Security Analyst – IDS/IPS

The university course’s campus network already has an Intrusion Detection System in place. The intrusion detection system’s current status was not functioning properly in some regards. The system tended to produce “false positives”, or alerts that are triggered by harmless sources on the network at an aggressive level. It has since been improved and the issues have been resolved.

Wazuh: An Intrusion Detection System

Wazuh is an open-source intrusion detection system that uses individual agents to monitor user and network activities on a host-basis. Suspicious activity is reported using alerts via email. Agents were deployed to the workstations in the Living Lab through the use of group policy management. The Auto-OSSEC tool developed by Binary Defense Systems provides automatic provisioning for agents in order to provide their authentication key. Kibana is a web interface that can manage agents and mine data.

IDS Network Security

The objective was to install an intrusion detection system (IDS) for a university course. The client wanted an IDS installed and configured within the server room overseeing the computer lab that CIT students used for both classes and lab. The administration wanted a setup that allowed them to view student activity on the network. For this project, a decision was made to use SELKS for the IDS because it is open source and comes with community rules. Additionally, SELKS hosts several different programs that help fill out the features of the IDS. Once fully operational, it will be able to block ports on lab computers, when malware or viruses are detected. This is technically an ongoing project since the IDS requires maintenance and investigations are conducted when alerts occur. Additionally, rules can be implemented to detect violations of the school’s internet usage policy. Student Team Members: Joshua Waggoner and Scott Marley

Network / Security Analysts

This project integrated multiple programs and software to enhance the security and monitoring of the Living Lab network. Some tools such as Proxmox, GRR, Spiceworks, OSQuery, Veyon were used to create the proper environment for monitoring and examining the lab network and PCs. These tools allow for monitoring of individual PCs, and Veyon can control the Living Lab computers in ET 007A and ET 007B. Monitoring the network and reporting any critical issues lies within the scope of the project. Another aspect of the project was implementing active directory services for the Living Lab. This includes ensuring options for disaster recovery, fail-over, Windows Server Update Services (WSUS), and more. This will be used to help monitor the workstations and servers used in the Living Lab going forward.

Qualtrics Risk Analysis Questionnaire

This questionnaire was created for a cybersecurity committee using the NIST 800-53 framework. It is easy-to-use and could be used by both IT professionals and non-professionals alike. Some of the previous work with the questionnaire involved implementing a scoring and feedback system that provides a response at the end in the form of a risk matrix. Each question received its own risk matrix with several factors, such as the risk, vulnerability, threat, and risk summary.

Security Analysis & Risk Assessment

This project was requested by the Water & Wastewater Committee of the Indiana Executive Council on Cybersecurity. The project’s purpose was to conduct an information security analysis via a questionnaire and an on-site risk assessment of Indiana’s relatively smaller water management companies. The questionnaire was created via Qualtrics, a surveying and data analysis software. Once the assessments were completed, the water companies were given recommendations to improve their cybersecurity posture.

Malware Analysis Lab

The Malware Analysis Lab allows students to upload and research any malware they may find. The project used Cuckoo, an automated sandbox for uploading said malware to analyze. Cuckoo analyzes the malware for the student and gives them a detailed report of what the malware is and what it might do. Cuckoo is placed on a server and connected to two VMs allowing those to be connected to the server Cuckoo is on. The malware being on closed network machines allows no propagation to the whole IU network for safe malware analysis.