...Lab 1 Assessment Questions 1. Name at least five applications and tools pre-loaded on the Windows 2003 Server Target VM and identify whether that application starts as a service on the system or must be run manually? Windows Applications Loaded | Starts as Service Y/N | FileZila Server | Y | Nmap | N | WireShark | N | WinPcap | N | Tenable Network Security | N | Tftpd32-SE | N | 2. What was the DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router? a. Student – 10.96.108.20 b. TargetWindows01 – 10.96.109.30 c. TargetUbunto01 – 10.96.109.36 d. TargetUbuntu02 – 10.96.109.40 3. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? e. Yes. f. 4 4. If you ping the “WindowsTarget01” VM server and the “UbuntuTarget01” VM server, which fields in the ICMP echo-request / echo-plies vary? g. The TTL on Windows was 128 while on Ubuntu the TTL was 64. 5. What is the command line syntax for running an “Intense Scan” with ZenMap on a target subnet of 172.30.0.0/24? h. Nmap –T4 –A –V –PE –PS22, 25, 80 –PA21, 23, 80, 3389 10.96.109.30 6. Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those particular...
Words: 415 - Pages: 2
...Fundamentals of Information Systems Security Lesson 1 Information Systems Security Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 1 Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 2 Key Concepts Confidentiality, integrity, and availability (C-I-A) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 3 DISCOVER: CONCEPTS Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 4 Introducing ISS ISS Information Systems Information Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 5 The C-I-A Triad Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 6 Confidentiality Personal Data and Information • Credit card account numbers and bank account numbers • Social security numbers and address information Intellectual Property • Copyrights, patents, and secret formulas • Source code, customer databases...
Words: 1090 - Pages: 5
...Scams of the day!!! © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 2 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 3 On to today’s lesson © 2012 Jones and Bartlett Learning, LLC www.jblearning.com FIRST OF ALL… § Let me clear up a misconception § RSA public/private key encryption is THE leader, in terms of security. For all practical purposes, it is impossible to crack a RSA algorithm. § PGP (Pretty Good Privacy) is probably the best implementation of RSA. It is now owned by Symantec. § Other free products (which do not tightly integrate into email, for example) are available § Understand that PKI is NOT the same thing as public key encryption Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 5 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 6 Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding...
Words: 1799 - Pages: 8
...Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 1 1/6/2013 DISCOVER: CONCEPTS Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Introducing ISS ISS Information Systems Information Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 The A-I-C Triad Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 2 1/6/2013 Confidentiality Personal Data and Information • Credit card account numbers and bank account numbers • Social security numbers and address information Intellectual Property • Copyrights, patents, and secret formulas • Source code, customer databases, and technical specifications National Security • Military intelligence • Homeland security and government-related information © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 7 Integrity Maintain valid, uncorrupted, and accurate information. User names and passwords Patents and copyrights Source code Diplomatic...
Words: 1526 - Pages: 7
...Fundamentals of Information Systems Security Lesson 5 Access Controls © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective Explain the role of access controls in implementing security policy. Fundamentals of Information Systems Security © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Key Concepts Authorization policies that apply access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems Authentication factor types and the need for twoor three-factor authentication The pros and cons of the formal models used for access controls Fundamentals of Information Systems Security © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Defining Access Control The process of protecting a resource so that it is used only by those allowed to do so Prevents unauthorized use Fundamentals of Information Systems Security © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Four Parts of Access Control Access Control Component Authorization Identification Authentication Accountability Description Who is approved for access and what can they use? How...
Words: 1398 - Pages: 6
...Username: Peters, Cassandra Peters, CassandraBook: Fundamentals of Information Systems Security. No part of any book may be reproduced or transmitted in any form by any means without the publisher's prior written permission. Use (other than pursuant to the qualified fair use privilege) in violation of the law or these Terms of Service is prohibited. Violators will be prosecuted to the full extent of the law. Username: Peters, Cassandra Peters, CassandraBook: Fundamentals of Information Systems Security. No part of any book may be reproduced or transmitted in any form by any means without the publisher's prior written permission. Use (other than pursuant to the qualified fair use privilege) in violation of the law or these Terms of Service is prohibited. Violators will be prosecuted to the full extent of the law. 6958426 2014/05/14 12.18.245.217 Username: Peters, Cassandra Peters, CassandraBook: Fundamentals of Information Systems Security. No part of any book may be reproduced or transmitted in any form by any means without the publisher's prior written permission. Use (other than pursuant to the qualified fair use privilege) in violation of the law or these Terms of Service is prohibited. Violators will be prosecuted to the full extent of the law. Username: Peters, Cassandra Peters, CassandraBook: Fundamentals of Information Systems Security. No part of any book may be reproduced or transmitted in any form by any means without the publisher's prior written permission...
Words: 2031 - Pages: 9
...ITT Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications ...
Words: 4114 - Pages: 17
...Introduction to Information Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 ...
Words: 4296 - Pages: 18
...IT [pic] Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Table of Contents 1. Introduction to Accreditation 4 2. The Information System Audit – Checklist 7 2.1. What is an Information System Audit? 7 2.2. Why is an Information System Certification needed? 7 2.3. Assessing an Information System’s Security Risks 7 2.4. Selecting an Information System’s Security Controls 7 3. Purpose of the Checklist 8 4. How to Use the Checklist 8 4.1. The Checklist Structure 8 4.2. Security Objectives 9 4.3. Guidance for IRAP Assessors 9 4.4. Information System Compliance 10 5. Guidance for IRAP Assessors 10 6. The Checklist 11 6.1. The Information Security Policy & Risk Management 11 6.2. Information Security Organisation 14 6.3. Information Security Documentation 17 6.4. Information Security Monitoring 20 6.5. Cyber Security Incidents 22 6.6. Physical & Environmental Security 24 6.7. Personnel Security for Information Systems 26 6.8. Product & Media Security 27 6.9. Software, Network & Cryptographic Security 30 6.10. Access Control & Working Off-site Security 33 Appendix A – Accreditation Governance 36 The ISM & Certification 36 Compliance Levels 37 Compliance Report 37 Compliance Comments 37 Audit Documentation Submissions 38 Appendix B – Standards 39 ...
Words: 6447 - Pages: 26
...FOUR APPROACHES TO INFORMATION TECHNOLOGY INFRASTRUCTURE INVESTMENT Presented by: Kemeasoudei Fanama (u0856287) WHAT IS INFORMATION TECHNOLOGY? Information technology is defined as the study, design, development, implementation, support or management of computer- based information systems, particularly software applications and computer hardware. IT deals with the use of electronic computers and computer software to convert, store, transmit, process, protect and securely retrieve information. APPROACHES TO INFORMATION TECHNOLOGY INFRASTRUCTURE INVESTMENT 1. Fundamental Approach: The basic tenets of the fundamental approach, which is perhaps most commonly advocated by investment professionals, are as follows: There is an intrinsic value of a security and this depends upon underlying economic (fundamental) factors. The intrinsic value can be established by a penetrating analysis of the fundamental factors relating to the company, industry, and economy. At any given point of time, there are some securities for which the prevailing market price would differ from the intrinsic value. Sooner or later, of course, the market price would fall in line with the intrinsic value. Superior returns can be earned by buying under-valued securities (securities whose intrinsic value exceeds the market price) and selling over-valued securities (securities whose intrinsic value is less than the market price). APPROACHES TO INFORMATION TECHNOLOGY INFRASTRUCTURE...
Words: 828 - Pages: 4
...law-abiding control program that organizations implement to monitor the business and make informed decisions. Most corporate leadership takes on this task while bridging together other departments within the organization requirements. While governance programs differ broadly, all programs require a well-thought-out security risk management component to arrange and mitigate security risks. The management of information systems relies heavily on risk management therefore certain fundamentals must be applied within an organization risk management plan. These principles include identification, assessment, and decision support/implementation control. Identification The risk identification process begins with the identification of information assets, including people, procedures, data, software, hardware, and networking elements. Risk Assessment Identify and prioritize risks to the business Assess Control. Assessing the relative risk for each vulnerability is accomplished via a process called risk assessment. Risk assessment assigns a risk rating or score to each specific vulnerability. This enables you to gauge the relative risk associated with each vulnerable information asset, and it facilitates the creation of comparative ratings down the line during risk control. Likelihood, Value, Current Controls, Uncertainty. Conducting Decision Support Identify and evaluate control solutions based on a defined cost-benefit analysis process. This is done along-side with implementing controls...
Words: 969 - Pages: 4
...College of Information Systems & Technology Bachelor of Science in Information Technology with a Concentration in Information Management The Bachelor of Science in Information Technology (BSIT) degree program is focused on the acquisition of theory and the application of technical competencies associated with the information technology profession. The courses prepare students with fundamental knowledge in core technologies, such as systems analysis and design; programming; database design; network architecture and administration; web technologies; and application development, implementation, and maintenance. This undergraduate degree program includes 45 credits in the required course of study and 15 credits in the concentration. Some courses have prerequisites. In addition, students must satisfy general education and elective requirements to meet the 120-credit minimum, including a minimum of 48 upper-division credits required for completion of the degree. At the time of enrollment, students must choose a concentration. The Information Management concentration is designed to provide coverage of the collection, architecture, modeling, retrieval and management of data for meaningful presentation to the organization. This concentration prepares students to develop, deploy, manage, and integrate data and information systems to support the organization. Note: The diploma awarded for this program will read: Bachelor of Science in Information Technology and will not reflect the concentration...
Words: 1892 - Pages: 8
...CONVERGENCE OF LOGICAL AND PHYSICAL SECURITY SYSTEMS INTRODUCTION Up to now, majority of organizations have their physical and logical access systems operating as independent structures, with each being run by a totally separate department. The information technology security system, which controls access to information technology infrastructure including mail servers, the internet, database applications and web servers was managed by the department of information technology. The physical security system, which incorporates door access into buildings, systems of life support such as CCTV and Fire, and the badging process of employees, was run by the department of facilities (Mehdizadeh, Y, 2003). Currently, security operations involve the guarding of buildings and equipment in addition to protection of networks, taking care of issues of privacy, and risk management. The interrelation between the aspects of the security initiatives necessitates consolidation of the two security systems. Such a convergence of the IT and physical security functions is important in achieving an efficient security system (Mehdizadeh, Y, 2003). However, such an operation is also lined up with disadvantages. This paper looks at the pros and cons of combining the IT and physical security functions in a medium to large-size firm with complex IT system requirements and a global footprint. It also analyzes the fundamental components of an IT security system and explains how their integration supports...
Words: 1624 - Pages: 7
...Radiology information system, downloaded PHI, and then posted it on his personal website. One of the current employees, Sean, who knew Terry, just happened to surf his website to see if it said what he was doing now. Sean saw an inflammatory story about the hospital and some PHI posted on Terry’s website. Sean immediately reported the breach to the Privacy and Security Officer at the facility. Refer to our Fundamentals of Law text Figure 10.2 “Key components of an information security checklist”, and write about the following (1-2 pages should be plenty): 1. What legal issues are involved? The case involves the violation of the HIPAA Security Rule and HITECH provisions. The legal issues here is the former employee still have the access to logon to a system that contains the PHI. They system allows Terry to download PHI from an outside network and printer, and Terry disclose the information to a public social media. 2. What corrective action steps would the facility need to take following its investigation? At first, Terry’s access should be terminated immediately for preventing future unauthorized logon. Then, the officer should use the audit logs to check the detailed information about who access the system and review the PHI. Since Terry’s access still exists, the facility need to check if there has any other former employees still have the valid password to enter the system. All current employees need to take the training about the security awareness...
Words: 431 - Pages: 2
...of Network Security Fundamentals of Network Security 2 Firewall Fundamentals 43 VPN Fundamentals 79 Network Security Threats and Issues 111 CHAPTer Fundamentals of Network Security 1 C OMPUTER NETWORK SECURITY is very complex. New threats from inside and outside networks appear constantly. Just as constantly, the security community is always developing new products and procedures to defend against threats of the past and unknowns of the future. As companies merge, people lose their jobs, new equipment comes on line, and business tasks change, people do not always do what we expect. Network security configurations that worked well yesterday, might not work quite as well tomorrow. In an ever-changing business climate, whom should you trust? Has your trust been violated? How would you even know? Who is attempting to harm your network this time? Because of these complex issues, you need to understand the essentials of network security. This chapter will introduce you to the basic elements of network security. Once you have a firm grasp of these fundamentals, you will be well equipped to put effective security measures into practice on your organization’s network. While this textbook focuses on general network security, including firewalls and virtual private networks (VPNs), many of the important basics of network security are introduced in this chapter. In Chapters 1–4, network security fundamentals, concepts...
Words: 16205 - Pages: 65