This section introduces you to basic security concepts, including authentication, authorization, accounting, and encryption. After finishing this section, you should be able to:
Describe
the most common authentication types and when to use them.
Explain
the purpose of multifactor authentication.
Describe
various models for creating and maintaining access control lists.
Explain
why access control frameworks need to keep track of who gains access to the system.
Type 1 Authentication A type of authentication that requires the user to provide something that they know, such as a password or PIN.
Type 2 Authentication A type of authentication that requires the user to provide something that they have, such as a key, fob, electronic chip, or smart card.
Type 3 Authentication A type of authentication that requires the user to provide something that they are, such as a fingerprint, handprint, retinal pattern, face, or voice.
Multifactor Authentication Authentication that requires two or more evidences of authentication, usually of different types.
Single Sign-on A method of authenticating with one system to gain access to other related systems.
Discretionary Access Control (DAC) A type of access control where a user has complete control over a resource, and also determines the permissions other users have to those resources.
Role-based Access Control (RBAC) A type of access control that restricts access based on the user’s role in an organization.
Mandatory Access Control (MAC) A type of access control that historically was associated with multilevel security and military systems and may use a security clearance to restrict access to resources. The security manager controls the security policy, and users aren’t able to override the policy.
Accounting The process of keeping track of user activity while attached to a system.
Logging The capturing and storing of computer and user events.
Non-repudiation The ability to ensure that someone can’t deny that they performed a certain act.
Caesar Cipher An early example of encryption used by Julius Caesar to send confidential military messages.
Data at Rest Data in a persistent storage medium, such as a hard drive or optical disc.
Data in Transit Data that are being transported from one device to another, whether by radio, electrical, or light signals.
Topics Discussed:
What
are the most common and the most secure ways to authenticate a person to a
computer or a network?
How
do information systems assign access control permissions to particular users?
When
is it important to use different types of data encryption?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.4: Security Concepts, and achieve a score of 80% or higher on the 15 question Exam to complete the Section.
Assigned: January 16th, 2020 Teacher Pacing Due Date: January 17th, 2020
This section introduces you to the most common threats to data confidentiality, integrity, and availability. After finishing this section, you should be able to :
Describe the most common threats to data confidentiality.
Describe the most common threats to data integrity.
Describe the most common threats to data availability.
Identify common social engineering techniques used by hackers to gain access to online data.
Evaluate email messages to determine if they represent a possible social engineering attack
Snooping Attempting to secretively discover private information about a person, company, or other entity.
Wiretapping A form of eavesdropping that uses programs such as packet sniffers to capture data being transmitted over a network.
Social Engineering The use of deception to gain personal and/or private information for unlawful purposes.
Reconnaissance The passive gathering of information about a potential victim.
Pretexting Tricking a victim into revealing sensitive information under false pretenses.
Email Attack Exploiting a victim using email messages.
Browser Attack Convincing a victim that they are performing a legitimate task within their web browser window when, in fact, they are being tricked into revealing sensitive information or installing malware on their computer.
Man-in-the-Middle Attack An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
Replay Attack An attempt to connect to a server by capturing and resending authentication information.
Impersonation TCP session hacking and other methods where an attacker takes over the communication to a server by appearing to be the victim.
Denial of Service An attack that attempts to overload a system so that the services it provides are no longer available to legitimate network clients.
Topics Discussed:
How
can businesses and individuals protect confidential information?
What
are some of the most common ways hackers gain unauthorized access to online
data?
What
are the biggest threats to business data availability?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.3: Threats to Data, and achieve a score of 80% or higher on the 15 question Exam to complete the Section.
Assigned: January 14th, 2020 Teacher Pacing Due Date: January 15th, 2020
This section introduces you to data and information assets, intellectual property laws, and digital privacy. After finishing this section, you should be able to:
Describe the relationship between data and information assets.
Identify the basic steps in the data analytics process.
Describe the implications of copyright and intellectual property laws for Internet use.
Explain how much privacy you can expect when using the Internet for social networking, file sharing, and financial transactions.
Explain how much privacy you can expect when using computers at work.
Data Analytics The process of turning data points into useful information.
Copyright Protections granted by the federal government to creators, writers, and inventors regarding rights to reproduce, display, make derivatives of, sell, rent, or lend a work.
Intellectual Property Anything that is owned by a copyright holder.
Piracy The crime of using someone else’s intellectual property in a way that should be reserved for the copyright holder.
Fair Use An exception to copyright law that allows short excerpts of a copyrighted work to be used for purposes that benefit the public.
Public Domain Works whose copyrights have expired and are free for anyone to reproduce, display, and make derivatives.
Proprietary Software Any software where the publisher retains intellectual property rights to the source code.
Open-source Software Software where anyone can inspect, enhance, and modify the source code.
Patent A license given by a government that provides inventors a temporary monopoly on their invention.
Trademark Any word, picture, or symbol that’s used to distinguish a good from other similar goods.
Privacy Expectation A reasonable belief that personal information collected by an information system is controlled and protected, not shared or used beyond its original intent.
Topics Discussed:
How do businesses use data to make informed decisions and to use their resources more efficiently?
How can I protect my intellectual property? How can I protect the intellectual property of others?
How much privacy do you personally expect when using the Internet?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.2: Data, and achieve a score of 80% or higher on the 10 question Exam to complete the Section.
Assigned: January 8th, 2020 Teacher Pacing Due Date: January 9th, 2020
Information System A combination of technology, people, and procedures used to organize, analyze, and store data.
Information System Types The various forms of information systems including transaction processing, management, and expert systems.
Systems Analysis and Design The study and design of a system, accomplished by examining its components and their interactions.
System Development Life Cycle (SDLC) A methodology or framework that defines steps and tasks for developing and maintaining information systems.
Waterfall Model A development model that breaks down project activities into a series of sequential or linear phases, each phase depending on the deliverables from the previous phase.
Iterative Design A development model that involves designing, implementing, and testing smaller pieces of the overall project, then cycling back and doing more analysis and design.
Planning Phase The SDLC phase that involves gathering information about the technology and software needs of an organization, deciding which options are most feasible, and setting timelines and deliverables for the entire project.
Analysis Phase The SDLC phase that involves studying existing information systems that are already in place and the requirements for new information systems.
Design Phase The SDLC phase that involves reviewing the system requirements document from the analysis phase and producing detailed specifications that cover all aspects of the system.
Implementation Phase The SDLC phase that involves purchasing and installing new hardware and software, integrating the various system components, and testing the operation of the new system.
Maintenance Phase The SDLC phase that involves monitoring and evaluating the new information system.
Project Management The practice of initiating, planning, executing, controlling, and closing the work of a team to achieve specific goals and meet specific success criteria at the specified time.
Systems Integration An activity that involves integrating various computing systems and software applications to function together as a whole.
Agile Methodologies A project management process that divides a large or complex project into smaller, more manageable projects that can be completed as part of an incremental or iterative process.
Needs Assessment A systematic process for determining and addressing needs, or “gaps” between current conditions, and desired conditions, or “wants”.
Risk Management The identification, evaluation, and prioritization of risks followed by activities that minimize, monitor, and control the impact of the risk.
Topics Discussed:
How do technology, people, and procedures work together in an information system?
What are some principles of effective systems analysis and design?
What role does project management play in the design and implementation of information systems
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.1: Information Systems, and achieve a score of 80% or higher on the 8 question Exam to complete the Section.
Assigned: January 6th, 2020 Teacher Pacing Due Date: January 8th, 2020
Capture packets on your eth0 interface for a period of five minutes. Visit https://netop.mistermarmolejo.com to get some http traffic going during the packet capture.
Save the packet capture as a .pcapng file with today’s date, and upload it to today’s assignment post on Google Classroom to complete the activity by end of day tomorrow.
Continue working with Wireshark. This powerful packet collection and analysis tool is free to download and is pre-installed in the Kali Linux distribution.
Watch Professor Messer’s Using Protocol Analyzers video to get a more in-depth introduction to the features of Wireshark.
Note: Our Virtualbox installs of Kali use emulated network interfaces, which means that our wireless interface will not work like the one Professor Messer demonstrates in his video.
Wireshark will, however, be able to analyze the packets being sent over the emulated hard-line network interface. Try running a packet capture on your en0 network interface and see what you can see! Run a packet capture, then visit a few websites, then filter the port 80 traffic to get an idea of what kind of information can be gathered by an analysis of the packets. We will discuss the results tomorrow.
Assigned: March 6th, 2019 Teacher Pacing Due Date: March 7th, 2019
Today we will start working with Wireshark – a powerful packet collection and analysis tool that is free to download and pre-installed in the Kali Linux distribution.
We will be using this and other videos to gain a familiarity with the Wireshark environment, and look at the methods and construction of network packets, so we can begin to develop “the eye” for packet formation and transmission anomalies.
Assigned: March 5th, 2019 Teacher Pacing Due Date: March 6th, 2019
Students will continue preparing for proficiency in cyber security by demonstrating their understanding of Router configuration basics with a brief quiz.
Use the completed dual-router network set up in the front of the room as your reference point. You may access any settings on the routers, but please do not change any settings.
For extra credit, tell me what the two key elements were that allowed the network to meet the required parameters:
Dual Routers, both serving routing functions.
Two subnets, each serving 24 hosts.
Router 2 receives Internet from Router 1
Complete the quiz by end of day today, and good luck!
Assigned: March 5th, 2019 Teacher Pacing Due Date: March 5th, 2019
Professor Messer’s Network+ Training Videos Section 1.3 – Routing and Switching
Topics Discussed:
Network Basics
OSI Model
TCP/IP Model
Network Addressing
Routing
Switching
Flooding
Routing Table
Routing Protocols
Assignment:
Today, 5th hour NetOp will take their turn in using the concepts discussed in the last couple of weeks by configuring our own routers. The class will be divided into two teams, each of which will be assigned a router, a 24-port switch, and a workstation, and a communal collection of network and power cabling.
Both teams will be tasked with configuring their router to form two interconnected subnetworks, each supporting 24 hosts. Team 1’s network will be supplied Internet access from the school’s gateway. Team 2’s subnetwork will be required to receive Internet access from its connection with Team 1’s router.
Each team will have to work together to correctly configure its router, but both teams will have to work together to form the links between the two networks.
Use all the materials we have studied and the links I have provided above to set up and configure the network to the required specifications by end of day on Friday, February 22nd!
All team members will be expected to participate, and pay close attention to the router configuration, as there will be a quiz on the details of the finished router configuration next week (i.e. Network Name, First Useable IP, Last Useable IP, Subnet Mask and Broadcast Address).
Assigned: February 21st, 2019 Teacher Pacing Due Date: February 25th, 2019
Students will continue preparing for proficiency in cyber security by demonstrating their understanding of Router configuration basics with a brief quiz.
Use the completed dual-router network set up in the front of the room as your reference point. You may access any settings on the routers, but please do not change any settings.
For extra credit, tell me what’s wrong with the network configuration, and how it failed to meet the required parameters:
Dual Routers, both serving routing functions.
Two subnets, each serving 24 hosts.
Router 2 receives Internet from Router 1
Complete the quiz by end of day today, and good luck!
Assigned: February 19th, 2019 Teacher Pacing Due Date: February 19th, 2019
