All posts by : chebby

1. Add authentication (movie-login and movie-logout). 
   • In movie-login, include salting/hashing/sanitization.
   • Add username to session upon successful login.
   • Write session check code. Include (use PHP include or require) session check to every page (except login and logout pages). This  means that when a user goes directly to any page without login, the user will be redirected to the login page. 
   • Upon logout, destroy session and other code (see lecture). Redirect user to the movie-login page upon logout.
2. Add Authorization.
   • Add DB table for ROLE. There should be two types of roles: customer and admin. See document for role access info for each use case.
   • Add PHP code to perform authorization (role matching) in authorizing.php. Include (use PHP include or require) authorizing.php into all secured pages (pages that need authentication to access them). 
   • Add unauthorized.php to direct users without authorization to. 
   • Add one new page to show a list of all Users. Only ‘admin’ has access to this page. Both ‘admin’ and ‘customer’ have access to other Movie pages. (5 pts extra credit for those who did pages for Add/Update/Delete User data).

In 80 words or more discuss and highlight the important points of the following article.

https://analyze.co.za/people-process-technology-important-consider-3/ 

In 300 words,

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Explain a situation where using a keyloggers may be used in either a legitimate (legal) way or used as a tool for criminals.

Include references.

No copy paste, use your own words.

https://computer.howstuffworks.com/internet/basics/internet-infrastructure.htm

One of the greatest things about the Internet is that nobody really owns it. It is a global collection of networks, both big and small. These networks connect together in many different ways to form the single entity that we know as the Internet. In fact, the very name comes from this idea of interconnected networks.

write a brief (3 page) review of the Link, describing why you chose this particular topic and what you found particularly valuable. As always proper spelling, punctuation, citation of referenced sources is expected

•  
  Week 1 is attached.  Assignment request is below.

  Assignment Content

1. A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.

   Take on the role of Penetration Tester for the organization you chose in Week 1.

   Use the Penetration Testing Plan Template to create a 3- to 4-page Penetration Testing Plan for the organization you chose.

   Research and include the following:

   • Pentest Pre-Planning
   • Engagement timeline: Tasks and who performs them
   • Team location: Where will the penetration team execute their tests?
   • Organization locations tested: multiple locations, countries (Export restrictions and government restrictions)
   • Which pentest technologies will be used? Consider the following as you research options:
   • Scanning Tools: Nmap, Nikto
   • Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
   • OSINT Tools: Whois, TheHarvester
   • Wireless Tools: Aircrack-ng, Kismet
   • Networking Tools: Wireshark, Hping
   • What client personal are aware of the testing?
   • What resources provided to pentest team?
   • Test Boundaries:
   • What is tested?
   • Social engineering test boundaries? What is acceptable?
   • What are the boundaries of physical security tests?
   • What are the restrictions on invasive pentest attacks?
   • What types of corporate policy affect your test?
   • Gain Appropriate authorization (Including third-party authorization)
   • Pentest Execution Planning: Given the scope and constraints you developed in your Pentest Pre-Plan, plan the following pentest execution activities
   • Reconnaissance
   • Scanning
   • Gaining Access
   • Maintaining Access
   • Covering Tracks
   • Pentest Analysis and Report Planning: 
   • Analyze pentest results
   • Report pentest results
   • Note: The page assignment length requirement applies to the content of the assignment. Start the assignment with an APA formatted title page and add a reference section with at least two professional references. Use the references in the text of the assignment. For assignments that require use of the template, insert the completed template into the APA document. Delete the assignment instructions from the document. This will improve the originality score from Safe Assign. Make sure to check the SafeAssign originality score. Individual assignments can be submitted more than once to correct any content, quality, or originality issues.

     Submit your assignment.

     Resources:

      

The required article readings this week give a good discussion and look at some of the frameworks that are used to manage risk within organizations and enterprises. One of the readings this week provided an introduction and comparison of different frameworks. As with anything, there are going to be strengths and weaknesses to all approaches.

For your week 3 research paper, please address the following in a properly formatted research paper:

• Do you think that ISO 27001 standard would work well in the organization that you currently or previously have worked for? If you are currently using ISO 27001 as an ISMS framework, analyze its effectiveness as you perceive in the organization.
• Are there other frameworks mentioned has been discussed in the article that might be more effective?
• Has any other research you uncover suggest there are better frameworks to use for addressing risks?

Your paper should meet the following requirements:

• Be approximately four to six pages in length, not including the required cover page and reference page.
• Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
• Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
• Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

My father use to tell me that “locks keep honest people honest”. What do you think he meant by that? Is there any such thing as total security?

 MIT computer science professor Harold Abelson has said, “In today’s online world, what your mother told you is true, only more so:  people really can judge you by your friends.”  Have you ever been upset or embarrassed by what your friends posted on Facebook or other social media sites?  Are you concerned that people (other friends, colleagues, employers or potential employers, etc.) are going to judge you based on what your friends are posting? 

Health Data 

• What is the necessity of data ownership?
• Do patients own their health information?
• Under what circumstances do they not?

Compare Fingerprinting (The traditional methodology) with one of the new evolving method like IRS scan and so on.