Assignment task: The UK government has made a decision to implement additional security measures to strengthen the security of its critical national information infrastructure in the wake of the current conflict in the region. The ministry of defense has received an intelligence report from one of the UK armed forces, the naval operation centre, which organizes and mobilises the navy and some other forces. According to the report, there is a high possibility of an attack being launched against the Naval command and control base that coordinates with the other UK armed forces to protect the critical national information infrastructure from adversaries. Some suspicious activity that was recently recorded in the naval computer networks has furthered proven this. If the attack is successful, the UK's military capabilities will be significantly constrained, exposing it to greater risks. Therefore, the cybersecurity department of the ministry of defence has contracted a firm CyOps defence Corp., that specialises in developing offensive and defensive cyber operations strategies.
You work at CyOps as a security analyst. As part of the team, your role is to identify the potential threat, conduct a risk assessment and analyse the PCAP file that contains the activities within the naval computer network. you are required to produce a report containing the following elements.
1. Identify the ICT assets that are critical to the navel operation. identify the potential threat (you can use automated threat modeling tools, like, Microsoft threat modeling tool, or manually draw one).
2. Based on the threat and criticality of the ICT assets provide a risk assessment. (YOU CAN USE ONE OF THE RISK ASSESSMENT FRAMEWORK, I.E. NIST)
3. For the statistical analysis section, you are expected to use the automation provided by Wireshark under the 'Statistics' drop-down menu. For the activity narrative section, you are expected to explain your thought process for identifying one attack, making references to specific packets in the provided PCAP file. For the technical explanation section, you are expected to provide a technical explanation of the identified attack, making references to good-quality sources.
4. For the attack mitigation section, you are expected to synthesize and present your opinion of what controls you would deploy for preventing similar attacks from happening again and produce a simple proof of concept script.
5. Your script must be able to execute on the lab's Kali Linux virtual machines and generate a report in the required format to be considered for marking. The script should solely implement defensive measures and not perform any reconnaissance, attempt to launch a reverse attack, or remove any content of the VMs.