Premium Essay

Nt2580 Unit 1

In: Computers and Technology

Submitted By rocoso878
Words 3379
Pages 14
NT2580-M1 Introduction to Information Security
Unit 1: Information Systems Security Fundamentals
2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm)
Student Name ___________________________________
Lesson Plan
Theory (in class, Lab #2)……………………………..…………………..……...2
Reading

Kim and Solomon, Chapter 1: Information Systems Security.
Objectives……………..………………….……………………………….2

Student Assignments for this Unit
Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap)

Lab #1: Performing Network Reconnaissance using Common Tools
Overview and access vLab..............................................................................................3

Part 1: Exploring the Tools used in the Virtual Lab Environment……………16
Unit 1 Assignment Match Risks/Threats to Solutions

Part 2: Connecting to a Linux Machine …………………. .........................44
Unit 1 Assignment Impact of a Data Classification Standard

Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59

Appendix
A. SYLLABUS………………………………………………..……..………….69
B. Forgot your password?………………………………………………..……..73
Instructor: Yingsang “Louis” HO
Tel: 425-241-8080 (cell), (206) 244-3300 (school)
Email: yho@itt-tech.edu

NT2580_2015_Summer_M1_UNIT1.doc

Page 1 of 76

Unit 1: Information Systems Security Fundamentals
Learning Objective


Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts


Confidentiality, integrity, and availability (CIA) concepts



Layered security solutions implemented for the seven domains of a typical IT infrastructure 

Common threats for each of the seven domains



IT security policy framework



Impact of data classification standard on the seven domains

Reading


Kim and Solomon, Chapter 1: Information Systems Security.

NT2580_2015_Summer_M1_UNIT1.doc…...

Similar Documents

Free Essay

Nt2580 Unit 5 Assignment 1

...It255 Unit5 Assignment TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges to outside users. |...

Words: 258 - Pages: 2

Free Essay

Nt2580 Assignment 1

...NT2580 Network|| NetRange|76.74.255.0 - 76.74.255.127| CIDR|76.74.255.0/25| Name|PEER1--AUTOMATTIC-SERVERBEACH-ACCOUNT--01| Handle|NET-76-74-255-0-1| Parent|PEER1-SERVERBEACH-08A (NET-76-74-248-0-1[->0]) | Net Type|Reassigned| Origin AS|| Organization|Automattic, Inc (AUTOM-93[->1]) | Registration Date|2012-03-26| Last Updated|2012-03-26| Comments|| RESTful Link|http://whois.arin.net/rest/net/NET-76-74-255-0-1| See Also|Related organization's POC records.[->2]| See Also|Related delegations.[->3]| Organization|| Name|Automattic, Inc| Handle|AUTOM-93| Street|60 29th Street #343| City|San Francisco| State/Province|CA| Postal Code|94110| Country|US| Registration Date|2011-10-05| Last Updated|2011-10-05| Comments|| RESTful Link|http://whois.arin.net/rest/org/AUTOM-93| Function|Point of Contact|| NOC|NOC12276-ARIN (NOC12276-ARIN[->4])|| Abuse|NOC12276-ARIN (NOC12276-ARIN[->5])|| Tech|NOC12276-ARIN (NOC12276-ARIN[->6])|| Admin|NOC12276-ARIN (NOC12276-ARIN[->7])|| Point of Contact|| Name|NOC| Handle|NOC12276-ARIN| Company|Automattic| Street|60 29th Street #343| City|San Francisco| State/Province|CA| Postal Code|94110| Country|US| Registration Date|2011-10-04| Last Updated|2012-10-02| Comments|| Phone|+1-877-273-8550 (Office)| Email|ipadmin@automattic.com| RESTful Link|http://whois.arin.net/rest/poc/NOC12276-ARIN| bossip.com registry whois|Updated 1 second ago - Refresh[->8]| Domain Name: BOSSIP.COM Registrar: GODADDY.COM...

Words: 741 - Pages: 3

Premium Essay

Unit 5 Nt2580

...Unit 5 Assignment: Acceptable Use Policy (AUP) Definition The Richman”s Investment Group updated (AUP) Acceptable Use Policy for January 2014 for both acceptable and unacceptable use of the Internet use operated or owned by Richman’s Investment. Any violations in this agreement policy may result in disciplinary and/or legal action. Penalties can range from immediate termination of employment to imprisonment with fines. Internet Usage • Any and all employees of Richman’s Investment are encouraged to use the internet where such use is needed and is in stride to goals and objectives of the business of Richman’s Investments. • The equipment and services belong to Richman’s Investments and there reserve the right to monitor any or all internet traffic including emails and any data sent or received. • Using Richman’s Investment hardware, software and or internet to hack into unauthorized websites is strictly prohibited. • The use of any and all bit torrent software or sites is not allowed on any network, owned or operated by Richman’s Investment do to its high risk of abuse and or misuse. • No viewing or distributing of inappropriate material on the internet owned or operated by Richman’s Investments and will result in termination of employment. • Any and all downloads done off of the internet must be scanned before opening or accessing (NO ACCECPTIONS). • Using Richman’s Investments hardware, software and or internet to form and sort of fraud, and/or software, film or......

Words: 323 - Pages: 2

Premium Essay

Nt2580 Week 1

...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief......

Words: 530 - Pages: 3

Free Essay

Nt2580 Unit 1 Assignment Impact of Data Classicification

...Unit Assignment 2: Impact of a Data Classification The Internal Use Only data classification standard of Richman Investments has many different infrastructures domains that are affected via internal use only data classification. More than all others, the three infrastructures that are affected the most are the User Domain, Workstation Domain and the LAN Domain. The reason why the User Domain infrastructure is one of the most affected infrastructures is because the User Domain infrastructure is the infrastructure that allows users to access the network. This is a problem because many users do not fully understand everything, all the time and thus is bound to make a mistake sooner or later. With so many users on our network, this is probably the most vulnerable domain infrastructures in our network. The Workstation Domain is also another domain infrastructure that has great reason to be affect by internal use only data because this is where the user connects to the our network. The reason that this can cause security threats and other problems is because this domain can be connected via a personal laptop or even a cell phone or other mobile device. The final infrastructure domain that is greatly affected is the LAN domain. The reason that this domain infrastructure is affected by internal use only data is because this domain is the open domain available companywide, to anybody in the building or even near the building via a wireless device. If we watch these specific......

Words: 280 - Pages: 2

Free Essay

Nt2580 Unit 6 Assign 1

...JO STARNES, NT2580, UNIT 2 CALCULATING THE WINDOW OF VULNERABILITY The window of vulnerability is the amount of time the systems defense measures are compromised, minimized, or eliminated. This is when the system is most likely to be at risk, and can be affected by malicious attacks. It is not stated as what day the server software detected the attack on the SMB server. It only states that it was detected the day before. So from day one, these are the steps we will need to take to get the SMB server back up and running properly and safely, as well as the amount of time it will take for us to solve the issue: Day 1 - The software company will release a patch for this attack in three days. Day 4 – We will receive the patch, and we need to install and test the patch, this will take at least five days. Day 9 – After installation and testing is completed; we will send the update to the entire company’s network devices. As soon as all the updates are sent out to all the devices, they will need to be rebooted in order for the patch to take effect. We can send out a message to all devices to insure this happens. This could take a day or two to complete. This could all be completed as early as 10 days if there are no issues during the process, however problems may arise and it could possibly take a day or two more. I hope that this is helpful and we will start immediately on the problem. It is of upmost importance that you have team members monitoring the server at all times......

Words: 310 - Pages: 2

Premium Essay

Nt2580 Project Part 1

...implemented through the seven domain layers of our IT infrastructure. 1. User a. Education – use of strong passwords, locking work stations b. restrict access to critical user files only – principle of least privilege 2. Workstation a. Access control – password protected workstations and auto screen locking b. Antivirus-Strong, automatic programs that scan for threats 3. LAN a. Physical security – All wiring closets and server rooms should be locked b. Set up encryption between workstations and wireless access points. 4. LAN to WAN a. Disable unused ports, ping, and port scanning on exterior devices b. Strict zero-day policy for patching c. Strict security monitoring for intrusion detection Tyler Straub 3 5. WAN a. Use encryption and VPN tunnels to secure sensitive data on the internet b. Use anti-virus to scan all e-mails for malicious attachments 6. Remote access a. Encrypt all portable data devices that connect remotely to secure sensitive data b. Apply stringent password policies so remote devices only connect with authorized and authenticated users. 7. System/Application a. Data backup shall be used with daily, incremental backups and will be kept off site b. A business continuity plan shall be implemented and tested to keep critical services running in the event of a disaster. Tyler Straub 4 Citation Page (1)......

Words: 345 - Pages: 2

Free Essay

Nt2580 Unit 10

...Unit 10: Assignment 1. A company like Microsoft would have to back up everything on the server. Having a full backup is necessary for Microsoft because of the software and tools they provide for computers and for the financial department for payment plans. They would be required to have a full rotation of data. Microsoft would need roughly 15 data sets. They would be required to backup any search history, email history and file history; which will be dependent on the client. The data should be taken offsite on a daily basis. Sometimes, depending on the amount of data being backed up, the data should be taken twice a day for a company so big. If the current set in the server room were to be destroyed, a lot of data would lost (Too much to try and calculate). The most amount of time the server could be down could be at least 24 hours, maybe even longer. The most amount of data that could be saved by paper backup, would be roughly 2%, everything is done electronically now so 2% seems like a fair estimate. To fully restore a server from Microsoft, it could take a few days or a few weeks. Depending on if the company does a Data restore on a daily basis and how much they restore. To test any restore, you would perform a Data Recovery Restore on a daily basis to ensure that the backup restore is functioning properly. The backup media will be tested for corruption. The procedures for testing and verifying the backup media is the same. Do a data restore on a......

Words: 373 - Pages: 2

Premium Essay

Nt2580- Project Part 1

...Project Part 1 Multi-Layered Security Plan Outline The following outline is to document the general security solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month. 1. User Domain a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. ...

Words: 779 - Pages: 4

Premium Essay

Nt2580 Unit 4 Assignment 2

...Dallas Page July 17, 2015 Unit 4 Assignment 2 NT2580 Acceptable Use Policy Definition 1. Overview To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to...

Words: 689 - Pages: 3

Premium Essay

Nt2580 Project Part 1

...1. Network firewall The first line of defense against unwelcomed users would surely be the firewall. At one point, the use of dual firewalls from different vendors was all the rage, but DMZ is more popular today. There are actually a few different types of firewall implementations. For example, consumer-grade routers typically make use of Network Address Translation (NAT), because the identity of hosts is complicated, NAT is often said to offer firewall capabilities. 2. Virtual Private Network Employees who need to access company resources from unsecured locations such as public Wi-Fi hotspots are a mainly exposed group. A VPN channels all network traffic through an encrypted channel back to the trusted corporate network. VPN’s can be complex and is costly to support due to the overheads of authentication, processing and bandwidth. 3. IDS and IPS An intrusion detection system (IDS) is a network-centric strategy that involves monitoring traffic for suspicious activities that may indicate that the corporate network has been compromised. This may require the detection of port scans being created from within the network or excessive attempts to log into a server. The intrusion prevention system (IPS) is usually deployed in-line in order to actively prevent or block intrusions as they are detected. A specific IP address could be automatically blocked. 4. Malware Detection Malware scanning performed on client devices relies on the processing capabilities of individual......

Words: 517 - Pages: 3

Free Essay

Nt2580 Unit 1 Assignment 2

...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system.   * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation......

Words: 508 - Pages: 3

Premium Essay

Unit 5 Nt2580

...Tyler Hopkins 10/14/15 Unit 5 testing and monitoring security controls The Two popular types of security events that might indicate suspicious activity are Authentication Failures, and Unauthorized Access Attempts. Most times you will get this when you have failure due to device denying connection or incorrect password being entered in. Some system administrators set up alerts to let them know when there is an unauthorized access attempt, so that they may investigate the reason. These alerts can help stop hackers from gaining access to a secure or confidential system. Many secure systems may also lock an account that has had too many failed login attempts. When it comes to baseline anomalies that might indicate suspicious activity Network Abuse and Employees are downloading unauthorized material. That is why there are many policies out there to monitor the network abuse and employee abuse of unauthorized material. -Predictable passwords meet minimum length requirements but remain easily guessable. The solution to this problem is simple. You set a guideline for passwords for your employees to make it contain a set number of characters and numbers. And the passwords have to be changed every 30 days. -Sensitive laptop data is unencrypted and susceptible to physical theft. The solution to this problem is to encrypt all files and drives and sensitive info to make sure if it falls into the wrong hands they will not be able to destroy it. -A user made unauthorized use of......

Words: 264 - Pages: 2

Premium Essay

Nt2580 Unit 3 Assignment & Lab

...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must......

Words: 477 - Pages: 2

Free Essay

Nt2580 Unit 1 Assignment 2

...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...

Words: 364 - Pages: 2