SEC 280 Principles of Information Systems Security Entire Course Follow Below Link to Download Tutorial
https://homeworklance.com/downloads/sec-280-principles-information-systems-security-entire-course/
For More Information Visit Our Website (
https://homeworklance.com/
)
DeVry SEC280 Week 1 Discussion 1 & 2 dq 1 Data Breaches (graded)
Use one of your favorite search engines (preferably www.google.com) and search world’s biggest data breaches.Select at least two of the major data breaches from the list you found and complete the following. Explain how they impacted you. Many of the breached companies had standard security controls like firewalls and intrusion detection systems. Discuss what was missing in their designs and processes. Add other items that you believe organizations should improve on to avoid breaches. dq 2 Data Integrity as Part of CIA Triad (graded)
Data integrity verifies that data remains unaltered in transit from creation to reception. Explain what would happen if we were to remove Integrityfrom the CIA triad. Discuss how integrity helps with confidentiality and access control. Discuss the overall impact to digital communication without data integrity. DeVry SEC280 Week 2 Discussion 1 & 2 dq 1 Symmetric Encryption (graded)
The initial encryption standard developed by NIST was called data encryption standard (DES). DES is too weak for modern applications since the key size is only 56-bit. It was replaced by advanced encryption standard (AES). AES has variable key sizes and can require a key size of 256-bit. Discuss if you think AES key size has a direct relationship with algorithm strength. Do you think that AES-256 is necessarily better than AES-128? How long do you think it would take to launch a brute force attack on AES-128 using a standard computer? dq 2 Asymmetric Encryption (graded)
Asymmetric encryption is based on the concept of a private key to decrypt and a public key to encrypt. RSA and Diffie-Hellman are two common algorithms used for asymmetric encryption, and they are extremely slow and can be used in limited applications. The key sizes are much larger than symmetric algorithms. Explain why asymmetric algorithms, such as RSA and Duffie-Hellman, are relatively slow. Discuss why asymmetric encryption algorithms require larger key sizes DeVry SEC280 Week 3 Discussion 1 & 2 dq 1 Asymmetric Encryption—the RSA Algorithm (graded)
Asymmetrical encryption uses one key to encrypt and another key to decrypt. The most common algorithm used in applications is the RSAalgorithm. RSAis based on prime numbers. Select two small prime numbers and compute Product = (p-1)(q-1)and select a number ebetween 1 and Product.The ethat you computed is a simplified example of a public key. Post your selection and computation. The RSA algorithm and most asymmetric encryption are considered slow. Based on your computation, explain why the algorithm is slow. dq 2
TLS/SSL (graded)
TLS/SSL is used to secure http traffic on networks. For this post, access a website requiring HTTPS. Find and post all the protocols that the site is using (click on the lock on the right end side of your browser menu for IE). Find the public key and paste it in your post. DeVry SEC280 Week 4 Discussion 1 & 2 dq 1 Hashing Algorithms (graded)
Secure Hash Algorithm is the current hashing standard established by the National Institute for Standard and Technology. It uses a 160-bit hash but lately most organizations are moving toward a 256-bit hash. Is a 128-bit hash no longer sufficient for integrity checks? Explain the likelihood of a collision in a 128-bit hash. You do not need to explain the mathematics. dq 2 Digital Signatures (graded)
A digital signature is a technique to validate the integrity and authenticity of a message. The signature provides assurance that the sender is the true sender, and the message has not been changed during transmission. What are the similarities between a digital signature and a handwritten signature? Differentiate among the three different classes of digital signatures. DeVry SEC280 Week 5 Discussion 1 & 2 dq 1 Access Controls (graded)
There are two basic ways to tell if a network or system is under attack. These are with intrusion-detection systems (IDSs) and intrusion-protection systems (IPSs). Discuss how each of these approaches is different. Do not forget to include how network-based and hosted-based systems come into play. You work for a small bank that has only 11 branches, and you must design a system that gives notice of a possible attack. Discuss what tools can be used, how they can be implemented to protect the bank, and how they can notify the appropriate people when the network comes under attack. dq 2 Application Security (graded) 1. 2. 3. 4.
Testing for an unknown is a virtually impossible task. What makes it possible at all is the concept of testing for categories of previously determined errors. The different categories of errors are 1. buffer overflows (most common); 2. code injections; 3. privilege errors; and 4. cryptographic failures. Please evaluate the software engineering, secure-code techniques, and the most important rule that relates to defending against a denial-of-service attack. Here are two types of error categories: the failure to include desired functionality and the inclusion of undesired behavior in the code. Testing for the first type of error is relatively easy. Other items we should understand for error opportunities in applications are related to design, coding, and testing. How do we assure that these items are addressed in our software-application development or acquisition? DeVry SEC280 Week 6 Discussion 1 & 2 dq 1 Attacks and Malware (graded)
What are the different ways that malware can infect a computer? What malware and spyware protection software do you think is the best and why? There are many types of attacks described in the text. Describe the attack and what method you could do to avoid such an attack. Many attacks are carried out by groups of hackers. Describe the objectives of some of these groups. What is the difference between white-hat and black-hat hackers? dq 2 Identity Theft (graded)
What steps would you take at your current or future job to ensure that personal information, such as human resources or customer information, is not compromised? Do companies have a responsibility to disclose identity-theft breaches that occur in their organizations? Present a strategy for educating a user about avoiding e-mail risk without saying, “Do not open an e-mail from someone you do not know.” This has been said many times and has failed. Take the time to think outside of the box about how you can get people to think before they act with e-mail. DeVry SEC280 Week 7 Discussion 1 & 2 dq 1 Mitigating Risk (graded) Top management asks you to present a review of the security risks associated with the various servers in the computing infrastructure. Take one of the servers and address three security risks from the least (low risk or moderate risk) to the greatest (high risk) and the kind of risk presented. For instance, if a server is closer to the network perimeter, it is at a higher risk of being compromised by a hacker. This is where it all starts. How do you implement consistent security policies? dq 2 Incident Handling (graded)
Surprisingly, many of us may be unknowing victims of botnets. Because of the rising sophistication of botnet schemes, your computer can become a zombie along with thousands of other computers that flood a victim’s network and bring down servers. While the attack is going on, the botnet infects the network with spam, viruses, and malware. What are the four simple rules of stopping botnets on your personal PCs? What are some of the symptoms that would make you suspicious that your computer has been attacked? What part of a security incident should be logged? DeVry SEC280 Week 1 Exercise Exercise – CIA Triad Download the Excel Template Data_Week1.xlsx and review column A (Information Type). Based on what you have learned in Week 1, chose the most important security attribute for the data field in column A using the drop down list. As an example, for a social security number, is the first priority to keep the numbers confidential, guarded from modifications, or available in digital format? If you feel all three attributes are equally important, select “Same Level of Importance” for all three priorities. The comment column (column E), must be used to justify your selections. Assignment Grading Rubric Points % Selection of associated security attributes 25 42% Justification for your selections (column E) 25 42% Spelling and grammar 6 10% APA style 4 6% Total 60 100% Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. Information Type Priority One Priority Two Priority Three Comments for Your Selections Social Security Number of an Individual First Name and Last Name Credit Card Number Qualification Medical Information Publications Salary Place of Employment Country of Origin Parent Names Children Names Marital Status Passport Number Languages Spoken Drivers License Number Level of Education Major in College Date of Birth Citizenship Ethnic Background Criminal Records Spouse Name Grade Point Average in College Research Interest Investment Accounts DeVry SEC280 Week 2 Exercise Exercise—Encryption Activity
Use your favorite browser to access https://www.cryptool.org. The free download area on the right of the page has three download options. Download CrypTool 1.4.30 English and install the software on your personal computer. Download the Word template called Week2.docx and complete the activities. You will need to capture screens and paste them into your template. Once completed, upload your template in the Unit 2 Dropbox. There is also a video instruction to help you complete this assignment. Do not uninstall the software from your PC until you complete Unit 3. Week 2 Assignment View this video to help you complete this assignment. Do not uninstall the software from your PC until you complete Unit 3. Transcript Assignment Grading Rubric Points % Template completion (4 x 20) 80 80% Explanation of concepts (1 X 10) 10 10% Spelling and grammar 5 5% APA style 5 5% Total 100 100% Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. Exercise 1 Symmetric Encryption using Vigenere Cipher 1. 1. Click on Filefrom the menu and select New. 2. 2. Enter (paste) the following text in the window: On September 25, 1789, the First Congress of the United States proposed 12 amendments to the Constitution. The 1789 Joint Resolution of Congress proposing the amendments is on display in the Rotunda in the National Archives Museum. Ten of the proposed 12 amendments were ratified by three-fourths of the state legislatures on December 15, 1791. The ratified Articles (Articles 3–12) constitute the first 10 amendments of the Constitution, or the U.S. Bill of Rights. In 1992, 203 years after it was proposed, Article 2 was ratified as the 27th Amendment to the Constitution. Article 1 was never ratified. 3. 3. Click on the Encrypt/Decrypt. 4. 4. Select Symmetric (classic)from the drop down list. 5. 5. SelectVigenere. 6. 6. Enter a key –ORANGE (you may want to try the encryption with other keys). 7. 7. Click Encrypt. 8. 8. Capture this screen (SHIFT + PRTSCN)in Windows and paste below. Exercise 2 Encryption with DES in CBC mode 1.Repeat the process above and select Symmetric (Modern). 2.Select DES CBC mode. 3.In the pop-up window, select Encrypt. 4. 4. Capture this screen (SHIFT + PRTSCN)in Windows and paste below. Exercise 3 Asymmetric encryption using RSA Encryption 1.Repeat the process above and select Asymmetric. 2.SelectRSA Encryption. 3. 3. Select SideChannel(under Last Name). 4. 4. Click Encrypt. 5. 5. Capture this screen (SHIFT + PRTSCN)in Windows and paste below. 6. 6. Close Cryptool. Exercise 4 1. 1. Create a text file made up of at least five pages of text. The text can be anything you would like. 2. 2. Save the file on your C:\ Drive as TEXT.txt 3. 3. Open Cryptool. 4. 4. Click on File. 5. 5. This time, select Open. 6. 6. Browse to c:\TEXT.txt 7. 7. Click on Encrypt/Decrypt. 8. 8. Select Asymmetric. 9. 9. Select RSA Encrypt. 10. 10. Check DISPLAY ENCRYPTION TIMEat the bottom on the page.
11. 12.
11. Select SideChannelin the window. 12. Click on Encrypt. Record your time below. TIME = Notice that the time taken is somewhat large for computing. Symmetrical encryption would take less than .001 of a sec to encrypt the same text. DeVry SEC280 Week 3 Exercise
1. 2. 3. 4. 5.
You installed Cryptool version 1.4.31 in Week 2. If you uninstalled Cryptool, you will need to reinstall the software as you did in Week 2. Follow the same instructions from unit 2 to open Cryptool. Click on File from the top menu bar and select New. Type This is a test. at least five times. Click on Encrypt/Decrypt from the top Menu Bar. Select Asymmetric encryption. In the pop-up window, select the only option available (this is a user profile)— SideChannelAt……. Click on Encrypt. The RSA-encrypted text will be displayed. Capture the screen and paste it in the Word template called Week 3 Template.docx. In the next step, you are going to create a key pair. Note that asymmetrical encryption uses a key to encrypt (public key) and another key to decrypt (private key). Click on Digital Signature/PKI from the top menu bar and select PKI. Now choose Generate/Import keys. Complete the pop-up template. Select RSA and 1024 for Bit Length. Complete the User Data section on the right. Remember to select a PIN because every time you decrypt, you will need the PIN to have access to your PIN. Capture the completed pop-up window and paste it in your template. Click on Generate new key pair. Close the pop-up window. Now click on Encrypt/Decrypt and select Asymmetric Encryption. You will see your profile in the list of recipients. Capture this screen and paste in your template. This profile will be used in Week 4. Close the pop-up window. Click on Encrypt/Decrypt and select RSA demonstration. RSA uses two prime numbers to generate the public key and private key. Enter a prime number (e.g., 13) for p and another prime number for q (e.g., 7). Now capture the screen and add it to your template. Notice your RSA modulus is 15. Click on Alphabet and number system option. Select Specify alphabet. Select Normal in RSA variant. Select Decimal in Number System. Now enter a message in the input row “This is a test.” Click on Encrypt. Click OK on the pop-up message. Now capture this screen and paste it in your template. Assignment Grading Rubric Points % Successful completion of the required five steps in the demo 5X17 = 85 85% Required format and clarity 10 10% Spelling and grammar 3 3% APA style 2 2% Total 100 100% Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. Week 3 Template 1. Capture Screen 1 (Encrypt using SideChannel Profile.) 2. Screen for Key Pair 3. Creation of Profile 4. RSA Demonstration 5. Using Key Pair to Encrypt DeVry SEC280 Week 4 Exercise Exercise – Keys In this assignment, you will use Cryptool to generate encryption keys (if you deleted your earlier one, you will need to generate another one), sign a document, verify a signature, and extract a signature. Before we continue, let’s recap how a signature works. A document has a unique hashed value. The hash value can be encrypted with an individual’s private key to tie the document to the holder of the private key. The encrypted hashed value is called signing a document. To start this exercise, open Cryptool (installed in Week 2). Click on File and Open. In the open window, type the following message: “It is a great day at DeVry University.” Click on Digital Signature/PKI from the menu bar. Select Generate/Import keys. In the pop-up window, select RSA and complete the User Data portion on the right panel. Select a PIN. I recommend “1234” for now. Click on Generate new key pair at the bottom of the screen. You will
1. 2. 3. 4.
receive a message that the keys were generated successfully. Close any open windows except the windows with our message: “It is a great day at DeVry University.” Now, select SHA-1 (160 bits) for hash function and choose RSA for signature algorithm and now select your key pair from the bottom pane. Remember to enter your PIN (1234). The digital signature will be displayed in another window. Capture this screen and paste it in the Week4_Template. Leave the signature page and click on Digital Signature/PKI and click on Verify Signature. Select the key pair and click on Verify Signature. You will get a message that the signatures are correct. They have to be because we just created the signatures. Capture the Signature Verification page and paste it in your Week4_Template. Now click on Digital Signatures/PKI and Click on Extract a Signature. A pop-up window will be displayed with the extracted signature. The signature and the signed message are displayed. Capture the page and paste it in the Week4_Template. Close all open Windows. Now, create a text file in your document folder on your PC (save it as MYTEST.txt). This text document can contain any you would like and can be created using Notepad. Back to Cryptool, click on Digital Signatures/PKI. Select Signature Demonstration. The pop-up will contain a diagram of a schematic of the digital signature process. Click on Open document. Select the text document you created earlier. Click on Select Hash function. Choose SHA-1 and then click on OK. Click on Compute hash value and click on Hash value. The hash value of your file will be displayed at the bottom of the window. Now click on Generate key. Click on Generate Primes (accept default values) and Accept Primes. Click on Store Key. Now click on Encrypt Hash Value. Click on Encrypted Hash value. The Encrypted Hash value will be displayed at the bottom of the window. Now you are going to click on Provide Certificate. Enter your first and last name and a PIN (confirm the PIN). Click on Generate Signature. The signature will be displayed at the bottom of the window. Now click on Store signature. Capture the display screen and paste it in your Week4_Template. Click OK and close Cryptool. Assignment Grading Rubric Points % Hands-on lab assignment 14 X 4 = 56 93.4% APA 1 1.6% Spelling 1 1.7% Grammar 2 3.3% Total 60 100% Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. Week 4 Assignment 1. Digital Signature Screen Capture 2. Signature Verification Screen Capture 3. Extracted Signature Screen Capture 4. Stored Signature Screen Capture DeVry SEC280 Week 6 Exercise For this exercise, you are going to start with this site: http://botlab.org.BotLab is a platform at the University of Washington that continually monitors and analyzes the behavior of spam-oriented botnets. There are many other locations on the Internet that keep real-time activities of botnets across the globe. My recommendation is to use your favorite search engine and search “real-time botnet tracking” and you will hit many results on botnet tracking. Using the information you found, develop a five-slide PowerPoint (seven bullets minimum per page) to describe the status of botnets in the world. DeVry SEC280 Week 7 Exercise Exercise—Bulk Extractor In this assignment, you are going to perform a forensic analysis of the C:\users (or C:\windows\users) folder in Windows of your computer to investigate possible credit card frauds. To perform this forensic analysis, you are going to need Bulk Extractor. Bulk Extractor is a computer forensics tool that scans a disk image, file, or directory of files
and extracts information such as credit card numbers, domains, e-mail addresses, URLs, and ZIP files. The extracted information is output to a series of text files. You will need these files to complete this assignment. Bulk Extractor can be downloaded from http://digitalcorpora.org/downloads/bulk_extractor/. For consistency, you want to download the version below. Once downloaded, run the installation. This process will take less than five minutes. bulk_extractor-1.5.1-windowsinstaller.exe 05-Aug-2014 13:03 20M Once completed, you will need to create a storage folder on your computer where Bulk Extractor will write the output of the forensic investigation. Now you are ready to start the Bulk Extractor application. Downloading and Installing Bulk Extractor Watch this short video on the steps needed to complete this assignment. See the Syllabus section “Due Dates for Assignments & Exams� for due date information.