Liam's Reflections - absentee-neptune/Senior-Capstone GitHub Wiki

Week 1 - Sprint 1 Kickoff

For our first week back I began working on creating a server that could host our Syslog server. We decided that we would use a spare or recycled system for the creation of this server, so I retrieved two older recycled workstations whose drives had been wiped to work with. Both systems were wiped of any remaining data using a bootable Killdisk USB device. Unfortunately, the first system I had tried to bootup and run, would power on and no longer boot properly. I tried to fix this by physically taking apart the system and making sure that all the components were seated properly where they needed to be inside the case with no lost connections. However this did not resolve the issue, so I moved on to the second of the systems, which booted into BIOS without any issues. From there onward I used yet another bootable USB, this time making use of the Windows Installation Media tool, to create a windows installation on the second system from which we could host our Syslog server. Yet again I ran into issues with the system with the hard drive not allowing itself to be formatted correctly for windows to be installed. I tried a few different methods to try and fix the issues caused by the hard drive, but in the end, we ruled that it would be simpler and easier to use another already known working system for the server to be hosted on. We chose to use Bri's PC as the server, and installing and setting up the server on her PC will now be the next objective.

Week 2 - Sprint 1 Week 1

For our second week I began looking into implementing an already previously built ELK setup in EC2 on Bri's PC. We will need to install a program call WinLogBeat to ship logs from our network through the windows system to the VM ELK stack. This program I plan on installing in the week to come. This week I also began looking into Inspace and the possible vulnerabilities associated with it.

Week 3 - Sprint 1 Week 2

For the second week I looked into setting the ELK stack up on Bri's PC physically, as transporting the logs from EC2 to the router wasn't as simple to workaround. The ELK stack setup on the PC ran into issues with initiating the bash script required for the program, which led to our team exploring alternate methods until a workaround for the bash issue is found. In the week to come I plan on attempting to fix the setup issues with Windows ELK and then work with Isaac to ship our router logged to ELK to be filtered and visualized. I also plan on reaching out to the founder of Inspace for more information and potentially more access to the program.

Week 4 - Sprint 1 Week 3

For this week of the sprint there wasn't much that I was able to accomplish, as the Inspace team never responded to my correspondence, for the next upcoming week, I will try reaching out to a different member of the Inspace team to assist with my research. This week I also worked on the presentation of our work up until this point.

Week 5 - Sprint 1 Week 4

In this week we presented our first demo of the project and received feedback on what we needed to improve on, such as getting another router to forward logs. Until we have the logging setup properly we will be using Wireshark captures to look at our network activity.

Week 6 - Sprint 2 Week 1

For this week we researched and purchased a mini router for the purpose of forwarding our logs. Once it was connected we were able to generate logs without the use of a SIEM. Unfortunately for this week, the team at Inspace failed to respond to yet another email sent out to a different member of the team on their network security/privacy policies. While waiting for the Inspace team to respond I helped with setting up our previous Syslog environment in AWS.

Week 7 - Sprint 2 Week 2

This week we worked on integrating the new mini router into our network, allowing us to inspect all our network traffic. I began looking into alternate SIEMs for usage on the home network.

Week 8 - Sprint 2 Week 3

This week we began generating logs on the network and looking at the network traffic already being created. We started to categorize some of the traffic that was being generat3ed into what services were being used.

Week 9 - Sprint 3 Week 1

This week we worked on installing Solarwinds Orion which was a monitoring and management software we had decided to try using for the project as another form of monitoring. We also worked on researching vulnerabilities in the services that we were using, and analysis of the logs that we created previously.

Week 10 - Sprint 3 week 2

This week our team finished installing Solarwinds Orion and began using it to analyze the network traffic on top of our other network monitoring, ensuring that our logging was accurate and catching all traffic.

Week 11 - Sprint 3 Week 3

In this week we focused on using Solarwinds logs on the three services that we had focused on most for this project. This way we could limit the number of logs that we had to look at.

Week 12 - Sprint 3 Week 4

Our group met to talk about the state of the project and focus on what we found to be the most important as well as the direction we wanted to take the project based on our findings. We also did more research into vulnerabilities and the privacy policies of the services that we looked into.

Week 13 - Sprint 4 Week 1

After meeting with Devin, we decided to focus on improving our GitHub by updating it and reorganizing it so that it is more comprehensive, and includes all of our documentation and research in full. We have begun to figure out what 'roles' each of us will take on when it comes to the project, based on what we did throughout the project.

Week 14 - Sprint 4 Week 2

After meeting as a group, I took the role of being in charge of our privacy policy and vulnerability research, both updating the GitHub and presenting on it in the future. I added our vulnerability research on all of our services to the GitHub, which Isaac later was able to build upon with his findings on Zoom. I also researched and compiled the commonly shared policies that were used in the privacy policies of the services that we were investigating.