All posts by : chebby

 Functions ProgramYou will be developing a Python program to process a set of integers, using functions, including a main function. The main function will be set up to take care of the following bulleted items inside a loop:

• The integers are entered by the user at the keyboard, one integer at a time
• Make a call to a function that checks if the current integer is positive or negative
• Make a call to another function that checks if the current integer to see if it’s divisible by 2 or not
• The above steps are to be repeated, and once an integer equal  to 0 is entered, then exit the loop and report each of the counts and sums, one per line, and each along with an appropriate message

NOTE 1: Determining whether the number is positive or negative will be done within a function; and then a call to that function will be made from within the main function.The following is what you are to do within that function:

• if an integer is positive,
  • add that integer to the Positive_sum
  • increment the Positive_count by one
• If the integer is negative
  • add that integer to the Negative_sum
  • increment the Negative_count by one

NOTE 2: Determining whether the number is divisible by 2 or not will be done within a second function; and then a call to that function will be made from within the main function.The following is what you are to do within that function:

• if the integer is divisible by 2
  • increment the Divby2_count by one
• if the integer is not divisible by 2
  • increment the Not_Divby2_count by on

——————————————————————————————————————————————————-NOTE 3:It’s your responsibility to decide how to set up the bold-faced items under NOTE 1 and NOTE 2.  That is, you will decide to set them up as function arguments, or as global variables, etc.A sample program run is attached below.  It illustrates user’s interactions with the program, as the program is run, data is entered one at a time, until a sentinel value is entered.  At that time then, contents of the output variables are displayed: Lab 4 – Sample Program Run.pdf Lab 4 – Sample Program Run.pdf – Alternative Formats  =======================================================================You need to set up a   Python solution that is   complete and   workable.  

For your solution to be   complete, you must

• Prompt the user for the specific input data asked for within the problem statement
• Set up a correct formula to process the input data, arriving at the output data
• Provide the output data asked for within the problem statement to the user

For your solution to be   workable,

• Your solution should be free of any type of errors (syntax, run-time, logic)
• You may want to develop an algorithm first, using pseudocode or flowchart
• You do NOT need to turn in any algorithm

========================================================================Grading rubric:

• You’ll receive full credit, if 
  • your program
    • compiles and runs with no problems 
    • produces the expected output
• You’ll receive partial credit, if 
  • your program
    • compiles and runs with no problems 
    • produces partial output (that is, incomplete output)
• You’ll receive 25% of the points, if your program will not compile
• You’ll receive 30% of the points, if your program compiles but has a run-time problem
• You’ll receive 40% of the points, if your program produces logic error(s)
• You’ll receive 50% of the points, if your program compiles and run, but no functions are used

Find attach a sample

You have been hired to perform digital investigations and forensics analysis for a company . You find that no policies, processes, or procedures are correctly in place. Do an internet search to find information, and then create a policy and processes document to provide the structure necessary for your Lab environment. Be sure to cite your online sources.

TWO PAGES WITH SO MANY REFERENCES FROM ONLINE AND ELSEWHERE BUT NO PLAGIARISM.

1. Evaluate and decide how you would respond to a data-driven competitor analysis that focuses on technology operations.
2. What criteria would be of the most value?
3. What information would be most important to you?

Review the material on routers.

It is sometimes said that information extracted from a router or switch does not necessarily provide specific evidence of a particular crime. What is meant by that?  If true, what then is the most useful information collected from these devices in an investigation?

https://www.wireshark.org

How can the National Institute of Standards and Technology (NIST) help your company create a “best practices” cybersecurity policy? Your discussion should touch upon both the positive and the negative aspects of a well-structured policy. 

• What are the benefits and challenges associated with the continued growth of e-commerce and m-commerce?
• What are the key components of a successful e-commerce and m-commerce strategy?
• What are key components of technology infrastructure that must be in place for e-commerce and m-commerce to work?

CVE vs NVD

Description: In this project, you will explore both CVE and NVD.

Submission: Answer the following questions and upload to the Blackboard Assignments tab.

Vulnerability feeds are available to provide updated information to scanning software about the latest vulnerabilities. One of the most highly regarded vulnerability feeds is the Mitre Common Vulnerabilities and Exposures (CVE). 

1. Open your web browser and enter the URL https://cve.mitre.org/.

2. Hover over About and click on About CVE

3. This page gives a brief overview of CVE. Read through the information regarding CVE. 

a) In your own words, how would you describe it? How does it work? What advantages does it provide?

4. Next Hover over About, click FAQs, and click on CVE Records. 

a) Describe the three elements that make up a CVE Entry.

Now that you have a better idea of what the CVE list is designed for let’s use it to cross-reference a current security situation in the United States. The SolarWinds massive security hack took place throughout 2020. This attack compromised thousands of US government-owned systems, among countless other systems where the software was integrated.

SolarWinds has been a highly valued company for many years and is known for some of the best Network Management software on the market. SolarWinds is a top performer in their field. The Orion platform, which they produce, is designed to manage many different infrastructure areas under the hood of a single piece of software. Orion is what was in the heat of the controversy. The SolarWinds actual supply chain was compromised, and a nation-state threat actor was able to insert a modified .dll file into their source code repository. When updates got pushed out to their users, the infected files were then brought over to systems worldwide.

At that point, the remote attacker could bypass authentication and execute API commands on the software. Linked below is a high-level overview of how the attack took place. I recommend reading the article, it’s very interesting. 

https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack

Search for the SolarWinds Orion vulnerability in the CVE database.

5. Navigate back to the CVE Mitre site and scroll up to the top of the page. Click Search CVE List.

6. Search “SolarWinds Orion” to display the CVE entries.

7. Locate CVE-ID: CVE-2020-10148 and click into it. The CVE will provide a brief overview of the vulnerability and provide references supporting its release. A lot of the time this will be an official statement provided by the company.

8. Under References click on “CONFIRM:https://www.solarwinds.com/securityadvisory” to read more about the advisory notice released by SolarWinds along with fixes. 

9. Navigate back to the SolarWinds CVE record. Notice next to the CVE-ID it says, “Learn more at National Vulnerability Database (NVD)” This is where you can find more detailed information and version numbers of the software that has been affected. Click on the “Learn more at National Vulnerability Database (NVD)” to view this database and how it relates to the CVE.

The National Vulnerability Database (NVD) is managed by the U.S. government as a repository for security checklists, vulnerability management data, software flaws, misconfigurations, product names, and their impacts. This data enables automation of vulnerability management, security measurement, and compliance.

10. Navigate to the National Vulnerability Database home page. https://nvd.nist.gov/ 

11. Click the plus sign next to General.

12. Click FAQ.

13. Click General FAQs.

14. Read through the material. 

a) In your own words, how does the Mitre CVE compare with the NIST NVD? 

b) When would you use the CVE? 

c) When would you use the NVD? 

d) How frequently is the NVD updated? 

15. Return to the home page and again click the plus sign next to General.

16. Click NVD Dashboard to view the latest information. 

a) Do the numbers surprise you? 

b) How does the number of vulnerabilities under the score distribution compare? 

c) How many CVEs were received and processed today?

17. Scroll through the Last 20 Scored Vulnerability IDs & Summaries. 

a) Have you heard of any of these vulnerabilities? 

18. Return to the home page and again click the plus sign next to General.

19. Click Visualizations to display graphical information.

20. Click Vulnerabilities – CVE.

21. Click Description Summary Word to display a bar graph of the most common words used as part of a vulnerability description. Hover over the three highest bars to view the three most frequent words used. 

a) List the top three most frequently used words in a vulnerability description.

22. Return to the NVD Visualizations page: https://nvd.nist.gov/general/visualizations. Click Products – CPE. 

a) Which vendor has the highest number of total products that appears in the NVD? 

View other vendors by hovering over the bars. 

a) What do you find interesting about this distribution?

23. Return to the home page. https://nvd.nist.gov/ and click the plus sign next to “Other Sites”.

24. Click Checklist (NCP) Repository.

25. This page displays a form you can use to search for checklists, benchmarks, and secure configuration guides. This repository provides guidance on applying these security configurations and best practices to operating systems and applications. 

Now let’s look at the Department of Defense (DOD) recommend best practices for applying and modifying Group Policy Objects on Windows Server 2019. 

Group policy is what defines user/computer configurations and security access of an operating system. These group policy objects (GPOs) control what the computer is allowed to do and what the user is allowed to do in the OS. 

26. Click the target dropdown box and select Microsoft Windows Server 2019. Click search

27. Under resources click on Group Policy Objects (GPOs)- July 2022.

28. Download the check list resource and unpackage the zip file by double clicking on it. Open the folder.

29. Open the DoD Windows Server 2019 MS and DC v2r4 folder. Open Reports folder.

30. Open: DoD Windows Server 2019 Member Server STIG Computer v2r4.html

31. Under Computer Configuration expand Security Settings expand Account Policies/Password Policy. This is the recommended password guidance for the most secure environment. It shows the recommended length and setting that should be applied to Windows Server 2019. This is just one example of many thousands of GPOs that can be imported into any OS. By adopting and applying these policies to an operating system, you are creating a more secure environment. 

32. Finally navigate the GPO list and find three other policies you find important from this list.

a)  

b)  

c)  

33. Close all windows.

I’m 25 years old, as year of 2022

refer to the attached document.