Module 5 Discussion Questions

Your answers for each question must provide enough details to support your answers.

1.  Define network security threats and network security attacks. Explain how a network security threat differs from an attack? Include references to support your answers in APA format. 

2.  Identify and describe five types of network security threats and five types of network security attacks and their potential impact on the IT operations. Include references to support the security threats and attacks you choose and their potential impacts in APA format.

3.  Identify and describe network equipment and tools that are used to detect security incidents. Include references to support your choice of equipment and tools in APA format. 

Please do not use journals or books as  references. Please use online sources and answer questions in a numbered format.

(1) Computer science C++

 

Lists. Trace the following c++ program showing all output in the order that it appears on the output device (presumably the screen). If anything happens that makes it impossible to accomplish an operation or the results of doing so are unpredictable, describe what happens and abort at that point.

For this program assume that the following functions (methods) are fully defined and implemnted in the appropriate header and implementation files for the List class.

– construct that creates an empty list

– empty that returns true if the list is empty, false otherwise

– insert (a,b) that inserts an integer a into the list at position b

– erase(a) that removes the integer at position a in the list

– overloading the output operator << to enable it to display all elements of a list in sequence so cout<

– overloading the assignment operator so assigning one list to another creates a deep copy of the list.

CODE BELOW

#include
using namespace std;
#include “List.h”
int main(void)
{ List sheldon_cooper;
List leonard_hofstadter;
int i, j;
cout<<"Program begins, sheldon and leonard constructed"< if (sheldon_cooper.empty())
cout<<"His friend is Raj Koothrappali"< else
cout<<"His friend is Penny"< for (i=4;i<=8;i++)
{cout<<"Inserting "< sheldon_cooper.insert(i*2-3,i-4);
cout<<" List is now ";
cout< }
leonard_hofstadter=sheldon_cooper;
j=3;
cout<<"removing position "< sheldon_cooper.erase(j);
cout< j=2;
leonard_hofstadter.insert(54,j);
cout<<"leonard is now ";
cout< cout<<"program ends, buzz off ";
return 0;
}

7 questions

  

1) Read this Time article and view the video(https://time.com/5168202/russia-troll-internet-research-agency/) explaining how Russian trolls spread fake news.  Discuss in 500 words whether the government should regulate Facebook more closely.  

Use at least three sources. Use the Research Databases available from the Danforth Library(https://libguides.nec.edu/az.php), not Google.   Include at least 3 quotes from your sources enclosing the copied words in quotation marks and cited in-line by reference to your reference list.  Example: “words you copied” (citation) These quotes should be one full sentence not altered or paraphrased. Cite your sources using APA format. Use the quotes in your paragraphs. Do Not Doublespace.

2) Answer each these questions in a paragraph with at least five sentences: Include the question and number your responses accordingly. Provide a citation for each answer.

1. Describe Digital Literacy (how to know what is real on the web). 

2. None of these people exist. What does this mean to you?

3. Why is Wikipedia more reliable than a paper encyclopedia?

4. How useful are crowd sources answers?

5. What are some drawbacks to crowd sourced answers?

6. Do people generally utilize the diversity of sources on the Internet effectively?

7. How reliant are we and how reliant should we be on getting our news from social media?

8. How do humans remain vigilant when we turn over authority to computers? Have you tried to navigate without gps?

9. If models are simplifications or reality, why do we rely on them?

10. Why was this model, used by Amazon for hiring, wrong?

11. Why did Skynet declare war on the human race?

3) The purpose of this assignment is to pick a topic for your research project. The topic should be of graduate level not a survey. Investigate an important question. 

Your Research Project will be a presentation on some aspect of the surveillance state.  Do a five source annotated bibliography/reference list on the subject. There should be two annotations for each source. In the first write a paragraph of at least five sentences summarizing the thesis of the article. In the second write a paragraph of at least five sentences summarizing your reflections on the thesis of the article. You should do a deep dive into a topic. Do not do a survey. Make use of academic references such as you can find in the Danforth LIbrary research databases 

Use at least five sources.

Copying without attribution or the use of spinbot or other word substitution software will result in a grade of 0. 

Short excerpt on the Surveillance State :

https://learn-us-east-1-prod-fleet01-xythos.s3.amazonaws.com/5b75a0e7334a9/1237028?response-cache-control=private%2C%20max-age%3D21600&response-content-disposition=inline%3B%20filename%2A%3DUTF-8%27%27Zuboff.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20201104T030000Z&X-Amz-SignedHeaders=host&X-Amz-Expires=21600&X-Amz-Credential=AKIAZH6WM4PL5SJBSTP6%2F20201104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0db0e33d87614262defdca855ff1b3498572ba11c6697ca535dd48f0500209d3

4) Discuss in 500 words your opinion on what lessons should be learned from the 737 Max 8 crashes. 

Use at least three sources. Use the Research Databases available from the Danforth Library(https://libguides.nec.edu/az.php), not Google.   Include at least 3 quotes from your sources enclosing the copied words in quotation marks and cited in-line by reference to your reference list.  Example: “words you copied” (citation) These quotes should be one full sentence not altered or paraphrased. Cite your sources using APA format. Use the quotes in your paragraphs. Do Not Doublespace.

Copying without attribution or the use of spinbot or other word substitution software will result in a grade of 0. 

5) Your Research Project on the surveillance state consists of two parts:

1 a Powerpoint presentation consisting of at least 12 slides not including title and references.

2. 750 word research  paper with at least 3 sources. There should be no lists. Write in essay format not outline format. Include a meaningful title.

Do not double space.

You must include at least 3 quotes from your sources enclosing the copied words in quotation marks and cited in-line. 

There should be no lists – bulleted, numbered or otherwise. 

Write in essay format with coherent paragraphs not in outline format. Distribute your quotes among the paragraphs.

The topic must be appropriate for graduate level. Find a topic that we covered in the course and dig deeper or find something that will help you in your work or in a subject area of interest related to the course topic. Use academically appropriate resources which you can find in the Danforth Library Research Databases.( https://www.nec.edu/students-faculty-staff/library-danforth/research-help/databases-help/)

6) Do a bit of research on penetration testing techniques. Investigate and document the following

· Five network penetration testing techniques

· Advantages and disadvantages of each

· One notable social engineering test

· Possible negative implications of penetration tesing

Please write between 300 words

7) Prepare a final project on a web application security topic. The primary deliverables for the project will be a paper and and also a presentation “Topic : White Hat Hacking”, Include a short paragraph describing your project and how you intend to research it. 

· Week 11. Submit final project.

· Week 12. Submit a brief abstract describing your final project.

Week 13. Submit final project materials.

o 500-700 word, double spaced, written in APA format, showing sources and a bibliography

Presentation power point.

Hide Folder InformationTurnitin®Turnitin® enabledThis assignment will be submitted to Turnitin®.Instructions

Pick one of the below operating systems and present information on the operating systems, and your thoughts comparing the selected operating system with other systems.

  • Windows 
  • Linux 
  • Unix
  • Android
  • iOS

Due DateOct 22.

Only seroious bidder.
Must be Computer Science Major to do this task.

TCP/IP Attack Lab- SEED Labs Project

 In this lab, students need to conduct attacks on the TCP/IP protocols. They can use the Netwox tools and/or other tools in the attacks. All the attacks are performed on Linux operating systems. However, instructors can require students to also conduct the same attacks on other operating systems and compare the observations. To simplify the “guess” of TCP sequence numbers and source port numbers, we assume that attackers are on the same physical network as the victims. Therefore, you can use sniffer tools to get that information. The following is the list of attacks that need to be implemented. 3.1 Task 1 : SYN Flooding Attack ` ` User Server SYN SYN+ACK ACK Active TCP Connection ` ` Attacker Server SYN Spoofed Addresses SYN+ACK ` Legitimate User SYN No Reply Normal TCP 3-way handshake between user and server SYN Flood: attacker sends many SYN to server without ACK. The server is not able to process request from legitimate user 1 2 3 4 1 2 3 Figure 2: SYN Flooding Attack SEED Labs – TCP/IP Attack Lab 4 SYN flood is a form of DoS attack in which attackers send many SYN requests to a victim’s TCP port, but the attackers have no intention to finish the 3-way handshake procedure. Attackers either use spoofed IP address or do not continue the procedure. Through this attack, attackers can flood the victim’s queue that is used for half-opened connections, i.e. the connections that has finished SYN, SYN-ACK, but has not yet gotten a final ACK back. When this queue is full, the victim cannot take any more connection. Figure 2 illustrates the attack. The size of the queue has a system-wide setting. In Linux, we can check the setting using the following command: # sysctl -q net.ipv4.tcp_max_syn_backlog We can use command “netstat -na” to check the usage of the queue, i.e., the number of halfopened connection associated with a listening port. The state for such connections is SYN-RECV. If the 3-way handshake is finished, the state of the connections will be ESTABLISHED. In this task, you need to demonstrate the SYN flooding attack. You can use the Netwox tool to conduct the attack, and then use a sniffer tool to capture the attacking packets. While the attack is going on, run the “netstat -na” command on the victim machine, and compare the result with that before the attack. Please also describe how you know whether the attack is successful or not. The corresponding Netwox tool for this task is numbered 76. Here is a simple help screen for this tool. You can also type “netwox 76 –help” to get the help information. Listing 1: The usage of the Netwox Tool 76 Title: Synflood Usage: netwox 76 -i ip -p port [-s spoofip] Parameters: -i|–dst-ip ip destination IP address -p|–dst-port port destination port number -s|–spoofip spoofip IP spoof initialzation type SYN Cookie Countermeasure: If your attack seems unsuccessful, one thing that you can investigate is whether the SYN cookie mechanism is turned on. SYN cookie is a defense mechanism to counter the SYN flooding attack. The mechanism will kick in if the machine detects that it is under the SYN flooding attack. You can use the sysctl command to turn on/off the SYN cookie mechanism: # sysctl -a | grep cookie (Display the SYN cookie flag) # sysctl -w net.ipv4.tcp_syncookies=0 (turn off SYN cookie) # sysctl -w net.ipv4.tcp_syncookies=1 (turn on SYN cookie) Please run your attacks with the SYN cookie mechanism on and off, and compare the results. In your report, please describe why the SYN cookie can effectively protect the machine against the SYN flooding attack. If your instructor does not cover the mechanism in the lecture, you can find out how the SYN cookie mechanism works from the Internet. 3.2 Task 2 : TCP RST Attacks on telnet and ssh Connections The TCP RST Attack can terminate an established TCP connection between two victims. For example, if there is an established telnet connection (TCP) between two users A and B, attackers can spoof a RST packet from A to B, breaking this existing connection. To succeed in this attack, attackers need to correctly construct the TCP RST packet. SEED Labs – TCP/IP Attack Lab 5 In this task, you need to launch an TCP RST attack to break an existing telnet connection between A and B. After that, try the same attack on an ssh connection. Please describe your observations. To simplify the lab, we assume that the attacker and the victim are on the same LAN, i.e., the attacker can observe the TCP traffic between A and B. The corresponding Netwox tool for this task is numbered 78. Here is a simple help screen for this tool. You can also type “netwox 78 –help” to get the help information. Listing 2: The usage of the Netwox Tool 78 Title: Reset every TCP packet Usage: netwox 78 [-d device] [-f filter] [-s spoofip] Parameters: -d|–device device device name {Eth0} -f|–filter filter pcap filter -s|–spoofip spoofip IP spoof initialization type {linkbraw} 3.3 Task 3 : TCP RST Attacks on Video Streaming Applications Let us make the TCP RST attack more interesting by experimenting it on the applications that are widely used in nowadays. We choose the video streaming application in this task. For this task, you can choose a video streaming web site that you are familiar with (we will not name any specific web site here). Most of video sharing websites establish a TCP connection with the client for streaming the video content. The attacker’s goal is to disrupt the TCP session established between the victim and video streaming machine. To simplify the lab, we assume that the attacker and the victim are on the same LAN. In the following, we describe the common interaction between a user (the victim) and some video-streaming web site: • The victim browses for a video content in the video-streaming web site, and selects one of the videos for streaming. • Normally video contents are hosted by a different machine, where all the video contents are located. After the victim selects a video, a TCP session will be established between the victim machine and the content server for the video streaming. The victim can then view the video he/she has selected. Your task is to disrupt the video streaming by breaking the TCP connection between the victim and the content server. You can let the victim user browse the video-streaming site from another (virtual) machine or from the same (virtual) machine as the attacker. Please be noted that, to avoid liability issues, any attacking packets should be targeted at the victim machine (which is the machine run by yourself), not at the content server machine (which does not belong to you). 3.4 Task 4 : TCP Session Hijacking The objective of the TCP Session Hijacking attack is to hijack an existing TCP connection (session) between two victims by injecting malicious contents into this session. If this connection is a telnet session, attackers can inject malicious commands (e.g. deleting an important file) into this session, causing the victims to execute the malicious commands. Figure 3 depicts how the attack works. In this task, you need to demonstrate how you can hijack a telnet session between two computers. Your goal is to get the the telnet server to run a malicious command from you. For the simplicity of the task, we assume that the attacker and the victim are on the same LAN. SEED Labs – TCP/IP Attack Lab 6 Note: If you use Wireshark to observe the network traffic, you should be aware that when Wireshark displays the TCP sequence number, by default, it displays the relative sequence number, which equals to the actual sequence number minus the initial sequence number. If you want to see the actual sequence number in a packet, you need to right click the TCP section of the Wireshark output, and select “Protocol Preference”. In the popup window, uncheck the “Relative Sequence Number and Window Scaling” option. The corresponding Netwox tool for this task is numbered 40. Here is part of the help screen for this tool. You can also type “netwox 40 –help” to get the full help information. You may also need to use Wireshark to find out the correct parameters for building the spoofed TCP packet. Listing 3: Part usage of netwox tool 40 Title: Spoof Ip4Tcp packet Usage: netwox 40 [-l ip] [-m ip] [-o port] [-p port] [-q uint32] [-B] Parameters: -l|–ip4-src ip IP4 src {10.0.2.6} -m|–ip4-dst ip IP4 dst {5.6.7.8} -o|–tcp-src port TCP src {1234} -p|–tcp-dst port TCP dst {80} -q|–tcp-seqnum uint32 TCP seqnum (rand if unset) {0} -H|–tcp-data mixed_data mixed data ` ` User Server ` Attacker Attacker hijacks the TCP session and sends “Z” to server on behalf of client Data: “A” Data: “Z” Seq No.: ? ACK 3-way Handshake Data: “B” ACK Sniffing Figure 3: TCP Session Hijacking Attack SEED Labs – TCP/IP Attack Lab 7 3.5 Task 5 : Creating Reverse Shell using TCP Session Hijacking When attackers are able to inject a command to the victim’s machine using TCP session hijacking, they are not interested in running one simple command on the victim machine; they are interested in running many commands. Obviously, running these commands all through TCP session hijacking is inconvenient. What attackers want to achieve is to use the attack to set up a back door, so they can use this back door to conveniently conduct further damages. A typical way to set up back doors is to run a reverse shell from the victim machine to give the attack the shell access to the victim machine. Reverse shell is a shell process running on a remote machine, connecting back to the attacker’s machine. This gives an attacker a convenient way to access a remote machine once it has been compromised. In the following, we will show how we can set up a reverse shell if we can directly run a command on the victim machine (i.e. the server machine). In the TCP session hijacking attack, attackers cannot directly run a command on the victim machine, so their jobs is to run a reverse-shell command through the session hijacking attack. In this task, students need to demonstrate that they can achieve this goal. 

Business Continuity Plan & Disaster Recovery Plan (300 words)

 

Course: Business Control and Disaster Recovery plan:

Note: Please write the paper in favor of Computer science students taking the above course

===================================================

 (300 Words)

Topic: A simulated disaster and comprehensive recovery test may involve many of an organization’s key personnel for several days: is this a reasonable burden to place on a busy, competitive company? How would you argue against the inevitable tendency to shortcut the procedure? 

Note:  Must contain a properly formatted in-text citation and scholarly reference.

And please make sure there is no plagiarism. 

Research Paper on Pharma Startup company

  This is about our Startup company:

Our company name will be PHARMA MAINTAINCE SOFTWARE.

  In the US medical environment communication between doctor, pharmacy, and patients are moving from the paper format to pagers and them to the computers currently they are moving towards the app based communication big company’s like CVS, Walgreens has developed there software and made agreements with medical organizations for transferring data to their own pharma and along with that they have software’s for medical transactions, patients account details and store account manage for online ordering, etc. but when come to individual pharmacy it is really hard to do all this and maintain the software’s and they don’t have any agreement with the hospitals to share the data so our company comes here and lifts the hard part we provide software and maintenance to the individual or chain of pharmacy’s we will be providing software’s from user interface to the pharmacy’s , hospital management, to the patients and provide the data from the hospital to the pharmacy’s and to the patients, security for the transactions and maintain the database ,automatic medicine ordering system .

I want a research paper on the below topic:

Technology resource planning: where are we now and where should we go from here?.

The paper format should be in the below format and paper should be 15 pages:

  

INTRODUCTION (4 pages)

Introduction to the topic

Grab the reader in… This section describes what the researcher will investigate and introduces the significance of the research by describing how the study is new or different from other studies. This section should briefly identify any issues related to the topic that you are specifically focusing on and or innovation in the field. 

Background of the topic 

The background section describes the history of the problem or topic. It provides a summary on the topic. Next, build an argument or justification for the current study by presenting a series of logical arguments, each supported with citations from the literature. 

Relevance to business and technology

It establishes the importance of the topic. It creates reader interest. It focuses the reader’s attention on how the study will add value to the field. Include at least two references from your literature review in this area. Discuss who is affected and who benefits.

Statement of the problem or thesis

This should include a clear statement that the problem exists, evidence that supports the existence of the problem, evidence of an existing trend that has led to the problem. Create a sentence that begins with “The purpose of this study is . . .” Clearly identify the area of conflict, concern, or controversy exist. Include the most relevant reference that supports the claim from the literature.

LITERATURE REVIEW (5 or so…)

Literature on the topic

This area presents the framework for the study. To perform significant research, the learner must first understand the literature related to the research focus. A well-articulated, literature review provides the foundation for your research. A literature review is a synthesis of what has been published on a topic by researchers. Include a total of 5 different pieces of literature in this paper

CONCLUSIONS AND REACTION (4 pages)

Conclusion / Summary / Recommendations

This section should describe what happened because of this research. It also tells the reader what the research implies theoretically, practically for the future. The section provides new insights derived from the research to solve real and significant ethical problems.

This section reminds the reader of the importance of the topic and briefly explains how the study intended to contribute to the body of knowledge on the topic. It informs the reader that conclusions, data, implications, and recommendations will be presented. 

Finally, NO PLAGIARISM Please 

Physical Security: Door and Window Lock Assessment

 Topic: Based on this weeks lectures take an inventory of door and window locks in your living area or place of work to identify areas of concern and improvement. Remember to get permission from security.

Instructions: Please download the Assignment 3 Door and Window Lock Assessment template (MS Word), which is already in APA 7 format, using size 12 Times New Roman font, 1-inch margins, TOC, Headings and Reference page. If you insert images or tables in your report make sure you label them appropriately according to APA. Once completed name your file: YourName_Assignment_3_Door_and _Window_Lock_Assessment.docx and submit to the appropriate assignment folder. Also review any additional files attached for more information.

Technical Writing Project

  Answer the following

  • Find a professional article online written for people in your field. Identify the intended reader and purpose. Write description of the article describing the elements in the article that helped you identify the reader and purpose. Be sure to include the URL of the article.
  • Study your school’s Web site. Imagine you are a potential transfer student looking for a new school. Analyze the usefulness of the information available and how easy it is to locate information about various majors and directions about applying for admission. Identify 2-3 features of the Web site you would change in some way. Support your answer with citations from the text.
  • The following bulletin at a large manufacturing company provides guidelines for the plant security supervisors in assigning duties to the plant security guards at five separate plants. Revise and reorganize to make the bulletin easier to read and more useful to the supervisors. All supervisors must be conscious of the need to reduce costs and properly use available security guards int he most effective manner. Consider staggering the start and quit times to ensure a larger force during the peak demand hours. Every effort should be made to eliminate nonsecurity service functions, such as airport pickup, mail runs, drives to banks, drives to medical centers, parcel pickup. The supervisors should regularly review the schedule to be sure the coverage meets the needs of the plant. Guards assigned to gates should advise the shift supervisors whenever they leave their posts, including for lunch break. Nonsecurity service functions should be contracted out if possible. Drives to banks should be performed by the responsible department, but a department may request a security guard escort. Guards assigned to patrols, shipping and receiving docks, and special surveillance should tell the shift supervisors when they leave their assigned task, even for the lunch break. Supervisors should consider combining spot checks with regular duties of guards. For example, if a guard must open a gate and passes the trash center, the guard can spot check the trash pickup on the way to or from opening the gate. Supervisors must know about outside employment of guards. These outside activities should not adversely affect the security arrangements at the plant. In general, security guards should not also work at racetracks or casinos, or any places associated with gambling. Guards also should not be in partnership with co-workers since that relationship could negatively affect plant security. Supervisors need to check attendance records regularly. Frequent illness may indicate the guard cannot do the physical tasks appropriately. Questionable illness reports should be checked. Guards who operate small businesses may resist the normal rotation because it will interfere with their outside employment. Security requires a 7-day operation.
  • Find a real-world letter, memo, bulletin, pamphlet, or report online. Identify specific style problems. Evaluate the style and clarity of the document, and identify specific areas where revision would help readers. Support you answers with citations from the text. Be sure to include a url to the document you are evaluating.
  • Find a Web site you use frequently and analyze how you use it. How easy is it to find the features you want to see? Has the home page changed since you began using it? Can you recall which features were redesigned? How consistent is the placement of navigation links on the pages you use? How informative are the headings and page titles? Are there any distracting elements? Are the graphics helpful or simply decorative? Are there moving graphics or text? If so, do they enhance the usefulness of the site? Write a memo to your instructor, analyzing the design of the Web site. Support your answers with citations from the text. Be sure to include the url.
  • Find the home pages for the following: a) Ford Motor Company, b) Chrysler, and c) General Motors. Analyze the design features of these home pages in terms of users who are seniors or have problems making precise movements with the mouse. Report your findings to your instructor in a memo.
  • Find a review of a computer product online. Using the information in the review, write a task oriented set of instructions from the review. Be sure to include meaningful tasks and graphics. Use your book as a reference. Be sure to include the URL as a reference.