Task $1$: Security analysis and mitigation

Step $1$: Extract a sample of the network traffic from the web server. To do this, download the capture file Capture$\_$Project$\_$A$\_$B $($PCAPNG $3$ KB$)$ Download Capture$\_$Project$\_$A$\_$B $($PCAPNG $3$ KB$).$

Note: The capture file provided is only a very small sample, but it is representative of the total traffic captured from the server. For this task, you can assume the rest of the capture shows the same trends with patterns that are similar and consistent with those in the provided scenario capture file.

Step $2$: Examine the data and conduct an analysis to help you answer the following:

What would you expect to see in a web server capture under normal operation? Provide a detailed and technical explanation of the TCP protocol.

Examine the data in the scenario capture file. Analyse the data, compare this with normal expected behaviour, and determine what has taken place. Record your observations and make connections between the specific data items included in the file and your description of the events that likely occurred.

Consider the security goals of the organisation that may have been compromised, the vulnerabilities that have contributed to the incident, and the threats that acted on them.

What type of attack has occurred $($active or passive$)?$ Justify your claim i$.$e$.$ refer to the data in the file to provide supporting evidence. What are the possible technical and organisational consequences of this incident for XYZ company?

Step $3$: Conduct independent research to identify mitigation strategies that could be applied in this scenario. Provide at least one security strategy from each classification $($preventative$,$ detective and corrective$),$ and discuss the strengths and limitations associated with it$.$ If you decide that a certain class of strategy is not applicable, you will need to explain why.

Step $4$: Complete your investigation and begin your report. You can find your report structure after reading the task section of this assignment page.