User Account

All Pages

Security hands-on projects assessment

Assignment Help Other Subject
Reference no: EM132774618 , Length: word count:2600

HS3011 Information Security - Holmes Institute

Assessment - Security Hands-On Projects

The purpose of this assignment is to exercise, analyse and to assess information security risks for business applications and recommend appropriate security mechanisms.

Students will be able to:

1. Understand the challenges and impact of factors that relate to Information Systems security management
2. Demonstrate an understanding of security frameworks, models and standards and their application to different business scenarios,
3. Communicate effectively, information systems' security concepts and controls to both technical and non-technical stakeholders
4. Analyse and to assess information security risks for business applications and recommend appropriate security mechanisms.
5. Work autonomously as well as within group to develop a solution to a business scenario.
6. Understand the ICT profession and the expectations of ICT professionals in information security roles.

Assignment Requirements:

You are required to follow the instructions in each project and provide screen shots for the outcomes in addition to the answers to any provided questions.

PROJECT 1: Case Study

Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an e-mail from the manager of the accounting department. The e-mail had an attachment-probably a spreadsheet or a report of some kind-and from the file icon he could tell it was encrypted. He saved the file to his computer's hard drive and then double-clicked the icon to open it.

His computer operating system recognized that the file was encrypted and started the decryption program, which prompted Peter for his passphrase. Peter's mind went blank. He couldn't remember the passphrase. "Oh, good grief!" he said to himself, reaching for his phone.

"Charlie, good, you're still here. I'm having trouble with a file in my e-mail program. My computer is prompting me for my passphrase, and I think I forgot it."

"Uh-oh," said Charlie.
"What do you mean ‘Uh-oh'?"
"I mean you're S.O.L." Charlie replied. "Simply outta luck."
"Out of luck?" said Peter. "Why? Can't you do something? I have quite a few files that are encrypted with this PGP program. I need my files."

Charlie let him finish, then said, "Peter, remember how I told you it was important to
remember your passphrase?" Charlie heard a sigh on the other end of the line, but decided to ignore it. "And do you remember I said that PGP is only free for individuals and that you weren't to use it for company files since we didn't buy a license for the company? I only set that program up on your personal laptop for your home e-mail-for when your sister wanted to send you some financial records. When did you start using it on SLS systems for company business?"

"Well," Peter answered, "the manager of my accounting department had some financials that were going to be ready a few weeks ago while I was traveling. I sort of told him that you set me up on this PGP crypto thing and he googled it and set up his own account. Then, I swapped public keys with him before I left, and he sent the files to me securely by e-mail while I was in Dubai. It worked out great. So, the next week I encrypted quite a few files.
Now I can't get to any of them because I can't seem to remember my passphrase." There was a long pause, and then he asked, "Can you hack it for me?"

Charlie chuckled and then said, "Sure, Peter, no problem. Send me the files and I'll put the biggest server we have to work on it. Since we set you up in PGP with 256-bit AES, I should be able to apply a little brute force and crack the key to get the plaintext in a hundred trillion years or so."

Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter.

"Hi, Peter," Charlie said into the receiver. "Want me to start the file cracker on your spreadsheet?"

"No, thanks," Peter answered, taking the joke well. "I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I'm worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get
their files back?"

"We need to use a feature called key recovery, which is usually part of PKI software," said Charlie. "Actually, if we invest in PKI software, we could solve that problem as well as several others."

"OK," said Peter. "Can you see me tomorrow at 10 o'clock to talk about this PKI solution and how we can make better use of encryption?"

Questions:

1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?

Suppose Charlie had installed key logger software on all company computer systems and had made a copy of Peter's encryption key. Suppose that Charlie had this done without policy authority and without anyone's knowledge, including Peter's.

3. Would the use of such a tool be an ethical violation on Charlie's part? Is it illegal?
4. Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on
company systems. Two days after Peter's call, Charlie calls back to give Peter his key: "We got lucky and cracked it early." Charlie says this to preserve Peter's illusion of privacy. Is such a "little white lie" an ethical action on Charlie's part?

PROJECT 2: Web Search Exercises

1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select "Properties." What can you find out about the cryptosystems and protocols in use to protect this transaction?
2. Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.
3. Perform a Web search for "Symantec Desktop Email Encryption (powered by PGP Technology)." Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed e-mail to your instructor. What looks different in this e-mail compared with your other e-mails?
4. Perform a Web search for "Announcing the Advanced Encryption Standard (AES)." Read this document, which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.
5. Search the Web for "steganographic tools." What do you find? Download and install a trial version of one of the tools. Embed a short text file within an image. In a side- by-side comparison, can you tell the difference between the original image and the image with the embedded file?

PROJECT 3: Defense in Depth Network Design

In this project you will design a new network infrastructure for a five-hundred-employee education & training firm. The design of the network should incorporate several elements that demonstrate a defense in depth architecture.

TASK:

The design of the network should incorporate protection against the following threats:

1. Malicious software
2. Phishing
3. Spam
4. Non-company-owned devices on the internal network ("bring your own device," or BYOD)
5. Rogue access points

For each type of threat, indicate the controls or features in the architecture that reduce or eliminate the threat.

PROJECT 4: Research Biometric Access Controls

As a consultant with the Risk Analysis Consulting Co., you have been asked to research biometric access controls for a chemical company, Colorful Plastics. A number of security incidents in the past year has prompted Colorful Plastics to consider using biometrics for its building access control system.

TASK:

Using online research, identify several biometric access control products that could be used. Consider systems that are based on fingerprint, iris scan, and hand print. Recommend two finalists that Colorful Plastics should consider testing on-site.

Attachment:- Security Hands-On Projects.rar

Reference no: EM132774618

Questions Cloud

What are all necessary journal entries to account for sale : Payment is to be received on January 30, Year 2. What are all the necessary journal entries to account for the sale and foreign currency forward contract
What will happen if the formula you derived : Suppose the yield for a security with a maturity of 2 periods is denoted by y222212 and the one-year forward rate for period 2 is denoted by f. Generalise the f
Calculate the bond macauley duration : What is the bond's modified duration? Estimate the change in the price of the Bris bond for a 25 basis points upward shift in the term structure.
Post transactions to the cash t-account : Post transactions to the Cash T-account and calculate the ending balance. Receive cash from sale of equipment, $9,200. Pay cash for rent, $4,200
Security hands-on projects assessment : Demonstrate an understanding of security frameworks, models and standards and their application to different business scenarios,
Calculate the direct manufacturing labor price : During June 2019, JFI produced and sold 25,000 containers using 3,200 pounds of direct materials, Calculate the direct manufacturing labor price
Analyse networking needs for businesses : Encourage students using content analysis summaries to prepare for tests and examinations, and to help them understanding the theoretical concepts
Compute the amount of gross profit recognized : Assume that Seawolf recognizes revenue on this contract over time according to percentage of completion. Compute the amount of gross profit recognized
Understand the basic principles of contract law : Case Studies of Business Law and Business Structures - opportunity to work in a collaborative environment in solving two case problems by citing the relevant

Reviews

Write a Review

Other Subject Questions & Answers

  Success of the data performance functions of an organization

The proper implementation of a database is essential to the success of the data performance functions of an organization.  Identify and evaluate at least three considerations that one must plan for when designing a database

  Describe the issue of exposure to videogame violence

For his 10th birthday, Greg was given a handheld videogame system. His parents allowed him to pick any two games. They knew the games might contain violence, because there was a violence rating sign posted on the games, but rationalized that they ..

  What is the purpose of inventory control

What is the purpose of inventory control? Why is inventory an important consideration for managers? Substantiate your response.

  What impact do you think cointelpro had on the evolution

What impact do you think COINTELPRO had on the evolution of U.S. counterintelligence? Explain. What activities, if any, do you feel were the most shocking in terms of ethics and legality? Why?

  How would you determine when a case is ready to be closed

1.choose three roles of the case manager. what is the significance of each role?2.how does understanding the

  What strategies might recommend to reduce consumer anxiety

Suppose research at Panasonic reveals that prospective buyers are anxious about buying high definition television sets.

  What was the core teaching of jesus

What was the core teaching of Jesus? Give at least two examples from the Gospels that show Jesus emphasizing this teaching.

  Write an essay - relationship between science and religion

Please express your opinion on the topic and support it with three sources.

  How would you design a performance appraisal system

Procedures for assessing performance can be divided into objective measures and subjective measures. Objective measures are counts of job-related behaviors or the results of job behaviors. Subjective measures are ratings by people who should be kn..

  What efforts have been made toward reducing the disparity

What efforts have been made toward reducing the disparity you identified? Be sure to substantiate your claims with relevant evidence-based research.

  List anticipated outcomes of proposed treatment intervention

List the anticipated outcomes of each proposed treatment intervention based on scholarly literature. Be sure to take into account the individual's strengths.

  Discuss the neurobiological basis for the disorder

Read Chapters 6 and 7 of your text. Then, select a disorder of the sensory system to discuss. You must choose a different disorder than your peers.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd