Description
Unformatted Attachment Preview
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Explanation & Answer
Review
Review
Anonymous
Great! 10/10 would recommend using Studypool to help you study.
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
24/7 Homework Help
Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!
Most Popular Content
Who can help me design a secure network?
Designing a
Secure Network
This
term paper involves putting together the various concepts learned throughout
t ...
Who can help me design a secure network?
Designing a
Secure Network
This
term paper involves putting together the various concepts learned throughout
this course. You are tasked with designing the most secure network possible,
keeping in mind your goal of supporting three (3) IT services: email, file
transfer (centralized), and VPN. Your first step is to design a single network
capable of supporting there three (3) different services. Once you have fully
designed your network, you will need to provide three (3) workflow diagrams explaining
how your designed network handles the three (3) different transactions. The
first is an internal user sending an email using his / her corporate email
address to a user on the Yahoo domain with an arbitrary address of
user534@yahoo.com. The second workflow diagram should show a user initiating an
FTP session from inside your network to the arbitrary site of
ftp.netneering.com. The third workflow is an externally located employee
initiating a VPN session to corporate in order to access files on the Windows
desktop computer, DT-Corp534-HellenS, at work.
Write
a ten to fifteen (10-15) page paper in which you complete the following three
(3) Parts. Note: Please use the following page breakdown to complete your
assignment:
Overall network
diagram: One (1) pageDatapath
diagrams: Three (3) pages (one for each diagram)Write-up: six to
ten (6-10) pages
Part 1
1a.
Using
Microsoft Visio or its open source alternative, create a diagram showing the
overall network you’ve designed from the user or endpoint device to the
Internet cloud, and everything in between, in which you:
Follow
the access, core, distribution layer model.Include
at a minimum:
· Authentication server
(i.e. Microsoft Active Directory)
· Routers
· Switches (and / or
hubs)
· Local users
· Remote users
· Workstations
· Files share (i.e.
CIFS)
· Mail server
· Web servers (both
internal and external)
· Firewalls
· Internet cloud
· Web proxy
· Email proxy
· FTP server (for internal-to-external
transport)
1b.
Explain
each network device’s function and your specific configuration of each
networking device.
1c.
Design
and label the bandwidth availability or capacity for each wired connection.
Part 2
2a.
Using
Microsoft Visio or its open source alternative, create a Datapath Diagram for
the following scenario:
Local user sends email to a Yahoo
recipient. Local (corporate) user having email address jonny.hill@Corp534.com sends an email to user534@yahoo.com.
Document
and label the diagram showing protocols and path of the data flow as data
traverses through your network from source to destination. Include
path lines with arrows showing directions and layer 1, 2, 3, 4, 5, 6, and
7 (OSI) protocols that are used for each flow. Show
user authentication when necessary.
2b.
Using
Microsoft Visio or its open source alternative, create a Datapath Diagram for the
following scenario:
Local user, Jonny Hill, transfers file
using ftp through the Internet to another company’s site (ftp.netneering.com). He has to access the secure shell using his active
directory credentials to authenticate to the ftp server (linux running Redhat)
on the DMZ. He needs to transfer files from his desktop across the Internet to ftp.netneering.com.
Document
and label the diagram showing protocols and path of the data flow as data
traverses through your network from source to destination. Include
path lines with arrows showing directions and layer 1, 2, 3, 4, 5, 6, and
7 (OSI) protocols that are used for each flow. Show
user authentication when necessary.
2c.
Using
Microsoft Visio or its open source alternative, create a Datapath Diagram for
the following scenario:
Remote user, Hellen Stover, connects
via VPN from home through the Internet to her corporate desktop,
DT-Corp534-HellenS. Hellen uses a browser to initiate her VPN connection. By
browsing to https://VPNaccess.corp534.com, she arrives at a login page where she needs to
authenticate using her Active Directory credentials before the VPN tunnel is
built.
i.
Document
and label the diagram showing protocols and path of the data flow as data
traverses through your network from source to destination.
ii.
Include
path lines with arrows showing directions and layer 1, 2, 3, 4, 5, 6, and 7
(OSI) protocols that are used for each flow.
iii.
Show
user authentication when necessary.
2d.
Explain
how your overall design protects the organization from both inside and outside
attacks. Give examples.
2e.
Explain
how your layered design compensates for possible device failures or breaches in
network security.
2f.
Determine
whether any possible bottlenecks exist in your design.
2g.
Explain
how to make the file transfer process more secure.
Part 3
Use at least three
(3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your
assignment must follow these formatting requirements:
Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or school-specific format.
Check with your professor for any additional instructions.Include a cover
page containing the title of the assignment, the student’s name, the
professor’s name, the course title, and the date. The cover page and the
reference page are not included in the required assignment page length.Include
charts or diagrams created in Visio or an equivalent such as Dia. The
completed diagrams / charts must be imported into the Word document before
the paper is submitted.
The
specific course learning outcomes associated with this assignment are:
Explain the
essentials of Transmission Control Protocol / Internet Protocol (TCP / IP)
behavior and applications used in IP networking.Identify network
security tools and discuss techniques for network protection
7 pages
Corporate Ethics Portfolio.edited
As initially indicated, China is the country the organization intends to. Some of the ethical challenges identified to be ...
Corporate Ethics Portfolio.edited
As initially indicated, China is the country the organization intends to. Some of the ethical challenges identified to be clouding the progression of ...
Recommendations for Cyber Security Technologies
Thinking back over all of the research that you have read during this course, identify one emerging or leading technology ...
Recommendations for Cyber Security Technologies
Thinking back over all of the research that you have read during this course, identify one emerging or leading technology that you believe has the most potential as a cybersecurity or cyber defense solution.Write a one page (300 word) recommendation for this technology. Include in your recommendation three or more cybersecurity or cyber defense related benefits that you believe will be realized by companies who adopt this technology.Your audience for this recommendation is the CEO of a large company that is interested in finding and funding further research into promising cybersecurity related technologies.
The operating system (OS) of an information system, computer science homework help
The operating system (OS) of an information system contains the software that executes the critical functions of the infor ...
The operating system (OS) of an information system, computer science homework help
The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.There are seven steps that will help you create your final deliverables. The deliverables for this project are as follows:Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.2.3: Evaluate the information in logical manner to determine value and relevance.5.4: Identify potential threats to operating systems and the security features necessary to guard against them.The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.Click on and read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation:operating systems fundamentalsthe applications of the OSThe Embedded OSinformation system architecturecloud computingweb architectureAfter reviewing the resources, begin drafting the OS overview to incorporate the following:Explain the user's role in an OS.Explain the differences between kernel applications of the OS and the applications installed by an organization or user.Describe the embedded OS.Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, modern web architecture.Include a brief definition of operating systems and information systems in your SAR.You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying "So what?" They are not well versed in web security issues; so in your SAR you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:Windows vulnerabilitiesLinux vulnerabilitiesMac OS vulnerabilitiesSQL PL/SQL, XML and other injectionsBased on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:Explain Windows vulnerabilities and Linux vulnerabilities.Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.Explain the motives and methods for intrusion of the MS and Linux operating systems;Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.Describe how and why different corporate and government systems are targets.Describe different types of intrusions such as SQL PL/SQL, XML, and other injectionsYou will provide leadership with a brief overview of vulnerabilities in your SAR.You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of your organization's operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the why’s and how’s of vulnerability assessments and security updates:Vulnerability assessmentsPatches Then provide the leadership with the following:Include a description of the methodology you used to assess the vulnerabilities of the incorporate operating systems.Include a description of the applicable tools used, and the limitations of the tools and analyses, if any.Include the projected findings from using these vulnerability assessment tools.In your report, discuss the strength of passwords, any IIS administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches.Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you.Click here to access the instructions for Navigating the Workspace and the Lab Setup.Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use.You've prepared for your assessment; now it's time to perform.Security and vulnerability assessment analysis tools, such as Microsoft Baseline Security Analyzer (MBSA) for Windows OS and OpenVAS for Linux OS, are standalone tools designed to provide you with a streamlined method for identifying common security misconfigurations and missing security updates for the operating systems and applications. These tools work on layers 5-7 of the Open System Interconnection (OSI) model.Enter Workspace and complete the lab activities related to operating system vulnerabilities. Utilize the tools' built-in checks to complete the following for Windows OS (e.g., using MBSA):Determine if Windows administrative vulnerabilities are present.Determine if weak passwords are being used on Windows accounts.Learn which security updates are required on each individual system.You will also complete a similar exercise for Linux OS (e.g., using the OpenVAS tool). Select the following links to learn more about OpenVAS and computer networks:OpenVASComputer networksUtilize the OpenVAS tool to complete the following:Determine if Linux vulnerabilities are present.Determine if weak passwords are being used on Linux systems.Learn which security updates are required for the Linux systems.Knowledge acquired from this Workspace exercise and capability of this tool will help your company's client organizations secure the computer networks’ resources and protect corporate data from being stolen.Validate and record the benefits of using these types of tools. You will include this in the SAR.You will utilize the tools in Workspace for this step.You have just finished working with vulnerability assessment tools for the OS and applications. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. Next, you will use the same tool to scan one or more computers by domain, IP address range, or other grouping.Once complete, this tool provides a detailed report and instructions on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.You will compile your findings using both tools. Consider the unique findings of each tool, the common findings, and the differences in their capabilities. You should provide a brief discussion of this in your report.By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system's security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR).In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.Remember to include these analyses and conclusions in the SAR deliverable:After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.Include your SAR in your final deliverable to leadership.Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company's leadership.Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these nontechnical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation:How do you present your technical findings succinctly to a nontechnical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings.Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.The deliverables for this project are as follows:Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.Submit your deliverables to the assignment folder.Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.2.3: Evaluate the information in logical manner to determine value and relevance.5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
CYB 602 Week 4 SRIDE vs PASTA Discussion
Select one of the Options below as your primary topic. To help keep track of replies vs. original postings, your Subject l ...
CYB 602 Week 4 SRIDE vs PASTA Discussion
Select one of the Options below as your primary topic. To help keep track of replies vs. original postings, your Subject line should start with: Lastname – Option [A or B] (e.g. Simpson - Option A).Option ACompare and contrast the following threat modeling methods/approaches:STRIDEPASTAYou should provide an overview of each method (i.e., the major steps that make up each acronym); however, you do not need to provide details of each step. (Hint: you should identify and address the primary underlying difference between them.)Option BThe textbook covers risk management strategies and how threat modeling and threat intel can improve risk mitigation. Discuss the components of a risk analysis and how threat analysis and vulnerability assessment/identification should be used. Although the textbook might focus on the Software Development Life Cycle (SDLC), you are not limited to that process for your discussion.
University of the Cumberlands Malware and Private Information Discussion
Task1:words:400Using a Web browser, perform some research on a newer malware variant
that has been reported by a major ma ...
University of the Cumberlands Malware and Private Information Discussion
Task1:words:400Using a Web browser, perform some research on a newer malware variant
that has been reported by a major malware containment vendor. Using a
search engine, go to the vendor’s Web site; this could be Symantec, McAfee,
or any of their competitors. Visit one malware prevention software vendor.
Search for the newest malware variants and pick one. Note its name and try
to understand how it works. Now look for information about that same malware from at
least one other vendor. Were you able to see this malware at both vendors? If so, are there
any differences in how they are reported between the two vendors?Task2:words:400Using a Web search tool, identify cases in which private information was disclosed when
computer equipment was discarded. Recent examples have included smartphones (like BlackBerry) that were sold without proper data cleansing and hard drives that were sold without
data cleansing after the computers they were originally used in were upgraded.
Similar Content
University of the Cumberlands Computer Science Discussion
please find the attached document and reply to student posts. stduent names in bold....
Simple discussion Questions
Am already assuming i havent paid anything. I Will pay extra 10$ as a tip after you have done the question on time. I just...
What is the correct value to return to the operating system upon the successful
What is the correct value to return to the operating system upon the successful completion of a program?A. -1 B. 1&nb...
Saudi Electronic University Web Security Worksheet
Fill in the attached table in Web Security
First: Required 6 Types of incidents occurred from 2016 to 2020
on web security...
IT 402 Saudi Electronic University Integrated Enterprise Systems Worksheet
Assignment 2
Instructions:
•
•
•
•
•
•
•
Zero mark will be given if you try to bypass the SafeAssign (e....
Cumberland University Information Technology and Organization Questions
Information Systems for Business and Beyond Questions:Chapter 5 – study questions 1-9, Exercise 1 & 3Information Technol...
Cybersecurity Capstone Release Form 2
Summary of the Problem: The cybersecurity issue is Ransomware attacks. It is one of the cybersecurity threats the attacker...
Nyit Vs Ucla Work
Computer as perfect as they are have some lapses, one of them is the fact that they are insecure, very vulnerable to intru...
Industrial Espionage Revised 091
Industrial espionage refers to stealing or theft of business secrets by copying or removing valued or intimate data in a f...
Related Tags
Book Guides
Get 24/7
Homework help
Our tutors provide high quality explanations & answers.
Post question
Most Popular Content
Who can help me design a secure network?
Designing a
Secure Network
This
term paper involves putting together the various concepts learned throughout
t ...
Who can help me design a secure network?
Designing a
Secure Network
This
term paper involves putting together the various concepts learned throughout
this course. You are tasked with designing the most secure network possible,
keeping in mind your goal of supporting three (3) IT services: email, file
transfer (centralized), and VPN. Your first step is to design a single network
capable of supporting there three (3) different services. Once you have fully
designed your network, you will need to provide three (3) workflow diagrams explaining
how your designed network handles the three (3) different transactions. The
first is an internal user sending an email using his / her corporate email
address to a user on the Yahoo domain with an arbitrary address of
user534@yahoo.com. The second workflow diagram should show a user initiating an
FTP session from inside your network to the arbitrary site of
ftp.netneering.com. The third workflow is an externally located employee
initiating a VPN session to corporate in order to access files on the Windows
desktop computer, DT-Corp534-HellenS, at work.
Write
a ten to fifteen (10-15) page paper in which you complete the following three
(3) Parts. Note: Please use the following page breakdown to complete your
assignment:
Overall network
diagram: One (1) pageDatapath
diagrams: Three (3) pages (one for each diagram)Write-up: six to
ten (6-10) pages
Part 1
1a.
Using
Microsoft Visio or its open source alternative, create a diagram showing the
overall network you’ve designed from the user or endpoint device to the
Internet cloud, and everything in between, in which you:
Follow
the access, core, distribution layer model.Include
at a minimum:
· Authentication server
(i.e. Microsoft Active Directory)
· Routers
· Switches (and / or
hubs)
· Local users
· Remote users
· Workstations
· Files share (i.e.
CIFS)
· Mail server
· Web servers (both
internal and external)
· Firewalls
· Internet cloud
· Web proxy
· Email proxy
· FTP server (for internal-to-external
transport)
1b.
Explain
each network device’s function and your specific configuration of each
networking device.
1c.
Design
and label the bandwidth availability or capacity for each wired connection.
Part 2
2a.
Using
Microsoft Visio or its open source alternative, create a Datapath Diagram for
the following scenario:
Local user sends email to a Yahoo
recipient. Local (corporate) user having email address jonny.hill@Corp534.com sends an email to user534@yahoo.com.
Document
and label the diagram showing protocols and path of the data flow as data
traverses through your network from source to destination. Include
path lines with arrows showing directions and layer 1, 2, 3, 4, 5, 6, and
7 (OSI) protocols that are used for each flow. Show
user authentication when necessary.
2b.
Using
Microsoft Visio or its open source alternative, create a Datapath Diagram for the
following scenario:
Local user, Jonny Hill, transfers file
using ftp through the Internet to another company’s site (ftp.netneering.com). He has to access the secure shell using his active
directory credentials to authenticate to the ftp server (linux running Redhat)
on the DMZ. He needs to transfer files from his desktop across the Internet to ftp.netneering.com.
Document
and label the diagram showing protocols and path of the data flow as data
traverses through your network from source to destination. Include
path lines with arrows showing directions and layer 1, 2, 3, 4, 5, 6, and
7 (OSI) protocols that are used for each flow. Show
user authentication when necessary.
2c.
Using
Microsoft Visio or its open source alternative, create a Datapath Diagram for
the following scenario:
Remote user, Hellen Stover, connects
via VPN from home through the Internet to her corporate desktop,
DT-Corp534-HellenS. Hellen uses a browser to initiate her VPN connection. By
browsing to https://VPNaccess.corp534.com, she arrives at a login page where she needs to
authenticate using her Active Directory credentials before the VPN tunnel is
built.
i.
Document
and label the diagram showing protocols and path of the data flow as data
traverses through your network from source to destination.
ii.
Include
path lines with arrows showing directions and layer 1, 2, 3, 4, 5, 6, and 7
(OSI) protocols that are used for each flow.
iii.
Show
user authentication when necessary.
2d.
Explain
how your overall design protects the organization from both inside and outside
attacks. Give examples.
2e.
Explain
how your layered design compensates for possible device failures or breaches in
network security.
2f.
Determine
whether any possible bottlenecks exist in your design.
2g.
Explain
how to make the file transfer process more secure.
Part 3
Use at least three
(3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your
assignment must follow these formatting requirements:
Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or school-specific format.
Check with your professor for any additional instructions.Include a cover
page containing the title of the assignment, the student’s name, the
professor’s name, the course title, and the date. The cover page and the
reference page are not included in the required assignment page length.Include
charts or diagrams created in Visio or an equivalent such as Dia. The
completed diagrams / charts must be imported into the Word document before
the paper is submitted.
The
specific course learning outcomes associated with this assignment are:
Explain the
essentials of Transmission Control Protocol / Internet Protocol (TCP / IP)
behavior and applications used in IP networking.Identify network
security tools and discuss techniques for network protection
7 pages
Corporate Ethics Portfolio.edited
As initially indicated, China is the country the organization intends to. Some of the ethical challenges identified to be ...
Corporate Ethics Portfolio.edited
As initially indicated, China is the country the organization intends to. Some of the ethical challenges identified to be clouding the progression of ...
Recommendations for Cyber Security Technologies
Thinking back over all of the research that you have read during this course, identify one emerging or leading technology ...
Recommendations for Cyber Security Technologies
Thinking back over all of the research that you have read during this course, identify one emerging or leading technology that you believe has the most potential as a cybersecurity or cyber defense solution.Write a one page (300 word) recommendation for this technology. Include in your recommendation three or more cybersecurity or cyber defense related benefits that you believe will be realized by companies who adopt this technology.Your audience for this recommendation is the CEO of a large company that is interested in finding and funding further research into promising cybersecurity related technologies.
The operating system (OS) of an information system, computer science homework help
The operating system (OS) of an information system contains the software that executes the critical functions of the infor ...
The operating system (OS) of an information system, computer science homework help
The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.There are seven steps that will help you create your final deliverables. The deliverables for this project are as follows:Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.2.3: Evaluate the information in logical manner to determine value and relevance.5.4: Identify potential threats to operating systems and the security features necessary to guard against them.The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.Click on and read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation:operating systems fundamentalsthe applications of the OSThe Embedded OSinformation system architecturecloud computingweb architectureAfter reviewing the resources, begin drafting the OS overview to incorporate the following:Explain the user's role in an OS.Explain the differences between kernel applications of the OS and the applications installed by an organization or user.Describe the embedded OS.Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, modern web architecture.Include a brief definition of operating systems and information systems in your SAR.You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying "So what?" They are not well versed in web security issues; so in your SAR you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:Windows vulnerabilitiesLinux vulnerabilitiesMac OS vulnerabilitiesSQL PL/SQL, XML and other injectionsBased on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:Explain Windows vulnerabilities and Linux vulnerabilities.Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.Explain the motives and methods for intrusion of the MS and Linux operating systems;Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.Describe how and why different corporate and government systems are targets.Describe different types of intrusions such as SQL PL/SQL, XML, and other injectionsYou will provide leadership with a brief overview of vulnerabilities in your SAR.You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of your organization's operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the why’s and how’s of vulnerability assessments and security updates:Vulnerability assessmentsPatches Then provide the leadership with the following:Include a description of the methodology you used to assess the vulnerabilities of the incorporate operating systems.Include a description of the applicable tools used, and the limitations of the tools and analyses, if any.Include the projected findings from using these vulnerability assessment tools.In your report, discuss the strength of passwords, any IIS administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches.Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you.Click here to access the instructions for Navigating the Workspace and the Lab Setup.Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use.You've prepared for your assessment; now it's time to perform.Security and vulnerability assessment analysis tools, such as Microsoft Baseline Security Analyzer (MBSA) for Windows OS and OpenVAS for Linux OS, are standalone tools designed to provide you with a streamlined method for identifying common security misconfigurations and missing security updates for the operating systems and applications. These tools work on layers 5-7 of the Open System Interconnection (OSI) model.Enter Workspace and complete the lab activities related to operating system vulnerabilities. Utilize the tools' built-in checks to complete the following for Windows OS (e.g., using MBSA):Determine if Windows administrative vulnerabilities are present.Determine if weak passwords are being used on Windows accounts.Learn which security updates are required on each individual system.You will also complete a similar exercise for Linux OS (e.g., using the OpenVAS tool). Select the following links to learn more about OpenVAS and computer networks:OpenVASComputer networksUtilize the OpenVAS tool to complete the following:Determine if Linux vulnerabilities are present.Determine if weak passwords are being used on Linux systems.Learn which security updates are required for the Linux systems.Knowledge acquired from this Workspace exercise and capability of this tool will help your company's client organizations secure the computer networks’ resources and protect corporate data from being stolen.Validate and record the benefits of using these types of tools. You will include this in the SAR.You will utilize the tools in Workspace for this step.You have just finished working with vulnerability assessment tools for the OS and applications. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. Next, you will use the same tool to scan one or more computers by domain, IP address range, or other grouping.Once complete, this tool provides a detailed report and instructions on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.You will compile your findings using both tools. Consider the unique findings of each tool, the common findings, and the differences in their capabilities. You should provide a brief discussion of this in your report.By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system's security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR).In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.Remember to include these analyses and conclusions in the SAR deliverable:After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.Include your SAR in your final deliverable to leadership.Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company's leadership.Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these nontechnical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation:How do you present your technical findings succinctly to a nontechnical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings.Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.The deliverables for this project are as follows:Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.Submit your deliverables to the assignment folder.Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.2.3: Evaluate the information in logical manner to determine value and relevance.5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
CYB 602 Week 4 SRIDE vs PASTA Discussion
Select one of the Options below as your primary topic. To help keep track of replies vs. original postings, your Subject l ...
CYB 602 Week 4 SRIDE vs PASTA Discussion
Select one of the Options below as your primary topic. To help keep track of replies vs. original postings, your Subject line should start with: Lastname – Option [A or B] (e.g. Simpson - Option A).Option ACompare and contrast the following threat modeling methods/approaches:STRIDEPASTAYou should provide an overview of each method (i.e., the major steps that make up each acronym); however, you do not need to provide details of each step. (Hint: you should identify and address the primary underlying difference between them.)Option BThe textbook covers risk management strategies and how threat modeling and threat intel can improve risk mitigation. Discuss the components of a risk analysis and how threat analysis and vulnerability assessment/identification should be used. Although the textbook might focus on the Software Development Life Cycle (SDLC), you are not limited to that process for your discussion.
University of the Cumberlands Malware and Private Information Discussion
Task1:words:400Using a Web browser, perform some research on a newer malware variant
that has been reported by a major ma ...
University of the Cumberlands Malware and Private Information Discussion
Task1:words:400Using a Web browser, perform some research on a newer malware variant
that has been reported by a major malware containment vendor. Using a
search engine, go to the vendor’s Web site; this could be Symantec, McAfee,
or any of their competitors. Visit one malware prevention software vendor.
Search for the newest malware variants and pick one. Note its name and try
to understand how it works. Now look for information about that same malware from at
least one other vendor. Were you able to see this malware at both vendors? If so, are there
any differences in how they are reported between the two vendors?Task2:words:400Using a Web search tool, identify cases in which private information was disclosed when
computer equipment was discarded. Recent examples have included smartphones (like BlackBerry) that were sold without proper data cleansing and hard drives that were sold without
data cleansing after the computers they were originally used in were upgraded.
Earn money selling
your Study Documents