Web Server Compromise

Web Server Compromise

Background:

You are an employee in the Georgia Tech SOC, you receive a report from a system adminstrator that one of their websites is acting "funny." The website is running Wordpress and is accessible from the world. You have access to the access logs for the site as well as the directory that the website lives under. Both of these are attached to the assignment below.

Georgia Tech's IP ranges are:

Assignment:

You will use the logs and site directory to figure out what happened and when. You should turn in two documents. The first will be answers to 8 questions found in the "Questions" section below. The second will be an incident report.

Steps:

We will be teaching using Splunk, but if you are more comfortable using Elastic (ELK) or some other log searching mechanism you are free to do so. The raw logs are attached to this assignment below. While you can definitely succeed at this assignment using plain old grep, I would recommend you don't. While grep will work due to the small size of the log files being provided, grep fails to perform when you are in an actual Enterprise with massive amounts of data. To access Splunk:

  1. Log in to the Georgia Tech VPN
  2. Navigate to https://splunk.class.security.gatech.edu(Links to an external site.)
  3. Log in with your GT username and password
  4. Click "Search and Reporting"
  5. Start searching!

The data for this assignment is in the "main" index. You can see all of the data by searching for "index=main" and changing the time dialog from "Last 24 hours" to "All time." Splunk already has the fields extracted from the logs for you. 

Questions: 

Using the logs, answer the following questions. Please include the Splunk (or Elastic) queries you used to find each answer. This will allow us to understand your thought process if you come to a different answer or interpret the question in a different way.

  1. Which IP(s) attempted to brute force the Wordpress login?
  2. How many attempts did it/they make?
  3. How many of the IP(s) were successful? When were each successful?
  4. What did each IP do after it logged in?
  5. What file was changed?
  6. When was it changed?
  7. How was it changed?
  8. What was the purpose of the change?

Incident Report:

Write an incident report based on this assignment. Use the provided template from additional resources. The audience for this report will be your executive leadership and the affected business unit leadership.

As discussed in the report writing lecture, make sure to include (these are all sections in the template):

  • An executive summary
  • A detailed timeline of the incident. Include detail of the attack
  • Any containment and eradication steps that you would have taken. (e.g. would you have requested that the web server be restored from back up?). Document these steps as if you had taken them (e.g. At 12:05pm the security team requested the web server be restored from previous clean back up)
  • Financial impact
    • Include effort estimates for your investigation and the time resources from any other involved teams
    • Anything else you can think of that might have had financial impact
    • The numbers can be completely made up
  • Lessons learned

hihi

Download Sample Now

Earn back money you have spent on downloaded sample



Upload Document Document Unser Evaluion Get Money Into Your Wallet



Cite This work.

To export a reference to this article please select a referencing stye below.

Assignment Hippo (2021) . Retrive from http://assignmenthippo.com/sample-assignment/web-server-compromise

"." Assignment Hippo ,2021, http://assignmenthippo.com/sample-assignment/web-server-compromise

Assignment Hippo (2021) . Available from: http://assignmenthippo.com/sample-assignment/web-server-compromise

[Accessed 27/10/2021].

Assignment Hippo . ''(Assignment Hippo,2021) http://assignmenthippo.com/sample-assignment/web-server-compromise accessed 27/10/2021.


Want latest solution of this assignment

Want to order fresh copy of the Sample Template Answers? online or do you need the old solutions for Sample Template, contact our customer support or talk to us to get the answers of it.


Submit Your Assignment Here

AssignmentHippo Features

On Time Delivery

Our motto is deliver assignment on Time. Our Expert writers deliver quality assignments to the students.

Plagiarism Free Work

Get reliable and unique assignments by using our 100% plagiarism-free.

24 X 7 Live Help

Get connected 24*7 with our Live Chat support executives to receive instant solutions for your assignment.

Services For All Subjects

Get Help with all the subjects like: Programming, Accounting, Finance, Engineering, Law and Marketing.

Best Price Guarantee

Get premium service at a pocket-friendly rate at AssignmentHippo

FREE RESOURCES

  • Assignment Writing Guide
  • Essay Writing Guide
  • Dissertation Writing Guide
  • Research Paper Writing Guide

FREE SAMPLE FILE

  • Accounts
  • Computer Science
  • Economics
  • Engineering

Client Review

I was struggling so hard to complete my marketing assignment on brand development when I decided to finally reach to the experts of this portal. They certainly deliver perfect consistency and the desired format. The content prepared by the experts of this platform was simply amazing. I definitely owe my grades to them.

Tap to Chat
Get instant assignment help