The network below belongs to a small$-$sized pharmaceutical company researching vaccines. The

methods and products developed in this company are at the target of state$-$sponsored hacker groups.

Although database server is the primary critical asset that stores intellectual property and webserver is

used to access the data by authorized users from the Internet, the attack surface includes all of the

assets you see in the figure.

Assets $($Attack surface$)$: Database server, user workstations, internal & DMZ switch, Webserver, DNS

server, firewall, router, and company employees.

As a result, hackers have been trying all possible ways of exploiting vulnerabilities in these assets.

Moreover, the activities of internal employees should also be observed, and it should be confirmed that

they follow the need$-$to$-$know principle and don't perform malicious activities.

Select one of the following monitoring tools that also have strong network security monitoring

capabilities. Please carefully review the website of the software you chose.

Nagios

Cacti

Solarwinds

Explain how this network monitoring tool helps security administrators in detecting the following cases.

Feel free to provide the names of the modules$/$plugins$/$agents of the selected tool. Select at least three

attack case for your answer.

Hackers are scanning externally visible IP addresses of the company.

Hackers are performing vulnerability scanning of the web applications hosted on the webserver.

Hackers are trying to poison the cache of the DNS server.

Internal threats are installing malicious tools on their computers.

Internal threats are trying to access$/$dump$/$backup database.

Internal threats are launching man$-$in$-$the$-$middle $($Arp cache poisoning$)$ attack.

Intenral threats are accessing external malicious websites.