All posts by : chebby

The scriptures suggest that you “train up a child in the way they should go, and even when he is old he will not depart from it” (Proverbs 22:6, ESV). Training is considered important in maintaining a healthy perspective in life. So too can training of employees provide many benefits. A security awareness program provided to employees is designed to teach the user community to recognize someone attempting to compromise their system. Training is suggested as a good method of being prepared. 1 Timothy 4:7 says, “Have nothing to do with irreverent, silly myths. Rather train your yourself for godliness” (ESV). We do not wish to be uninformed, and therefore we train ourselves. Deuteronomy 4:9 goes on to encourage us to “only take care, and keep your soul diligently, lest you forget the things that your eyes have seen, and lest they depart from your heart all the days of your life” (ESV). The Bible recommends preparing oneself for knowing what is right, through training.

1. Review the material in the Getting Started section, including the specific Bible passages.
2. Be sure to address to the following prompts in your paper:
   1. How does keeping your soul diligently and training for godliness compare to training used in the workplace?
   2. How might you apply the principles presented in these verses to prepare a security awareness program?
3. Your paper should be at least 250 words in length.

Write a spring boot APIs that each serve a given BIAN Service Domain. The data that the APIs

exposed are sourced from Systems of Record to produce a realtime feed through Kafka. Our APIs are

either written on top of Kafka topics directly using Event Sourcing or we use the traditional approach

of sinking our data from Kafka to a database and write our API on top of the databases.

The purpose of this challenge is to have you work through a problem where the expectation is for you

to produce an API. We have specifically opted to make the problem statement as generic as possible

to allow you to:

The ONLY requirement is that this API MUST BE WRITTEN USING THE SPRING BOOT

FRAMEWORK.

Problem Statement

The Data Feeds

Let’s assume you have the two following data feeds:

Feed 1: The balances

This is a data feed, where each event represents a single balance update for a given account.

A single record looks like this

{“accountNumber”: “abc”, “lastUpdateTimestamp”: “2020-01-01T01:02:03.8Z”, “balance”: 89.1}

Feed 2: The transactions

This is a data feed representing transactions that are occuring. Each record will be a single transaction

at the bank. Keep in mind that there are two types of transactions: 1. DEPOSIT and 2. WITHDRAW.

A single record looks like this

For a DEPOSIT:

{“accountNumber”: “abc”, “transactionTs”: “2020-01-03T01:02:03.8Z”, “type”: “DEPOSIT”, “amount”: 89.1}

Or a WITHDRAW

{“accountNumber”: “abc”, “transactionTs”: “2020-01-03T01:02:03.8Z”, “type”: “WITHDRAW”, “amount”: 89.1}

The API [ the actual meat of the assignment 😉 ]

Please write an API that can serve the following queries:

1. Given an accountNumber, return the latest balance.

2. Given an accountNumber and a time range such as: Today, Last 7 days, last Month and the

more general case of a range between date X and date Y. For example, I should be able to ask for all

my transactions between January 8th, 2019 and November 28th, 2020.

3. Repeat 2, but filter for type. I.E. Show me transactions with type WITHDRAW.

Some hints:

1. Make sure that any technical choice you are making is backed up by good reasoning. Meaning,

if you decide to go with event sourcing? Why? If you choose to use a noSQL datbase? Why?

2. Make reasonable assumptions about the problem. If any extra detail is left out, just ride the

wave and make assumptions. There are no wrong answers here.

Each day, we use the Internet on our personal computers and mobile devices to access information and purchase goods. Websites often have their own mobile form factor while others maintain the same Website user experience, creating challenges when trying to use navigation, overcome errors, search, and complete the most mundane tasks. For this assignment, you are to review a website as well as a Mobile Site. For example, you would evaluate Amazon.com on Microsoft Edge (PC) and Amazon.com on your iPhone using Safari. Conducting a heuristic evaluation (self-evaluation), you will write an assessment on each Website answering the following questions: 

What Website did you evaluate?

What industry does the company participate in?

Looking at the online website, address three issues that require revision? For each issue, please provide a screenshot and explicitly mark why you feel this issue is problematic.

Looking at the online website, how would you suggest that the issues requiring revision are corrected based on what you have learned in the class so far?

Moving to the mobile site, compare those same three features. Did you find the user experience to be problematic or better suited for the mobile form factor?

With the mobile site, how would you enhance the experience for those same issues you found on the Website to be problematic.

Consider your own professional experience and reflect on the issue covered by this week’s readings through your own lens, experience and thinking. It may be something that you either personally experienced, or it could be something that you observed that reflects back to the readings.

Using a critical thinking perspective (generally: positive, negative, and opinion) write a five paragraph summary that involves the topic of “illegal content” since 80% of all theft is conducted by employees of a company. See page 14, Legal Issue 1.2 for a better understanding and the use of the DCMA.

REMEMBER: All papers MUST use references even if they are from the text.

Legal Issue 1.2: Is it a crime to link to infringed/illegal content?

Under the Digital Millennium Copyright Act (DCMA), Universal City Studios, Inc. brought a lawsuit against three hackers who had provided software that could decrypt digitally encrypted movies on DVDs. The hackers also provided hyperlinks to other websites with decryption software. At the time, motion picture companies were using encrypted DVDs as the main method of distributing movies to consumers. The hackers argued that providing decryption information on their website was protected under the First Amendment, which guarantees the freedoms of speech and press, thus the hyperlinks to websites with infringed/illegal content is also protected by the First Amendment. The U.S. District Court disagreed and stated that by providing decryption software and hyperlinks to websites with decryption software, the hackers had violated copyright laws, specifically the DCMA.31

Imagine you are the judge on the U.S. District Court and you have to decide a case where the defendant is accused of violating the DCMA by providing hyperlinks from his legal website to a website that sells stolen goods. How would you rule in this case? What would be the mitigating or aggravating factors you would consider?

Write a 500-word summary, in your own words(APA format), of what you learned from the training from the below material. Below are the links:

https://www.tutorialspoint.com/map_reduce/index.htm

Please read the full instructions to complete paper . NO NO plagiarism it will be n turnitin.com

All posts must be (4) substantive responses with a minimum of 150 words each for Question 1, 2, 3 and 4. Ensure you list and break down each response in a word document, along with its reference. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.

ISSC 341

RESPONSE 1:

For this week’s topic of discussion, Virtual LANs (VLAN), I will discuss a couple reasons why a network engineer would want to implement it in their network. A VLAN is a subnetwork which can group together collections of devices on separate physical local area networks (LANs). Aside from improving the performance of busy networks, VLANs make it easy for network administrators to partition a single switched network to match the functional and security requirements of their systems without having to run new cables or makes major changes in their current network infrastructure.

Secondly, one or more network switches may support multiple, independent VLANs, creating Layer 2 (data link) implementations of subnets. They are usually composed of one or more network switches and associated with a broadcast domain. Advantages to a VLAN include reduced broadcast traffic, security, ease of administration, and broadcast domain confinement. There are three types of VLANS, Protocol, Static, and Dynamic.

Lastly, disadvantages of VLANs includes the limitation of 4,096 VLANs per switching domains. That creates problems for large hosting providers, which often need to allocate tens or hundreds of VLANs for each customer. To address this limitations, other protocols, like Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Routing Encapsulation) and Geneve support larger tags and the ability to tunnel Layer 2 frames within Layer 3 (network) packets.  Hope everyone is having a great start to their weeks (Slattery, T., & Burke, J., 2021).

Works Cited:

Slattery, T., & Burke, J. (2021, May 31). VLAN (virtual LAN). SearchNetworking. https://www.techtarget.com/searchnetworking/definition/virtual-LAN

– ALI

RESPONSE 2:

A virtual local area network (VLAN) is an inattentive LAN that is formed to function through the data link layer (layer 2) of the OSI network model. Dissimilar from a physical local area network or LAN, in which a hardware arrangement houses point-to-point identification and admittance byway of physical network, VLANs are created with remote partitions in workstations so that separate node report interchanges with the virtual partition, not the physical workstation. 

One of the chief benefits of establishing VLANs is the energetic nature of road maps on modern networks. This particular model is outdated when it comes to smartphones. Operators submit data from numerous points: such as a personal or a business may provide the mobile device, from the field, or from a different segment of an office.

 The VLAN fundamentally explains this problem of “musical chairs.” In addition, with the upsurge of distant work and disseminated models, most associates can be eliminated from using a desk or desktop within an office: the VLAN unravels that problem by linking the user’s distinctiveness to the virtual network divider. Another benefit of a VLAN comprises plummeting traffic. 

By segmenting network traffic into non-connected VLANs, overseers can reduce network traffic. For instance, messages intended for one group of workstation users can go solely to the computer group in a sole VLAN. VLANs can also benefit from user provisioning, as stated above, the use of a partition helps to attain improved types of tracking for distinct user processes. VLANs may also support the management of appropriate enterprise ethics and protocols. 

A company may have numerous operations or departments functioning in identical physical buildings. With a simple LAN, all network traffic would travel diagonally throughout the whole network. To wall off operations, administrators can form diverse VLANs for two unalike departments that are not hypothetically to interconnect with each other. One example is finance, where unlike arms of a financial organization are proposed to be autonomous of one another for the resolutions of the Sarbanes-Oxley Act or other guidelines or standards.

References

Mitchell, B. (2021). What Is a Virtual LAN (VLAN)? Retrieved from https://www.lifewire.com/virtual-local-area-network-817357

Stoltzfus, J. (2021). What is a virtual local area network (VLAN) and why would I use one? Retrieved from https://www.techopedia.com/7/32107/technology-trends/virtualization/what-is-a-virtual-local-area-network-vlan-and-why-would-i-use-one

– JARED

RESPONSE 3:

1. What are the functional control types? provide an example for each type.

Functional control types include controls such as preventive controls. Preventive controls are designed to keep an undesired event from occurring. These forms of control include measures such as door locks and access controls.

Detective controls are controls which are designed to recognize an undesired event once it has occurred. These controls include intrusion detection systems and log analysis.

Corrective controls repair and limit damages caused by an undesired action, such as a firewall (Weiss, Solomon, 2015).

2. What is the principle of least privilege? Why is it important to implement?

The principle of least privilege is the concept that a user has only the level of access they need in order to carry out their job function, it is a need-to-know approach to resource access. It is important to protect both the confidentiality and integrity of information within the system as it governs unauthorized access and unauthorized changes to information within the system (Weiss, Solomon, 2015).

3. List and briefly discuss the User Domain Compliance Requirements. 

User domain compliance requirements include documentation of laws and standards within the corporation, Acceptable Use Policies for IT services and equipment, background checks, user security training, security awareness assessments, acknowledgement of confidentiality agreements, unique logons, the principle of least privilege, two-deep supervision for business-critical processes, and periodic audits. Each of these standards are created to help control the uncontrollable. The human link is the most difficult to control in network security situations, this is why there are so many standards created to help ensure security for the user domain (Weiss, Solomon, 2015).

Alysha Macleod

Weiss M. Solomon M. (2015) Auditing IT Infrastructures for Compliance. Jones & Bartlett

https://learning-oreilly-com.ezproxy1.apus.edu/library/view/auditing-it-infrastructures/9781284090703/

RESPONSE 4:

1. What are the functional control types? provide an example for each type.

Our textbook lists the functional control types as follows:

• Preventive controls (stop actions) locked doors or computer access controls, keep an undesired action from happening.

• Detective controls (recognize actions) motion detectors or usage log analysis tools, recognize when an undesired action has occurred.

• Corrective controls (fix the result of actions) the procedure to remove viruses or a firewall to block an attacking system, repair damage caused by an undesired action and limit further damage.

2. What is the principle of least privilege? Why is it important to implement?

The principle of least privilege is ensuring that users only have access to the resources that they need in order for them to adequately perform the job they are required to do, and nothing more. It is important because it decreases the attack surface, helps prevent insider threat, and improves data security.

3. List and briefly discuss the User Domain Compliance Requirements.

• Separation of Duties requires that users from at least two distinct roles be required to accomplish any business-critical task.

• Least Privilege ensures that unnecessary user privileges are removed.

• Need to Know means that you have a need to access an object to do your job.

• Confidentiality Agreements allow organizations to disclose sensitive information to a small number of parties without concern that an information leak might cause harm.

• Employee Background Checks uncover any evidence of past behavior that might indicate a prospect is a security risk.

• Security Awareness and Training for New Employees is simply educating them on your organization’s security policies and procedures.

• Information System Security Accountability is holding employees accountable for security violations.

• Adherence to Documented IT Security Policies, Standards, Procedures, and Guidelines consists of examining user actions and comparing those actions with security policies, standards, procedures, and guidelines. If you find any differences with organizational requirements, you should report the differences and analyze their impact.

Weiss, M., & Solomon, M. G. (2011). Auditing IT Infrastructures for Compliance, 1st ed. MA: Jones & Bartlett

-JAMIE

Many organizations offer a free domain name resolution service that resolves DNS requests through a worldwide network of redundant DNS servers. The claim is that this is faster and more reliable than using the DNS servers provided by Internet Service Providers (ISP). They also claim that their DNS servers improve security by maintaining a real-time blacklist of harmful websites and will warn users whenever they attempt to access a site containing potentially threatening content. They also say that using this service can reduce exposure to types of DNS poisoning attacks. Research free DNS services. Identify at least three providers and create a table comparing their features. Are the claims of providing improved security valid? How do they compare with your ISP’s DNS service?

Now consider how the denial of service (DoS) attacks can cripple an organization that relies heavily on its web application servers, such as online retailers. What are some of the most widely publicized DoS attacks that have occurred recently? Who was the target? How many DoS attacks occur on a regular basis? What are some ways in which DoS attacks can be prevented?

Write at least a one-page paper of your research on DoS Attacks, and make sure to include the table created for the DNS.

Stage 4: 10/10– 10/23 (Sunday), 11:59pm (CST) Architecture and Plan.

Architecture

In Stage 3, you detailed what your software is going to do from a design perspective. All of those choices you made are about the problem you are solving with the software; those details concern the world. In this Stage, you’re going to specify how you’re going to achieve those requirements, defining your software’s architecture.

To simplify this, we’re going to use the architectural concepts relevant to the Model-View-Controller and Client-Server architectures:

• Client-Server architectures involve two kinds of components—clients and servers—exchanging messages with each other. On the internet, these messages are http requests.
• Model-View-Controller architectures involve a model to persist and retrieve data, views to display data and elicit it from users, and a controller to implement the application’s logic for passing data back and forth between the model and views, as well as manipulating data.  
• In web applications, models, views, and controllers can live on either the client, the server, or both. For example, when you use a database, the model is on the server side. But your application might only store data on the client side if it only needs to persist data on the device accessing the site. It might also persist all data on the server, but then send all of the data on the client, so there are actually models on both the client and the server. The same is true of views: some applications render all HTML/CSS/JavaScript views on the client side, while others render all HTML and CSS on the server. 

Your job in this Stage is to decide how you’re going to organize your clients, servers, models, views, and controllers. To do this, your team is going to create two things.

1. A description of all components

First, write a Word file that specifies all of the models, controllers, and views in your application. For each, describe:

1. What the component’s responsibility is
2. Whether the component resides on the client, the server, or both
3. What other components the component needs to communicate with and precisely what they will communicate.

Here’s an example of a description of a model component for our arithmetic game example from previous homeworks:

LearningModel

• This component is a model that stores all of the questions the game has asked the player and all of the answers the player has given to the game.
• The model resides only on the client.
• Only the GameController communicates with the model. It communicates the following:
  • The GameController can ask the LearningModel to store a question/answer pair
  • The GameController can ask the LearningModel for the proportion of correct answers
  • The GameController can ask the LearningModel for all of the stored question/answer pairs.

The architecture of the game would therefore also contain descriptions of the GameController, but also several views components that implement the user interface of the game, such as the view that displays the question, the view that displays the answer, the start screen view, etc.

How many components should you have? There is no right number, but consider a few extremes. If you only had one monolithic component, where there was no encapsulation between any of the data and functionality, you’d have a big “ball of mud” architecture that’s going to be hard to understand, and therefore hard to evolve and repair. If you had a thousand little components for every tiny bit of functionality, most of your code would be communicating between components. You want something in the middle, where there’s enough division of responsibilities that everyone on your team can understand how the functionality is organized, but not so many that you’re writing a lot of extra code just to make things talk to each other.

Note that you don’t have to specify components you aren’t building. For example, if you choose to use something like Firebase, you don’t need to specify Firebase. But some of your components may need to mention that they’re going to communicate with cloud storage to store and retrieve data. Additionally, you’ll likely have a client-side model of data in the cloud storage, so your client side components can access the data.

2. Stubs for all components

Once you have all of your components described, create stubs to represent all of these components and their functionality as source files. A stub is a partial implementation of something in source code, intended to help you architect the larger pieces of an implementation without fully implementing them. 

For example, here is a stub of a function that takes an age in years and returns an array of strings describing civil rights movements that someone likely experienced in their life:

function getCivilRightsExperiences(age) {

    // TODO Replace with actual algorithm

   return ["Voting rights act of 1965"];

}

Notice how the stub specifies the inputs and outputs, but nothing about how they’re computed? It’s just a stand-in for functionality you’ll eventually write.

Since you’re using HTML, CSS, JavaScript, and/or React, there are a few clear implications for the kind of stubs you’ll create:

• All of your views will either be React components or some combination of HTML, CSS, and JavaScript. When you make each component, you’ll have to decide how you’ll be implementing them.
• Your model will either be some form of JavaScript on the client side or any arbitrary combination of server-side scripting language and/or a database.
• Your controller will either be JavaScript, a React component, or a server-side script, depending on where you decide to implement your application logic.

None of these components need to have functionality, but they do have to have names, source files, and  all of the function headers, with arguments, return values, preconditions, and postconditions, to specify the requests that the component can receive from other components. For example, the LearningModelmodel above should have functions defined for the three functions the GameController can call on the MasteryModel. 

Developers Your goal is to complete as much of the architecture as you can in the discussion.

Stage 4 Architecture Submission Instructions:

The most important qualities of an architectural specification are clarity and consistency. If something is unclear or inconsistent, your collaboration will be constantly interrupted by the need to clarify and you’ll likely write code that you have to discard or change because of your misinterpretations. To incentivize you writing a clear, consistent document, for every unclear or inconsistent detail include, your team will lose 0.2 points. We will read both your document and your code for clarity and consistency.

1. Part I:
   Review the “7 Steps to Solving a Problem” attachment above

   Part II:
   Read the story below: 

   You are currently working at a small company of about 100 employees. Your company just lost a very large client and therefore they need to let go of five employees in your department.

   The workload of the five employees has been divided up between you and a fellow employee. Your fellow employee is very upset about this because now they must take on more work and not get a pay raise. This employee wants you to join them and fight your boss together for more money. You don’t feel comfortable doing this because you love your job. You would like to make more money, but you do not want to upset anyone and lose your position. On top of this situation, there is a big project that needs to be completed in three days!

   How would you solve the above problem?

   1. Review the “7 Steps to Solving a Problem” attachment. Reflect on, and discuss, how the problem described above can be resolved using the steps.
   2. Analyze and explain your application of each of the 7 steps in the “7 Steps to Solving a Problem” attachment to solving the problem described in the above story
   3. Your submission should be a minimum of one page of content in length. Please type the question as well as your answer. Properly cite any source utilized in APA format.