SURPRISINGLY, MANY OF US MAY BE UNKNOWING VICTIMS OF BOTNETS. BECAUSE OF THE RISING SOPHISTICATION OF BOTNET SCHEMES, YOUR COMPUTER CAN BECOME A ZOMBIE ALONG WITH THOUSANDS OF OTHER COMPUTERS THAT FLOOD A VICTIM’S NETWORK AND BRING DOWN SERVERS.
WHILE THE ATTACK IS GOING ON, THE BOTNET INFECTS THE NETWORK WITH SPAM, VIRUSES, AND MALWARE. WHAT ARE THE FOUR SIMPLE RULES OF STOPPING BOTNETS ON YOUR PERSONAL PCS?
Data Breaches (graded)
Use one of your favorite search engines (preferably www.google.com) and search world’s biggest data breaches.Select at least two of the major data breaches from the list you found and complete the following.
Explain how they impacted you.
Many of the breached companies had standard security controls like firewalls and intrusion detection systems. Discuss what was missing in their designs and processes.
Add other items that you believe organizations should improve on to avoid breaches.
Data Integrity as Part of CIA Triad (graded)
Data integrity verifies that data remains unaltered in transit from creation to reception.
Explain what would happen if we were to remove Integrityfrom the CIA triad.
Discuss how integrity helps with confidentiality and access control.
Discuss the overall impact to digital communication without data integrity.
DeVry SEC280 Week 2 Discussion 1 & 2
Symmetric Encryption (graded)
The initial encryption standard developed by NIST was called data encryption standard (DES). DES is too weak for modern applications since the key size is only 56-bit. It was replaced by advanced encryption standard (AES). AES has variable key sizes and can require a key size of 256-bit.
Discuss if you think AES key size has a direct relationship with algorithm strength.
Do you think that AES-256 is necessarily better than AES-128?
How long do you think it would take to launch a brute force attack on AES-128 using a standard computer?
Asymmetric Encryption (graded)
Asymmetric encryption is based on the concept of a private key to decrypt and a public key to encrypt. RSA and Diffie-Hellman are two common algorithms used for asymmetric encryption, and they are extremely slow and can be used in limited applications. The key sizes are much larger than symmetric algorithms.
Explain why asymmetric algorithms, such as RSA and Duffie-Hellman, are relatively slow.
Discuss why asymmetric encryption algorithms require larger key sizes
DeVry SEC280 Week 3 Discussion 1 & 2
Asymmetric Encryption—the RSA Algorithm (graded)
Asymmetrical encryption uses one key to encrypt and another key to decrypt. The most common algorithm used in applications is the RSAalgorithm. RSAis based on prime numbers.
Select two small prime numbers and compute Product = (p-1)(q-1)and select a number ebetween 1 and Product.The ethat you computed is a simplified example of a public key. Post your selection and computation.
The RSA algorithm and most asymmetric encryption are considered slow. Based on your computation, explain why the algorithm is slow.
TLS/SSL is used to secure http traffic on networks. For this post, access a website requiring HTTPS.
Find and post all the protocols that the site is using (click on the lock on the right end side of your browser menu for IE).
Find the public key and paste it in your post.
DeVry SEC280 Week 4 Discussion 1 & 2
Hashing Algorithms (graded)
Secure Hash Algorithm is the current hashing standard established by the National Institute for Standard and Technology. It uses a 160-bit hash but lately most organizations are moving toward a 256-bit hash.
Is a 128-bit hash no longer sufficient for integrity checks?
Explain the likelihood of a collision in a 128-bit hash. You do not need to explain the mathematics.
Digital Signatures (graded)
A digital signature is a technique to validate the integrity and authenticity of a message. The signature provides assurance that the sender is the true sender, and the message has not been changed during transmission.
What are the similarities between a digital signature and a handwritten signature?
Differentiate among the three different classes of digital signatures.
DeVry SEC280 Week 5 Discussion 1 & 2
Access Controls (graded)
There are two basic ways to tell if a network or system is under attack. These are with intrusion-detection systems (IDSs) and intrusion-protection systems (IPSs). Discuss how each of these approaches is different. Do not forget to include how network-based and hosted-based systems come into play.
You work for a small bank that has only 11 branches, and you must design a system that gives notice of a possible attack. Discuss what tools can be used, how they can be implemented to protect the bank, and how they can notify the appropriate people when the network comes under attack.
Application Security (graded)
Testing for an unknown is a virtually impossible task. What makes it possible at all is the concept of testing for categories of previously determined errors. The different categories of errors are
1. buffer overflows (most common);
2. code injections;
3. privilege errors; and
The post SURPRISINGLY, MANY OF US MAY BE UNKNOWING VICTIMS OF BOTNETS. BECAUSE OF THE RISING SOPHISTICATION OF BOTNET SCHEMES, appeared first on My Nursing Paper.