260 likes | 272 Views
For more course tutorials visit<br>www.tutorialrank.com<br><br>CST 620 Project 1 Enterprise Key management plan for the Hospital Services (11 Pages)<br>
E N D
CST 620 Project 1 Enterprise Key management plan for the Hospital Services (11 Pages) For more course tutorials visit www.tutorialrank.com CST 620 Project 1 Enterprise Key management plan for the Hospital Services (11 Pages) ============================================== CST 620 Project 1 Enterprise Key management Policy for the Hospital Services (4 Pages) For more course tutorials visit www.tutorialrank.com CST 620 Project 1 Enterprise Key management Policy for the Hospital Services (4 Pages) ==============================================
CST 620 Project 1 Lab For more course tutorials visit www.tutorialrank.com CST 620 Project 1 Lab ============================================== CST 620 Project 2 Capture and Intrusion Detection For more course tutorials visit www.tutorialrank.com CST 620 Project 2 Capture and Intrusion Detection ============================================== CST 620 Project 2 Joint Defense Bulletin (3 Pages)
For more course tutorials visit www.tutorialrank.com CST 620 Project 2 Joint Defense Bulletin (3 Pages) ============================================== CST 620 Project 2 Lab For more course tutorials visit www.tutorialrank.com 1. When running Snort IDS why might there be no alerts? 2. If we only went to a few web sites, why are there so many alerts?
3. What are the advantages of logging more information to the alerts file? 4. What are the disadvantages of logging more information to the alerts file? 5. What are the advantages of using rule sets from the snort web site? 6. Describe (in plain English) at least one type of rule set you would want to add to a high level security network and why? 7. If a person with malicious intent were to get into your network and have read/write access to your IDS log or rule set how could they use that information to their advantage? 8. An intrusion prevention system can either wait until it has all of the information it needs, or can allow packets through based on statistics (guessed or previously known facts). What are the advantages and disadvantages of each approach? 9. So, the “bad guy” decides to do a Denial of Service on your Intrusion Prevention System. At least two things can happen, the system can allow
all traffic through (without being checked) or can deny all traffic until the system comes back up. What are the factors that you must consider in making this design decision? 10. What did you find particularly useful about this lab (please be specific)? What if anything was difficult to follow? What would you change to make it better? ============================================== CST 620 Project 2 Malicious Activity Report (11 Pages) For more course tutorials visit www.tutorialrank.com 4CST 620 Project 2 Malicious Activity Report (11 Pages) CST 620 Project 2 Step 1: Create a Network Architecture Overview You travel to the banks’ locations and gain access to their network operations. They use Wireshark to analyze the packets traveling their networks. Read this Wireshark resource to learn more about the tool.
You will provide a network architecture overview in both diagram and written formats. Your overview can be based on fictitious information, or you can model network architecture from research, citing your source using APA format. This overview is outside of the lab requirements but a part of better understanding a network. In the overview, you will describe the various data transmission components. Select the links below to review them: User Datagram Protocol (UDP) Transmission Control Protocol/Internet Protocol (TCP/IP) Internet packets IP address schemes well-known ports and applications You will also address the meanings and relevance of information, such as the sender or source that transmits a message, the encoder used to code messages, the medium or channel that carries the message, the decoding mechanisms that were used, and the receiver or destination of the messages. Your overview will describe the intrusion detection (IDS) and intrusion prevention (IPS) systems used and the firewalls that have been established. Make sure to link the operating systems and the software and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks. Identify how the banks are using firewalls and how they are using IDSs, and identify the difference between these technologies. Include the network infrastructure information and the IP address schemes, which will involve the IP addressing assignment model, and the public and private addressing and address allocations. Identify potential risks in setting up the IP addressing scheme. Here are some resources for you to review: intrusion detection & prevention (IDS/IPS) systems firewalls
Identify any well-known ports and applications that are being used and the risk associated with those being identified, and possibly targeted. This portion can be made up of fictitious information, or you can use information from research, citing your source using APA format. When your overview is complete, add it to your report. In the next step, you will identify information security attacks and ways to monitor systems to prevent these attacks. Step 2: Identify Information Security Attacks In the previous step, you provided an overview of the network architecture. For this step, using the fictitious or the model network architecture and IDS and firewalls, identify possible cyberattacks such as spoofing/cache poisoning attacks, and session hijacking attacks including but not limited to man-in-the-middle attacks. Using knowledge acquired in the previous step, provide techniques for monitoring against these attacks. Review the following resources to gain a better understanding of these particular cyberattacks: session hijacking: spoofing/cache poisoning attacks man-in-the-middle attacks The FS-ISAC representative has asked you to propose a cyber offensive operation and to lure the hackers to honeypots (click the link to read more). escribe what a honeypot is, how to set up an operation using a honeypot, and what security and protections mechanisms would need to be in place if a bank agreed to set up a honeypot. What are some indicators in network traffic that would lead you to conclude that your honeypot trap has worked? Report these from Wireshark. You will use the identified information on security attacks, the techniques for monitoring such attacks, and cyber offensives such as honeypots as part of your report to the FBI and the FS-ISAC. This information, however, should not be included in the bulletin so that the hackers will not be alerted to the defenses. However, add this to your
final report. Then, continue to the next step, where you will visit Workspace to identify false negatives and positives. Step 3: Identify False Negatives and False Positives You just identified possible information security attacks. Now, identify the risks to network traffic analysis and remediation. Review the resources on false positives and false negatives. Identify what these are, how they are determined, how they are tested, and which is riskier to the health of the network. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to Discussions List for registration information) in which you can access resources to enable you to complete this project successfully. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. Describe your analysis about testing for false negatives and false positives using tools such as IDS and firewalls, and include this as recommendations for the banks in your public service Joint Network Defense Bulletin to FS-ISAC. Also include the statistical analyses of false positives and false negatives from the results in Workspace, from the banks’ networks, and how they can reduce these values. Use fictitious values but research possible ways to reduce these events, and include as recommendations in the malicious network activity report to FS-ISAC. In the next step, you will analyze IP network addresses.
Step 4: Analyze IP Network Addresses In the previous step, you identified and analyzed risks related to false negatives and false positives. For this step, you will analyze IP network addresses. First, enter Workspace. Capture the network IP addresses, the types of protocols that are running, and relate them to the network architecture you provided in the earlier section of the report. Include analysis of the source and destination IP addresses that seem anomalous in nature, the traffic volume patterns with date and time corroborations, and other significant details of the network traffic analysis in your malicious network activity report to FS-ISAC. Include the same information in the Joint Network Defense Bulletin in a way that educates the banking consortium of the threat, and the mitigating activities to take to protect against that threat. Your results from Wireshark, as well as the screenshots obtained from the Workspace exercise, will be included in your report. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to Discussions List for registration information) in which you can access resources to enable you to complete this project successfully. After you have finished your activity in Workspace, move to the next step, where you will use Snort for network forensic analysis and to identify malicious IP addresses. Step 5: Use Snort for Intrusion Detection Now that you have captured IP addresses and identified their protocols, you will use Snort intrusion detection in Workspace to conduct network forensics analysis and identify malicious IP addresses. Read these resources to further your understanding of network forensics analysis.
Snort network forensics analysis Wireshark, which you learned about in previous steps, is typically used together with the Snort intrusion detection system. The identification of the malicious IP addresses can be used to design signatures for the IDS, programming the IDS to block this known bad traffic. Now that you have examined the packet trace for the different types of attacks, enter Workspace, and then develop proposed Snort signatures to prevent against those known bad sites and test these signatures. Track if the signature triggers false positives or false negatives and record these events. Provide some improvements to the performance of the signature and include that in the report but not to the public service bulletin. You do not want to alert the hacker community of the net defense strategy. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to Discussions List for registration information) in which you can access resources to enable you to complete this project successfully. After you have completed your Workspace session with Snort and Wireshark and compiled information for your report, move on to the next step, where you will learn about other detection tools and techniques. Step 6: Explain Other Detection Tools and Techniques The previous step required you to use Snort and Wireshark in Workspace. This step requires you to explain in a few paragraphs what other tools and techniques you may use to detect these signatures. You may have to do independent research to find these tools and techniques. Be sure to cite your sources in APA format. Provide enough detail so that a bank network administrator could follow your explanation to
deploy your system in production. Include this information in your bulletin. After you have researched and compiled the information on other detection tools and techniques, it’s time to move to Step 7, where you will organize and complete your report to the FBI and FS-ISAC. Step 7: Organize and Complete Your Report Now that you have gathered all the data for your report, it is time to organize it. Conclude the report and organize your report in sections. The following is a suggestion, but use what is best for the FBI chief and the FS-ISAC representative: Event: the types of information attacks you have been tasked to examine. Target and Profile: Here, you will describe FS-ISAC and the bank institution. Overview of Network Architecture: Explain in a few paragraphs what other tools and techniques you may use to detect this signature. Provide enough detail so that a campus network administrator could follow your explanation to deploy your system in production. Network Traffic Monitoring and Results Recommended Remediation Strategies The report should be an eight- to 10-page double-spaced Word document i with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit your report in the assignment folder. You are now ready for the final step, the Joint Net Defense Bulletin. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. 1.1: Organize document or presentation in a manner that promotes
understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 2.1: Identify and clearly explain the issue, question, problem under consideration. 2.2: Locate and access sufficient information to investigate the issue or problem. 2.3: Evaluate the information in logical manner to determine value and relevance. 2.4: Consider and analyze information in context to the issue or problem. 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis. 8.5 Obtain knowledge and skills to conduct a post-mortem analysis of an incident and provide sound recommendations for business continuity. 9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.
Step 8: Create the Joint Net Defense Bulletin The last step in the project is to create the Joint Net Defense Bulletin. Compile the information you have gathered, taking care to eliminate any information that could identify the bank, and create an educational public service announcement document for the bank consortium. Provide this PSA also to the FBI Chief and the FS-ISAC representative. The bulletin should be a one- to two-page double-spaced Word document. Submit your bulletin in the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 2.1: Identify and clearly explain the issue, question, problem under consideration. 2.2: Locate and access sufficient information to investigate the issue or problem. 2.3: Evaluate the information in logical manner to determine value and relevance. 2.4: Consider and analyze information in context to the issue or problem. 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. 5.3: Uses defensive measures and information collected from a variety
of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis. 8.5 Obtain knowledge and skills to conduct a post-mortem analysis of an incident and provide sound recommendations for business continuity. 9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies ============================================== CST 620 Project 3 Lab For more course tutorials visit www.tutorialrank.com CST 620 Project 3 Lab ==============================================
CST 620 Project 4 Software development life cycle for data in cloud computing Environment (32 Pages) For more course tutorials visit www.tutorialrank.com CST 620 Project 4 Software development life cycle for data in cloud computing Environment (32 Pages) ============================================== CST 620 Project 5 Database Security Assessment Request for Proposal (18 Pages + Presentation) For more course tutorials visit www.tutorialrank.com Instructions about the topics to write the project on are below after that it is the templates to use for the write-up are uploaded below
Modern health care systems incorporate databases for more effective and efficient management of patient health care. However, it should be noted that all organizations have a database system of some form and most of these databases are relational database systems that use the Structured Query Language (SQL) for data manipulation. These enterprise databases can support anywhere from 100 users up to 10,000 users at a time. The enterprise database is not only accessible by internal users but also external users. The top threats to database servers include SQL injection (most common), network eavesdropping, unauthorized service access, password cracking, denial of service, privilege elevation, cross- site scripting, insecure configurations, malware and backup data exposure. The two major types of database injection attacks are SQL injections that target traditional (relational) database systems and NoSQL injections that target big data platforms. Because databases are prone to cyberattacks, they must be designed and built with security controls from the beginning of the life cycle. Though a lot can be accomplished by hardening the database earliest in the life cycle, much of the security is added after they have been built, forcing IT professionals to try to catch up with the threats. Today, it is critical that database security requirements are defined at the requirements stage of acquisition and procurement. Through specific security requirements and testing and sharing of test and remediation data, system security professionals and other acquisition personnel can collaborate more effectively with vendors wishing to build more secure database systems. The deliverables for Project 5 are: An RFP of about 12-15 pages, double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Your RFP should also detail a test plan and remediation results.
A PowerPoint presentation as an executive overview briefing that reflects the key elements of your team report. It should be about 5- 10 slides. An MS-Excel lab template of results. Step 4: Describe defense models oTo be completed by a designated team member oState everything as requirements in context of the medical database oProvide approximate timeline for delivery oState overall strategy for defensive principles Explain importance of principles oRead about oEnclave/computing environment oCyber operations in DoD policy and plans oExplain how it relates to the defensive principles Network domains have different Security levels Accesses Read and write permissions oInclude enclave firewalls separating databases and networks oDefine different database environments expect databases to be working
oApplicable security policies oDefine enclave boundary defense Step 5: Explore database defensive methods A team member will perform the MySQL lab Devise defensive methods that should be used in protecting databases Include information on threats, risks and possible recommendations to these threats. ============================================== CST 620 Project 5 Database Security Assessment Request for Proposal (45 Pages) For more course tutorials visit www.tutorialrank.com CST 620 Project 5 Database Security Assessment Request for Proposal (45 Pages) ==============================================
CST620 Project 3 Mobile Application Threat Modeling For more course tutorials visit www.tutorialrank.com CST620 Project 3 Mobile Application Threat Modeling Threat modeling begins with a clear understanding of the system in question. There are several areas to consider when trying to understand possible threats to an application: the mobile application structure, the data, identifying threat agents and methods of attack, and controls to prevent attacks. With those aspects in mind, you can create a threat model, which consists of an outline or checklist of items that need to be documented, reviewed, and discussed when developing a mobile application. ASSIGNMENT [MUSIC PLAYING] You are a cyber threat analyst at a mobile applications company. One morning, your supervisor, Dan, tells you about a mobile application security project that is already underway, but needs more guidance. Because of your success on previous projects, he wants your help.
Your expertise and oversight will enable the mobile app team to meet its approaching deadline. “Mobile applications and their security are on the technology roadmap for our organization. Of course, this means we need to be well-informed of mobile application security management.”, Dan says. “Without the proper threat modeling, leadership can’t be sure of the issues that lie ahead. I want you to oversee the project and manage the team.” Dan says, “We’d also like you to contribute to this project by preparing a report for senior management. The report should include threat models to this technology as well as remediation for management to consider. The report should give senior management a greater understanding of mobile application security and its implementation. Your report should consist of the following sections– mobile application architecture, mobile data, threat agent identification, methods of attack, and possible controls. The goal is to convince senior managers that your proposals will benefit the company. If you succeed, leadership will move forward with its plan for mobile applications. The report is due in two weeks.” In this project, you will create a threat model. The length of this threat model should be eight to 10 pages. There are seven steps that will lead you through this project, beginning with the scenario as it might occur in the workplace, and then continuing with Step 1: “Describe Your Mobile Application Architecture.” Most steps of this project should take no more than two hours to complete, and the project as a whole should take
no more than two weeks to complete. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. • 1.4: Tailor communications to the audience. • 2.1: Identify and clearly explain the issue, question, problem under consideration. • 2.2: Locate and access sufficient information to investigate the issue or problem. • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. • 6.3: Specify security solutions based on knowledge of principles, procedures, & tools of data mgmt, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, & data standardization processes. Step 1: Describe Your Mobile Application Architecture In your role as a cyber threat analyst, you will identify for senior management how a particular mobile application of your choosing conforms to mobile architectures where you are asked to describe device-specific features used by the application, wireless transmission protocols, data transmission mediums, interaction with hardware components, and other applications. You will identify the needs and requirements for application security, computing security, and device management and security. You will describe the operational
environment and use cases, and identify the operating system security and enclave/computing environment security concerns, if there are any. This can be fictional or modeled after a real-world application. Be sure to use APA citation format. This will be part of your final report. To guide you in your completion of this task, click the following links and review the topics and their resources: • network security threats • threat modeling • mobile architectures • application security • operating system security • enclave/computing environment Begin by first reviewing the OWASP Mobile Security Project Testing Guide. Architecture Considerations Although mobile applications vary in function, they can be described in general as follows: • wireless interfaces • transmission type • hardware interaction • interaction with on device applications/services • interaction with off device applications/services • encryption protocols • platforms In Section 1 of your research report, you are to address a number of questions as they apply to your selected mobile application. You will focus your discussion on the security threats, vulnerabilities, and mitigations of the above considerations. The following resources will continue to educate your management about mobile devices and mobile application security: mobile platform
security, mobile protocols and security, mobile security vulnerabilities, and related technologies and their security. Related technologies can include hardware and software that are needed to interoperate with mobile devices and mobile applications. Include an overview of these topics in your report. Use Mobile Application and Architecture Considerations to review the architecture considerations for mobile applications and architecture. Then, in your report to senior management, include those that are relevant to your mobile application. Address the following questions: 1. What is the design of the architecture (network infrastructure, web services, trust boundaries, third-party APIs, etc.)? 2. What are the common hardware components? 3. What are the authentication specifics? 4. What should or shouldn’t the app do? You will include this information in your report. When you have completed the work for Section 1, describing the architecture for your app, move on to the next step, where you will define the requirements for the app. Step 2: Define the Requirements for Your Mobile Application In the previous step, you described your app’s architecture. For Step 2 and in the second section of your report, you will define what purpose the mobile app serves from a business perspective and what data the app will store, transmit, and receive. It’s also important to include a data flow diagram to determine exactly how data is handled and managed by the application. You can use fictional information or model it after a real-world application. Here are some questions to consider as you define your requirements: • What is the business function of the app? • What data does the application store/process (provide data flow diagram)?
o This diagram should outline network, device file system, and application data flows o How is data transmitted between third-party APIs and app(s)? o Will there be remote access and connectivity? Read this resource about mobile VPN security, and include any of these security issues in your report. o Are there different data-handling requirements between different mobile platforms? (iOS/Android/Blackberry/Windows/J2ME) o Does the app use cloud storage APIs (e.g., Dropbox, Google Drive, iCloud, Lookout) for device data backups? o Does personal data intermingle with corporate data? o Is there specific business logic built into the app to process data? • What does the data give you (or an attacker) access to? Think about data at rest and data in motion as they relate to your app. Do stored credentials provide authentication? Do stored keys allow attackers to break crypto functions (data integrity)? • Third-party data: Is it being stored and/or transmitted? What are the privacy requirements of user data? Consider, for example, a unique device identifier (UDID) or geolocation being transmitted to a third party. Are there regulatory requirements to meet specific-to-user privacy? • How does other data on the device affect the app? Consider, for example, authentication credentials shared between apps. • Compare the impacts of jailbroken devices (i.e., a device with hacked or bypassed digital rights software) and non-jailbroken devices. How does the differences affect app data? This can also relate to threat agent identification. When you have defined the requirements, move to the next step, where you will identify any threats to the app’s operation. Step 3: Identify Threats and Threat Agents
Now that you have identified the mobile app’s requirements, you will define its threats. In Section 3 of the report, you will identify possible threats to the mobile application and also identify the threat agents. Additionally, you will outline the process for defining what threats apply to your mobile application. For an example of threat agent identification, review Threat Agent Identification Example. For a list of threat agents, review List of Threat Agents. After you’ve identified threats and threat agents, move to the next step, where you will consider the kinds of ways an attacker might use to reach your app’s data. Step 4: Identify Methods of Attack In the previous step, you identified threat agents. In this step and in Section 4 of the report, you will identify different methods an attacker can use to reach the data. This data can be sensitive information to the device or something sensitive to the app itself. Read these resources on cyberattacks and provide senior management with an understanding of the possible methods of attack of your app. When you have identified the attack methods, move to the next step, where you will analyze threats to your app. Step 5: Analyze Mobile Application Threats You just learned to identify threats and methods of attacks on mobile applications. Now, apply what you have learned by analyzing sample threats using tools in the lab. Identify threat agents and ways they may try to attack your mobile application. Review any previous resource that might help you. ==============================================