Computer science : Cybersecurity Archives

This document is based on web application attacks. Assuming the role of a SOC an

Posted on November 28, 2023 | by Linus | Leave a Comment

This document is based on web application attacks. Assuming the role of a SOC analyst in the data center at Night dragon, it is “all systems go” and “green light” status throughout the network. Then suddenly, an alert of some sort indicating a vulnerability scan is taking place (you pick which type). The website below may be of assistance.
Considering this, please respond to the following questions:
•    What is the alert that is coming in and from what device(s), tool(s), or software? What is it indicating?
•    How should you proceed to determine if the alert is real or a false alarm?
•    What tool(s) are used in the process?
•    What framework(s) are used in the process?
•    What data is collected during the initial stages and where are they being recorded?
https://www.darkreading.com/attacks-breaches/-night-dragon-attacks-threaten-major-energy-firms

C. Create a network topology diagram with details of the proposed merged networ

Posted on November 27, 2023 | by Linus | Leave a Comment

C. Create a network topology diagram with details of the proposed merged network requirements.
D. Identify the layer for all components in the topology diagram referencing the layers of the OSI model and TCP/IP protocol stack.
E. Explain the rationale for adding, deleting, or repurposing network components in the newly merged network topology diagram, including details of how each component addresses budgetary constraints.
F. Explain two secure network design principles that are used in the proposed network topology diagram.
G. Explain how the proposed merged network topology diagram addresses two regulatory compliance requirements that are relevant to the newly merged company, including the following in your explanation:
• the name of the regulatory compliance requirement
• why the regulatory requirement is relevant to the newly merged company
• how the proposed merged network topology diagram meets the regulatory requirement
H. Describe two emerging threats that are appliable to the merged organization, including the following in the description:
• potential network security risks of implementing the topology
• potential performance impacts on the merged network after implementation of the proposed design
• how to manage the identified potential security risks
I. Summarize your recommendations for implementation of this proposed merged network based on the scenario and budgetary requirements, including the following in the summary:
• a cost-benefit analysis for on-premises and cloud infrastructure solutions
• a justification for your recommendations to implement the proposed secure merged network design
J. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
K. Demonstrate professional communication in the content and presentation of your submission.

C. Create a network topology diagram with details of the proposed merged networ

Posted on November 27, 2023 | by Linus | Leave a Comment

C. Create a network topology diagram with details of the proposed merged networ

Posted on November 25, 2023 | by Linus | Leave a Comment

This document is based on web application attacks for the MyHeritage data breach

Posted on November 21, 2023 | by Linus | Leave a Comment

This document is based on web application attacks for the MyHeritage data breach. Assuming the role of a SOC analyst in the data center, it is “all systems go” and “green light” status throughout the network. Then suddenly, you get an alert of some sort indicating a vulnerability scan is taking place (you pick which type).
Considering this, respond to the following questions for your:
•    What is the alert that is coming in and from what device(s), tool(s), or software? What is it indicating?
•    How should one proceed to determine if the alert is real or a false alarm?
•    What tool(s) should be used in the process?
•    What framework(s) should be used in the process?
•    What data should be collected during the initial stages and where should it be recorded?

Write on one topic in this week’s reading you find most interesting. This discus

Posted on October 25, 2023 | by Linus | Leave a Comment

Write on one topic in this week’s reading you find most interesting. This discussion will be graded on creativity.
Readings:
https://www.appknox.com/blog/united-states-cyber-security-laws#four
https://www.cisa.gov/sites/default/files/publications/CIRCIA_07.21.2022_Factsheet_FINAL_508%20c.pdf

Research and report on a current or recent malware (e.g., Trojan, virus, or worm

Posted on October 21, 2023 | by Linus | Leave a Comment

Research and report on a current or recent malware (e.g., Trojan, virus, or worm) attack. Describe its method and effects. Be sure to indicate the source of your information. Also break down writing in a introduction, analysis and summary format

Essay Question: Length: 800- 900 words. Use APA format for in-line citations

Posted on September 28, 2023 | by Linus | Leave a Comment

Essay Question: Length: 800- 900 words. Use APA format for in-line citations and references. (30 pts.)
Compare and contrast symmetric and asymmetric encryption algorithms.
•    Your response should include a brief overview of the cryptographic basis for each type of algorithm, and a comparison of their strengths and vulnerabilities. [20 pts]
•    Describe how a hacker might go about cracking a message encrypted with each type of algorithm. [6 pts]
•    Suggest a specific application for each type of algorithm (symmetric and asymmetric) where the advantages clearly outweigh the disadvantages. [4 pts]
•    Remember to address all points

Essay Question: Length: 800- 900 words. Use APA format for in-line citations

Posted on September 28, 2023 | by Linus | Leave a Comment

Scenario The Entertainment Team (ET — part of Resort Operations at Padgett-Bea

Posted on September 23, 2023 | by Linus | Leave a Comment

Scenario
The Entertainment Team (ET — part of Resort Operations at Padgett-Beale, Inc.) is excited about a new event management platform and is ready to go to contract with the vendor. This platform is a cloud-based service that provides end-to-end management for events (conferences, concerts, festivals). The head of Marketing & Media (M&M) is on board and strongly supports the use of this system. M&M believes that the data collection and analysis capabilities of the system will prove extremely valuable for its efforts. Resort Operations (RO) also believes that the technology could be leveraged to provide additional capabilities for managing participation in hotel sponsored “kids programs” and related children-only events.
For an additional fee, the event management platform’s vendor will provide customized Radio Frequency Identification (RFID) bands to be worn by attendees.
The RFID bands and RFID readers use near-field communications to identify the wearer and complete the desired transactions (e.g. record a booth visit, make a purchase, vote for a favorite activity or performer, etc.).
The RFID bands have unique identifiers embedded in the band that allow tracking of attendees (admittance, where they go within the venue, what they “like,” how long they stay in a given location, etc.).
The RFID bands can also be connected to an attendee’s credit card or debit card account and then used by the attendee to make purchases for food, beverages, and souvenirs.
For children, the RFID bands can be paired with a parent’s band, loaded with allergy information, and have a parent specified spending limit or spending preauthorization tied to the parent’s credit card account.
The head of Corporate IT has tentatively given approval for this outsourcing because it leverages cloud-computing capabilities. IT’s approval is very important to supporters of this the acquisition because of the company’s ban on “Shadow IT.” (Only Corporate IT is allowed to issue contracts for information technology related purchases, acquisitions, and outsourcing contracts.) Corporate IT also supports a cloud-based platform since this reduces the amount of infrastructure which IT must support and manage directly.
The project has come to a screeching halt, however, due to an objection by the Chief Financial Officer. The CFO has asked that the IT Governance Board investigate this project and obtain more information about the benefits and risks of using RFID bands linked to an external system which processes transactions and authorizations of mobile / cashless payments for goods and services. The CFO is concerned that the company’s PCI Compliance status may be adversely affected.
The Chief Privacy Officer has also expressed an objection about this project. The CPO is concerned about the privacy implications of tracking both movement of individuals and the tracking of their purchasing behaviors.
The IT Governance Board agreed that the concerns expressed by two of its members (the CFO and CPO) have merit. The board has requested an unbiased analysis of the proposed use cases and the security and privacy issues which could be reasonably expected to arise.
The IT Governance Board has also agreed to a request from the Chief of Staff that the management interns be allowed to participate in this analysis as their final project. Per the agreement, their involvement will be limited to providing background research into the defined use cases for cashless purchases. These use cases are:
1.    Purchases for craft materials and snacks by children (under the age of 13) attending a hotel sponsored “kids club” program.
2.    Purchases by Individuals attending a music festival or other event where IDs must be checked to establish proof of age (legal requirement for local alcoholic beverage consumption).
3.    Purchases by attendees at trade shows (attendees are “adults”).
Your Task
Pick one of the three use cases listed above. Then, follow the directions below to complete the required research and write your final report.
Research
1.    Read / Review the readings in the LEO Classroom.
2.    Read this introduction to RFID technologies
3.    Research one or more of the Use Cases
o    Children: 8 Benefits of Using RFID Wristbands for Resorts & Attractions (see section 4: Family Freedom) and Tappit launches new RFID wristband safety functionality
o    Managing Adult Attendees at Music Festivals (includes RFID bands linked to twitter, Facebook, and credit/debit card): RFID wristbands vs NFC apps: What’s Winning the Contactless Battle?
o    Tracking Adults at Trade Shows: RFID wristbands – the good, the bad and the ugly
4.    Choose one of the Use Cases then find and review at least two additional resources on your own that provides information about privacy and security related laws that could limit or impose additional responsibilities upon Padgett-Beale’s collection, storage, transmission, and use of data about guests. (Note: laws may differ with respect to collecting data from or about children.) You should also investigate laws, regulations, or standards which impact the use of the RFID bands for mobile purchases.
5.    Using all of your readings, identify and research at least 7 security and privacy issues which the IT Governance Board needs to consider and address as it considers the implications of your chosen use case upon the adoption or rejection of the proposed IT project (Event Management Platform & RFID bands).
6.    Then, identify 7 best practices that you can recommend to Padgett-Beale’s leadership team to reduce and/or manage risks associated with the security and privacy of data associated with the event management platform.
Write
Write a five-page report using your research. At a minimum, your report must include the following:
1.    An introduction or overview of event management systems and the potential security and privacy concerns which could arise when implementing this technology. This introduction should be suitable for an executive audience. Provide a brief explanation as to why three major operating units believe the company needs this capability.
2.    An analysis section in which you address the following:
a.    Identify and describe your chosen Use Case
b.    Identify and describe 7 or more types of personal / private information or data that will be collected, stored, processed, and transmitted in conjunction with the use case.
c.    Identify and describe 5 or more compliance issues related to the use of the RFID bands to make and track mobile purchases.
d.    Analyze and discuss 7 or more privacy and security issues related to the use case.
e.    Identify and discuss 3 or more relevant laws, regulations, or standards which could impact the planned implementation of the event management system with RFID wrist bands.
3.    A recommendations section in which you identify and discuss 8 or more best practices for security and privacy that should be implemented before the technology is put into use by the company. Include at least 2 recommendations in each of the following categories: people, processes, policies, and technologies.
Take Action
Review the difference between a process and a policy.
4. A closing section (summary) in which you summarize the issues related to your chosen use case and the event management platform overall. Include a summary of your recommendations to the IT Governance Board.