Now that you have analyzed the .pcap contents, you and your team of analysts will prepare mitigation (risk analysis and mitigation) for this current attack as well as any future attacks. You will also provide risk countermeasure implementation to a data exfiltration attack. Compile these strategies in a FVEY Indicator Sharing Report to be shared with your FVEY allies. Include Snort rules signatures and prepare rules for firewalls that would have prevented the data exfiltration attack. Review these resources on intrusion detection and prevention (IDS/IPS) systems and IDS/IPS classification to refresh your understanding of communications and network security, intrusion detection, and intrusion prevention.

Your report should include the following:

other possible sources of vulnerabilities and best practices to protect endpoints.

indicators for data exfiltration.

methods for protection in bring your own device (BYOD) mobile security.

an explanation of the importance of authorization and authentication mechanisms like CAC-PIV card readers. Review these resources on common access card (CAC) and multifactor authentication technologies if you need a refresher.

best practices for database protection (data loss prevention), which serves as the backbone to information sharing and communications. How can obfuscation and masking be used to ensure database security?

You don’t want to just build a wall and block everything. Your team has conducted a risk assessment and developed an approach. In your report, share the tools, methods, and the actual net defenses your nation team has used.

In Project 1, your team identified the nations performing the malicious activities. At this point, it is necessary to protect the network and defend against the attacks. You must devise a plan and pull from the suite of net defense tools available to you. For intrusion detection and prevention, you must program rule sets in firewalls.

Now that your nation team has identified the bad actors, your nation will then build out Snort rules based on the traffic you have analyzed to allow the permitted communications while keeping out malicious traffic and activities.