480 likes | 486 Views
CST 610 Project 1 Information Systems and Identity Management<br> <br>CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)<br> <br>CST 610 Project 3 Assessing Information System Vulnerabilities and Risk<br>
E N D
CST 610 All Project (Project 1-6) For more classes visit www.snaptutorial.com CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project 5 Cryptography CST 610 Project 6 Digital Forensics Analysis **********************************************8
CST 610 Project 1 Information Systems and Identity Management For more classes visit www.snaptutorial.com Project 1 Information Systems and Identity Management Video transcript CYB 610 Project 1 You are a systems administrator in the IT department of a major metropolitan hospital. Your duties are to ensure the confidentiality, availability, and integrity of patient records, as well as the other files and databases used throughout the hospital. Your work affects several departments, including Human Resources, Finance, Billing, Accounting, and Scheduling. You also apply security controls on passwords for user accounts. Just before clocking out for the day, you notice something strange in the hospital's computer system. Some person, or group, has accessed user accounts and conducted unauthorized activities. Recently, the hospital experienced intrusion into one of its patient's billing accounts. After validating user profiles in Active Directory and matching them with user credentials, you suspect several user's passwords have been compromised to gain access to the hospital's computer network. You schedule an emergency meeting with the director of IT and the hospital board. In light of this security breach, they
ask you to examine the security posture of the hospital's information systems infrastructure and implement defense techniques. This must be done quickly, your director says. The hospital board is less knowledgeable about information system security. The board makes it clear that it has a limited cybersecurity budget. However, if you can make a strong case to the board, it is likely that they will increase your budget and implement your recommended tool company¬wide. You will share your findings on the hospital's security posture. Your findings will be brought to the director of IT in a technical report. You will also provide a non¬technical assessment of the overall identity management system of the hospital and define practices to restrict and permit access to information. You will share this assessment with the hospital board in the form of a narrated slide show presentation. You know that identity management will increase the security of the overall information system's infrastructure for the hospital. You also know that, with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to those stakeholders. Daily life requires us to have access to a lot of information, and information systems help us access that information. Desktop computers, laptops, and mobile devices keep us connected to the information we need through processes that work via hardware and software components. Information systems infrastructure makes this possible. However, our easy access to communication and information also creates security and privacy risks. Laws, regulations, policies, and guidelines exist to protect information and information owners. Cybersecurity ensures the confidentiality, integrity, and availability of the information. Identity management is a fundamental practice. Part of identity management is the governance of access, authorization, and authentication of users to information systems, Identity management is one part of a layered security defense strategy within the information systems infrastructure. Your work in this project will enable you to produce a technical report and nontechnical presentation that addresses these requirements.
There are five steps that will help you create your final deliverables. The deliverables for this project are as follows: 1. Nontechnical presentation: This is an 8-10 slide PowerPoint presentation for business executives and board members. 2. Technical report: Your report should be a 6-7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 3. Executive summary: This should be a 2-3 page double-spaced Word document. 4. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 6.2: Creating a roadmap for organizations to use in development of an Identity Access Management program (to address gaps in their current offerings). • Step 1: Defining the Information System Infrastructure Select a hospital or healthcare organization to research. You may choose an organization you are familiar with or can readily obtain information about. To maintain confidentiality, you do not need to mention the name of the organization. You may also choose a hypothetical/fictitious healthcare organization. Others have researched several healthcare organizations, which have suffered major security breaches, extensively. 1. Describe the organization and structure including the different business units and their functions. You may use an organizational chart to provide this information. 2. Choose one or more mission-critical systems of the healthcare organization. Define the information protection needs for the organization's mission-critical protected health information (PHI). This
information is stored in database medical records for doctors, nurses, and insurance claims billing systems, which are used to fulfill the organizational information needs. 3. Define the workflows and processes for the high-level information systems that you have just identified that will store PHI. Workflows and processes for healthcare organizations define how the organization gets its work done. They describe the movement of patient information to the business units that have needs to process and manage that information, from billing to physician care. All these organizations have hardware and software implementations of their information systems, and it is critical to understand these components, and how they are connected (known as their topology), so the appropriate protections can be applied. Your research may produce instances and examples of how an information system is connected, to include cybersecurity components like firewalls, in the information system and network diagram. Be sure you understand the benefits and weaknesses for the different network topologies. You may incorporate what you find in your research, in your definition for workflows and processes for the high-level information systems and provide explanation of how that topology fulfills the mission for the health care organization. Your definition should include a high-level description of information systems hardware and software components and their interactions. Take time to read the following resources. They will help you construct your definition. o Information systems hardware o Information systems software You may supply this information as a diagram with inputs, outputs, and technologies identified. Consider how you might restrict access and protect billing and PHI information. 4. The links shown below provide access to essential information you’ll need to complete this part of the hospital’s information system infrastructure definition. Click each link, review its resources, and refer to them as you compose this part of the definition. o Open Systems Interconnections (OSI) Model
o TCP/IP protocols o network protocols You will include these definitions in your report. Step 2: Threats Now that you have defined the hospital's information system infrastructure, you will have to understand what are the threats to those systems and describe the types of measures that could address those threats. In this section, you will learn about different types of identity access management solutions and how they protect against the threat of unauthorized access. To complete this section of the report, you’ll brush up on your knowledge of threats by reading the following resources: web security issues, insider threats, intrusion motives/hacker psychology, and CIA triad. Take what you learned from these resources to convey the threats to the hospital's information systems infrastructure. Include a brief summary of insider threats, intrusion motives, and hacker psychology in your report as it relates to your hospital data processing systems. Relate these threats to the vulnerabilities in the CIA triad. This section of your report will also include a description of the purpose and components of an identity management system to include authentication, authorization, and access control. Include a discussion of possible use of laptop devices by doctors who visit their patients at the hospital, and need access to hospital PHI data. Review the content of the following resources. As you’re reading, take any notes you think will help you develop your description. 1. Authorization 2. Access control 3. Passwords 4. Multi-factor authentication Next, expand upon your description. Define the types of access control management to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity
management system. Describe common factor authentication mechanisms to include multi-factor authentication. You will include this information in your report. Step 3: Password Cracking Tools You have successfully examined the threats to a healthcare organization's information systems infrastructure. Now, you must begin your research into password cracking software. Do some quick independent research on password cracking as it applies to your organization. You can click on this link to find the instructions for Navigating the Workspace and the Lab Setup. Enter Workspace and complete the lab activities outlined in the Project 1 Workspace Exercise Instructions. There are additional password cracking tool resources, tutorials, and user guides to continue your familiarity with the tools. Click here to access the Project 1 Workspace Exercise Instructions. After completing the lab, you will have successfully tested more than one password cracking tool. Not all password cracking tools will necessarily perform with the same speed, precision, and results, making it important to test a few different products. Compare the password cracking tools based on these characteristics, and include as part of your assessment and recommendations on the use of such tools. You will test the organization's systems for password strength and complexity and complete validation testing. You will compare the results obtained from your first and second tool. You have tested and made comparisons of the performance of various password cracking tools and you have the data to support your recommendations for the use of such tools. Not all password cracking tools will necessarily perform with the same speed, precision, and results, making it important to test a few different products. The comparison will be part of your assessment and help you make recommendations on the use of such tools. You will test the organization's systems for password strength and complexity and
complete validation testing. You will compare the results comparing the various tools. 1. Read this article about cyberattacks, perform two different types of cyberattacks in the first, and in the second tool, crack user account passwords. Describe them in simple nontechnical terms for the leadership. You can identify which tool is the most effective and why for your organization's IT environment 2. Compare and contrast the results from the two methods used to crack the accounts for the three passwords (each encrypted by the two hash algorithms). Show their benefits. You can make certain conclusions that help your company's cybersecurity posture after using these methods. 3. Explain to the director of IT and the members of the board that the healthcare organization’s anti-virus software will detect password cracking tools as malware. Also explain how this impacts the effectiveness of testing security controls like password strength. Help the leadership understand the risks and benefits of using password cracking tools, through persuasive arguments in your report and presentation. If any of the tools take longer than 4-5 minutes to guess a password, record the estimated length of time the tool anticipates to guess it. Include this information in your presentation. Step 4: The Non-Technical Presentation You now have the information you need to prepare your product for stakeholders. Based on the research and work you've completed in Workspace, you will develop two items: a technical report for the director of IT, and a nontechnical slide show presentation for the members of the board. You will tailor the language of your reports appropriately to the different audiences. The nontechnical presentation: Your upper-level management team consists of technical and nontechnical leadership, and they are interested in the bottom line. You must help these leaders understand the identity management system vulnerabilities you discovered in password cracking and access control. They need to clearly see what actions they must
either take or approve. The following are a few questions to consider when creating your presentation: 1. How do you present your technical findings succinctly to a non- technical audience? Your technical report for IT will span many pages; but you will probably be afforded no more than 30 minutes or 8-10 slides for your presentation and the following discussion with leadership. 2. How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today. 3. How do your results affect business operations? Make sure you are presenting these very technical password cracking results in business terms upper-level management will understand. 4. What do you propose? Management will not only want to understand what you have discovered; they will want to know what you propose as a solution. Step 5: The Technical Report and Executive Summary The technical report and the nontechnical presentation will identify compromises and vulnerabilities in the information systems infrastructure of the healthcare organization, and identify risks to the organization's data. You will propose a way to prioritize these risks and include possible remediation actions. The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. Review the mission and organization structure of this healthcare organization. Review the roles within the organization, and recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format as part of your list of recommendations. Provide a comparison of risk scenarios to include the following: 1. What will happen if the CIO and the leadership do nothing, and decide to accept the risks? 2. Are there possible ways the CIO can transfer the risks? 3. Are there possible ways to mitigate the risks?
4. Are there possible ways to eliminate the risks? 5. What are the projected costs to address these risks? Provide an overall recommendation, with technical details to the director of IT. The executive summary: In addition to your technical report, also create a nontechnical report as an executive summary. The deliverables for this project are as follows: 1. Nontechnical presentation: This is a 8-10 slide PowerPoint presentation for business executives and board members. 2. Technical report: Your report should be a 6-7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 3. Executive summary: This should be a 2-3 page double-spaced Word document. 4. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. Submit your deliverables to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 6.2: Creating a roadmap for organizations to use in development of an Identity Access Management program (to address gaps in their current offerings). **********************************************8
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) For more classes visit www.snaptutorial.com CYB 610 Project 2 Congratulations, you are the newly appointed lead cybersecurity engineer with your company in the oil and natural gas sector. This is a senior¬level position. You were hired two months ago based on your successful cybersecurity experience with a previous employer. Your technical knowledge of cybersecurity is solid. However, you have a lot to learn about this company's culture, processes, and IT funding decisions, which are made by higher management. You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources. First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company. You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly
accessing your user account and conducting unauthorized configuration changes. You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization. You're also tasked with creating a non-technical narrated presentation summarizing your thoughts. The organization uses multiple operating systems that are Microsoft-based and Linux¬based. You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network. You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization. Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS. There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR. 3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 5.4: Identify potential threats to operating systems and the security features necessary to guard against them. Step 1: Defining the OS The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems. Click on and read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation: • operating systems fundamentals • the applications of the OS • The Embedded OS • information system architecture • cloud computing • web architecture After reviewing the resources, begin drafting the OS overview to incorporate the following:
1. Explain the user's role in an OS. 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. 3. Describe the embedded OS. 4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture.. Include a brief definition of operating systems and information systems in your SAR. Step 2: OS Vulnerabilities You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying "So what?" The organization's leaders are not well versed in operating systems and the threats and vulnerabilities in operating systems, so in your SAR, you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities. Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources: • Windows vulnerabilities • Linux vulnerabilities • Mac OS vulnerabilities • SQL PL/SQL, XML and other injections Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to: 1. Explain Windows vulnerabilities and Linux vulnerabilities. 2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. 3. Explain the motives and methods for intrusion of the MS and Linux operating systems; 4. Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems. 5. Describe how and why different corporate and government systems are targets.
6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections You will provide leadership with a brief overview of vulnerabilities in your SAR. Step 3: Preparing for the Vulnerability Scan You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of the organization's operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the purpose, goals, objectives, and execution of vulnerability assessments and security updates: • Vulnerability assessments • Patches Then provide the leadership with the following: 1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. 2. Include a description of the applicable tools to be used, and the limitations of the tools and analyses, if any. Provide an explanation and reasoning of how the applicable tools to be used, you propose, will determine the existence of those vulnerabilities in the organization’s OS. 3. Include the projected findings from using these vulnerability assessment tools. In your report, discuss the strength of passwords, any Internet Information Services' administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches, as they relate to OS vulnerabilities. Step 4: Vulnerability Assessment Tools for OS and Applications Note: You will use the tools in Workspace for this step. If you need help outside the classroom, register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you.
Click here to access the instructions for Navigating the Workspace and the Lab Setup. Enter Workspace and complete the lab activities related to operating system vulnerabilities. Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. You've prepared for your assessment; now it's time to perform. Security and vulnerability assessment analysis tools, such as Microsoft Baseline Security Analyzer (MBSA) for Windows OS and OpenVAS for Linux OS, are stand-alone tools designed to provide a streamlined method for identifying common security misconfigurations and missing security updates for the operating systems and applications. These tools work on layers 5-7 of the Open System Interconnection (OSI) model. Your leadership will want to understand the differences and commonalities in the capabilities of both tools and will want this included in the SAR. Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA): 1. Determine if Windows administrative vulnerabilities are present. 2. Determine if weak passwords are being used on Windows accounts. 3. Report which security updates are required on each individual system. 4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.
You will also complete a similar exercise for Linux OS (e.g., using the OpenVAS tool). Select the following links to learn more about OpenVAS and computer networks: • OpenVAS • Computer Networks Utilize the OpenVAS tool to complete the following: 1. Determine if Linux vulnerabilities are present. 2. Determine if weak passwords are being used on Linux systems. 3. Determine which security updates are required for the Linux systems. 4. You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment Knowledge acquired from this Workspace exercise and capability of this tool will help your company's client organizations secure the computer networks’ resources and protect corporate data from being stolen. Validate and record the benefits of using these types of tools. You will include this in the SAR. Step 5: The Security Assessment Report By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system's security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR). In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both. Remember to include these analyses and conclusions in the SAR deliverable:
1. After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership. 2. You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk. Include your SAR in your final deliverable to leadership. Step 6: The Presentation Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company's leadership. Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these non¬technical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your non- technical presentation: 1. How do you present your technical findings succinctly to a non- technical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion. 2. How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today. 3. How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand. 4. Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they
will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings. Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company. The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR. 3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. Submit your deliverables to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 5.4: Identify potential threats to operating systems and the security features necessary to guard against them. **********************************************8
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk For more classes visit www.snaptutorial.com Project 3 Assessing Information System Vulnerabilities and Risk CYB 610 Project 3 You are an Information Assurance Management Officer, IAMO, at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management.” We don't know how this happened, but we need to make sure it doesn't happen again, says Karen. You'll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management. At your desk, you open Karen's email. She's given you an OPM report from the Office of the Inspector General, or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In
addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report or SAR. You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies. The data breach at the Office of Personnel Management (OPM) is one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report, which can be found in open source searches. Some of the findings in the report include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations for many systems, and lack of plans of action to remedy the findings of previous audits. The breach ultimately resulted in removal of OPM's top leadership. The impact of the breach on the livelihoods of millions of people is ongoing and may never be fully known. There is a critical need for security programs that can assess vulnerabilities and provide mitigations. There are nine steps that will help you create your final deliverables. The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This should be an 8-10 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-6 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. • 1.4: Tailor communications to the audience. • 1.5: Use sentence structure appropriate to the task, message and audience. • 1.6: Follow conventions of Standard Written English. • 5.2: Knowledge of architectural methodologies used in the design and development of information systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. • 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology. • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. • 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. • 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately.
Step 1: Enterprise Network Diagram During Project One, you researched a hypothetical or actual organization of your choice. You had to understand the goals of the organization and the types of systems that would fulfill those goals. You will now research and learn about types of networks and their secure constructs that may be used in organizations to accomplish the functions of the organization’s mission. You will propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. Discuss the security benefits of your chosen network design. Read about the following computing platforms available for networks and discuss how these platforms could be implemented in your organization. Include the rationale for all platforms you choose to include in your network design. • common computing platforms • cloud computing • distributed computing • centralized computing • secure programming fundamentals • Step 2: Enterprise Threats • Review the OIG report on the OPM breach that you were asked to research and read about at the beginning of the project. The OIG report included numerous security deficiencies that likely left OPM networks vulnerable to being breached. In addition to those external threats, the report also describes the ways OPM was vulnerable to insider threats. The information about the breach could be classified as threat intelligence. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach. • You just provided detailed background information on your organization. Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization.
• Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? Step 3: Scanning the Network Note: You will use the tools in Workspace for this step. If you need help outside the classroom to complete this project, register for CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Select the following link to enter Workspace. and complete the lab activities related to network vulnerabilities. You will now investigate network traffic, and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Explore the tutorials and user guides to learn more about the tools you will use. Click the following link to read more about these network monitoring tools: Tools to Monitor and Analyze Network Activities. You will perform a network analysis on the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. Include this information in the SAR. You will then return to the lab in order to identify any suspicious activities on the network, through port scanning and other techniques. You will revisit the lab and lab instructions in Step 7: Suspicious Activity. Click here to access the Project 3 Workspace Exercise Instructions. In order to validate the assets and devices on the organization's network, run scans using security and vulnerability assessment analysis tools such as MBSA, OpenVAS, Nmap, or Nessus depending on the
operating systems of your organization's networks. Live network traffic can also be sampled and scanned using Wireshark on either the Linux or Windows systems. Wireshark allows you to inspect all OSI layers of traffic information. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks. In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the SAR. Step 4: Identifying Security Issues You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. Now it's time to identify the security issues in your organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? Step 5: Firewalls and Encryption Next, examine these resources on firewalls and auditing–RDBMS related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control. Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR. Step 6: Threat Identification You know of the weaknesses in your organization's network and information system. Now you will determine various known threats to the organization's network architecture and IT assets.
Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization? • IP address spoofing/cache poisoning attacks • denial of service attacks (DoS) • packet analysis/sniffing • session hijacking attacks • distributed denial of service attacks In identifying the different threats, complete the following tasks: 1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. 2. Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 3. Also discuss the value of using access control, database transaction and firewall log files. 4. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. Include these in the SAR. Step 7: Suspicious Activity Note: You will utilize the tools in Workspace for this step. Hackers frequently scan the Internet for computers or networks to exploit. An effective firewall can prevent hackers from detecting the existence of networks. Hackers continue to scan ports, but if the hacker finds there is no response from the port and no connection, the hacker will move on. The firewall can block unwanted traffic and NMap can be used to self-scan to test the responsiveness of the organization's network to would-be hackers. Select the following link to enter Workspace and conduct the port scanning. Return to the lab instructions by clicking here to access the Project 3 Workspace Exercise Instructions. Step 8: Risk and Remediation
What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate vulnerabilities. Read this risk assessment resource to get familiar with the process, then prepare the risk assessment. Be sure to first list the threats, then the vulnerabilities, and then pairwise comparisons for each threat and vulnerability, and determine the likelihood of that event occurring, and the level of impact it would have on the organization. Use the OPM OIG Final Audit Report findings as a possible source for potential mitigations. Include this in the risk assessment report (RAR). Step 9: Creating the SAR and RAR Your research and Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership. Prepare a Security Assessment Report (SAR) with the following sections: 1. Purpose 2. Organization 3. Scope 4. Methodology 5. Data 6. Results 7. Findings The final SAR does not have to stay within this framework, and can be designed to fulfill the goal of the security assessment. Prepare a Risk Assessment Report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. Include this high-level plan in the RAR. Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report.
The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This should be an 8-10 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-6 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. Submit your deliverables to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. • 1.4: Tailor communications to the audience. • 1.5: Use sentence structure appropriate to the task, message and audience. • 1.6: Follow conventions of Standard Written English. • 5.2: Knowledge of architectural methodologies used in the design and development of information systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. • 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology. • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
• 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. • 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. **********************************************8 CST 610 Project 4 Threat Analysis and Exploitation For more classes visit www.snaptutorial.com Project 4 Threat Analysis and Exploitation CYB610 Project 4 You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems critical infrastructure. Your team has been assembled by the White
House Cyber National security staff to provide situational awareness about a current network breach and cyber attack against several financial service institutions. Your team consists of four roles, a representative from the financial services sector who has discovered the network breach and the cyber attacks. These attacks include distributed denial of service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation state actor. A representative from law enforcement who has provided additional evidence of network attacks found using network defense tools. A representative from the intelligence agency who has identified the nation state actor from numerous public and government provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation state actor. A representative from the Department of Homeland Security who will provide the risk, response, and recovery actions taken as a result of this cyber threat. Your team will have to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture. Finally, your team will take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community. At the end of the response to this cyber incident, your team will provide two deliverables, a situational analysis report, or SAR, to the White House Cyber National security staff and an After Action Report and lesson learned to the cyber threat analyst community. US critical infrastructure-power—water, oil and natural gas, military systems, financial systems—have become the target of cyber and physical attacks as more critical infrastructure systems are integrated with the Internet and other digital controls systems. The lesson learned in defending and mitigating cyberattacks is that no entity can prevent or resolve cyberattacks on its own. Collaboration and information sharing is key for success and survival. This is a group exercise, representing collaboration across all sectors, to support and defend US critical infrastructure. In the working world, a
team like this would include some agencies, some industrial partners, and some private sector corporations. Each organization has different strengths and skills, different access to information, and different authorities to report to. When the sectors work together and leverage resources and skills, the result is that everyone benefits from the defense and protection of US IT infrastructure. In your teams, you can model the same collaboration, leveraging each other's expertise, sharing each other's knowledge, teaching each other, and providing contributions specific to your role in the scenario. • Financial Services Representative: special task in Step 3 • Law Enforcement Representative: special task in Step 4 • Intelligence Agency Representative: special task in Step 5 • Homeland Security Representative: special task in Step 6 There are seven steps that will help you create your final deliverables. The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This report should be a 14-15 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. After Action Report (AAR): This report should be a 10-15 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 3. This is a 5-8 slide PowerPoint presentation for executives along with a narrated or In-Class Presentation summarizing your SAR and AAR report. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments. • 4.3: Contribute to team projects, assignments, or organizational goals as an engaged member of a team.
• 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis. Step 1: Establishing Roles As described in the scenario, you will be working in a small team (usually five members). Your instructor has provided an area for your group discussions, collaboration, and file sharing. Take some time to learn about your teammates (introductions, LinkedIn profiles and bios) to understand the experience and expertise of the team members. Studies on teamwork outline the typical team stages of forming, storming, norming, and performing (see Tuckman, Bruce W. (1965), "Developmental sequence in small groups," Psychological Bulletin, 63, 384-399.) This guidance on teamwork may be helpful. In order to do well, you and your team members must start communicating or "forming" immediately and discuss how you will divide the work. Review the project and if you have portions of the work that play well to your strengths, make this known to your team members. Then develop a project plan and schedule to get the work done. Finally, agree on a communications plan, which allows your team members to know where the project stands. During this stage, you may have disagreements or differences of opinion about roles and division of work. This is a normal aspect of "storming." Once you start agreeing on roles and tasks, you are well on your way to "norming." You should settle on a collaboration space and share drafts of your work in your classroom team locker so your team members and the instructor can see the work progression. All team members must contribute, but the deliverables need to be cohesive. Therefore, each of you will need to review each other's work and help each other. While you may have to use collaborative tools outside the classroom, maintain the key documents in the respective team project locker in the classroom. Your team will use this area to establish ground rules for communication and collaboration. Team members will gain an overview of the entire project, establish roles, agree on the division of work, and complete and sign the Team Project Charter.
If you decide to use Google Docs for your collaborative work, you could also choose a Google drive with appropriate sharing with your team members and your instructor, and provide information on this in your team locker. Part of teamwork is looking at each other's work and providing constructive feedback and improvements. If you sense problems during your team communications sessions, discuss risk management and project adjustments your team may need to make. If you sense trouble, contact your instructor and request intervention as soon as you recognize issues. After the plan is completed, elect one person to attach or link the final document to the team project locker. This step should have been completed early in the term between Weeks 2 and 4. Setting up the team roles and expectations is an important part of this project and completing the charter is critical to the project's success. When you have completed this important step, move to the next step. Step 2: Assessing Suspicious Activity Your team is assembled and you have a plan. It's time to get to work. You have a suite of tools at your disposal from your work in Project 1, Project 2, and Project 3, which can be used together to create a full common operating picture of the cyber threats and vulnerabilities that are facing the US critical infrastructure. Begin by selecting the following links to brush up on your knowledge: 1. network security 2. mission critical systems 3. penetration testing To be completed by all team members: Leverage the network security skills of using port scans, network scanning tools, and analyzing Wireshark files, to assess any suspicious network activity and network vulnerabilities. Step 3: The Financial Sector To be completed by the Financial Services Representative: Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the
systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector. To be completed by all team members: Provide submissions from the Information Sharing Analysis Councils related to the financial sector. You can also propose fictitious submissions. Also, review the resources for Industrial Control Systems, and advise the importance of them to the financial services sector. Explain the risks associated with the Industrial Controls Systems. Step 4: Law Enforcement To be completed by the Law Enforcement Representative: Provide a description of the impact the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector. Step 5: The Intelligence Community To be completed by all team members: Provide an overview of the life cycle of a cyber threat. Explain the different threat vectors that cyber actors use, and provide a possible list of nation-state actors that have targeted the US financial services industry before. Review this threat response and recovery resource and use what you learned from the resource to provide or propose an analytical method in which you are able to detect the threat, identify the threat, and perform threat response and recovery. Identify the stage of the cyber threat life cycle where you would observe different threat behaviors. Include ways to defend against the threat, and protect against the threat. Provide this information in the SAR and AAR. To be completed by the Intelligence Community Representative: Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also include the social engineering
methods used by the nation-state actor and their reasons for attacking US critical infrastructure. Include this information in the SAR and AAR. Step 6: Homeland Security To be completed by the Homeland Security Representative: Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers. Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack. To be completed by all team members: Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector. These reports will be part of an overall risk assessment, which will be included in the SAR and AAR. Review and refer to this risk assessment resource to aid you in developing this section of the report. Step 7: The SAR and AAR All team members: After you compile your research, and your own critical assessments and analysis, determine which information is appropriate for a Security Assessment Report (SAR) that will be submitted to the White House, and an After Action Report (AAR) that will be submitted to the rest of the analyst community. 1. Prepare your SAR for the White House Cyber National Security Staff, describing the threat, the motivations of the threat actor, the vulnerabilities that are possible for the threat actor to exploit, current and expected impact on US financial services critical infrastructure, the path forward to eliminate or reduce the risks, and the actions taken to defend and prevent against this threat in the future. 2. Prepare the AAR. This knowledge management report will be provided to the cyber threat analyst community, which includes the intelligence community, the law enforcement community, the defense and civilian community, the private sector, and academia. The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident. The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This report should be a 14-15 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. After Action Report (AAR): This report should be a 10-15 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 3. A 5-8 slide PowerPoint presentation for executives along with narration or In-Class presentation by each team member summarizing a portion of your SAR and AAR report. Submit your deliverables to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments. • 4.3: Contribute to team projects, assignments, or organizational goals as an engaged member of a team. • 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis. **********************************************8 CST 610 Project 5 Cryptography
For more classes visit www.snaptutorial.com Project 5 Cryptography CYB610 Project 5 You are an enterprise security architect for a company in a semiconductor manufacturing industry where maintaining competitive advantage and protecting intellectual property is vital. You're in charge of security operations and strategic security planning. Your responsibilities include devising the security protocols for identification, access, and authorization management. You recently implemented cryptography algorithms to protect the information organization. Leadership is pleased with your efforts and would like you to take protection methods even further. They've asked you to study cyber-attacks against different cryptography mechanisms and deploy access control programs to prevent those types of attacks. We'd like you to create plans for future security technology deployments, says one senior manager. And provide documentation so that others can carry out the deployments. A director chimes in, but you should also devise a method for ensuring the identification, integrity, and non-repudiation of information in transit at rest and in use within the organization. As the enterprise security architect, you are responsible for providing the following deliverables. Create a network security vulnerability and threat table in which you outline the security architecture of the organization, the cryptographic means of protecting the assets of the organizations, the types of known attacks against those protections, and means to ward off the attacks. This document will help you manage the
current configuration of the security architecture. Create a Common Access Card, CAC deployment strategy, in which you describe the CAC implementation and deployment and encryption methodology for information security professionals. Create an email security strategy in which you provide the public key, private key hashing methodology to determine the best key management system for your organization. These documents will provide a security overview for the leadership in your company Encryption uses cryptographic algorithms to obfuscate data. These complex algorithms transform data from human readable plaintext into encrypted cipher text. Encryption uses the principles of substitution and permutation to ensure that data is transformed in a non-deterministic manner by allowing the user to select the password or a key to encrypt a message. The recipient must know the key in order to decrypt the message, translating it back into the human readable plaintext. There are six steps that will lead you through this project. After beginning with the workplace scenario, continue to Step 1: "IT Systems Architecture." The deliverables for this project are as follows: 1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following: o network security and threat table o Common Access Card deployment strategy o e-mail security strategy 2. In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.5: Use sentence structure appropriate to the task, message and audience. • 1.6: Follow conventions of Standard Written English.
• 1.7: Create neat and professional looking documents appropriate for the project or presentation. • 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. • 2.2: Locate and access sufficient information to investigate the issue or problem. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 2.4: Consider and analyze information in context to the issue or problem. • 3.2: Employ mathematical or statistical operations and data analysis techniques to arrive at a correct or optimal solution. • 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to- point encryption, and smart cards. Step 1: IT Systems Architecture You are a senior-level employee and you must tailor your deliverables to suit your audience: the leadership of the organization. You may choose to use a fictitious organization, or model your organization on an existing organization, including proper citations. Leadership is not familiar with the architecture of the IT systems, nor are they familiar with the types of threats that are likely or the security mechanisms in place to ward off those threats. You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table. Refer to this threat table template for guidance on creating this document. Before you begin, select the links below to review some material on information security. These resources will help you complete the network security and vulnerability threat table. • LAN security • Availability Now you’re ready to create your table. Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:
• LAN security • identity management • physical security • personal security • availability • privacy Next, review the different types of cyberattacks described in the following resource: cyberattacks. As you’re reading take note of which attacks are most likely to affect your organization. Then list the security defenses you employ in your organization to mitigate these types of attacks. Include this information in your Network Security and Vulnerability Threat Table. Step 2: Plan of Protection Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Next, select the following link to enter Workspace and complete the lab exercises. Click here to access the Project 5 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. In this lab exercise, you will learn more about the transmission of files that do not seem suspicious but that actually have embedded malicious payload, undetectable to human hearing or vision. This type of threat can enter your organization’s networks and databases undetected through the use of steganography or data hiding. You should include this type of threat vector to an organization in your report to leadership. Research how organizations can monitor, identify and remedy those files
with embedded files and data, and provide these as recommendations for your leadership. You will have to provide the leadership of your organization with your plan for protecting identity, access, authorization and nonrepudiation of information transmission, storage, and usage. Research scholarly works on nonrepudiation measures and discuss options for protecting the integrity of an organization's information assets, which include files, networks, databases, and e-mail, and include this in your lab report. Step 3: Data Hiding Technologies You will describe to your organization the various cryptographic means of protecting its assets. Select the links below to review encryption techniques and encryption technologies, then provide your organization with a brief overview of each. Encryption Technologies 1. Shift / Caesar cipher 2. Polyalphabetic cipher 3. One time pad cipher/Vernam cipher/perfect cipher 4. Block ciphers 5. triple DES 6. RSA 7. Advanced Encryption Standard (AES) 8. Symmetric encryption 9. Text block coding Data Hiding Technologies 1. Information hiding and steganography 2. Digital watermarking 3. Masks and filtering These descriptions will be included in the network security vulnerability and threat table for leadership. Step 4: Creating the Network Security Vulnerability and Threat Table
Using the information you've gathered from the previous steps, prepare the network security vulnerability and threat table, in which you outline the following: • security architecture of the organization • the cryptographic means of protecting the assets of the organization • the types of known attacks against those types of protections • means to ward off the attacks Create your Network Security Vulnerability and Threat Table, and include it in your submission to the organization. Please refer to this threat table template for guidance on creating this document. Step 5: Access Control Based on Smart Card Strategies Smart cards use encryption chips to identify the user, their identity, role, and sometimes use their personal identifiable information (PII). Two examples of smart cards are the federal government’s use of common access cards (CACs), and the financial sector’s use of encryption chips in credit cards. You have completed your threat table, and you've decided that you want to modernize the access control methods for your organization. To that end, you read the following resources to gather some background information on access control and the various encryption schemas associated with the Common Access Card (CAC): • Access control • Common access Card (CAC) You plan to deploy CAC to the company and you are tasked with devising that CAC deployment strategy, which includes the cryptographic solutions used with the CAC. In the Common Access Card Deployment Strategy final deliverable, describe how identity management would be a part of your overall security program and your CAC deployment plan: Create your Common Access Card Deployment Strategy and include it in your submission to the organization. Step 6: The Email Security Strategy
After completing the CAC, your next step is to build the Secure Email Strategy for the organization. You will present this tool to your leadership. Provide an overview of the types of public-private key pairing, and show how this provides authentication and nonrepudiation. You will also add hashing, and describe how this added security benefit ensures the integrity of messaging. Begin preparing your strategy by reviewing the following resources that will aid you in becoming well informed on encryption technologies for e-mail: • Public Key Infrastructure (PKI) • iOS encryption • Blackberry encryption Then start developing your strategy. Define these strong encryption technologies as general principles in secure email: Pretty Good Policy (PGP algorithm) • GNU Privacy Guard (GPG) • Public Key Infrastructure (PKI) • Digital signature • Mobile device encryption (e.g., iOS encryption and Blackberry encryption) In your report, also consider how the use of smart card readers tied to computer systems might be beneficial in the future enhancements to system and data access protection. This may help you define long-term solutions for your leadership. Leadership does not know the costs and technical complexity of these email encryption strategies. To further their understanding, compare the complexities of each in relation to the security benefits, and then make a recommendation and a deployment plan. The deliverables for this project are as follows: 1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following: o network security and threat table
o Common Access Card deployment strategy o e-mail security strategy 2. In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab. Submit your deliverables to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.5: Use sentence structure appropriate to the task, message and audience. • 1.6: Follow conventions of Standard Written English. • 1.7: Create neat and professional looking documents appropriate for the project or presentation. • 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. • 2.2: Locate and access sufficient information to investigate the issue or problem. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 2.4: Consider and analyze information in context to the issue or problem. • 3.2: Employ mathematical or statistical operations and data analysis techniques to arrive at a correct or optimal solution. • 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to- point encryption, and smart cards. **********************************************8
CST 610 Project 6 Digital Forensics Analysis For more classes visit www.snaptutorial.com • Project 6 Digital Forensics Analysis Project 6 Start Here This project will provide an introduction to digital forensic analysis. Digital forensic analysis is used to review and investigate data collected through digital communications and computer networks. The National Institute for Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting. You will learn more about these concepts as you navigate throughout the steps of this project and read the literature and links found in each step. There are four steps that will lead you through this project. Begin with Step 1: “Methodology. The deliverables for this project are as follows: 1. Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables. 2. In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
• 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. • 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response. • 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement. Step 1: Methodology The methodology includes following a systems process. Identify the requirements, purpose, and objectives of the investigation. Click the links below to review information that will aid in conducting and documenting an investigation: • secure programming fundamentals • forensics fundamentals Learn about the investigation methodology. Consider secure programming fundamentals. Define the digital forensics analysis methodology, and the phases of the digital forensics fundamentals and methodology, including the following: 1. preparation 2. extraction 3. identification 4. analysis This information will help you understand the process you will use during an investigation. Step 2: Tools and Techniques Select the following links to learn about forensics analysis tools, methods, and techniques: 1. forensics analysis tools 2. web log and session analysis 3. hash analysis Step 3: Exploring Forensic Tools
Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Select the following link to enter Workspace. Complete the forensic tools exercise provided in this lab. Explore the tutorials and user guides to learn more about various types of digital forensic tools. Click here to access the Project 6 Workspace Exercise Instructions. You will learn about the different types of tools, techniques, and analyses. Step 4: Digital Forensics Research Paper Now that you have learned basics of digital forensics analyses and methodology, and have experienced one of the common forensic tools, use the material presented in this project as well as research you've conducted outside of the course materials to write a research paper that addresses the following: 1. digital forensic methodology 2. the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase) 3. hashing in the context of digital forensics 4. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in a court of law? The deliverables for this project are as follows: 1. Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables. 2. In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab. Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. • 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response. • 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement. **********************************************8