...Week 10 Writing Assignment EG371 Chapter13, “Applying Principles of ‘Science Learning’ to your textbook focuses on analyzing an article suggesting that steroid use in baseball is at epidemic proportions. The goal of this report is to define that it is impossible find definitive evidence in support of one view over all competing views and usual subject sometimes you have to dig a bit deeper. This assignment was created to reinforce your developing research skills for critical decision making. The document explains an indefinite study of how ball players “Major League Baseball “ have used enhancements drugs like steroids to increase their muscle mass, strength, and endurance. The article produced a lot of tactful research methods like quantitative and qualitative ideas on supporting this article. It also demonstrated a simple questionnaire and bulleted summaries to further explain what highly popular websites like WebMD and Sports Illustrated had to say about steroids in baseball. I think Sports Illustrated was negatively represented by the author solely because SI article did not give a good numerical estimate of the prevalence of steroid use. Although, the article produce a lot of cited information to back up what it was explaining, a survey, or maybe a few peer—to—peer interviews would be more insightful. I believe the author was right on a few things in the part of ‘Dangers of Steroids Use’ when it explain the story of Caminiti. In honesty, each paragraph was out of place...
Words: 284 - Pages: 2
...Unit 4 Assignment 1 An access control plan is a must have due to the “cyber society” we live in today. Without a concrete plan your organization is vulnerable to various cyber attacks that may cause to be detrimental to your company. The main objective to the access control plan is to minimize the probability of negative events. In order for this plan to be effective your must have an efficient and reliable process of identifying, analyzing, and responding to specific events prior to them happening. By doing so, your company will be well prepared and guarded against most of the exploits out there today. Allow me to explain. IT infrastructure domains include a user domain, workstation domain, LAN domain, LAN-to-WAN, WAN domain, and System/application domain. Below is a brief explanation of the items I just mentioned. * User Domain – Training * Workstation Domain – Virus scanning, Operating system patching, Application-level firewall * LAN Domain– intrusion detection/prevention system, email scanning, server-level virus scanning * LAN-to-WAN Domain – firewall (packet filter, application gateway, proxy server) * WAN Domain – broadcast filter, traffic flow management * System/Application Domain – patching on regular basis. In order for Access Controls to reach their full potential there are certain steps every domain must adhere to. For example, the implementation of training requires that all new employees have initial training and organization wide...
Words: 337 - Pages: 2
...Asymmetric Encryption Encryption that uses two keys: if you encrypt with one you may decrypt with the other MD5 Message Digest 5. A hashing funciton used to provide integrity. MD5 uses 128 bits. A hash is simply a number created by applying the algorithm to a file or message at different times. The hashes are compared to each other to verify that integrity has been maintained. IPSec 1) Set of protocols developed to support the secure exchange of packets IPv4 and IPv6 2) Operates at a low level in the OSI model (Layer 3) 3) Transparent security protocol for applications, users, and software OSI Model 7.Application 6.Presentation 5.Session 4.Transport 3.Network 2.Data 1.Physical OSI Model Layer 3-Network Handles the logical addressing and routing of traffic. First layer implemented within the software being used, specifically the OS. white-hat hacker security experts paid to find security holes in a system Black-hat hacker takes advantage of security vulnerabilities to gain unlawful access to private networks for personal gain Gray Hat Hackers Hackers in this class are “rehabilitated” hackers or those who once were on the “dark side" but are now reformed. For obvious reasons, not all people will trust a gray-hathacker. Ex: Kevin Mitnick Script kiddie An amateur hacker you lacks sophisticated computer skills. These are usually teenagers that don't use programs to hack into computer systems, instead use tools made by skilled hackers that...
Words: 1515 - Pages: 7
...Week 1 Assignment 1: Top Security Threats Brandon Bostic According to the Symantec Internet Security Threat Report released in 2010 there was over 286 million security threats that plagued PC users. There was a 93% increase in web attacks and 6,258 new vulnerabilities identified. Based on this report there were 5 major threats that plagued PC users. One major threat was targeted attacks known as Stuxnet. Stuxnet includes exploit code that uses a number of zero-day vulnerabilities. Targeted attacks are increasing in number and are not limited to high-level employees. Rather, lower-level employees are being targeted in greater numbers. All the attacker needs is a negligent user or a computer that has not been updated with the latest security patches. Web-based attacks, which typically involve techniques that redirect the browser to malicioussites, were the most commonly reported type of attack. Web-based attacks represented 26% ofdetections, followed by theConfickerworm with 20%. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attacker’s toinjectclient-side scriptintoWeb pagesviewed by other users. A cross-site scripting vulnerability may be used by attacker’s to by pass access controls such as the same origin policy. Cross-site scripting carried out on websitesaccounted for roughly 84% of all security vulnerabilities documented bySymantec.Spamming remains economically viable because advertisers have...
Words: 270 - Pages: 2
...Hacking and Countermeasures IS4560 Unit 1 Assignment 1 July 26 2016 Hacking and Countermeasure Here are some of the top threats described in the whitepaper and why the threats are important issues and how these threats have changed or are changing. The main issues that I found were Web browser vulnerabilities and SQL-injection attacks. These types of threats are found often and hackers exploit them all the time. One of the most known browsers to get exploited is internet explorer. “In the case of the Hydraq attack, a previously unknown vulnerability in Microsoft® Internet Explorer® and a patched vulnerability in Adobe® Reader® and Adobe Flash® Player are exploited to install the Trojan.10 Once the Trojan is installed, it lets attackers perform various actions on the compromised system including giving them full remote access. Microsoft has had to release patches for Internet explorer. Attacks can originate from malicious websites as well as legitimate websites that have been compromised. So in the end it doesn't really matter which web browser you are using the end result will be the same if their vulnerabilities are not updated. According to statistics from 2014, there was an increase in the market share of Chrome, Firefox, and Safari at the expense of Internet Explorer over the course of the year. The second most widely exploited attack was the downloading of a suspicious PDF, this was really affecting those who...
Words: 500 - Pages: 2
...IS4560 Unit 1 Assignment 1 Web-based attacks – the increasing pervasiveness of Web browser applications along with increasingly common, easily exploited Web browser application security vulnerabilities has resulted in the widespread growth of Web-based threats. Attackers wanting to take advantage of client-side vulnerabilities no longer need to actively compromise specific networks to gain access to those computers. Instead, they can focus on attacking and compromising websites to mount additional, client-side attacks. Data breaches that could lead to identity theft, by sector - the danger of data breaches is of particular importance for organizations that store and manage large amounts of personal information. not only can compromises that result in the loss of personal data undermine customer and institutional confidence, result in costly damage to an organization’s reputation, and result in identity theft that may be costly for individuals to recover from, they can also be financially debilitating to organizations. Bot-infected computers - Bots allow for a wide range of functionality and most can be updated to assume increased functionality by downloading new code and features. Attackers can use bots to perform a variety of tasks, such as setting up denial-of-service (DoS) attacks against an organization’s website, distributing spam and phishing attacks, distributing spyware and adware, propagating malicious code, and harvesting confidential information that may be used...
Words: 301 - Pages: 2
...IS4560 Hacking and Countermeasures I was assigned the task of reviewing top malware threats reported by the McAfee Anti-Virus Corporation. The purpose of investigation reporting is to understand the typical lifecycle of new malware and how the threat presented by malware can change over time. Malware Capabilities and Description Virus Profile: FakeAlertAVSoft This Binary is Trojan fake alert, as the name, this Trojan gives fake alerts to the compromised user system. This creates a mirage as if the user system is severely affected when it isn’t and then it will give fake balloon tips when clicked. Afterwards it will ask the compromised user to buy fake antivirus software. FakeAlert-AVSoft will silently install and run a virus scan on the system. It will falsely claim that it found viruses and will require the user to register the product to clean the system. The malware attacks and makes registry modification and tricks the user and prompts them to buy the fake antivirus software. Threats The FakeAlert-AVsoft upon execution creates the following registry keys HKEY_CURRENT_USER\Software\AvScan and the following are added to registry. [HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download"RunInvalidSignatures”], also registry values are modified. The following registry keys are deleted in the system.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows "AppInit_DLLs". The user is prevented from running any executables and the following...
Words: 513 - Pages: 3
...1. It is critical to perform a penetration test on a web application prior to production implementation in order to catch any issues before the application hits the internet and open to malicious attacks. 2. A cross-site scripting attack enables attackers to inject client-side script into web pages viewed by other users. 3. A reflective XSS attack the attack is in the request itself or the URL. 4. The common method of obfuscation used in most real world SQL attacks are methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation. 5. SQL injections is the most prone to extract privacy data elements out of a database. 6. If I could monitor when SQL injections are performed on an SQL database I would recommend well-coordinated and regularly audited security checks as a security countermeasure to monitor the production SQL database. 7. To identify known software vulnerabilities and exploits on IIS and apache I would create a policy that involves regular audits, penetration tests, and constant monitoring. 8. To ensure that my organization incorporates penetrating testing and web application testing as part of its implementation procedures I would include these in my policy and ensure that all security staff know that these are requirements. 9. Some other security countermeasures that I recommend for web sites and web application deployment to ensure the C-I-A...
Words: 287 - Pages: 2
...Shaun Howard IS4560 – Hacking and Countermeasures Unit 2 Assignment 1 September 30, 2014 1. _________ type of certificate is used to provide security on Web sites. a. SSL 2. __________ is the most common public key encryption systems and, in most cases, this relies on manual trust and key distribution. b. PKI 3. __________ provides authentication or proves integrity of a digital message. c. MAC 4. ___________ encryption scheme was broken and was replaced with a third round version of itself. d. 3DES 5. _________ is the first algorithm suited to both signing and encryption, and it is now widely used in e-commerce and other public key systems. e. RSA 6. The entity that issues certificates is a __________. f. Certificate Authority 7. The document to check to verify whether a certificate has been revoked is __________. g. CRL 8. Each bit of length _______the number of keys. h. Increases 9. Currently, _______ bit certificates are commonly used for web communications. i. 128 10. Triple DES provides ________ bits of security, despite using a 168 bit key. j. 112 11. Thawte, Verisign, and Comodo are all examples of _____________. k. SSL Certificate Providers 12. Hiding data in images is an example of ____________. l. Steganography 13. Data Encryption Standard (DES), ROT13, and Enigma are all examples of ______________. m. Cryptography ...
Words: 273 - Pages: 2
...Lab 1 Assessment Worksheet Develop an Attack & Penetration Plan 1. List the 5 steps of the hacking process. * Reconnaissance * Scanning * Gaining Access * Maintaining Access * Covering Tracks 2. In order to exploit or attack the targeted systems, the first initial step I would do to collect as much information as possible about the targets prior to devising an attack and penetration test plan would be reconnaissance. I would use passive reconnaissance as this pertains to information gathering. 3. The reconnaissance phase can have many different faces, and depending on the goal of the attacker, various tools and applications can be used. Nslookup can be used to look up all the available host on a network through the DNS server. You can get IP address information of hosts on your targeted network. You can also get the information of the purpose of the hosts. Whois lookup is a protocol that can be used to interrogate the servers operated by regional internet registries which holds information about every IP/Domain registered on the internet. You can get information about your target such as; the name of the owner, address of the owner. IP ranges that a certain IP belongs to, contact information like emails and phone numbers, administrators names and server names. You can also just use your targets web site. Sometimes the targets website can reveal way too much information without realizing it, and just by looking at the information they have...
Words: 1233 - Pages: 5
...security vulnerabilities require patches, or fixes, in order to prevent the potential for compromised integrity by hackers or malware. Vulnerabilities a. re what information security and information assurance professionals seek to reduce. Cutting down vulnerabilities provides fewer options for malicious users to gain access to secure information. Computer users and network personnel can protect computer systems from vulnerabilities by keeping software security patches up to date. These patches can remedy flaws or security holes that were found in the initial release. Computer and network personnel should also stay informed about current vulnerabilities in the software they use and seek out ways to protect against them. Charles Coley IS4560 Project Part 3: Investigate Findings on the Malware When investigating an incident that involves malicious software, it helps to understand the context of the infection before starting to reverse the malware specimen. Some of the ways to accomplish this involves: Security incident responders benefit from knowing how to...
Words: 1350 - Pages: 6
...Megan Patterson IS4560 Monday E1 Class Week 1-Penetration Test Plan June 17, 2013 Attack and Penetration Test Plan Megan Patterson IS4560 Childers June 17, 2013 External Penetration testing tests the security surrounding externally connected systems from the Internet, as well as within a corporate network. Controlled tests are used to gain access to Internet resources and ultimately to the DMZ, which is an internal network; by going through and around firewalls from the Internet. External Penetration Testing involves the finding and exploitation of actual known and unknown vulnerabilities from the perspective of an outside attacker. The External Attack and Penetration testing Process is as follows: * Phase 1-Discovery * Analysis * Footprint * Identify * Phase 2-Services * Ping * Map * Scan * Phase 3-Enumeration * Extract * Collect * Intrusive * Phase 4-Application Layer Testing * Manual * Depth * Blind * Phase 5-Exploit * Attack * Penetrate * Compromise The purpose of the External Attack and Penetration testing plan is to outline on what to do for an external penetration test within a corporate network. The goals for this plan if it is successful, is that to go ahead and deploy whatever the tester is testing after documentation has been written, saved, and reviewed by the IT staff. If the plan is not successful, then the tester needs to go through the steps of retesting the application...
Words: 402 - Pages: 2
...David S Lindsay Jr. IS4560 Unit1assignment Developments in hacking, cybercrime and malware Hydraq Trojan (a.k.a., Aurora) uses a basic approach on how to attack a enterprise, it starts with a little snooping and a little deeper research in the public domain to decover information about the company and its personnel which usally comes from social networking sites and create special phishing email. SQL-injection attack.- malicious code designed to gather sensitive information from the network, easy access to the network and is web based Fragus,18 Eleonore,19 and Neosploit.20. come bundled with a variety of different exploits, including some exploits for older vulnerabilities. Because an older vulnerability is likely to be included, older vulnerabilities see a vast amount of exploitation, These exploit and attack kits are often frequently used in conjunction with some of the crimeware kits available in the underground, that don’t make it very hard to obtain mostly free of charge. Zeus kit use spam to lure users to a website that uses social engineering or that exploits a Web browser vulnerability to install the bot on a victim’s computer, mosly through remote access. Summary The above mentioned threats are important issues, the fact of the matter is people have their personal information in everything they do from education to bill paying. Everything is connected to our lives one way or another and must be protected at all cost, social networking sites like facebook...
Words: 314 - Pages: 2
...IS4560 Unit 3 Assignment 1 Information Gathering Plan The explosive growth and popularity of the world-wide web have resulted in thousands of structured query able information sources on the Internet, and the promise of unprecedented information-gathering capabilities to lay users. Unfortunately, the promise has not yet been transformed into reality. While there are sources relevant to virtually any user-queries, the morass of sources presents a formidable hurdle to effectively accessing the information. One way of alleviating this problem is to develop a information gatherer which take the user’s query, and develop and execute an effective information gathering plan that accesses the relevant sources to answer the user’s query efficiently. Most organizations are familiar with Penetration Testing (often abbreviated to, “pen testing”) and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files. However, too many organizations fail to identify the potential threats from information unintentionally leaked, freely available over the Internet...
Words: 284 - Pages: 2
...IS4560 Week 4 Project Part 1: Current Security Threats The three top security threats I have chosen for Aim Higher College are malware, exploit vulnerabilities, and social networking. Malware in another term that means malicious software. It is used to infiltrate and damage computers without the user’s permission. Some examples of malware are viruses, spyware, worms, Trojans, and rootkits. This is a top security threat because a computer can easily get infected. While students or staff members use the schools computers, they can download music or pictures, and a virus can be attached to those and the computer will get infected right away. Another security threat is exploit vulnerabilities. An exploit is an attack on a computer system, and this exploit will take advantage of vulnerabilities that exist on a system. This is why vulnerabilities need to be mitigated and taken care of right away. If not, attackers will always find a way to get on a system and steal data and personal information. This will affect students because there personal information but be out there to the public without their knowledge. The third threat that I believe is a main concern for this college is social networking. Nowadays everyone uses social networking such as Facebook, Twitter, and etc. The scams on Facebook include cross-site scripting, clickjacking, survey scams, and identity theft. Cross-site scripting is when the site tricks you to go to another webpage and this has hidden malware that...
Words: 326 - Pages: 2