prevention.
Your report should include the following:
Other possible sources of vulnerabilities and best practices to protect endpoints.
Indicators for data exfiltration.
methods for protection in bringing your own device (BOD) mobile security.
An explanation of the importance of authorization and authentication mechanisms like CAPTIVE card readers. Review these resources on common access card (VAC) and multi-factor authentication technologies if you need a refresher.
Best practices for database protection (data loss prevention), which serves as the backbone to information sharing and communications. How can obfuscation and masking be used to ensure database security?
You don’t want to just build a wall and block everything. Your team has conducted a risk assessment and developed an approach. In your report, share the tools, methods, and the actual net defenses your nation team has used.
In Project 1, your team identified the nations performing the malicious activities. At this point, it is necessary to protect the network and defend against the attacks. You have to devise a plan and pull from the suite of net defense tools available to you. For intrusion detection and prevention, you must program rule sets in firewalls.
Now that your nation team has identified the bad actors, your nation will then build out Snort rules based on the traffic you have analyzed to allow the permitted communications while keeping out malicious traffic and activities.
