In this guided project, you will deploy a secure Nextcloud instance on Azure Cloud, leveraging Azure's fundamental architecture and topology. You will learn how to:
Performed a thorough vulnerability assessment to identify and mitigate potential threats to an e-commerce company's information system. Developed a remediation plan to proactively prevent attacks and ensure the organisation's security.
23rd January 2024
As part of our organisation's ongoing efforts to bolster system security, I led initiatives to identify and mitigate potential vulnerabilities. This involved conducting thorough security audits, addressing emerging threats, and optimising employee workstation configurations.
SQL (Structured Query Language) plays a vital role in security-related tasks by enabling precise data filtering and analysis. In this project, I demonstrate how SQL filters can be applied to streamline security tasks, ensuring the integrity and confidentiality of our systems.
Before diving into filtering, let's review basic SQL concepts:
This project enhances Linux system security by optimising file permissions, ensuring least privilege access. Key updates include permission adjustments for sensitive files and directories, aligning with organisational policies.
The following screenshot demonstrates how to use Linux commands to verify current permissions for a specific directory.
The initial line in the screenshot displays the command entered, while the subsequent lines show the output. This code lists all items in the projects directory. We used the ls command with the -la option to display a detailed list of file contents. This option shows:
Applied the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) to investigate a network incident. The resulting incident report provides actionable insights, aligned with NIST CSF's best practices for identifying, protecting, detecting, responding to, and recovering from cybersecurity threats.
| Summary | The company encountered a security incident when every network service abruptly ceased its operation. Investigation by the cybersecurity team unveiled that the disturbance stemmed from a distributed denial of service (DDoS) onslaught, inundating the network with a barrage of ICMP packets. In swift response, the team thwarted the attack and halted all non-essential network services, prioritising the restoration of critical network functions. |
Conducted a comprehensive security risk assessment following a data breach at a social media company. Identified critical vulnerabilities, recommended network hardening tools, and proposed tailored hardening methods to mitigate risks and prevent future breaches.
| Part 1: Three hardening tools and methods to implement |
|---|
| Envisaging robust measures to fortify the organisation's security posture, three potent tools emerge as key elements to address identified vulnerabilities: Instating Multi-Factor Authentication (MFA)Formulating and rigorously enforcing robust password policiesConducting routine firewall maintenance Multi-Factor Authentication (MFA) necessitates users to authenticate their credentials through multiple verification methods before gaining access to an application. Diverse MFA methods, ranging from finge |
Conducted a thorough investigation into a website security incident, leveraging tcpdump and DNS/HTTP traffic log analysis. Successfully identified the attack vector, documented the incident timeline, and recommended a security enhancement to prevent future brute-force attacks.
| Part 1: The network protocol involved in the incident |
|---|
The network protocol implicated in the incident is the Hypertext Transfer Protocol (HTTP). Through the utilisation of tcpdump, coupled with an investigation into the yummyrecipesforme.com website to pinpoint and capture the problematic elements, the protocol, and traffic activities were meticulously logged in a dedicated DNS & HTTP traffic file. This comprehensive analysis yielded the conclusive evidence necessary to determine that the malevolent file was being conveyed to users' computers via the |
Investigated and analysed a network attack that disrupted website accessibility, identifying the attack vector and its impact. Provided a comprehensive incident report detailing the attack's methodology and effects.
| Part 1: The type of attack that may have caused this network interruption |
|---|
| The website's connection timeout error could be attributed to a potential Denial of Service (DoS) attack. Analysis of the logs reveals that the web server ceases to respond when inundated with an excessive number of SYN packet requests. This incident aligns with a specific type of DoS attack known as SYN flooding. |
| Part 2: How the attack is causing the website malfunction |
|---|
Conducted a comprehensive network traffic analysis using tcpdump to investigate a cybersecurity incident. Identified the specific network protocol utilized during the incident, providing valuable insights into the attack vector.
| Part 1: Summary of the problem found in the DNS and ICMP traffic log |
|---|
| The network analysis points to a DNS server issue, with the UDP protocol indicating its unavailability. The ICMP echo reply specifically notes "udp port 53 unreachable," which is the standard port for DNS traffic. This strongly suggests a non-responsive DNS server as the probable cause of the problem |
| Part 2: Clarification of the data analysis and identification of the incident's root cause. |
|---|
| At 1:23 p.m., customers reported receiving a "destination port unreachable" message when attempting to visit the website, prompting the IT team's attention. Currently under |