Graded Assignments The following sections contain student copies of the assignments. These must be distributed to students prior to the due dates for the assignments. Online students will have access to these documents in PDF format, which will be available for downloading at any time during the course. Graded Assignment Requirements The Assignment Requirements documents provided below must be printed and distributed to students for guidance on completing the assignments and submitting them for grading.
Instructors must remind students to retain all handouts and assignment documents issued in every unit, as well as student-prepared documentation and graded deliverables. Some or all of these documents will be used repeatedly across different units. Unit 1 Assignment 1: Developments in Hacking, Cybercrime, and Malware Learning Objectives and Outcomes You will be able to understand the history of hacking and its current state of the art. Assignment Requirements Access the Symantec’s Yearly Internet Security Report from the following link: http://eval. symantec.
com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010. en-us. pdf This particular report provides information on cutting edge and growing threats to Internet security. Using the background provided by the class so far, as well as your own critical thinking skill, you need to write a summary of the top threats described in the whitepaper. Explain why the threats are important issues and how these threats have changed or are changing. Required Resources Access to the Internet Submission Requirements Format: Microsoft Word Font: Arial, Size 10, Double-Space Citation Style: Chicago Manual of Style
Length: 1–2 pages Due By: Unit 2 Self-Assessment Checklist I have identified the major threats and security concepts from the whitepaper. I have explained those threats and their importance. I have explained how threats work in different contexts. Unit 2 Assignment 1: Cryptography Learning Objectives and Outcomes You will become familiar with cryptographic terms and technologies. You will be able to properly identify uses or key technical features of cryptographic tools and algorithms. Assignment Requirements Answer the following questions by filling in the blank using the proper technology or cryptography terms you have learned in class: 1.
_________ type of certificate is used to provide security on Web sites. 2. __________ is the most common public key encryption systems and, in most cases, this relies on manual trust and key distribution. 3. __________ provides authentication or proves integrity of a digital message. 4. ___________ encryption scheme was broken and was replaced with a third round version of itself. 5. _________ is the first algorithm suited to both signing and encryption, and it is now widely used in e-commerce and other public key systems. 6. The entity that issues certificates is a __________.
7. The document to check to verify whether a certificate has been revoked is __________. 8. Each bit of length _______the number of keys. 9. Currently, _______ bit certificates are commonly used for web communications. 10. Triple DES provides ________ bits of security, despite using a 168 bit key. 11. Thawte, Verisign, and Comodo are all examples of _____________. 12. Hiding data in images is an example of ____________. 13. Data Encryption Standard (DES), ROT13, and Enigma are all examples of ______________. 14. A digitally signed email provides _____________. 15.
A digitally encrypted e-mail provides ___________. Required Resources None Submission Requirements Format: Microsoft Word Font: Arial, Size 10, Double-Space Due By: Unit 3 Self-Assessment Checklist I have checked that all answers provided by me are correct to the best of my knowledge. Unit 2 Assignment 2: Vulnerability of a Cryptosystem Learning Objectives and Outcomes You will be able to analyze the risks a vulnerability creates for a given cryptosystem. Assignment Requirements Imagine that you have recently joined a University as a central information security analyst.
On a busy Wednesday morning, your supervisor tells you that a significant vulnerability has been discovered in the University’s cryptosystem. Since this is a serious matter, he wants you to do some research and come up with a list of things that the University should do to handle the situation. When you inquire about the vulnerability, he points to the following URLs: http://www. microsoft. com/technet/security/advisory/961509. mspx http://www. win. tue. nl/hashclash/rogue-ca/ http://www. kb. cert. org/vuls/id/836068 http://www. cisco. com/en/US/products/products_security_response09186a0080a5d24a.
html You are a bit unsure about how your University uses the cryptosystem, so he explains that the University uses Message-Digest algorithm 5 (MD5) in a wide variety of areas. These include hashing to check for file integrity of downloaded files, as well as MD5 hashes that the University provides for its own files that it makes available for download, MD5 based-signing certificates from the University’s internal Certificate Authority. In addition, the University uses a Cisco ASA firewall device which can create and sign digital certificates for users and systems.
These ASAs use MD5 by default, and the University has used the ASAs to create certificates for critical systems in some departments. With these considerations in mind, you are required to submit a report on the threat the University faces and what response it would require from your institution. Briefly explain what the University should do about the vulnerability, and what effect any changes required might have on the institution or its students, employees, graduates, or other populations. The summary should include what the vulnerability is, how dangerous it could be, what are its effects and how it can be countered or remediated.
You should address communication of the issue, such as who would need to be made aware of it and how. Therefore, while writing the summary, consider answering the following questions: What effect does the vulnerability have on the cryptosystem? Is the threat significant? What would an exploit of the cryptosystem mean to your organization? How easy is it to exploit the vulnerability? Does a tool exist to exploit the vulnerability? Is the cryptosystem still usable but with caveats, or should it be replaced? Can your organization easily replace the cryptosystem? Has an exploit been released? What is the likelihood of an exploit?
Would attacks be conducted? What would their result be? How widely used is the system? Would the attacks cause it to be no longer trustworthy? What information is required for a technical audience? What information is required for a nontechnical audience? Required Resources Access to the Internet Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 3 Self-Assessment Checklist I have explained what effect the vulnerability has on the usefulness of the cryptosystem and explained why this is significant.
I have explained the effect of the threat in the context of a higher education institution. Unit 3 Assignment 1: Information Gathering Plan Learning Objectives and Outcomes You will be able to devise a plan to gather information about an organization’s systems and networks. Assignment Requirements Using the high level network diagram of the University’s systems and security infrastructure given in the provided illustration sheet titled “IS4560 Unit 3 Assignment 1: Information Gathering Plan,” create a two-page plan to gather information about the University’s systems. Consider the following questions:
How would you determine the University’s Internet Protocol (IP) address range? What information can you retrieve from the Domain Name System (DNS)? How would you fingerprint the network? What information would you want to gather from systems, and how would you gather it? What role would social engineering play in your information gathering process? What information would be publicly published, and what would be worth gathering? What challenges you might encounter in your scans? What data might be missing, and why? Required Resources Illustration Sheet: IS4560 Unit 3 Assignment 1: Information Gathering Plan
Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 4 Self-Assessment Checklist I have answered all the questions asked in the assignment. I have used the provided Information gathering plan as appropriate to frame my responses. Unit 3 Assignment 2: Data Gathering and Footprinting Protection Plan Learning Objectives and Outcomes You will be able to devise a plan to protect an organization from data gathering and network and system fingerprinting. Assignment Requirements
For this assignment, your reporting manager has asked you to write a plan for the organization that will protect it from data gathering and footprinting. Using the network diagram given in Unit 3 Assignment 1: Information Gathering Plan as a guide to what an attacker might do, prepare a two-page plan to defend the campus network against attempts to gather data about systems and networks. Your plan should not exceed 2 pages. Explain how the data gathering techniques can be prevented by your protection plan. In addition, explain when and how the use of data gathering tools is appropriate or useful for the organization’s security.
Consider the following questions: 1. What information about University systems is sensitive? 2. What data would be useful to aggressors? 3. Of that data, what data can be protected? 4. How can you prevent social engineering? Required Resources Illustration Sheet: IS4560 Unit 3 Assignment 1: Information Gathering Plan Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 4 Self-Assessment Checklist I have used the information gathering plan provided in the class. Unit 4 Assignment 1: Top Ports and Rising Ports Review
Learning Objectives and Outcomes You will be able to analyze new port scanning threats. Assignment Requirements DShield. org provides a listing of ports that are being scanned across a variety of networks and systems. This assignment requires you to list the top three ports of two different categories—top port category and rising port category—and explain why these ports are the top ports. For example: Port 443: This is the secure Hypertext Transfer Protocol Secure (HTTPS) port, and scanning of this may indicate vulnerability in secure Web services. You may search Web sites such as http://www. portsdb. org.
uk/, or other listings of common services for unfamiliar ports. Complete the following steps for this assignment: 1. Visit the DShield. org Web site’s reports page at http://www. dshield. org/reports. html. 2. Review the Top 10 Ports chart on the page. 3. Select the top three ports from the By Targets category. 4. Scroll down and click on Trends button that takes you to another screen. 5. Review the chart displaying Top 10 Rising Ports and select the top three rising ports. 6. List the six ports you selected and explain what services are commonly associated with these ports and the reasons for them being the top most ports in each category.
Required Resources Access to the Internet Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 4 Self-Assessment Checklist I have explained what service is commonly associated with each port identified. I have explained why each port is a likely target. I have explained why the top 10 targeted ports on DShield’s Web site are the top targets. Unit 5 Discussion 1: Web Server Vulnerability Analysis Learning Objectives and Outcomes
You will be able to explain the costs and benefits of doing Web server vulnerability analysis manually and using automated tools. You will become familiar with a variety of common vulnerabilities and common configuration issues. You will be able to use this knowledge to design and recommend secure configurations for Web servers and applications. Assignment Requirements Review the sample Web server scan given in the text sheet entitled “IS4560 Unit 5 Discussion 1: Web Server Vulnerability Analysis” and answer the following questions: What vulnerabilities were found? What risks do they create? How could they be remediated?
What practices should be used to prevent similar vulnerabilities? What protective measures could be used if applications or servers could not be fixed? Participate in this discussion with your classmates to engage in a meaningful debate regarding your choices of practices that could be used to prevent the various vulnerabilities found in the Web server. You must defend your choices with a valid rationale. At the end of the discussion, summarize your learning in a Word document and submit it to your instructor. Required Resources Text Sheet: IS4560 Unit 5 Discussion 1: Web Server Vulnerability Analysis
Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 5 Self-Assessment Checklist I have identified Web application attacks and Web server vulnerabilities. I have shown creativity when reflecting on potential issues. Unit 5 Assignment 1: Web Application Attacks Prevention Learning Objectives and Outcomes You will be able to suggest appropriate defenses against common Web server and application attacks. Assignment Requirements Defense against web attacks is a key element in a security professional’s skill set.
For this assignment, your manager has asked you to review the Aim Higher College’s Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what defenses you would recommend, and why. 1. Aim Higher College has deployed an open source blog package. This package uses a database backend and allows users to create user IDs, sites, and their own content to post it. Recently, the service has had off-campus users who have posted links that appear to be directed towards University resources, but they are getting redirected toward off-campus malware sites.
What would you recommend that the application administrator should do? 2. A developer for Aim Higher College is creating a Web server form for submission of calendar events to the College’s event calendar. What protective measures would you suggest to ensure its security? 3. Database administrators from Aim Higher College’s central Information Technology (IT) group have contacted the security team noting that they are finding odd entries in a Web application’s backend database. Some of the entries appear to be SQL commands such as “UNION” and “JOIN” which cause them to think that an attacker is probing the Web application.
What recommendations would you provide to protect both the application and the back end database? 4. A scan of Aim Higher College’s primary Web server from using a Nikto shows a large number of default configuration files and sample files on many of the older servers. What is wrong with this, and what should be done about it? Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 6 Self-Assessment Checklist I have identified the threat(s). I have chosen the appropriate defenses.
I have given the proper justification as to why I chose these defenses. Unit 6 Assignment 1: Malware Lifecycle Learning Objectives and Outcomes You will understand how to find, interpret, and explain the materials released by major antivirus vendors about new malware threats. You will be able to document the malware lifecycle, and explain the threats that the malware creates both at the current time and how that may change. Assignment Requirements For this assignment, you will review and analyze a recent virus or malware package using materials provided by a major antivirus company.
Visit the McAfee Virus Information Library at http://home. mcafee. com/virusinfo/ and find a Trojan that is on the recently discovered list. To do this: 1. Select a virus from the Recent Threats list at the top of the page. If you are interested in knowing, you can access the most common threats by clicking “Top Viruses”. 2. Review the Overview, Virus Characteristics, and Removal Instructions provided on the virus profile page. Through your analysis and review of the available information, you will understand the typical lifecycle of new malware, and how the threat presented by malware can change over time.
You will gain hands-on analytical experience by providing a digested report to your management about the threat posed by the malware, its capabilities, and its infection methods. Prepare an analysis of the malware that includes: An overview of the malware’s capabilities What threat or threats it presents. A non-technical description of the malware suited to management. Required Resources Access to the Internet Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages
Due By: Unit 6 Self-Assessment Checklist I have prepared an analysis of the malware that includes: An overview of the malware’s capabilities What threat or threats it presents A non-technical description of the malware suited to management Unit 7 Assignment 1: Network Traffic and Exploit Identification Learning Objectives and Outcomes You will be able to identify the common forms of network traffic and basic exploits. You will be able to read captured packets, to determine source, destination, protocol, and the given packet content. Assignment Requirements
Now that you understand the concepts of network traffic and packet capture, this assignment requires you to answer the questions based on packet capture. Refer to the text sheet named “IS4560 Unit 7 Assignment 1: Network Traffic and Exploit Identification” for a detailed description of this assignment. Required Resources Text Sheet: IS4560 Unit 7 Assignment 1: Network Traffic and Exploit Identification Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 7 Self-Assessment Checklist
I have identified the traffic source and destination of packets. I have identified the protocol for each item. I have identified the exploit, attack, or purpose of the connection. Unit 8 Discussion 1: Security Features of Wireless Technologies Learning Objectives and Outcomes You will have a broad understanding of security features of current wireless technologies. Assignment Requirements This discussion focuses on the ability to analyze what security features are necessary, those that are desirable, and those that do not represent useful security. Discuss the Sample topic given below: 802.
11 a/b/g/n–WEP, WPA, WPA2, MAC address filtering, SSID broadcast Bluetooth–pairing codes, encryption Comment on security features, and which are appropriate at home, in the enterprise, and for public access, and why? What dangers do they create? What technological hurdles and requirements do they bring with them? During this discussion you must explain your choices regarding security features. You must defend your choices with valid rationale. Summarize your thoughts in a Word document, and submit it to your instructor. Required Resources None Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space
Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 8 Self-Assessment Checklist I have demonstrated the appropriate knowledge of common wireless technologies. I have analyzed the security technologies appropriately. I have shown creativity when reflecting on the potential issues. Unit 8 Assignment 1: Wireless Exploit Research Learning Objectives and Outcomes You will be able to understand, analyze, and assess common wireless security exploits. You will be able to provide information to your management about wireless exploits in an understandable and approachable manner. Assignment Requirements
For this assignment, you will locate an article on a recent wireless security threat or vulnerability via a Web site, such as http://www. darkreading. com/index. jhtml, the Internet Storm Center (http://isc. sans. edu/index. html), or another major security portal, and will explain what its effects are, how they would affect AIM Higher College, and what response the college should take, if any, to counter the threat. Sample steps: 1. Visit the Darkreading. com Web site and search for “wireless vulnerability” and then select an article that describes a wireless security threat or vulnerability. 2.
Read the article and note any issues that would affect a campus or campus user(s). Next write a plan for your organization to deal with the vulnerability described in the paper. Explain what technologies are involved, what controls should be used or implemented, and explain the considerations that led to your choices. Required Resources Access to the Internet Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 9 Self-Assessment Checklist I have explained the threat created by the wireless technology exploit.
I have provided a description of an appropriate protection or remediation plan for the organization based on the wireless exploit description. I have provided an approachable explanation of the vulnerability or threat. Unit 9 Assignment 1: Gaps in Incident Response Learning Objectives and Outcomes You will learn to critically analyze a sample incident response report. You will be able to provide more complete, well thought out incident reports, and will have a deeper understanding of the issues that can be encountered in the incident response process.
Assignment Requirements You have been working as a technology associate in the information security department at Aim Higher College for two months. An incident report was filed via email with the information security department. Your manager is aware that this report format is missing information and that it could be improved. In addition, departmental Information Technology (IT) staffs who respond to incidents require more familiarity with the incident response process. Your manager asks you to review the form data provided and to suggest improvements and requirements.
You need to assess both the content of the report and the report’s design with the goal of identifying flaws and missing data. Refer to the text sheet named “IS4560 Unit 9 Assignment 1: Gaps in Incident Response” for detailed description of this assignment. Required Resources Text Sheet: IS4560 Unit 9 Assignment 1: Gaps in Incident Response Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 9 Self-Assessment Checklist I have identified and explained the missing elements of the incident response.
Unit 10 Assignment 1: Controls Learning Objectives and Outcomes You will be able to analyze a set of security risks and determine the appropriate physical, technical, and administrative controls to protect against those risks. You will be able to explain why you have selected each control and to describe why your solution is appropriate and complete. You will be able to analyze the need for security controls, identify appropriate controls, and to effectively communicate their control design to management. Assignment Requirements
Aim Higher College has two primary datacenters on campus—the research datacenter and the business datacenter. Due to budget and space limitations, the research datacenter is also used to house the backup systems for the business datacenter, resulting in business data being stored in both locations. The research datacenter is typically left unlocked, as many students and faculty members use it for their work. The network infrastructure is not monitored, and the systems themselves are not required to be secured. Recently, signs of afterhours access have been found in the research datacenter.
Doors have been left open, lights have been on, and logins have been found on research systems. Logs indicate that local logins have been attempted on the business system consoles as well. You have been working as a security analyst in the information security department at Aim Higher College for two months. Your manager asks you to propose a set of controls that will allow the use of the research datacenter for its intended purpose while protecting the business systems that reside there. What controls would you suggest, and why?
Write a brief security plan, labeling the diagram below, and describing what controls you would recommend, and why. Required Resources None Submission Requirements Format: Microsoft Word Font: Arial, Size 12, Double-Space Citation Style: Chicago Manual of Style Length: 1–2 pages Due By: Unit 10 Self-Assessment Checklist I have identified appropriate physical security controls. I have identified administrative security controls. I have identified appropriate technical security controls. Project Threat and Vulnerability Analysis, Incident Response, and Security Design
Purpose This course-long project introduces you to a variety of tasks and skills that are required for entry-level security analysts. You will become familiar with how an attacker would view and attack networks and systems, and you will learn to defend against them. Learning Objectives and Outcomes You will be able to: Analyze port, vulnerability, and other scan data to understand the security risks and threats to an organization, and explain them to management. Use incident response data to explain the attacks and the methods of exploit.
Use a variety of security and incident data to design administrative, physical, and network control plans. Required Source Information and Tools The following tools and resources will be needed to complete this project: Data gathered from labs: You will use data created in the course labs to understand the vulnerabilities, capabilities, and threats that the Aim Higher College faces. You will use this information, as well as your analyses created in the project assignments, to respond to an incident, and to provide a response plan to the incident, in the context of the known vulnerabilities and issues.
Course Textbook Access to the Internet Project Logistics Activity Name Assigned Due % Grade Project Part 1: Current Security Threats Unit 1 Unit 4 3 Project Part 2: Vulnerabilities in Information Technology (IT) Security Unit 4 Unit 5 3 Project Part 3: Investigate Findings on the Malware Unit 6 Unit 7 3 Project Part 4: Analysis of Intrusion Detection System (IDS) Traffic with Inbound Attacks Unit 7 Unit 8 3 Project Part 5: Malware Infection Unit 9 Unit 10 3 Project Part 6: Defense Plan to Prevent Attacks Unit 10 Unit 11 3 Deliverables Overall Scenario
Aim Higher College is a fictitious institution situated in the U. S. The college offers undergraduate and graduate courses in domains, such as business management, information security, and nursing. Imagine that you have got a new job at Aim Higher College as an information security analyst. Throughout this course, you will analyze the threats and vulnerabilities of Aim Higher College and recommend controls to secure the college’s information systems. Project Part 1: Current Security Threats Scenario It is your first day at the job in the information security department, and you are called for a meeting.
In the meeting the need for strengthening the information security for the college is discussed, and everyone agrees that the first step in this direction would be to identify the top three threats that are a potential risk to Aim Higher College. Tasks You have been given the responsibility to determine the top three threats that Aim Higher College faces. You asked your supervisor for support in this task and he gave you the following resources that might be useful in your research and analysis: An article on the Help Net security website: http://www. net-security. org/secworld.
php? id=8709 Common Vulnerabilities and Exposure (CVE) database search: http://cve. mitre. org/find/index. html Security organizations, such as Secunia: http://secunia. com/ Your supervisor has also asked you to consider the following questions as you shortlist the threats: What threats are new this year, and which have become more prevalent? Why are these threats more common, and why are they important? What threats remain constant from year to year? Why? What threats do you believe will become more critical in the next 12 months? Why? How would this list differ for a University?
Would the list change for a government organization or a private company? Has an exploit been released? What is the likelihood of an exploit? Would remote attacks be possible? How easily? How widely used is the software or system? What information is required for a technical audience? What information is required for a non-technical audience? With these considerations in mind, write a summary of the top three threats to Aim Higher College. Briefly explain why you have selected them and what effect they might have on the institution or its students, employees, graduates, or other populations. Deliverables and format:
Submit your answer in a Microsoft Word document in not more than 2 pages. Font: Arial 10 point size Line Spacing: Double Project Part 2: Vulnerabilities in Information Technology (IT) Security Scenario Aim Higher College has been the target of focused attacks from a variety of attackers. Your manager has assigned you the task to review the port and vulnerability scan data recently gathered to determine what ports and services are exposed to attackers, and what vulnerabilities exist on those systems. Tasks Using the data you gathered during the Unit 4 lab, analyze the systems that were scanned.
Write a brief report targeted at Information Technology (IT) management and systems administration staff explaining the vulnerabilities and protection mechanisms that the college should adopt. Your report must answer the following questions: What ports and services of the system were exposed? What vulnerabilities were found? What can be done to protect the system, and what ports and services likely need to remain available? Deliverables and format: Submit your answer in a Microsoft Word document in not more than 2 pages. Font: Arial 10 point size Line Spacing: Double
Project Part 3: Investigate Findings on the Malware Scenario Your manager is particularly concerned about the malware you recently discovered on the campus systems due to the large number of recent attacks. Due to this, s/he has asked you to research the malware and/or Trojans found, their placement and the data included with them, with the goal of understanding their capabilities and the risk they present. Tasks In the lab for Unit 6, you detected and analyzed an infected system. Using that data and what you have learned in class, write a 1-2 page report for the college management.
Include a non-technical overview for the management review with recommendations on actions to be taken by the Information Technology (IT) staff, Information Security analysts, and end users. Explain the role of management, and what communications, technologies, and processes should be created, used, or reviewed. You must write a 1-2 page analysis of the malware and their recommendations for prevention and detection of further infections for Aim Higher College. You should detail the malware and its likely infection methods. Your report must have the following essential elements: Best s