consider your organization or another organization that has been affected by a cyber-attack. Briefly describe the organization, and then answer the following questions:
What type of cyber-attack occurred?
How did the organization respond to the attack?
What were the impacts (or potential impacts) to the business?
What were the costs associated with the attack? If you do not have actual numbers, what types of costs were likely involved?
What did the organization do to mitigate the risk of future attacks? Did the organization change its processes or procedures?
As a business manager, what are some additional recommendations you would make to the organization, from a business perspective, to better defend itself in the future? What steps can the business take to better support the IT (information technology) department’s security efforts? Explain.
We can write this or a similar paper for you! Simply fill the order form!
Update your portfolios from Phase 4 using feedback from faculty.
Part 2 Tasks (Objective from Week 5):
Append to this portfolio 1 last project that includes the design of an artificial intelligence agent. Specifically, your company has asked your team to design an app that will complete a Sudoku game, given any starting state of the game. See this Web site for the rules.
Part 2a: State Space
Describe how you plan to search for the Sudoku solution given a starting state.
Clearly define your state space here: What does a vertex in your state traversal tree represent?
Part 2b: Traversal Time Complexity
Assuming you were to naively traverse your state space, what is the upperbound time complexity (in terms of Big-O) of a brute force searching algorithm?
Present this result in terms of n and p where nxn is the size of the Sudoku board and p is the number of possible numbers (1–9) permitted in a square.
Part 2c: Heuristic Search
What type of heuristic search would you employ to search this state space in hopes to reduce the search time?
Think about the problem and how you might search this state-space tree.
Part 2d: Pseudocode
Create pseudocode that finds the solution to a Sudoku game using a brute force search or using your heuristic discussed above.
To simplify this task, assume that you have standard data structures available to you, such as stacks and queues.
Three Main Types of Cryptographic Algorithms There are three main types of cryptographic algorithms: (1) secret key, (2) public key, and (3) hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied (For example SSL uses 3DES or DES) for message encryption. Use your own words. When you pick an algorithm, try not to repeat. Be sure to reference your sources.
Three Main Types of Cryptographic Algorithms
There are three main types of cryptographic algorithms: (1) secret key, (2) public key, and (3) hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied (For example SSL uses 3DES or DES) for message encryption. Use your own words. When you pick an algorithm, try not to repeat. Be sure to reference your sources.
Three Main Types of Cryptographic Algorithms Readings
Kessler, G. (2018). Overview of Cryptography (This is the main resource we will use in this session. This is a readable introduction to a hard subject, Cryptography, that provides a formal basis for computer and information security.)
Sidikin, M.A.S. & Rini Wisnu, W. (2016). Implementation of RSA 2048-bit and AES 256-bit with Digital Signature for Secure Electronic Health Record Application. Commit Journal, Vol 10, Iss 2, Pp 63-69 (2016), (2), 63.
Three Main Types of Cryptographic Algorithms Session Notes
We will focus on some of the terms and concepts behind basic cryptographic methods in use today. History of cryptography or pre-computerized crypto schemes is not of focus.
In cryptography, there are basically three types of algorithms or techniques:
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
Public Key Cryptography (PKC): Uses one key for encryption and another for decryption (They are mathematically related; however, one cannot infer one key, specifically the private key knowing the other, the public key.)
Hash Functions: Uses a one-way mathematical transformation that is hard to reverse.
The secret key cryptography is typically used for message confidentiality (because it is faster than public key cryptography), hashing is used for message integrity, and public key cryptography is employed for verifying the authenticity of the sender of a message and for exchanging the key used in secret key cryptography. See Section 3.4 of Kessler.
Symmetric Key Algorithms
In Symmetric Key cryptography, there are two major types: (1) block encryption, and (2) stream encryption.
Block Encryption
In block encryption, there are two well-known techniques or algorithms, DES and AES. The Data Encryption Standard (DES) algorithm was developed in the 1970s at the U.S. National Bureau of Standards (NBS, known at the National Institute of Standards and Technology (NIST) since 1988). DES essentially employs two techniques, substitution and transposition (permutation), and the whole process is repeated sixteen times. Substitution and permutation aim to increase confusion and diffusion, respectively. The NIST SP800-175b publication provides a thorough application of cryptographic mechanisms.
DES uses a 56-bit key, so there are 256 = 7.2 x 1016 possible keys. A cryptanalyst, using a brute-force approach to crack a DES cryptogram, might try looping through all possible keys. In the 1970s, 7.2 x 1016 possible keys was a good deterrent, given the computing power available in those days. The 56-bit key based encryption can easily be broken by brute force by today’s computers.
Recognizing the vulnerability of DES, one might expect that DES might be made uncrackable by running DES-encrypted ciphertext through the DES algorithm a second time, to square the complexity. As it turns out, this strategy only doubles the complexity, making the key length effectively 57 bits rather than 56. A triple-DES (3DES) algorithm has been developed that provides an effective 112-bit key length, which is roughly 5.2 x 1033 possible keys, affording plenty of protection for known attacks. Variations of 3DES are defined that involve the use of one, two, or three independent keys. 3DES is unfortunately very slow.
Advanced Encryption Standard (AES), the Rijndael algorithm is capable of 256-bit (or more) keys. It has many of the attributes of the “perfect” cipher in that it is an open design, yet maximizes the entropy of a coded message. Entropy, as defined by Shannon, the father of modern information theory, gives an indication of the randomness of a message or a data set. The more entropy or unpredictability of a message is, the harder it is to decipher or break it. AES is also computationally more efficient than 3DES.
Stream Cipher
Stream ciphers employ the XOR logical function for both encryption-decryption using a key stream. They take advantage of the fact that:
X (XOR) Y (XOR) Y = X. (X is the message and Y is the key.)
RC4 is perhaps the most used stream cipher including in products supporting Secure Socket (SSL) and Secure Electronic Transaction. RC 4 is a variable length cipher.
Public-Key Cryptography
Symmetric-key algorithms offer an advantage in terms of encryption and decryption speed, they, however, suffers from two key management issues. They require a large number of keys, O (n**2) to be precise, where n is the number of communicating parties. (This entire means is that the number of keys grows as a squared function of n). They also depend on a reliable mechanism (outside the symmetric-key encryption mechanism) to distribute keys. Consequently, there was a push to develop new algorithms to address the problem of key distribution, leading to the novel idea of asymmetric cryptosystems that would use one (public) key to encrypt a message, and another (private) key to decrypt it. Public key mechanisms require only O(n) keys, n private and n public keys, to be exact.
Asymmetric-key (public-key) algorithms are usually implemented with a mathematical trapdoor function: A trapdoor function is a function that is easy to compute in one direction, and difficult to compute in the opposite direction (it’s inverse). For example, calculating the 7th root of 62,748,517 is much more difficult than calculating 137.
Rivest-Shamir-Adelman Encryption (RSA)
The RSA algorithm (named after its inventors, R.L. Rivest, A. Shamir, and L. Adleman of MIT) is perhaps the most well-known public key crypto algorithm. It was published in 1978.
Some key features of the RSA algorithm are:
It is a public key cipher, that is, a public key is used to encrypt a message M.
The encrypted message of M can only be decrypted using the private key that is paired with the public key that was used to encrypt the message.
It is a block code, i.e., the plaintext is encrypted in blocks.
RSA works by using the product of two large prime numbers as a trapdoor function. To break an RSA cipher, therefore, involves factoring very large numbers. Obviously, the security of RSA increases as the value of the product gets larger. It’s been estimated that it would cost about $15M to build a device to crack 1024-bit RSA keys.
The RSA algorithm can be used both for message confidentiality and message authenticity. For confidentiality, the sender encrypts a message with the receiver’s public key. Since only the receiver has the receiver’s private key, he (the receiver) and he alone can decrypt the message. If a sender were to encrypt a message with his own private key, anyone who has the sender’s public key can decrypt the message. But, since only the sender has the sender’s private key, only the sender could have sent the message, hence proving the authenticity of the message, i.e., the message was sent by the sender. One can easily combine both to achieve both confidentiality and authenticity for a message. In fact, these two can be combined with a feature for message integrity. With a digital signature, one achieves message integrity and sender’s authenticity.
Diffie-Hellman
It should be emphasized that the Diffie-Hellman algorithm is not directly used to encrypt messages; rather, it is a key distribution mechanism. Its particular strength is that it can be used to establish a secret key between two parties over a completely public channel, such as the newspaper or the Internet.
One problem with the Diffie-Hellman algorithm is that it is subject to man-in-the-middle attacks. This is because the Diffie-Hellman algorithm does not authenticate the two parties.
Public Key Certificate and Certificate Authorities
In public key cryptography, how do you trust a public key? How does a recipient determine if a public key really belongs to the sender and is being used for a legitimate purpose? Public-key certificates address this issue. A certificate (by a trusted third party) in essence attests that a public key is legitimate. See Section 4.3 of Kessler.
Hash Function
A hash function is (in principle) is also trapdoor function, since an ideal hash function will have no inverse solution. So, given a hash value, it is it impossible for either the contents or length of the plaintext to be recovered. Another property of hash functions used in cryptography is that it is computationally infeasible to find another plaintext that hashes to the same value. In other words, any change to plaintext by an interceptor will produce a different hash. As such, hash functions play an important role in message integrity.
Three Main Types of Cryptographic Algorithms Digital Signature
With a digital signature, one achieves message integrity and sender’s authenticity. The digital signature is formed in two steps. First, the sender computes the hash value of his message. She then encrypts the hash value with her private key. The sender sends the message along with the digital signature consisting of the encrypted value of the hash function. Upon receipt of the digital signature and the message, the receiver recovers the hash by decrypting the digital signature with the sender’s public key. The receiver can then apply the hash function to the original message, If the resultant hash value is not the same as the value supplied by the sender, then the sender knows that the message has been altered; if the hash values are the same, the message the receiver got is identical to the one that was sent. Moreover, since only the sender has the sender’ private key, only the sender could have sent it proving the message authenticity. The Sidikin article is a strong supplement on digital signature technology and application.
Read Kessler resource at least a couple of times. Do not get discouraged if you do not understand everything. We will revisit these cryptographic techniques in the INFA 620: Network and Internet Security course. We will be applying these cryptographic techniques to build better network security infrastructure or protocols (e.g., IPsec and SSL/TLS). In INFA 640, the course devoted to cryptography and cryptanalysis, we will dive deeply into these topics.
Three Main Types of Cryptographic Algorithms Review Questions
Can you define or explain these terms in your own words?
(These questions are intended to be a self-test of your comprehension of this session’s material; answers to these questions do not need to be turned in.)
Windows Network Services Proposal Identify Not counting title page, images, diagrams, tables, or quotations on the page number.
Windows Network Services Proposal Identify
Windows Network Services Proposal – Identify
Overview
Each student will create a detailed, organized, unified technical solution given the scenario described below. The submission will be in a written format, with at least one diagram, and may include additional diagrams, charts or tables. The assignment is meant for students to enhance their mastery of the material and to provide a creative and realistic way in which to apply knowledge from this course.
Windows Network Services Proposal Identify Scenario
Opening Windows. (referred to as “OW”) has hired you as an IT consultant for their Windows network services infrastructure. OW is a new advertising firm, and they have hired staff, are established in two locations, and have a need to get their internal IT services configured. They have IT staff, but they do not have the in-house expertise to address their current infrastructure needs.
You are required to supply OW with a solution which addresses the integration and configuration of their Active Directory updates. Cost is not a significant concern – OW wishes to implement the “right” solution to address their acquisition of a new company and its Active Directory forest which is comprised of a single domain. More specifically, OW is based out of Houston, TX and they have a Windows Server 2016 domain that is operating at the Windows Server 2016 functional level. They recently acquired Media Guru Group which is based out of Richmond, VA, which has a domain running Windows Server 2012 domain controllers.
There are several details about OW which will have an impact on your proposal:
OW has restructured their organization they have a total of 110 employees in their Houston and Richmond sites. Each location in the following departments:
OW will have two sites, one in Houston, TX, and one in Richmond, VA.
Executives (9 total with 5 in Houston, 4 in Richmond) – manage and run the company
Accounts and Sales Department (30 employees with 15 in Houston and 15 in Richmond) – perform market research and maintain accounts
Creative, Media and Production Department (49 employees in Houston) – advertising
Human Resources and Finances (12 employees in Houston) – perform HR and financial duties
IT (10 employees with 5 in Houston and 5 in Richmond) – manage IT for the company
Networking equipment is already in place for both sites, which are separate Active Directory Domains.
Security mechanisms (e.g., firewalls, intrusion detection) will be handled separately, and there is no need to describe them.
Some departments will want their data to remain private from other departments (e.g., Finances personnel will not want Production staff to see the company’s financial details). Your team may make assumptions about how data should be shared or kept private.
Assumptions can be made regarding any information not included here; all assumptions should be identified, however.
Windows Network Services Proposal Identify Assignment Requirements
There are specific requirements for the assignment: The final submission should contain at least 8 pages’ worth of text written by the student (not counting title page, images, diagrams, tables, or quotations), but maybe longer, not to exceed approximately 12 pages’ worth of student-supplied text. (With the required diagram, and other images, title page, etc., the final submission may end up being more than 12 pages in length.) It must be double-spaced, have 1-inch margins, and use 12-point Times New Roman or 10-point Arial/Helvetica font. A title page is required.
At least one diagram must be included (not counted towards the minimum length described above); this could be a diagram describing Active Directory components, DHCP/DNS design, or anything else that is worth displaying graphically to enhance the reader’s understanding of the proposal. Additional diagrams, images, or tables are welcome.
The submission must cover all of the major topics outlined in the Topics to Cover section. Each choice should be explained with technical and business reasoning. The solution should be reasonably detailed. Additional topics may be covered as desired.
The structure of the final submission is flexible; however, it should be organized logically and represent a single, unified solution. It is likely that the format will include separate sections for each of the topics required, as well as a summary.
At least two non-textbook, non-LabSim, non-Wikipedia reference is required; preferably, this would be a “best practice” guide or sOWlar content from Microsoft or an experienced provider of Microsoft solutions.
Be sure to properly quote or cite any sources used. APA format is required for in-text citations and the list of works cited at the end. It is expected that you are already familiar with UMUC’s “Policy on Academic Dishonesty and Plagiarism.” It is available in the Academic Policies section of the Syllabus; there are also links in the Webliography. In its simplest form, if you are using text from a source, you must cite and/or quote it. If plagiarism is found, then there will be a penalty to the grade.
Windows Network Services Proposal Identify Topics to Cover
Your document should cover the content presented in the course. The outline below contains recommended points to cover. You are free to add other related information.
Describe the technical and business reasons for each choice, citing other resources as appropriate. The Windows Server 2016 operating system should be used for all aspects of the solution.
The topics include:
Active Directory Infrastructure
Describe features of Windows Server 2016 that will allow OW to integrate the newly acquired company’s domain into their existing forest.
How will Forest Functional Levels be implemented?
How will cross-forest trusts be implemented?
How will replication be handled?
Active Directory Certificate Services
Will AD Certificate Services used in both domains need to be modified?
Active Directory Rights Management Services
What use of AD Rights Management Services can be implemented?
Active Directory Federation Services
AD Federation Services
Active Directory:
What forest/domain model should Fixing Windows LLC implement? What is the domain name?
Where should the domain controllers be placed? Should RODC be part of the consideration?
FSMO Roles placement
Plan for AD backup and recovery
Group Policy:
Is Group Policy needed?
What settings might be considered via Group Policy?
Other Windows 2016 Server features:
• Will the WEB APPLICATION PROXY (WAP) be utilized?
Creating a Generic Hash Table using Advanced C++ Coding The goal of this assignment is to give you practice in function and class templates and applying other concepts covered in the course.
Creating a Generic Hash Table using Advanced C++
You are to create a generic (class template) hash table. You will use this template to create a “Dictionary” of words. The words will be stored in a (library) class type that you will derive from a string. You will use your hash table Dictionary to spell check a document and perform some analysis of the efficiency of your hash table.
PROGRAM STEPS
Derive a class from string, call Mystring. You will use this class to store words from the Dictionary file. The class should contain necessary constructors, a conversion operator to convert Mystrings to unsigned int, a tolower function to convert the letters in a word to lower case, and a removePunctuation function to strip off non-alphabetic characters from both ends of the word. This class should be tested and then placed in a library.
Create a generic linked list. Do this by creating a Node and List class template. You will use this by instantiating a template class of type Mystring.
Create a hash-table class template, called Myhash. You may use the hash function shown below for your hashing algorithm. To resolve “collisions” in your hash table, use “chaining” implemented with your generic linked list from the previous step. You will instantiate your hash table class template to create a template class of Mystring. The Myhash class template should have size, insert and find member functions and member functions necessary to produce the 3 statistics shown in the output below (percent of buckets used, average bucket size, and largest bucket size). The Myhash insert function should throw a DuplicateError exception when a duplicate Mystring is attempted to be inserted into the Myhash template class object (the dictionary).
Create a DuplicateError class template, derived from the logic_error standard exception. This class template will be instantiated to create a template class of my string.
Run the code found in the suggested main function below. Your output should identify duplicate words (type Mystring) that were attempted to insert into the Dictionary, the number of words in the Dictionary, the hash-table bucket statistics (shown in the sample output), and misspelled words (plus total).
Research, Analyze, and compare two companies or organizations that you think would be extremely re warding to work for, and present your findings in a formal written report. In selecting companies, you may reach as high and far as you like in any sector (think dream organizations) to find an organization where you might fully realize your goals.
-Using variety of sources to research
-Analyze the mission, benefits, and disadvantages of two organizations and their standing in in your field(Computer science)
-Reporting on what the organizations have to offer people
Intro
Body(text) for each of the companies
-Mission
-Brief history(In simple words)
-Your analysis of it”s current position, Including
Market, audience or constituents and competitors
Financial position
Productivity
reputation in the field(Computer science)
Future prospects(Opportunities and challenges)
-Employment opportunities and conditions (in simple words) Including
openings, hiring policies and salaries, workplace amenities
Conclusion
-This is where you synthesize what you have
learned and make a judgement call: based on
you research, What do you think would be the
better organization to work for, given you
goals and needs?
We can write this or a similar paper for you! Simply fill the order form!
Specify the purpose of the SAN storage in your infrastructure/data center
NAS
Specify the purpose of the NAS storage in your infrastructure/data center
DAS
Specify the purpose of the DAS storage in your infrastructure/data center
o Storage Protocols and computing storage system and where do they fit:
Fiber Channels
Ethernet
iSCSI
HBAs
o Identify disks technology and where do they fit:
Hard Disk
SSD
o Clearly show the RAID arrays and the RAID level for your infrastructure architecture
o LUN Masking and Zoning and where do they fit
o Specify where in your data center infrastructure the outside connectivity takes place –how do the external requests (i.e. HTTPS requests from the Internet) enter your infrastructure
o Specify where in your customer VLANs infrastructure the outside connectivity takes place – how do the external requests (i.e. HTTPS requests from the Internet) enter each customer VLAN
Provide an example of your Infrastructure Architecture with VMware products – refer to the labs.
For example, show where the vCenter, ESXs, Vsphere web client, and other Vmware products fit in your architecture. You can either create another diagram or list the products and where do they fit in the architecture in an outline format.
Deliverable
The requirements listed cover all/most of the concepts learned in class (chapters 1-5).
Your Infrastructure Architecture must be presented in MS Visio. Submit both, the .vsd file format and a formal copy in .pdf.
Your .pdf copy must be formal, including headers, footers, title, and proper identification of the class, topic and author.
Your final diagram must have a title. You can add reference material when it does not fit well in the Infrastructure Architecture diagram (i.e. Routing Tables, connectors between VMs and storage).
When you have completed your architecture, submit it in Blackboard. Ensure to include the class, project title and your name in the filename of your deliverable, for example Last First_<Class>_<Title>
Users Vulnerabilities to Cookies and Violation Practices
Should be able to show from the articles being read how they come from what has been read, what don’t we know yet about privacy and how people feel and what they think about this privacy issue. Refine these to find the 2 big research questions.
Looking at the different style of writing in an article from locating they ill explain the objectives of their research, so you can see the style. research books as well.
How aware are users of the implications of cookies? (investigate in more details, what research method is this positivist or interpretive) what method am I taking?
What is the ethical implication of the use of cookies for users?
From the articles read what philosophy did they take, were they looking for facts (positivist) or where they are looking for opinions (interpretive). In using this body of knowledge so far the article giving a more government/social based opinion so this is more of a positivist approach so when trying to figure out the users point of view an interpretive approach can be used this could serve as the difference (the gap to be found out ) in the research going further cause we don’t yet know enough from a consumers perspective
More current articles should be used (mainly within 5 years)
Who is the author and how did they come up with this theory, when did they come up with this theory (the origins)who, when , what was happening in order for it to be created , how was it tested , who tested the theory, what did they find , how did they test it and how many times did they test it , how has the theory changed as a result of this test
How have we looked at privacy and the things related to privacy,
Another question that can be used is “how aware are the users of the consequences of cookies” and “what do we know about the awareness of users on the implications of cookies”. Who has researched these and what have they been saying, literature review covers these 2 parts at the end of the literature review we can say here’s what we do know but here’s what we don’t know. What we don’t know will be examined in the research. these are the questions I’m going to design an interview question in order to close the gap in knowledge.
Protection motivation theory (consumer point of view)
From this reading what will be the focus of the research project, what research philosophy will we take, what type of data and how am I going to gather it?
Other methodologies should be compared in the methodology chapter
(research carried out by these authors or institutions explores these scenarios and can up with this conclusion)
Software AssuranceSwA Core BoK It is important to ensure that adequate checks, balances, and assurances are provided by corporate entities deploying software products.
Software Assurance SwA Core BoK
After examining guidance in the systems software engineering domain from the Department of Homeland Security (DHS), develop a practical Software Assurance (SwA) Core Body of Knowledge (CorBoK) in a commercial arena, including management and HR requirements, evaluation methods, costs, and a value proposition for an organization.
This assignment must include a model displaying a three-column table to include:
Be sure to cite any sources used in a reference slide with proper APA formatting. (The cover and reference slides do not contribute to the slide count). You may also use the slide notes function to explain slide content as necessary. A strong business continuity plan can help prevent or reduce the risk of a cyber-attack. Seventy-two percent of small and mid-sized business survey respondents said they expect to increase their investments in business continuity over the next 12 to 24 months to prevent cyber-attacks, according to an article on TalkingCloud.com. (The survey included 700 SMBs from around the world and focused on the current state of SMB business continuity and disaster recovery planning.) SMBs are increasingly looking for simple,
