Description
Unformatted Attachment Preview
Graded Assignment
Name:
SCI302A: Chemistry | Unit 7 | Lesson 4: Semester Test
Date:
Graded Assignment
Semester Test, Part 2
Answer the following questions. You may use the periodic table in the Chemistry: Problems and Solutions book
for this test. When you have finished, submit this assignment to your teacher by the due date for full credit.
(5 points)
1.
You have 2 m3 of a mineral ore sample. It has a mass of 1 × 104 kg. Calculate the
density of the ore sample and express your results in g/cm 3 with appropriate scientific
notation.
Score
Answer:
(5 points)
2. Pentane gas (C5H12) combusts with oxygen gas (O2) to form water (H2O) and carbon dioxide
(CO2). Write a balanced chemical equation for this reaction and explain the scientific principle
(statement) that requires the balancing of an equation to make it conform to reality.
Score
Answer:
(5 points)
3. Methane (CH4), ammonia (NH3), and oxygen (O2) can react to form hydrogen cyanide (HCN)
and water according to this equation:
Score
CH4 + NH3 + O2 → HCN + H2O
You have 8 g of methane and 10 g of ammonia in excess oxygen. Answer the following questions:
•
What is the balanced equation for this reaction?
•
Which reagent is limiting? Explain why.
•
How many grams of hydrogen cyanide will be formed? Show your work.
© 2008 K12 Inc. All rights reserved.
Copying or distributing without K12’s written consent is prohibited.
Page 1 of 2
Graded Assignment
SCI302A: Chemistry | Unit 7 | Lesson 4: Semester Test
Answer:
(5 points)
4. In your own words, explain the periodic law.
Score
Answer:
Your Score
© 2008 K12 Inc. All rights reserved.
Copying or distributing without K12’s written consent is prohibited.
___ of 20
Page 2 of 2
Purchase answer to see full attachment
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Explanation & Answer
Review
Review
Anonymous
Just what I needed…Fantastic!
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
24/7 Homework Help
Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!
Most Popular Content
Engineering Cases study
Choose two of the following four case studies and answer questions by using Code of Ethics for Professional Engineers as y ...
Engineering Cases study
Choose two of the following four case studies and answer questions by using Code of Ethics for Professional Engineers as your guideline in addition to your readings and understanding of sustainability Use Times New Roman
12 pt.
Single Line Spacing
1 page or 350 words minimum
2 pages or 700 words maximum
Show good faith effort
Cite the references you used to support your ideas, and claims. (IEEE style of citation) Case Study 1: Kara has been working as an environmental engineer at a consulting firm for over twenty-five years. Well-known for settling disputes between her corporate clients before litigation must be pursued, Kara often analyzes technical data, particularly distributions of solid particle pollution, presented by disputing parties to help them reach a compromise on the cost of environmental cleanup. For example, two parties may be separated from one another by a strip of land; however, each party must fiscally contribute in keeping the land free from pollutants. One day, Kara was contacted by a journalist to talk about her experiences at the firm. Kara spoke about how she often encountered cases where companies did not accurately depict levels of solid particle pollution occupying the companies’ respective surroundings. Instead, technical experts, who are mostly engineers, would misrepresent data in order to make it seem that minority parties were responsible for a greater part of the contamination. At the end of the interview, Kara emphasized the necessity of engineers taking ownership and being honest about the presentation of data. Q: At what point does an engineer’s interpretation of data move from sound technical reasoning to misrepresentation? How should engineers deal with the pressure to come up with data that may indicate favorable results for their employers? Credit: Jocelyn Tan was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University. Case Study2: Solomon is a principal engineer at an environmental engineering consulting firm. His main role is to advise clients on what type of action to take when they are faced with risks and liabilities while conducting certain projects. In one case, Solomon had a client that wanted to expand their campus until it was within approximately 50 meters of a marshland. After construction of this extension, however, the client must ensure that a proper waste management plan is in place so that contamination will have minimal effect on the surrounding habitat. The client came up with a solution that satisfied, but did not go beyond the bare minimum of state regulations. In other words, although Solomon’s client prioritized a cost-effective plan, the environment would be subject to a certain percentage of contamination that would, within five to ten years, stifle the marshland’s flourishing. Q :Should Solomon push for a more fiscally demanding, yet sustainable strategy--at the risk of his client backing out of the partnership altogether? Credit: Jocelyn Tan was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University. Case Study 3: After earning a graduate degree in Engineering Management, Ashton began working for PDRC International. This is a company based in the U.S. which offers engineering, design, and construction services to countries all over the world. Ashton’s work is focused on international development; her first assignment is to lead a team to develop a bid for a highway construction project in East Africa. After the engineering proposal is submitted, Ashton is proud of the work her team has accomplished and promises her manager she will do everything possible to make sure that PDRC receives the contract. PDRC’s bid is well-received, and Ashton and her team are flown to East Africa to finish negotiations. Ashton is thrilled when her company receives the bid; the only stipulation is that they build their construction headquarters in a specific region in the country. Ashton then begins scouting the region for a location to build their headquarters. In order to obtain building permits in the region, Ashton has to negotiate with the local government. As she begins negotiations, she realizes that bribery is both a common and expected practice. If she does not bribe the local officials, she will not be able to build PDRC’s headquarters in that region and consequently will lose the contract; her first managerial project will be a failure. However, it is illegal for a U.S. citizen to bribe a foreign official in order to obtain business; if she is caught for bribery, she could face jail time and her company could be fined millions of dollars. Q: What should she do? Explain your answer. Credit: Clare Bartlett was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University. Case Study 4: Jack has been working as a project engineer for a mechanical energy technology firm for a few years now, and has recently been promoted to review projects for in-need communities overseas. He has been put in charge of managing the current company’s charity projects, and determining how to distribute the funding for them. Some of the projects are pretty straightforward in their mission and material requirement, but for one project, Jack isn’t sure whether the company should be funding it. The project’s mission is to provide new solar panels for an East African community but the project data suggests it is more practical to just install better lighting inside the homes. Jack wonders whether to bring up his doubts with his boss. Based on the company’s research on the community, the community desires better lighting system for their homes, and the solar panels would be an expensive and high maintenance project. Not to mention, there was a previous project that (when followed through) resulted in equipment being stolen from the same region to exchange for money. Jack understands their local sponsor would gain a great advantage in featuring solar panels in the community. It would also foster a good business partnership between the two companies. However, Jack feels it is his responsibility to provide the community with a more simple and efficient solution to their problem, without diving into a large project that could possibly lead to negative side effects. Q: Is Jack’s company wrong to provide technology to the community when they don’t need it? Credit: Nabilah Deen was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University
32 pages
Corrected
This paper is submitted in partial fulfillment of the requirements for the Sexuality has gotten used over the years as a m ...
Corrected
This paper is submitted in partial fulfillment of the requirements for the Sexuality has gotten used over the years as a means for self-expression and ...
8 pages
Physics Lab
This virtual lab is an introduction to a topic rather than an application of something that we have learned. We need to in ...
Physics Lab
This virtual lab is an introduction to a topic rather than an application of something that we have learned. We need to introduce a new concept called ...
ST 620 California Packet Capture and Intrusion Detection Prevention Systems Case
Introduction to Packet Capture and Intrusion Detection Prevention SystemsYou are a network analyst on the fly-away team fo ...
ST 620 California Packet Capture and Intrusion Detection Prevention Systems Case
Introduction to Packet Capture and Intrusion Detection Prevention SystemsYou are a network analyst on the fly-away team for the FBI's cybersecurity sector engagement division. You've been deployed several times to financial institutions to examine their networks after cyberattacks, ranging from intrusions and data exfiltration to distributed denial of services to their network supporting customer transaction websites.A representative from the Financial Services Information Sharing and Analysis Center, FS-ISAC, met with your boss, the chief net defense liaison to the financial services sector, about recent reports of intrusions into the networks of banks and their consortium.He's provided some of the details of the reports in an email. "Millions of files were compromised, and financial officials want to know who entered the networks and what happened to the information. At the same time, the FS-ISAC has seen extensive distributed denial of service disrupting the bank's networks, impacting the customer websites, and blocking millions of dollars of potential transactions," his email reads.You realize that the impact from these attacks could cause the downfall of many banks and ultimately create a strain on the US economy. In the email, your chief asks you to travel to one of the banks and using your suite of network monitoring and intrusion detection tools, produce two documents—a report to the FBI and FS-ISAC that contains the information you observed on the network and a joint network defense bulletin to all the banks in the FS-ISAC consortium, recommending prevention methods and remediation against the types of malicious traffic activity that they may face or are facing.Network traffic analysis and monitoring help distinguish legitimate traffic from malicious traffic.Step 1: Create a Network Architecture OverviewAs part of your assignment to report on prevention methods and remediation techniques for the banking industry, you would have to travel to the various bank locations and gain access to their networks. However, you must first understand the network architecture of these banks.Provide a network architecture overview along with diagrams. Your overview can be fictitious or based on an actual organization. The goal is to provide an understanding of the network architecture.Describe the various data transmission components. Select the links below to review them:User Datagram Protocol (UDP)Transmission Control Protocol/Internet Protocol (TCP/IP)internet packetsIP address schemeswell-known ports and applicationsAddress the meaning and relevance of information, such as:the sender or source that transmits a messagethe encoder used to code messagesthe medium or channel that carries the messagethe decoding mechanisms usedthe receiver or destination of the messagesDescribe:the intrusion detection system (IDS)the intrusion prevention system (IPS)the firewalls that have been establishedthe link between the operating systems, the software, and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks.Identify:how banks use firewallshow banks use IDSsthe difference between these technologiesInclude:the network infrastructure informationthe IP address schemes that will involve the IP addressing assignment modelthe public and private addressing and address allocationspotential risks in setting up the IP addressing schemeHere are some resources to review:intrusion detection and prevention (IDS/IPS) systemsfirewallsIdentify:any well-known ports and applications that are usedrisks associated with those ports and applications being identified and possibly targetedAdd your overview to your report.In the next step, you will identify network attacks and ways to monitor systems to prevent these attacks.Network administrators must protect networks from intrusions. This can be done using tools and techniques that use past traffic data to determine what should be allowed and what should be blocked. In the face of constantly evolving threats to networks, network administrators must ensure their intrusion detection and prevention systems are able to analyze, monitor, and even prevent these advanced threats.In this project, you will research network intrusion and prevention systems and understand their use in a network environment. You will also use monitoring and analysis technologies in the Workspace to compile a Malicious Network Activity Report for financial institutions and a Joint Network Defense Bulletin for a financial services consortium.The following are the deliverables for this project:DeliverablesMalicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Joint Network Defense Bulletin: A one- to two-page double-spaced document.Lab Report: A Word document sharing your lab experience along with screenshots.There are eight steps to complete the project. Most steps in this project should take no more than two hours to complete, and the entire project should take no more than two weeks to complete. Begin with the workplace scenario and continue to Step 1, “Create a Network Architecture Overview.”CompetenciesYour work will be evaluated using the competencies listed below.1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.1.4: Tailor communications to the audience.2.1: Identify and clearly explain the issue, question, or problem under critical consideration.2.2: Locate and access sufficient information to investigate the issue or problem.2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.2.4: Consider and analyze information in context to the issue or problem.2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.8.5: Obtain knowledge and skills to conduct a postmortem analysis of an incident and provide sound recommendations for business continuity.9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.Step 2: Identify Network AttacksIn the previous step, you provided an overview of the network architecture. In this step, you will identify possible cyberattacks such as spoofing/cache poisoning, session hijacking, and man-in-the-middle attacks.Provide techniques for monitoring these attacks using knowledge acquired in the previous step. Review the following resources to gain a better understanding of these particular cyberattacks:Session hijacking: spoofing/cache poisoning attacksMan-in-the-middle attacksOne way to monitor and learn about malicious activities on a network is to create honeypots.Propose a honeypot environment to lure hackers to the network and include the following in your proposal:Describe a honeypot.Explain how a honeypot environment is set up.Explain the security and protection mechanisms a bank would need for a honeypot.Discuss some network traffic indicators that will tell you that your honeypot trap is working.Include this information in your final report. However, do not include this information in the bulletin to prevent hackers from being alerted about these defenses.Then, continue to the next step, where you will identify false negatives and positives.Step 3: Identify False Positives and False NegativesYou just identified possible information security attacks. Now, identify the risks to network traffic analysis and remediation. Review the resources on false positives and false negatives and discuss the following:Identify what are false positives and false negatives.How are false positives and false negatives determined?How are false positives and false negatives tested?Which is riskier to the health of the network, a false positive or a false negative?Describe your analysis about testing for false negatives and false positives using tools such as IDSs and firewalls, and include this as recommendations for the banks in your public service Joint Network Defense Bulletin.Discuss the concept of performing statistical analysis of false positives and false negatives.Explain how banks can reduce these issues.Research possible ways to reduce these events and include this information as recommendations in the Malicious Network Activity Report.Network intrusion analysis is often done with a tool such as Snort. Snort is a free and open-source intrusion detection/prevention system program. It is used for detecting and preventing malicious traffic and attacks on networks, analysis, and education. Such identification can be used to design signatures for the IDS, as well as to program the IDS to block this known bad traffic.Network traffic analysis is often done using tools such as Wireshark. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development and education. Cybersecurity professionals must know how to perform network forensics analysis.In the next step, you will analyze network traffic.Step 4: Analyze Network TrafficIn the previous step, you identified and analyzed risks related to false negatives and false positives. For this step, you will analyze network traffic, conduct network forensics analysis, and identify malicious network addresses.Enter Workspace and perform the network traffic analysis. During this step, you will also develop proposed rules to prevent against known malicious sites and to test for these signatures.Professionals in the FieldThis program of study has exposed you to a variety of cybersecurity tools. Can you summarize what these tools do? Can you discuss their use in new situations? Can you do this for both technical and nontechnical staff?As you progress in your career, you will likely need to sway people who hold authority over cybersecurity decisions. These people may know very little about cybersecurity, but they will understand their own goals within the organization.It’s not enough to just be well-versed on the technical side; sometimes you must be able to explain in understandable terms how a computing platform will be affected by a breach.Step 5: Determine Sensitivity of Your AnalysisIn the previous step, you completed network analysis. In this step, you will determine which information to include in which document.Information appropriate for internal consumption may not be appropriate for public consumption. The Joint Network Defense Bulletin may alert criminals of the network defense strategy. Therefore, be careful about what you include in this bulletin.Once you have assessed the sensitivity of the information, include appropriate information in your Malicious Network Activity Report.Then, include appropriate information in the Joint Network Defense Bulletin in a way that educates the financial services consortium of the threat and the mitigating activities necessary to protect against that threat.Step 6: Explain Other Detection Tools and TechniquesIn the previous step, you included appropriate information in the proper document. In this step, perform independent research and briefly discuss what other tools and techniques may be used to detect these signatures.Provide enough detail so that a bank network administrator could follow your explanation to deploy your system in production. Include this information in the Joint Network Defense Bulletin.Next, move to the next step, where you will organize and complete your report.Step 7: Complete Malicious Network Activity ReportNow that you have gathered all the data for your Malicious Network Activity Report, it is time to organize your report. The following is a suggested outline:Introduction: Describe the banking institution and the issue you will be examining.Overview of the Network ArchitectureNetwork AttacksNetwork Traffic Analysis and ResultsOther Detection Tools and TechniquesRecommended Remediation StrategiesSubmit your report to the Assignments folder in the final step. You are now ready for the last piece of this project, the Joint Network Defense Bulletin.Step 8: Create the Joint Network Defense BulletinIn this step, you will create the Joint Network Defense Bulletin. Compile the information you have gathered, taking care to eliminate any sensitive bank-specific information. The Joint Network Defense Bulletin is an educational document for the financial services consortium. This bulletin should be addressed to the FBI chief and the FS-ISAC representative.Here is a list of the final deliverables for Project 2.DeliverablesMalicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Joint Network Defense Bulletin: A one- to two-page double-spaced document.Submit all deliverables to the Assignments folder below.Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.Check Your Evaluation CriteriaBefore you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.1.4: Tailor communications to the audience.2.1: Identify and clearly explain the issue, question, or problem under critical consideration.2.2: Locate and access sufficient information to investigate the issue or problem.2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.2.4: Consider and analyze information in context to the issue or problem.2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.8.5: Obtain knowledge and skills to conduct a postmortem analysis of an incident and provide sound recommendations for business continuity.9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.ATTACHED TAMPLATESJoint Network
Defense Bulletin
Create a 1-2 page
educational public service announcement (PSA) / Bulletin that will got to all
the banks in the FS-ISAC financial bank consortium. Take
care to eliminate any information that could identify any particular bank.
There have been recent
reports of intrusions into the networks of banks and their consortium. In this PSA/Bulletin recommend prevention
methods and remediation against the types of malicious traffic activity that
they may face or are facing.
A few suggestions:
Discuss risks observed
to network traffic analysis. Discuss IDS
and firewalls and testing for false negatives and false positives. Discuss network IP addresses and protocols
and relate them to network architecture. Discuss observations from Wireshark that could emphasize your
recommendations.
Explain in a few
paragraphs what other tools and techniques (besides Wireshark and Snort) the
bank consortium may use to detect malicious IP addresses / signatures. Provide enough detail so that a bank network
administrator could follow your explanation to deploy your system in
production. ISAC that contains the
information you observed on the network and a joint network defense bulletin to
all the banks in the FS-ISAC consortium, recommending prevention methods and
remediation against the types of malicious traffic activity that they may face
or are facing. The bulletin will be
provide separately from the report. This
report will provide a network architecture overview and will discuss data
transmission components, security attacks, techniques for monitoring such
attacks, and cyber offensives, intrusion detection (IDS) and intrusion
prevention (IPS) systems, firewalls, and risks to network traffic analysis and
remediation.
Network Architecture Overview
You traveled to the banks’ locations and gained access to
their network operations.
Network
Diagram
Discuss the network diagram here but put the diagram itself
at the bottom of this plan in the “Figures” section. Refer to Figure X (assign a number) and
discuss the network architecture. Your
overview can be based on fictitious information, or you can model network
architecture from a real researched bank.
Data
Transmission Components
Discuss various data transmission components such as: UDP,
TCP/IP, Internet Packets, IP address schemes, and well-known ports and
applications.
Relevance
of Information
Address the meanings and relevance of information, such as
the sender or source that transmits a message, the encoder used to code
messages, the medium or channel that carries the message, the decoding
mechanisms that were used, and the receiver or destination of the messages.
Intrusion
Detection and Intrusion Prevention
Describe the intrusion detection (IDS) and intrusion
prevention (IPS) systems used and the firewalls that have been established.
Make sure to link the operating systems and the software and hardware
components in the network, firewall, and IDS that make up the network defense
implementation of the banks’ networks. Identify how the banks are using
firewalls and how they are using IDSs, and identify the difference between
these technologies. Include the network infrastructure information and the IP
address schemes, which will involve the IP addressing assignment model, and the
public and private addressing and address allocations.
Potential
Risks
Identify potential risks in setting up the IP addressing
scheme. Identify any well-known ports
and applications that are being used and the risk associated with those being
identified, and possibly targeted. This
portion can be made up of fictitious information, or you can use information
from research.
Information
Security Attacks
Possible Cyberattacks
Using information from your network
architecture overview, identify possible cyberattacks such as spoofing/cache
poisoning attacks, and session hijacking attacks including but not limited to
man-in-the-middle attacks. Also provide
techniques for monitoring against these attacks.
Proposed Cyber Offensive Operation
Discuss how you would lure the hackers
to honeypots. Describe what a honeypot
is, how to set up an operation using a honeypot, and what security and
protections mechanisms would need to be in place if a bank agreed to set up a
honeypot. What are some indicators in
network traffic that would lead you to conclude that your honeypot trap has
worked? Report these from
Wireshark.
False
Negatives and False Positives Encryption
Discuss false
positives and false negatives -- identify what these are, how they are
determined, how they are tested, and which is riskier to the health of the
network. Then, identify the posed risks
to the cryptographic systems as a result of these gaps, including but not
limited to crypto attacks.
Statistical Analyses - Workspace
Discuss the statistical analyses of
false positives and false negatives from the results in Workspace, from the
banks’ networks, and how they can reduce these values. Use fictitious values
but research possible ways to reduce these events, and include as recommendations
here in this section.
IP Network Addresses
Discuss your lab work and results from
Wireshark in this section. If you want
to include the lab figures in the report (rather than separate as you can do),
then please put them all at the bottom of this plan in the “Figures”
section. Refer to Figure X (assign a
number) and discuss them to emphasize your points on network IP addresses, the
types of protocols that are running, and relate them to the network
architecture you provided in the earlier section of the report.
Include analysis of the source and
destination IP addresses that seem anomalous in nature, the traffic volume
patterns with date and time corroborations, and other significant details of
the network traffic analysis here in this section.
Network Forensics Analysis
Discuss your lab work and results from
Snort in this section. If you want to
include the lab figures in the report (rather than separate as you can do),
then please put them all at the bottom of this plan in the “Figures” section. Refer to Figure X (assign a number) and
discuss them to emphasize your points on network forensics analysis and
malicious IP addresses.
Identify malicious IP addresses and discuss
how they can be used to design signatures for the IDS, programming the IDS to
block this known bad traffic. Discuss
some of your lab work where you develop proposed Snort signatures to prevent
against those known bad sites and test these signatures. Provide some improvements to the performance
of the signature.
Conclusion
This Malicious Network Activity Report provided a network
architecture overview and discussed data transmission components, security
attacks, techniques for monitoring such attacks, and cyber offensives,
intrusion detection (IDS) and intrusion prevention (IPS) systems, firewalls,
and risks to network traffic analysis and remediation. From here discuss your overall conclusions
and recommendations…
References
Aleisa, N. (2015). A comparison of the 3DES and AES encryption
standards. International Journal
of Security and Its Applications 9(7). doi: 10.14257/ijsia.2015.9.7.21
Defense Human Resource Activity. (n.d.). Common Access Card (CAC) Security. Retrieved from
http://cac.mil/common-access-card/cac-security
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Computer Security: Guide to integrating
forensic techniques into incident response: Recommendations of the National
Institute of Standards and Technology (Special Publication 800-86).
Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspe...
Reith, M., Carr, C., & Gunsch, G. (2002). An examination of
digital forensic models. International
Journal of Digital Evidence, 1(3), 1-12. Retrieved from
http://www.just.edu.jo/~Tawalbeh/nyit/incs712/digi...
Tables
Table 1
Demographic Data on
All 178 Respondents
Population Description
Male
Female
Total
Age ≤ 29 Years
(N = 23) 20.7%
(N = 10) 14.9%
(N = 33) 18.5%
Age 30-45 Years
(N = 34) 30.6%
(N = 29) 43.3%
(N = 63) 35.3%
Age 46-59 Years
(N = 44) 39.6%
(N = 24) 35.8%
(N = 68) 38.2%
Age 60 Years or older
(N = 10) 09.0%
(N = 04) 06.0%
(N = 14) 07.9%
Experience 05 Years Exact
(N = 15) 13.5%
(N = 10) 14.9%
(N = 25) 14.0%
Experience 06-10 Years
(N = 30) 27.0%
(N = 21) 31.3%
(N = 51) 28.6%
Experience 11-19 Years
(N = 38) 34.2%
(N = 26) 38.8%
(N = 64) 35.9%
Experience ≥ 20 Years
(N = 28) 25.2%
(N = 10) 14.9%
(N = 38) 21.3%
Table 2
Measures of Central
Tendency and Variation
N
Statistic
R
Statistic
M
Statistic
SD
Statistic
Variance
Statistic
Skewness
Statistic
Skewness
Std. Error
Gender
178
1
1.38
.486
.236
.515
.182
Age
178
3
2.35
.872
.761
-.034
.182
Experience
178
3
2.65
.970
.942
-.176
.182
Valid N
178
Figures
Figure 1.
Hospital
Information Support System.
Rasmussen Minneapolis Minnesota Nose Mouth and Throat Health History Documentation
Documentation of the Nose, Mouth, and Throat
undefined
Examiner:
undefined
Date:
undefined
Patient:
undefined
Age:
u ...
Rasmussen Minneapolis Minnesota Nose Mouth and Throat Health History Documentation
Documentation of the Nose, Mouth, and Throat
undefined
Examiner:
undefined
Date:
undefined
Patient:
undefined
Age:
undefined
Reason for Visit:
undefined
Health History – Nose
undefined
Any nasal discharge noted?
Unusually frequent of severe colds?
Any sinus pain or sinusitis?
Any trauma or injury to the nose?
Any nosebleeds? How often?
Any allergies or hay fever?
Any changes or loss in the sense of smell?
undefined
Health History – Mouth
undefined
Any sores in the mouth or on the tongue?
Any sore throat? How often?
Any bleeding gums or toothache?
Any hoarseness or voice change?
Any difficulty swallowing?
Any change in the sense of taste?
Do you smoke? How much per day? How long?
Drink alcohol? How many times per week? How many drinks per occasion?
Do you use nasal sprays?
Do you get regular dental checkups? Brush your teeth and floss daily?
undefined
Health History – Throat
undefined
Any neck pain?
Any lumps or masses in the neck?
Any surgery on the neck?
Any history of thyroid problems?
undefined
Physical Assessment
undefined
Inspect the nose and palpate sinuses
Symmetrical?
Nares patent?
Deviated septum?
Mucous membranes pink and moist?
Discharge or inflammation?
Any tenderness in frontal or maxillary sinuses?
Inspect the mouth
Lips symmetrical? Lesions? Dry or chapped?
Dentition intact? Caries?
Gums inflamed?
Any lesions in the mouth? Membranes pink and moist?
Tongue midline? Able to move?
Uvula rises with phonation?
Hard palate intact?
Tonsils present? Inflamed?
Inspect and palpate the neck
Trachea midline?
Thyroid enlarged or nodules present?
Perform ROM
ROM against resistance – head and shoulders
Palpate lymph nodes – any tenderness or inflammation?
undefined
Regional Write-Up
undefined
Subjective (Health History)
Objective (Physical Assessment)
Assessment of Risks and Plan (Include two risks)
Similar Content
DNA Replication in Eukaryotes Discussion
the first part is should be a reflection on DNA Replication in Eukaryotes5 (7.), and it must be at least 250 words
the sec...
Parasympathetic Nervous System and The Pupillary Reflex Discussion
describe how the parasympathetic nervous system influences one function in your body. Then describe the physiology behind ...
CTU Online Health Insurance Portability and Accountability Act Discussion
Assignment Description
The Health Insurance Portability and Accountability Act (HIPAA) is a major regulatory aspect of hea...
Environmental Risk Assessment and Toxicology
Please answer the following questions below: b.Which is a more toxic soil pollutant with regards to human health, be...
Hillsborough Community College Cell Biology Lab Questions
research article: https://pubmed.ncbi.nlm.nih.gov/26605373/ ...
unit 2 individual project for SCIE206
Assignment Details Assignment Description Scientific inquiry in biology starts by observing the living species aroun...
Solutions
...
Scenario 2
Ten pea plant seeds were planted in each of 5 pots that contained 500g of “Peat’s Potting Soil.” The pots were given...
Bos 3125 Hazardous Materials Management.edited
In most cases, companies usually are required to comply with the set of environmental protection regulations and standards...
Related Tags
Book Guides
The Silent Patient
by Alex Michaelides
Daisy Miller
by Henry James
One Flew Over the Cuckoos Nest
by Ken Kesey
I Cant Make This Up - Life Lessons
by Kevin Hart
The Awakening
by Kate Chopin
All the Kings Men
by Robert Penn Warren
A Farewell To Arms
by Ernest Hemingway
Freakonomics
by Stephen J. Dubner and Steven D. Levitt
Get 24/7
Homework help
Our tutors provide high quality explanations & answers.
Post question
Most Popular Content
Engineering Cases study
Choose two of the following four case studies and answer questions by using Code of Ethics for Professional Engineers as y ...
Engineering Cases study
Choose two of the following four case studies and answer questions by using Code of Ethics for Professional Engineers as your guideline in addition to your readings and understanding of sustainability Use Times New Roman
12 pt.
Single Line Spacing
1 page or 350 words minimum
2 pages or 700 words maximum
Show good faith effort
Cite the references you used to support your ideas, and claims. (IEEE style of citation) Case Study 1: Kara has been working as an environmental engineer at a consulting firm for over twenty-five years. Well-known for settling disputes between her corporate clients before litigation must be pursued, Kara often analyzes technical data, particularly distributions of solid particle pollution, presented by disputing parties to help them reach a compromise on the cost of environmental cleanup. For example, two parties may be separated from one another by a strip of land; however, each party must fiscally contribute in keeping the land free from pollutants. One day, Kara was contacted by a journalist to talk about her experiences at the firm. Kara spoke about how she often encountered cases where companies did not accurately depict levels of solid particle pollution occupying the companies’ respective surroundings. Instead, technical experts, who are mostly engineers, would misrepresent data in order to make it seem that minority parties were responsible for a greater part of the contamination. At the end of the interview, Kara emphasized the necessity of engineers taking ownership and being honest about the presentation of data. Q: At what point does an engineer’s interpretation of data move from sound technical reasoning to misrepresentation? How should engineers deal with the pressure to come up with data that may indicate favorable results for their employers? Credit: Jocelyn Tan was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University. Case Study2: Solomon is a principal engineer at an environmental engineering consulting firm. His main role is to advise clients on what type of action to take when they are faced with risks and liabilities while conducting certain projects. In one case, Solomon had a client that wanted to expand their campus until it was within approximately 50 meters of a marshland. After construction of this extension, however, the client must ensure that a proper waste management plan is in place so that contamination will have minimal effect on the surrounding habitat. The client came up with a solution that satisfied, but did not go beyond the bare minimum of state regulations. In other words, although Solomon’s client prioritized a cost-effective plan, the environment would be subject to a certain percentage of contamination that would, within five to ten years, stifle the marshland’s flourishing. Q :Should Solomon push for a more fiscally demanding, yet sustainable strategy--at the risk of his client backing out of the partnership altogether? Credit: Jocelyn Tan was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University. Case Study 3: After earning a graduate degree in Engineering Management, Ashton began working for PDRC International. This is a company based in the U.S. which offers engineering, design, and construction services to countries all over the world. Ashton’s work is focused on international development; her first assignment is to lead a team to develop a bid for a highway construction project in East Africa. After the engineering proposal is submitted, Ashton is proud of the work her team has accomplished and promises her manager she will do everything possible to make sure that PDRC receives the contract. PDRC’s bid is well-received, and Ashton and her team are flown to East Africa to finish negotiations. Ashton is thrilled when her company receives the bid; the only stipulation is that they build their construction headquarters in a specific region in the country. Ashton then begins scouting the region for a location to build their headquarters. In order to obtain building permits in the region, Ashton has to negotiate with the local government. As she begins negotiations, she realizes that bribery is both a common and expected practice. If she does not bribe the local officials, she will not be able to build PDRC’s headquarters in that region and consequently will lose the contract; her first managerial project will be a failure. However, it is illegal for a U.S. citizen to bribe a foreign official in order to obtain business; if she is caught for bribery, she could face jail time and her company could be fined millions of dollars. Q: What should she do? Explain your answer. Credit: Clare Bartlett was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University. Case Study 4: Jack has been working as a project engineer for a mechanical energy technology firm for a few years now, and has recently been promoted to review projects for in-need communities overseas. He has been put in charge of managing the current company’s charity projects, and determining how to distribute the funding for them. Some of the projects are pretty straightforward in their mission and material requirement, but for one project, Jack isn’t sure whether the company should be funding it. The project’s mission is to provide new solar panels for an East African community but the project data suggests it is more practical to just install better lighting inside the homes. Jack wonders whether to bring up his doubts with his boss. Based on the company’s research on the community, the community desires better lighting system for their homes, and the solar panels would be an expensive and high maintenance project. Not to mention, there was a previous project that (when followed through) resulted in equipment being stolen from the same region to exchange for money. Jack understands their local sponsor would gain a great advantage in featuring solar panels in the community. It would also foster a good business partnership between the two companies. However, Jack feels it is his responsibility to provide the community with a more simple and efficient solution to their problem, without diving into a large project that could possibly lead to negative side effects. Q: Is Jack’s company wrong to provide technology to the community when they don’t need it? Credit: Nabilah Deen was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University
32 pages
Corrected
This paper is submitted in partial fulfillment of the requirements for the Sexuality has gotten used over the years as a m ...
Corrected
This paper is submitted in partial fulfillment of the requirements for the Sexuality has gotten used over the years as a means for self-expression and ...
8 pages
Physics Lab
This virtual lab is an introduction to a topic rather than an application of something that we have learned. We need to in ...
Physics Lab
This virtual lab is an introduction to a topic rather than an application of something that we have learned. We need to introduce a new concept called ...
ST 620 California Packet Capture and Intrusion Detection Prevention Systems Case
Introduction to Packet Capture and Intrusion Detection Prevention SystemsYou are a network analyst on the fly-away team fo ...
ST 620 California Packet Capture and Intrusion Detection Prevention Systems Case
Introduction to Packet Capture and Intrusion Detection Prevention SystemsYou are a network analyst on the fly-away team for the FBI's cybersecurity sector engagement division. You've been deployed several times to financial institutions to examine their networks after cyberattacks, ranging from intrusions and data exfiltration to distributed denial of services to their network supporting customer transaction websites.A representative from the Financial Services Information Sharing and Analysis Center, FS-ISAC, met with your boss, the chief net defense liaison to the financial services sector, about recent reports of intrusions into the networks of banks and their consortium.He's provided some of the details of the reports in an email. "Millions of files were compromised, and financial officials want to know who entered the networks and what happened to the information. At the same time, the FS-ISAC has seen extensive distributed denial of service disrupting the bank's networks, impacting the customer websites, and blocking millions of dollars of potential transactions," his email reads.You realize that the impact from these attacks could cause the downfall of many banks and ultimately create a strain on the US economy. In the email, your chief asks you to travel to one of the banks and using your suite of network monitoring and intrusion detection tools, produce two documents—a report to the FBI and FS-ISAC that contains the information you observed on the network and a joint network defense bulletin to all the banks in the FS-ISAC consortium, recommending prevention methods and remediation against the types of malicious traffic activity that they may face or are facing.Network traffic analysis and monitoring help distinguish legitimate traffic from malicious traffic.Step 1: Create a Network Architecture OverviewAs part of your assignment to report on prevention methods and remediation techniques for the banking industry, you would have to travel to the various bank locations and gain access to their networks. However, you must first understand the network architecture of these banks.Provide a network architecture overview along with diagrams. Your overview can be fictitious or based on an actual organization. The goal is to provide an understanding of the network architecture.Describe the various data transmission components. Select the links below to review them:User Datagram Protocol (UDP)Transmission Control Protocol/Internet Protocol (TCP/IP)internet packetsIP address schemeswell-known ports and applicationsAddress the meaning and relevance of information, such as:the sender or source that transmits a messagethe encoder used to code messagesthe medium or channel that carries the messagethe decoding mechanisms usedthe receiver or destination of the messagesDescribe:the intrusion detection system (IDS)the intrusion prevention system (IPS)the firewalls that have been establishedthe link between the operating systems, the software, and hardware components in the network, firewall, and IDS that make up the network defense implementation of the banks’ networks.Identify:how banks use firewallshow banks use IDSsthe difference between these technologiesInclude:the network infrastructure informationthe IP address schemes that will involve the IP addressing assignment modelthe public and private addressing and address allocationspotential risks in setting up the IP addressing schemeHere are some resources to review:intrusion detection and prevention (IDS/IPS) systemsfirewallsIdentify:any well-known ports and applications that are usedrisks associated with those ports and applications being identified and possibly targetedAdd your overview to your report.In the next step, you will identify network attacks and ways to monitor systems to prevent these attacks.Network administrators must protect networks from intrusions. This can be done using tools and techniques that use past traffic data to determine what should be allowed and what should be blocked. In the face of constantly evolving threats to networks, network administrators must ensure their intrusion detection and prevention systems are able to analyze, monitor, and even prevent these advanced threats.In this project, you will research network intrusion and prevention systems and understand their use in a network environment. You will also use monitoring and analysis technologies in the Workspace to compile a Malicious Network Activity Report for financial institutions and a Joint Network Defense Bulletin for a financial services consortium.The following are the deliverables for this project:DeliverablesMalicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Joint Network Defense Bulletin: A one- to two-page double-spaced document.Lab Report: A Word document sharing your lab experience along with screenshots.There are eight steps to complete the project. Most steps in this project should take no more than two hours to complete, and the entire project should take no more than two weeks to complete. Begin with the workplace scenario and continue to Step 1, “Create a Network Architecture Overview.”CompetenciesYour work will be evaluated using the competencies listed below.1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.1.4: Tailor communications to the audience.2.1: Identify and clearly explain the issue, question, or problem under critical consideration.2.2: Locate and access sufficient information to investigate the issue or problem.2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.2.4: Consider and analyze information in context to the issue or problem.2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.8.5: Obtain knowledge and skills to conduct a postmortem analysis of an incident and provide sound recommendations for business continuity.9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.Step 2: Identify Network AttacksIn the previous step, you provided an overview of the network architecture. In this step, you will identify possible cyberattacks such as spoofing/cache poisoning, session hijacking, and man-in-the-middle attacks.Provide techniques for monitoring these attacks using knowledge acquired in the previous step. Review the following resources to gain a better understanding of these particular cyberattacks:Session hijacking: spoofing/cache poisoning attacksMan-in-the-middle attacksOne way to monitor and learn about malicious activities on a network is to create honeypots.Propose a honeypot environment to lure hackers to the network and include the following in your proposal:Describe a honeypot.Explain how a honeypot environment is set up.Explain the security and protection mechanisms a bank would need for a honeypot.Discuss some network traffic indicators that will tell you that your honeypot trap is working.Include this information in your final report. However, do not include this information in the bulletin to prevent hackers from being alerted about these defenses.Then, continue to the next step, where you will identify false negatives and positives.Step 3: Identify False Positives and False NegativesYou just identified possible information security attacks. Now, identify the risks to network traffic analysis and remediation. Review the resources on false positives and false negatives and discuss the following:Identify what are false positives and false negatives.How are false positives and false negatives determined?How are false positives and false negatives tested?Which is riskier to the health of the network, a false positive or a false negative?Describe your analysis about testing for false negatives and false positives using tools such as IDSs and firewalls, and include this as recommendations for the banks in your public service Joint Network Defense Bulletin.Discuss the concept of performing statistical analysis of false positives and false negatives.Explain how banks can reduce these issues.Research possible ways to reduce these events and include this information as recommendations in the Malicious Network Activity Report.Network intrusion analysis is often done with a tool such as Snort. Snort is a free and open-source intrusion detection/prevention system program. It is used for detecting and preventing malicious traffic and attacks on networks, analysis, and education. Such identification can be used to design signatures for the IDS, as well as to program the IDS to block this known bad traffic.Network traffic analysis is often done using tools such as Wireshark. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development and education. Cybersecurity professionals must know how to perform network forensics analysis.In the next step, you will analyze network traffic.Step 4: Analyze Network TrafficIn the previous step, you identified and analyzed risks related to false negatives and false positives. For this step, you will analyze network traffic, conduct network forensics analysis, and identify malicious network addresses.Enter Workspace and perform the network traffic analysis. During this step, you will also develop proposed rules to prevent against known malicious sites and to test for these signatures.Professionals in the FieldThis program of study has exposed you to a variety of cybersecurity tools. Can you summarize what these tools do? Can you discuss their use in new situations? Can you do this for both technical and nontechnical staff?As you progress in your career, you will likely need to sway people who hold authority over cybersecurity decisions. These people may know very little about cybersecurity, but they will understand their own goals within the organization.It’s not enough to just be well-versed on the technical side; sometimes you must be able to explain in understandable terms how a computing platform will be affected by a breach.Step 5: Determine Sensitivity of Your AnalysisIn the previous step, you completed network analysis. In this step, you will determine which information to include in which document.Information appropriate for internal consumption may not be appropriate for public consumption. The Joint Network Defense Bulletin may alert criminals of the network defense strategy. Therefore, be careful about what you include in this bulletin.Once you have assessed the sensitivity of the information, include appropriate information in your Malicious Network Activity Report.Then, include appropriate information in the Joint Network Defense Bulletin in a way that educates the financial services consortium of the threat and the mitigating activities necessary to protect against that threat.Step 6: Explain Other Detection Tools and TechniquesIn the previous step, you included appropriate information in the proper document. In this step, perform independent research and briefly discuss what other tools and techniques may be used to detect these signatures.Provide enough detail so that a bank network administrator could follow your explanation to deploy your system in production. Include this information in the Joint Network Defense Bulletin.Next, move to the next step, where you will organize and complete your report.Step 7: Complete Malicious Network Activity ReportNow that you have gathered all the data for your Malicious Network Activity Report, it is time to organize your report. The following is a suggested outline:Introduction: Describe the banking institution and the issue you will be examining.Overview of the Network ArchitectureNetwork AttacksNetwork Traffic Analysis and ResultsOther Detection Tools and TechniquesRecommended Remediation StrategiesSubmit your report to the Assignments folder in the final step. You are now ready for the last piece of this project, the Joint Network Defense Bulletin.Step 8: Create the Joint Network Defense BulletinIn this step, you will create the Joint Network Defense Bulletin. Compile the information you have gathered, taking care to eliminate any sensitive bank-specific information. The Joint Network Defense Bulletin is an educational document for the financial services consortium. This bulletin should be addressed to the FBI chief and the FS-ISAC representative.Here is a list of the final deliverables for Project 2.DeliverablesMalicious Network Activity Report: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Joint Network Defense Bulletin: A one- to two-page double-spaced document.Submit all deliverables to the Assignments folder below.Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.Check Your Evaluation CriteriaBefore you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.1.4: Tailor communications to the audience.2.1: Identify and clearly explain the issue, question, or problem under critical consideration.2.2: Locate and access sufficient information to investigate the issue or problem.2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.2.4: Consider and analyze information in context to the issue or problem.2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.8.5: Obtain knowledge and skills to conduct a postmortem analysis of an incident and provide sound recommendations for business continuity.9.1: Knowledge of the Information Technology industry, its systems, platforms, tools, and technologies.ATTACHED TAMPLATESJoint Network
Defense Bulletin
Create a 1-2 page
educational public service announcement (PSA) / Bulletin that will got to all
the banks in the FS-ISAC financial bank consortium. Take
care to eliminate any information that could identify any particular bank.
There have been recent
reports of intrusions into the networks of banks and their consortium. In this PSA/Bulletin recommend prevention
methods and remediation against the types of malicious traffic activity that
they may face or are facing.
A few suggestions:
Discuss risks observed
to network traffic analysis. Discuss IDS
and firewalls and testing for false negatives and false positives. Discuss network IP addresses and protocols
and relate them to network architecture. Discuss observations from Wireshark that could emphasize your
recommendations.
Explain in a few
paragraphs what other tools and techniques (besides Wireshark and Snort) the
bank consortium may use to detect malicious IP addresses / signatures. Provide enough detail so that a bank network
administrator could follow your explanation to deploy your system in
production. ISAC that contains the
information you observed on the network and a joint network defense bulletin to
all the banks in the FS-ISAC consortium, recommending prevention methods and
remediation against the types of malicious traffic activity that they may face
or are facing. The bulletin will be
provide separately from the report. This
report will provide a network architecture overview and will discuss data
transmission components, security attacks, techniques for monitoring such
attacks, and cyber offensives, intrusion detection (IDS) and intrusion
prevention (IPS) systems, firewalls, and risks to network traffic analysis and
remediation.
Network Architecture Overview
You traveled to the banks’ locations and gained access to
their network operations.
Network
Diagram
Discuss the network diagram here but put the diagram itself
at the bottom of this plan in the “Figures” section. Refer to Figure X (assign a number) and
discuss the network architecture. Your
overview can be based on fictitious information, or you can model network
architecture from a real researched bank.
Data
Transmission Components
Discuss various data transmission components such as: UDP,
TCP/IP, Internet Packets, IP address schemes, and well-known ports and
applications.
Relevance
of Information
Address the meanings and relevance of information, such as
the sender or source that transmits a message, the encoder used to code
messages, the medium or channel that carries the message, the decoding
mechanisms that were used, and the receiver or destination of the messages.
Intrusion
Detection and Intrusion Prevention
Describe the intrusion detection (IDS) and intrusion
prevention (IPS) systems used and the firewalls that have been established.
Make sure to link the operating systems and the software and hardware
components in the network, firewall, and IDS that make up the network defense
implementation of the banks’ networks. Identify how the banks are using
firewalls and how they are using IDSs, and identify the difference between
these technologies. Include the network infrastructure information and the IP
address schemes, which will involve the IP addressing assignment model, and the
public and private addressing and address allocations.
Potential
Risks
Identify potential risks in setting up the IP addressing
scheme. Identify any well-known ports
and applications that are being used and the risk associated with those being
identified, and possibly targeted. This
portion can be made up of fictitious information, or you can use information
from research.
Information
Security Attacks
Possible Cyberattacks
Using information from your network
architecture overview, identify possible cyberattacks such as spoofing/cache
poisoning attacks, and session hijacking attacks including but not limited to
man-in-the-middle attacks. Also provide
techniques for monitoring against these attacks.
Proposed Cyber Offensive Operation
Discuss how you would lure the hackers
to honeypots. Describe what a honeypot
is, how to set up an operation using a honeypot, and what security and
protections mechanisms would need to be in place if a bank agreed to set up a
honeypot. What are some indicators in
network traffic that would lead you to conclude that your honeypot trap has
worked? Report these from
Wireshark.
False
Negatives and False Positives Encryption
Discuss false
positives and false negatives -- identify what these are, how they are
determined, how they are tested, and which is riskier to the health of the
network. Then, identify the posed risks
to the cryptographic systems as a result of these gaps, including but not
limited to crypto attacks.
Statistical Analyses - Workspace
Discuss the statistical analyses of
false positives and false negatives from the results in Workspace, from the
banks’ networks, and how they can reduce these values. Use fictitious values
but research possible ways to reduce these events, and include as recommendations
here in this section.
IP Network Addresses
Discuss your lab work and results from
Wireshark in this section. If you want
to include the lab figures in the report (rather than separate as you can do),
then please put them all at the bottom of this plan in the “Figures”
section. Refer to Figure X (assign a
number) and discuss them to emphasize your points on network IP addresses, the
types of protocols that are running, and relate them to the network
architecture you provided in the earlier section of the report.
Include analysis of the source and
destination IP addresses that seem anomalous in nature, the traffic volume
patterns with date and time corroborations, and other significant details of
the network traffic analysis here in this section.
Network Forensics Analysis
Discuss your lab work and results from
Snort in this section. If you want to
include the lab figures in the report (rather than separate as you can do),
then please put them all at the bottom of this plan in the “Figures” section. Refer to Figure X (assign a number) and
discuss them to emphasize your points on network forensics analysis and
malicious IP addresses.
Identify malicious IP addresses and discuss
how they can be used to design signatures for the IDS, programming the IDS to
block this known bad traffic. Discuss
some of your lab work where you develop proposed Snort signatures to prevent
against those known bad sites and test these signatures. Provide some improvements to the performance
of the signature.
Conclusion
This Malicious Network Activity Report provided a network
architecture overview and discussed data transmission components, security
attacks, techniques for monitoring such attacks, and cyber offensives,
intrusion detection (IDS) and intrusion prevention (IPS) systems, firewalls,
and risks to network traffic analysis and remediation. From here discuss your overall conclusions
and recommendations…
References
Aleisa, N. (2015). A comparison of the 3DES and AES encryption
standards. International Journal
of Security and Its Applications 9(7). doi: 10.14257/ijsia.2015.9.7.21
Defense Human Resource Activity. (n.d.). Common Access Card (CAC) Security. Retrieved from
http://cac.mil/common-access-card/cac-security
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Computer Security: Guide to integrating
forensic techniques into incident response: Recommendations of the National
Institute of Standards and Technology (Special Publication 800-86).
Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspe...
Reith, M., Carr, C., & Gunsch, G. (2002). An examination of
digital forensic models. International
Journal of Digital Evidence, 1(3), 1-12. Retrieved from
http://www.just.edu.jo/~Tawalbeh/nyit/incs712/digi...
Tables
Table 1
Demographic Data on
All 178 Respondents
Population Description
Male
Female
Total
Age ≤ 29 Years
(N = 23) 20.7%
(N = 10) 14.9%
(N = 33) 18.5%
Age 30-45 Years
(N = 34) 30.6%
(N = 29) 43.3%
(N = 63) 35.3%
Age 46-59 Years
(N = 44) 39.6%
(N = 24) 35.8%
(N = 68) 38.2%
Age 60 Years or older
(N = 10) 09.0%
(N = 04) 06.0%
(N = 14) 07.9%
Experience 05 Years Exact
(N = 15) 13.5%
(N = 10) 14.9%
(N = 25) 14.0%
Experience 06-10 Years
(N = 30) 27.0%
(N = 21) 31.3%
(N = 51) 28.6%
Experience 11-19 Years
(N = 38) 34.2%
(N = 26) 38.8%
(N = 64) 35.9%
Experience ≥ 20 Years
(N = 28) 25.2%
(N = 10) 14.9%
(N = 38) 21.3%
Table 2
Measures of Central
Tendency and Variation
N
Statistic
R
Statistic
M
Statistic
SD
Statistic
Variance
Statistic
Skewness
Statistic
Skewness
Std. Error
Gender
178
1
1.38
.486
.236
.515
.182
Age
178
3
2.35
.872
.761
-.034
.182
Experience
178
3
2.65
.970
.942
-.176
.182
Valid N
178
Figures
Figure 1.
Hospital
Information Support System.
Rasmussen Minneapolis Minnesota Nose Mouth and Throat Health History Documentation
Documentation of the Nose, Mouth, and Throat
undefined
Examiner:
undefined
Date:
undefined
Patient:
undefined
Age:
u ...
Rasmussen Minneapolis Minnesota Nose Mouth and Throat Health History Documentation
Documentation of the Nose, Mouth, and Throat
undefined
Examiner:
undefined
Date:
undefined
Patient:
undefined
Age:
undefined
Reason for Visit:
undefined
Health History – Nose
undefined
Any nasal discharge noted?
Unusually frequent of severe colds?
Any sinus pain or sinusitis?
Any trauma or injury to the nose?
Any nosebleeds? How often?
Any allergies or hay fever?
Any changes or loss in the sense of smell?
undefined
Health History – Mouth
undefined
Any sores in the mouth or on the tongue?
Any sore throat? How often?
Any bleeding gums or toothache?
Any hoarseness or voice change?
Any difficulty swallowing?
Any change in the sense of taste?
Do you smoke? How much per day? How long?
Drink alcohol? How many times per week? How many drinks per occasion?
Do you use nasal sprays?
Do you get regular dental checkups? Brush your teeth and floss daily?
undefined
Health History – Throat
undefined
Any neck pain?
Any lumps or masses in the neck?
Any surgery on the neck?
Any history of thyroid problems?
undefined
Physical Assessment
undefined
Inspect the nose and palpate sinuses
Symmetrical?
Nares patent?
Deviated septum?
Mucous membranes pink and moist?
Discharge or inflammation?
Any tenderness in frontal or maxillary sinuses?
Inspect the mouth
Lips symmetrical? Lesions? Dry or chapped?
Dentition intact? Caries?
Gums inflamed?
Any lesions in the mouth? Membranes pink and moist?
Tongue midline? Able to move?
Uvula rises with phonation?
Hard palate intact?
Tonsils present? Inflamed?
Inspect and palpate the neck
Trachea midline?
Thyroid enlarged or nodules present?
Perform ROM
ROM against resistance – head and shoulders
Palpate lymph nodes – any tenderness or inflammation?
undefined
Regional Write-Up
undefined
Subjective (Health History)
Objective (Physical Assessment)
Assessment of Risks and Plan (Include two risks)
Earn money selling
your Study Documents