Premium Essay

Nt2580 Unit 1

In: Computers and Technology

Submitted By rocoso878
Words 3379
Pages 14
NT2580-M1 Introduction to Information Security
Unit 1: Information Systems Security Fundamentals
2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm)
Student Name ___________________________________
Lesson Plan
Theory (in class, Lab #2)……………………………..…………………..……...2
Reading

Kim and Solomon, Chapter 1: Information Systems Security.
Objectives……………..………………….……………………………….2

Student Assignments for this Unit
Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap)

Lab #1: Performing Network Reconnaissance using Common Tools
Overview and access vLab..............................................................................................3

Part 1: Exploring the Tools used in the Virtual Lab Environment……………16
Unit 1 Assignment Match Risks/Threats to Solutions

Part 2: Connecting to a Linux Machine …………………. .........................44
Unit 1 Assignment Impact of a Data Classification Standard

Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59

Appendix
A. SYLLABUS………………………………………………..……..………….69
B. Forgot your password?………………………………………………..……..73
Instructor: Yingsang “Louis” HO
Tel: 425-241-8080 (cell), (206) 244-3300 (school)
Email: yho@itt-tech.edu

NT2580_2015_Summer_M1_UNIT1.doc

Page 1 of 76

Unit 1: Information Systems Security Fundamentals
Learning Objective


Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts


Confidentiality, integrity, and availability (CIA) concepts



Layered security solutions implemented for the seven domains of a typical IT infrastructure 

Common threats for each of the seven domains



IT security policy framework



Impact of data classification standard on the seven domains

Reading


Kim and Solomon, Chapter 1: Information Systems Security.

NT2580_2015_Summer_M1_UNIT1.doc...

Similar Documents

Free Essay

Nt2580 Unit 9 Assignment 1

...What are the phases of a computer attack? Phase I: Reconnaissance Probing During the first phase of a computer attack, the attacker will gather as much information as he can to identify the weakest points of entry on a network. It is important that he collects as much information as he can because this will determine how successful the attack will be. An attacker uses various tools found on the internet designed to exploit various targets. He will use those tools accordingly. Some of the tools are: -DNS and ICMP tools within the TCP/IP protocol suite -Standard and customized SNMP tools -Port scanners and port mappers -Security probes Attackers will use these tools to view detailed information about the network. By knowing a specific domain name, an attacker can easily find registered addresses, server names, and domain names via ICMP and WHOIS. Reverse DNS lookup and nslookup also provide searches for DNS information. Phase II: Access and Privilege Escalation Once the attacker has gathered the information they need to facilitate the attack he must make the connection or access the targeted system and gain administrative access. This can be done via secondary remote gateways and/or unattended modem boxes on the outside of an organizations building. An......

Words: 346 - Pages: 2

Free Essay

Nt2580 Unit 1 Assignment Impact of Data Classicification

...Unit Assignment 2: Impact of a Data Classification The Internal Use Only data classification standard of Richman Investments has many different infrastructures domains that are affected via internal use only data classification. More than all others, the three infrastructures that are affected the most are the User Domain, Workstation Domain and the LAN Domain. The reason why the User Domain infrastructure is one of the most affected infrastructures is because the User Domain infrastructure is the infrastructure that allows users to access the network. This is a problem because many users do not fully understand everything, all the time and thus is bound to make a mistake sooner or later. With so many users on our network, this is probably the most vulnerable domain infrastructures in our network. The Workstation Domain is also another domain infrastructure that has great reason to be affect by internal use only data because this is where the user connects to the our network. The reason that this can cause security threats and other problems is because this domain can be connected via a personal laptop or even a cell phone or other mobile device. The final infrastructure domain that is greatly affected is the LAN domain. The reason that this domain infrastructure is affected by internal use only data is because this domain is the open domain available companywide, to anybody in the building or even near the building via a wireless device....

Words: 280 - Pages: 2

Free Essay

Nt2580 Unit 1 Assignment: Internal Use Only Policy

...Charles Elliot 6/20/15 To: Richman Investments Employees. Subject: Internal Use Only Policy This report is to inform all members of Richman investments of their Internal Use Only policy. We will be discussing what this policy means, its effect on running day to day tasks on the network, and what protocols we are to follow when under the enforcement of this policy. Internal use only simply means that the data stays on site, or that an organization shares the information internally. And while the information may or may not be of a sensitive nature, there will be no exchange of data or communication of any kind outside of the organization. Any person(s) who wish to gain access to any information within Richman Investments infrastructure must authenticate themselves by logging on to their User profile and entering their password. All Users must agree and adhere to the AUP-Acceptable Use Policy. The AUP is a policy that states what a user can or cannot do with information from Richman Investments. Failure to adhere to the AUP will result in disciplinary actions both in their profession as well as legal disciplinary actions. The workstation is where the User connects to the infrastructure. There are no personal or recording devices or removable media of any kind allowed at the workstation. Richman Investments will provide and devices and removable media themselves, also these devices are never to leave the premises. The infrastructure administrators will determine which......

Words: 317 - Pages: 2

Premium Essay

Random

...Lab itt edition nt2580 answers - 1 ebooks - free download www.getbookee.org/lab-itt-edition-nt2580-answers/ Jan 30, 2013 – Lab itt edition nt2580 answers download on GetBookee.org free...

Words: 435 - Pages: 2

Premium Essay

Nt2580

...VPN access control model for a large scale company. * This policy will support remote access control for systems, applications, and data access. Remote access Defined Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings. The following diagram shows the VPN server that provides remote access VPN connections. Domain/Network Config: For each employee that is allowed VPN access: * The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy. * The user account is added to the VPN_Users group in Active Directory. To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS): * Policy name: Remote Access VPN Clients * Conditions: * NAS Port Type is set to Virtual (VPN) * Windows Groups is set to VPN_Users * Calling Station ID is set to 207.209.68.1 * Permission is set to Grant access. NPS policy settings: * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2 Access control model/ policy: This model would support Role based access controls and allow mandatory access control to......

Words: 339 - Pages: 2

Premium Essay

Test

...This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210 Structure and Introduction to  ComputerLogic Networking    IS3120 IS3110 NT1210 Network  Risk Management in Introduction to General Education / General Studies NT2580 NT2799 Communications Information Technology Introduction to Information Security NSANetworking Capstone Project IS4550 NT2640 Security Policies and Implementation IP NT2640 Networking IP Networking PT2520...

Words: 2305 - Pages: 10

Premium Essay

Nt2580 Week 1

...Refer to Project Part 1. Multi-Layered Security Plan in the Project section of this instructor guide. Assign the Project Part 1 to students and inform them that they need to submit it by the beginning of Unit 2. In this assignment, students need to research the...

Words: 530 - Pages: 3

Premium Essay

Information Security Project 1

...Project: Information Security Project 1 Name: Ashiqul Abir Class: NT2580 Date: 02/28/2013 Information security best practice project: The information security best project was housed within the Oxford University computer emergency response team. The project sought build on the knowledge, commentary and information gathered during the 2009 self-assessment exercise. One of the main objectives of the project was to develop an information security toolkit, which includes the policies, guidelines, documentation and education and awareness programmers. Information security: In a devolved environment, such as a collegiate university, it is imperative that policy should not go into retail about how those objectives should be met. It also defines the scope of the policy and identifies roles and responsibilities for security. Information security toolkit: The example polies can be tailored to suit the individual needs of your department, college or hall. The toolkit focuses on some areas like, IT management Operations Network Management Physical Security Building on the 2009 self-Assessment: The 2009 Self-Assessment exercise asked unit within the collegiate university to assess their current approach to IT operations, management and security against recommended best practice guidelines....

Words: 280 - Pages: 2

Free Essay

Nt2680 Unit 1 Assignment 2

...Dallas Benning NT2580 Unit 1 Assignment 2: Impact of a Data Classification Standard The “Internal Use Only” data classification standards will affect the user domain, the work station domain and the LAN domain. These three domains are the most basic infrastructure domains and the will cover all users in the company. The classification will cover the company telephone directory, employee training materials and internal policy manuals. The User Domain explains the people who have access to the company’s information. This domains will contain all of the user’s information and will enforce the policies that control what information each user is allowed to access. This domain can also be the greatest weakness in a system and needs to be carefully monitored. The Workstation domain is where users are verified and accounts are set up. They will need to have a user name and password assigned to them by the IT department before they can access any systems or data. Also, no personal devices or any forms of removable media will be allow on the network. There will also be policies in place to ensure that each employee only has access to the information that they need to perform their jobs. The LAN domain includes all physical elements of the LAN network. There must be strong security for this domain because it is the entry point to any WAN networks and makes accessing workstations far easier....

Words: 290 - Pages: 2

Premium Essay

Nt2580 Unit 3 Assignment & Lab

...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers....

Words: 477 - Pages: 2

Free Essay

Microsoft Remote Desktop Gateway (Rdg)

...3Mokihana Sabang NT2580 Unit 3 10/11/12 Wallace Dear Richman Investments, I am happy to hear that you are looking to expand your company and are currently looking for a remote access policy. One, I think giving your employees the ability to use their company computers from home and when traveling for the business is a great opportunity, I also believe it can be a high risk with nothing in place of security. I purpose that all computers in which has been provided by the company use RDG. Microsoft Remote Desktop Gateway (RDG) * Allows you to log in to your ETSU computer from off-campus * Requires no software installation * Presents a lower security risk * Does not expire (subject to periodic review) With that said there will be rules set for all employees’ in which RDG is to use. 1) All employees will sign a RDG agreement. 2) All employees who will be given a company computer will need to get permission from Vice president. 3) When connect to the company internet/server you must make sure no one else will be on your network. 4) Computers must be up to date with anti-virus and any recommended software. 5) 30 minutes of inactivity, computer will automatically disconnect from the network. 6) Only the Headquarters VP, Presidents, and IT will be able to access any other sites on the network. *(not vice versa) I want to thank you for giving me the opportunity to help you with getting this setup for your company....

Words: 263 - Pages: 2

Free Essay

Access Controls

...NT2580 Unit 3 Access Controls 1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Administrative and Logical/technical would be recommended for this company. They would only require a basic yet secure system for their small network. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smartphones. Administrative and Logical/technical is recommended for this company. Being a small company, basic things are needed. With the network secured with strong passwords and the communication on smartphones, this is all they need. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. Administrative, Logical/technical, Hardware and Software are recommended for this company. With the size of the company, they need many rules set to maintain security. With communication through email and extensive travel, they also need to be secured. Traveling is a risk because they might leave sensitive things behind, security ensures nothing is revealed. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. Software and physical are recommended for this company....

Words: 335 - Pages: 2

Premium Essay

Nt1230 Syllabus

...1st QTR GS1140 NT1110 GS1145 Problem Solving Theory Computer Structure and Logic Strategies for the Technical Professional 2nd QTR NT1210 Introduction to Networking NT1230 Client-Server Networking I MA1210 College Mathematics I 3rd QTR NT1310 NT1330 MA1310 4th QTR PT1420 NT1430 EN1320 5th QTR PT2520 NT2580 EN1420 6th QTR NT2640 NT2670 CO2520 7th QTR NT2799 SP2750 Physical Networking Client-Server Networking II College Mathematics II Introduction to Programming Linux Networking Composition I Database Concepts Introduction to Information Security Composition II IP Networking Email and Web Services Communications Network Systems Administration Capstone Project Group Theory The follow diagram indicates how this course relates to other courses in the NSA program: 1 Date: 8/31/2012 Client-Server Networking I Syllabus NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420...

Words: 1834 - Pages: 8

Free Essay

Internal Data Protocol

...Mandie Brayley NT2580 – Intro to Info Sec Unit 1 Assignment 2: Impact of a Data Classification Standard When you hear Internal Use Only, the first thing that seems to pop into your head would be that any data transferred has to stay inside wherever the domains are. While there are seven IT infrastructure domains, there are only three that are actually affected by the “Internal Use Only” data standard. These domains are the user domain, workstation domain and the LAN domain. As with all infrastructures these domains have their own tasks and responsibilities. The user domain is the first layer of the IT infrastructure defense system. This domain is used to access systems, applications, data and more. You will also find the AUP or Acceptable Use Policy here. The AUP is a policy tells the user what they are and are not allowed to do with any organization-owned IT equipment. This domain is affected by the Internal Use Only standard because it is the first partition of the IT Infrastructure. After the user domain, we have the workstation domain. This domain is used to configure hardware and hardening systems. Hardening systems is the process of ensuring that controls are in place to handle any known threats. This process is done by ensuring that the infrastructure has all the latest software revisions, security patches, and systems configurations. But these aren’t the only things that go on in the domain, this is also where the antivirus files are verified....

Words: 453 - Pages: 2

Free Essay

Unit 3

...Class NT2580 Introduction to Information Security Unit 3 Discussion 1 1. For this company I would say that the 12 computers that they have should have passwords on all the computers. The reason why I say this is because they only people who should have access to these computers are they people who have the password or know the password. That is why this is the best protection for this construction company. This construction company will have a role-based access controls. This means with the uses that they have on site will have special groups based on the access they require for the company. 2. For this company since they all contact one another with smart phones and have 12 computers each and every one of these users should have an identification number as in a pin for each and every one of them that way they can all be able to be identified. On this company they are required to have a rule-based access controls. The reason why I require this for this company is cause each user is going to have access to a phone and computer which requires each and every one of them to have a pin in order for them to access their devices. That is why this access control is so important on these devices cause if they don’t know there pin then they will not be able to gain access. 3. For this company I would recommend that they use fingerprint technology for all these servers and employes....

Words: 624 - Pages: 3