All posts by : chebby

 Please write 300 words essay

Conduct your own social engineering experiments.

1) While at a restaurant, convenience store, bank, place of business, or any shopping location, ask you waiter or waitress, bartender, server, sales clerk, or cashier personal questions about their family or their interests.How much information are you able to obtain about this person you do not know?

Name, address, age, religion, political beliefs, place of birth, pets, hobbies, number of children, type of car they drive, or any other information you think you can obtain.

Write your findings in either a list or in paragraph form.

Penetration testing is a simulated cyberattack against a computer or network that checks for exploitable vulnerabilities. Pen tests can involve attempting to breach application systems, APIs, servers, inputs, and code injection attacks to reveal vulnerabilities. In a well-written, highly-detailed research paper, discuss the following:

• What is penetration testing
• Testing Stages
• Testing Methods
• Testing, web applications and firewalls

Your paper should meet the following requirements:

• Be approximately 4-6 pages in length, not including the required cover page and reference page. (Remember, APA is double spaced)
• Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
• Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. 
• Be clear and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

Hello,

i need this paper by 12/02 afternoon.

Strictly No plagiarism please use your own words.

please review the attachment

Assignment Questions:

1. What is multifactor authentication and what are some examples?
2. Ending all online crime is not a realistic goal, but simple steps can massively reduce the likelihood you’ll be the next victim.  Explain how multifactor authentication works.
3. List 5 reasons to turn on multifactor authentication?
4. Provide at least two additional links to articles related to multifactor authentication.

Make sure Strictly No plagiarism content should not match and even the reference should not match in plagiarism 

The assignment is consists of completing the following:

• Complete the first part that introduces an ICS product and asks for technical information related to the product, its usage in real-world applications, vulnerabilities that may exist within the product, and how the exploitation of a vulnerability could impact the ability of the product to perform its intended purpose.
• Complete the second part that looks at the typical control systems that may be existing in a household and how, if any security considerations exist to protect these systems from unauthorized access.

NOTE: ALL WORKS NEEDS TO BE DONE ON .dox FILE ATTACHED BELOW. 

Learning Objectives and Outcomes

• Examine IT infrastructure policies.
• Describe IT infrastructure policies based on the scenario given.

Scenario

You work for a large, private health care organization that has server, mainframe, and RSA user access. Your organization requires identification of the types of user access policies provided to its employees.

Sean, your manager, was impressed with the work you did on User Domain policies. This time, Sean is asking you to write descriptions for policies that affect server, mainframe, and RSA user access. 

Assignment Requirements

Research policies for each affected IT infrastructure domain, and place them into a table with an introduction explaining the following questions: Who? What? When? Why? Be sure to add a conclusion with a rationale for your selections. Reference your research so your manager may add or refine this report before submission to senior management.

Required Resources

• None

Submission Requirements

• Format: Microsoft Word
• Font: Times New Roman, 12-Point, Double-Space
• Length: 1–2 pages

1. How do the different views look at the problem of objectivity?

This is a required assignment worth 75 points (75-points/1000-points). Assignment must be submitted by the due date. No late assignments are allowed. Please discuss the following topics and provide substantive comments to at least two other posts. Select from the following list four (4) topics and discuss. Use only 50-words max per topic to discuss and present your answer.  The discussion questions this week are from Chapter’s 1 & 2  (Jamsa, 2013).Chapter 1 topics:

• Define and discuss cloud computing.
• Discuss how cloud computing has changed how companies budget for software solutions.
• Compare and contrast SaaS, PaaS, and IaaS, and provide an example of each.
• Define scalability and discuss how the cloud impacts it.
• List three advantages and three disadvantages of cloud computing.
• Define virtualization and discuss how the cloud impacts it.
• Describe three cloud-based solutions for individuals and three cloud-based solutions for businesses.
• Discuss how Web 2.0 has driven the growth of the web.
• Compare and contrast public, private, community, and hybrid clouds.

Chapter 2 topics:

• Define and describe PaaS
• List the benefits of PaaS
• Describe the potential disadvantages of PaaS
• Describe how a cloud-based database management system differs from an on-site database.
• List the computing resources normally provided with PaaS.
• Assume your company must deploy a .NET solution to the cloud.  Discuss the options available to developers.  Research on the web and estimate the costs associated with deploying a PaaS solution.
• Assume your company must deploy a PHP or Java solution to the cloud.  Discuss the options available to developers.  Research on the web and estimate the costs associated with deploying a PaaS solution.

 1. An annotated bibliography of at least five sources. The annotations must be at least five sentences long.

2. A power point with at least 12 slides not including the title and references addressing the topic IAM Compliance Management  .

3. A 750 word summary on topic IAM Compliance Management 

For the final project, you will be conducting a forensics investigation using one of the following items:

1. A smartphone
2. A network (ideally, a wireless network)

 You may use either for your investigation. However, be aware of legal issues surrounding your data gathering. If you are using any system you do not personally control and have authority to investigate/discover, please get written permission from the owner/operator of the system or refrain from your forensics analysis of that systems and use a personal system. For a network, you can use your own personal home network. For a smartphone, consider using an image from the Internet or a personal device. There could be issues related to using a live, active, personal device (example: corruption of the device). If using a personal device, consider using an old, outdated phone, if available.

 You will review various forensics tools used with your selected system. Select a tool and use that tool to gather forensics data for analysis. You are simulating the process of gathering this data, so you do not need to investigate a compromised device or system. The project deliverables are as follows:

 Week 7 – Prepare an investigative report of the forensics data capture conducted using the tool selected for this purpose. The paper should provide the following information: 

• Executive Summary of your investigation, including a description of the device or systems and the tool used for the forensics analysis
• Step-by-step description you used to gather data for analysis
• Report on the information that was obtainable from the device
• Graphics evidence that you conducted the forensics data gathering and analysis

 The paper should be in a form that would be used for reporting to a court or a law enforcement agency. Be sure to provide graphics evidence of your forensics investigation effort (Screenshots, reports, etc.). References should be in APA format.

Acme Enterprise Scenario Residency Week

Acme Enterprise is a private company that is gearing up for an initial public offering (IPO). Prior to going public Acme must be in compliance with: GDPR, PCI DSS, and SOX. Acme is in the water purification business with new technologies that purify water in any form whether it is sewage, ocean, lake etc. 

Part of its IPO process is to show due diligence and due care. Acme has identified your team to conduct a risk assessment and analysis of its information technology infrastructure to uncover any threats and exposures and provide mitigations and controls to reduce those uncovered threat/exposures, so it can have a successful IPO. 

Using the Network Infrastructure design of the Acme Enterprise you are to assess risk of Acme’s:

1. Perimeter Security

2. Network Security

3. Endpoint Security

4. Application Security

5. Data Security

6. Operations

7. Policy Management

Acme Perimeter Security

Acme is currently protected by two dual Dynamic Stateful Inspection Firewalls that are configured in active and stand by mode. Acme is also configured to use PAT (port address translation) where 200.200.200.1 represents Acme on the public Internet. Acme translates this public IP through its clustered firewall to the internal IP space of 10.100.0.0/16 giving Acme 65334 useable IP addresses. 

As part of Acme’s infrastructure, it also accesses cloud services for its business office tools through Office 365 and uses Dropbox for end user’s storage. Acme uses a web hosting service for its web front end and ecommerce which is connected to a back-end Oracle Database using enterprise MySQL. The database administrators have full access to all database information, but they lack oversight from anyone else. 

There are two DMZ’s, but they are not utilized. 

Network Security

Acme has a collapsed core design which means all internal LAN routing and Internet access occurs on its distribution level devices. This means, wireless access, web proxy access, access control lists and entries are located at this layer of the infrastructure. Currently Acme is using WPA 2 (wireless protected access 2) for is wireless security. The web proxy is configured with the following: General, Limited, and Exclusive Internet access. Each of these categories dictates what type of Internet access an end user will experience if belongs to one of these groups. 

The Local area network uses the IP block in the following way: 10.100.1.0/24 User VLAN, 10.100.2.0/24 Research and Development VLAN.

Current access control lists are permit 10.100.2.0 0.0.0.255, permit 10.100.1.0 0.0.0.255. All other devices use the rest of the unallocated IP block of 10.100.0.0/16. 

Also, all IP space is statically assigned. There is one default route to Internet but users of complain about access to internal services. 

Endpoint Security

There is a mixture of MAC and Windows systems, XP, 7, and 10. JAMF is used to control and monitor MAC systems, the Windows devices rely on its end users to patch and update systems. The current endpoint security is signature-based MacAfee with no centralized control. 

Application Security

DevOps is responsible for secure coding and development of applications, but it has no formal oversight. Policy for application monitoring tracking is adhoc there are no formalized procedures. The server farm houses all applications, the operating systems range from Server 2003 to 2016. Mobile device management, media server, content management, file server, directory services, database, are all the services being offered from the server farm. This server architecture is all hardware based there are no hypervisor systems in place. 

Data Security

Data has not been classified, identity access management relies on one factor authentication; encryption, digital signatures, PKI rely on self-signed certificates, protection in the cloud is also missing and there is a lack of DLP (data loss prevention). Acme does store financial information in its data center as well as personal identifiable information. 

Operations

Information technology is responsible for security however there is a security team under the IT department. The Chief Information Security Officer reports to the Chief Information Officer. 

Policy Management

Acme has one Information Security Policy that addresses its information security architecture and program. It is not based on any of the existing information security management frameworks such as: IS0 27002, NIST CSF, or COBIT 5. 

You are going to conduct a risk assessment on Acme Enterprise using the risk assessment concepts we have learned about thus far. Each of the areas of the infrastructure mentioned above is where you will concentrate your assessments. After you have completed your risk assessment, you will then provide recommendations for each area that you assessed to reduce risk, exposure, and threat. Also, as part of your final submission demonstrate through a redesign where your mitigations will take place within the architecture. You can use the image below as guide for your risk analysis of each area.

PPT:

 Develop an 8 to 10 slide PowerPoint presentation with notes to summarize your written assignment. Be careful not to copy and paste excerpts exclusively from your written assignment