SEC 280 Principles of Information Systems Security Full

Course
https://hwguiders.com/downloads/sec-280-principles-information-systems-security-full-course/

SEC 280 Principles of Information Systems Security Full Course

DeVry SEC280 Week 1 Discussion 1 & 2

dq 1

Data Breaches (graded)

Use one of your favorite search engines (preferably www.google.com) and search worlds
biggest data breaches.Select at least two of the major data breaches from the list you found and
complete the following.

Explain how they impacted you.

Many of the breached companies had standard security controls like firewalls and
intrusion detection systems. Discuss what was missing in their designs and processes.
Add other items that you believe organizations should improve on to avoid breaches.

dq 2

Data Integrity as Part of CIA Triad (graded)

Data integrity verifies that data remains unaltered in transit from creation to reception.

Explain what would happen if we were to remove Integrityfrom the CIA triad.
Discuss how integrity helps with confidentiality and access control.
 Discuss the overall impact to digital communication without data integrity.

DeVry SEC280 Week 2 Discussion 1 & 2

dq 1

Symmetric Encryption (graded)

The initial encryption standard developed by NIST was called data encryption standard (DES).
DES is too weak for modern applications since the key size is only 56-bit. It was replaced by
advanced encryption standard (AES). AES has variable key sizes and can require a key size of
256-bit.

Discuss if you think AES key size has a direct relationship with algorithm strength.
Do you think that AES-256 is necessarily better than AES-128?
How long do you think it would take to launch a brute force attack on AES-128 using a
standard computer?

dq 2

Asymmetric Encryption (graded)

Asymmetric encryption is based on the concept of a private key to decrypt and a public key to
encrypt. RSA and Diffie-Hellman are two common algorithms used for asymmetric encryption,
and they are extremely slow and can be used in limited applications. The key sizes are much
larger than symmetric algorithms.

Explain why asymmetric algorithms, such as RSA and Duffie-Hellman, are relatively
slow.
Discuss why asymmetric encryption algorithms require larger key sizes
DeVry SEC280 Week 3 Discussion 1 & 2

dq 1

Asymmetric Encryptionthe RSA Algorithm (graded)

Asymmetrical encryption uses one key to encrypt and another key to decrypt. The most common
algorithm used in applications is the RSAalgorithm. RSAis based on prime numbers.

Select two small prime numbers and compute Product = (p-1)(q-1)and select a number
ebetween 1 and Product.The ethat you computed is a simplified example of a public key.
Post your selection and computation.
The RSA algorithm and most asymmetric encryption are considered slow. Based on your
computation, explain why the algorithm is slow.

dq 2

TLS/SSL (graded)

TLS/SSL is used to secure http traffic on networks. For this post, access a website requiring
HTTPS.

Find and post all the protocols that the site is using (click on the lock on the right end side
of your browser menu for IE).
Find the public key and paste it in your post.
DeVry SEC280 Week 4 Discussion 1 & 2

dq 1

Hashing Algorithms (graded)

Secure Hash Algorithm is the current hashing standard established by the National Institute for
Standard and Technology. It uses a 160-bit hash but lately most organizations are moving toward
a 256-bit hash.

Is a 128-bit hash no longer sufficient for integrity checks?

Explain the likelihood of a collision in a 128-bit hash. You do not need to explain the
mathematics.

dq 2

Digital Signatures (graded)

A digital signature is a technique to validate the integrity and authenticity of a message. The
signature provides assurance that the sender is the true sender, and the message has not been
changed during transmission.

What are the similarities between a digital signature and a handwritten signature?
Differentiate among the three different classes of digital signatures.

DeVry SEC280 Week 5 Discussion 1 & 2

dq 1

Access Controls (graded)

There are two basic ways to tell if a network or system is under attack. These are with intrusion-
detection systems (IDSs) and intrusion-protection systems (IPSs). Discuss how each of these
approaches is different. Do not forget to include how network-based and hosted-based systems
come into play.

You work for a small bank that has only 11 branches, and you must design a system that gives
notice of a possible attack. Discuss what tools can be used, how they can be implemented to
protect the bank, and how they can notify the appropriate people when the network comes under
attack.
dq 2

Application Security (graded)

Testing for an unknown is a virtually impossible task. What makes it possible at all is the
concept of testing for categories of previously determined errors. The different categories
of errors are

1. 1. buffer overflows (most common);

2. 2. code injections;
3. 3. privilege errors; and
4. 4. cryptographic failures.

Please evaluate the software engineering, secure-code techniques, and the most important rule
that relates to defending against a denial-of-service attack. Here are two types of error categories:
the failure to include desired functionality and the inclusion of undesired behavior in the code.
Testing for the first type of error is relatively easy.

Other items we should understand for error opportunities in applications are related to
design, coding, and testing. How do we assure that these items are addressed in our
software-application development or acquisition?

DeVry SEC280 Week 6 Discussion 1 & 2

dq 1

Attacks and Malware (graded)

What are the different ways that malware can infect a computer?
What malware and spyware protection software do you think is the best and why?
There are many types of attacks described in the text. Describe the attack and what
method you could do to avoid such an attack.
Many attacks are carried out by groups of hackers. Describe the objectives of some of
these groups. What is the difference between white-hat and black-hat hackers?

dq 2

Identity Theft (graded)

What steps would you take at your current or future job to ensure that personal
information, such as human resources or customer information, is not compromised?
Do companies have a responsibility to disclose identity-theft breaches that occur in their
organizations?
Present a strategy for educating a user about avoiding e-mail risk without saying, Do not
open an e-mail from someone you do not know. This has been said many times and has
failed. Take the time to think outside of the box about how you can get people to think
before they act with e-mail.

DeVry SEC280 Week 7 Discussion 1 & 2

dq 1

Mitigating Risk (graded)

Top management asks you to present a review of the security risks associated with the various
servers in the computing infrastructure. Take one of the servers and address three security risks
from the least (low risk or moderate risk) to the greatest (high risk) and the kind of risk
presented. For instance, if a server is closer to the network perimeter, it is at a higher risk of
being compromised by a hacker. This is where it all starts. How do you implement consistent
security policies?

dq 2

Incident Handling (graded)

Surprisingly, many of us may be unknowing victims of botnets. Because of the rising

sophistication of botnet schemes, your computer can become a zombie along with thousands of
other computers that flood a victims network and bring down servers. While the attack is going
on, the botnet infects the network with spam, viruses, and malware. What are the four simple
rules of stopping botnets on your personal PCs?

What are some of the symptoms that would make you suspicious that your computer has
been attacked?
What part of a security incident should be logged?

DeVry SEC280 Week 1 Exercise

Exercise CIA Triad

Download the Excel Template Data_Week1.xlsx and review column A (Information Type).
Based on what you have learned in Week 1, chose the most important security attribute for the
data field in column A using the drop down list. As an example, for a social security number, is
the first priority to keep the numbers confidential, guarded from modifications, or available in
digital format? If you feel all three attributes are equally important, select Same Level of
Importance for all three priorities. The comment column (column E), must be used to justify
your selections.
Assignment Grading Rubric Points %

Selection of associated security attributes

25 42%

Justification for your selections (column E)

25

42%

Spelling and grammar 6 10%

APA style 4 6%

Total 60 100%

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how
to use the Dropbox, read these step-by-step instructions.

See the Syllabus section Due Dates for Assignments & Exams for due date information.

Priority Priority Priority Comments for Your

Information Type
One Two Three Selections
Social Security Number of an
Individual
First Name and Last Name
Credit Card Number
Qualification
Medical Information
Publications
Salary
Place of Employment
Country of Origin
Parent Names
Children Names
Marital Status
Passport Number
Languages Spoken
Drivers License Number
Level of Education
Major in College
Date of Birth
Citizenship
Ethnic Background
Criminal Records
Spouse Name
Grade Point Average in College
Research Interest
Investment Accounts

DeVry SEC280 Week 2 Exercise

ExerciseEncryption Activity

Use your favorite browser to access https://www.cryptool.org. The free download area on the
right of the page has three download options. Download CrypTool 1.4.30 English and install the
software on your personal computer. Download the Word template called Week2.docx and
complete the activities. You will need to capture screens and paste them into your template.
Once completed, upload your template in the Unit 2 Dropbox. There is also a video instruction to
help you complete this assignment. Do not uninstall the software from your PC until you
complete Unit 3.

Week 2 Assignment

View this video to help you complete this assignment. Do not uninstall the software from your
PC until you complete Unit 3.

Transcript

Assignment Grading Rubric Points %

Template completion (4 x 20)

80 80%

Explanation of concepts (1 X 10)

10 10%
Spelling and grammar 5 5%

APA style 5 5%

Total 100 100%

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how
to use the Dropbox, read these step-by-step instructions.

See the Syllabus section Due Dates for Assignments & Exams for due date information.

Exercise 1

Symmetric Encryption using Vigenere Cipher

1. 1. Click on Filefrom the menu and select New.

2. 2. Enter (paste) the following text in the window:

On September 25, 1789, the First Congress of the United States proposed 12 amendments to the
Constitution. The 1789 Joint Resolution of Congress proposing the amendments is on display in
the Rotunda in the National Archives Museum. Ten of the proposed 12 amendments were ratified
by three-fourths of the state legislatures on December 15, 1791. The ratified Articles (Articles 3
12) constitute the first 10 amendments of the Constitution, or the U.S. Bill of Rights. In 1992, 203
years after it was proposed, Article 2 was ratified as the 27th Amendment to the Constitution.
Article 1 was never ratified.

3. 3. Click on the Encrypt/Decrypt.

4. 4. Select Symmetric (classic)from the drop down list.
5. 5. SelectVigenere.
6. 6. Enter a key ORANGE (you may want to try the encryption with other keys).
7. 7. Click Encrypt.
8. 8. Capture this screen (SHIFT + PRTSCN)in Windows and paste below.

Exercise 2

Encryption with DES in CBC mode

1.Repeat the process above and select Symmetric (Modern).

2.Select DES CBC mode.

3.In the pop-up window, select Encrypt.

4. 4. Capture this screen (SHIFT + PRTSCN)in Windows and paste below.

Exercise 3
Asymmetric encryption using RSA Encryption

1.Repeat the process above and select Asymmetric.

2.SelectRSA Encryption.

3. 3. Select SideChannel(under Last Name).

4. 4. Click Encrypt.
5. 5. Capture this screen (SHIFT + PRTSCN)in Windows and paste below.
6. 6. Close Cryptool.

Exercise 4

1. 1. Create a text file made up of at least five pages of text. The text can be anything you
would like.
2. 2. Save the file on your C:\ Drive as TEXT.txt
3. 3. Open Cryptool.
4. 4. Click on File.
5. 5. This time, select Open.
6. 6. Browse to c:\TEXT.txt
7. 7. Click on Encrypt/Decrypt.
8. 8. Select Asymmetric.
9. 9. Select RSA Encrypt.
10. 10. Check DISPLAY ENCRYPTION TIMEat the bottom on the page.
11. 11. Select SideChannelin the window.
12. 12. Click on Encrypt.

Record your time below.

TIME =

Notice that the time taken is somewhat large for computing. Symmetrical encryption would take
less than .001 of a sec to encrypt the same text.

DeVry SEC280 Week 3 Exercise

You installed Cryptool version 1.4.31 in Week 2. If you uninstalled Cryptool, you will need to
reinstall the software as you did in Week 2. Follow the same instructions from unit 2 to open
Cryptool. Click on File from the top menu bar and select New. Type This is a test. at least five
times. Click on Encrypt/Decrypt from the top Menu Bar. Select Asymmetric encryption. In the
pop-up window, select the only option available (this is a user profile)SideChannelAt.
Click on Encrypt. The RSA-encrypted text will be displayed. Capture the screen and paste it in
the Word template called Week 3 Template.docx.

In the next step, you are going to create a key pair. Note that asymmetrical encryption uses a key
to encrypt (public key) and another key to decrypt (private key). Click on Digital Signature/PKI
from the top menu bar and select PKI. Now choose Generate/Import keys. Complete the pop-up
template. Select RSA and 1024 for Bit Length. Complete the User Data section on the right.
Remember to select a PIN because every time you decrypt, you will need the PIN to have access
to your PIN. Capture the completed pop-up window and paste it in your template. Click on
Generate new key pair. Close the pop-up window. Now click on Encrypt/Decrypt and select
Asymmetric Encryption. You will see your profile in the list of recipients. Capture this screen
and paste in your template. This profile will be used in Week 4. Close the pop-up window.

Click on Encrypt/Decrypt and select RSA demonstration. RSA uses two prime numbers to
generate the public key and private key. Enter a prime number (e.g., 13) for p and another prime
number for q (e.g., 7). Now capture the screen and add it to your template. Notice your RSA
modulus is 15. Click on Alphabet and number system option. Select Specify alphabet. Select
Normal in RSA variant. Select Decimal in Number System. Now enter a message in the input
row This is a test. Click on Encrypt. Click OK on the pop-up message. Now capture this screen
and paste it in your template.

Assignment Grading Rubric Points %

Successful completion of the required five steps in the demo

5X17 = 85

85%

Required format and clarity

10 10%

Spelling and grammar 3 3%

APA style 2 2%

Total 100 100%

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how
to use the Dropbox, read these step-by-step instructions.

See the Syllabus section Due Dates for Assignments & Exams for due date information.

Week 3 Template
 1. 1. Capture Screen 1 (Encrypt using SideChannel Profile.)
2. 2. Screen for Key Pair
3. 3. Creation of Profile
4. 4. RSA Demonstration
5. 5. Using Key Pair to Encrypt

DeVry SEC280 Week 4 Exercise

Exercise Keys

In this assignment, you will use Cryptool to generate encryption keys (if you deleted your earlier
one, you will need to generate another one), sign a document, verify a signature, and extract a
signature. Before we continue, lets recap how a signature works. A document has a unique
hashed value. The hash value can be encrypted with an individuals private key to tie the
document to the holder of the private key. The encrypted hashed value is called signing a
document.

To start this exercise, open Cryptool (installed in Week 2). Click on File and Open. In the open
window, type the following message: It is a great day at DeVry University. Click on Digital
Signature/PKI from the menu bar. Select Generate/Import keys. In the pop-up window, select
RSA and complete the User Data portion on the right panel. Select a PIN. I recommend 1234
for now. Click on Generate new key pair at the bottom of the screen. You will receive a message
that the keys were generated successfully. Close any open windows except the windows with our
message: It is a great day at DeVry University. Now, select SHA-1 (160 bits) for hash function
and choose RSA for signature algorithm and now select your key pair from the bottom pane.
Remember to enter your PIN (1234). The digital signature will be displayed in another window.
Capture this screen and paste it in the Week4_Template.

Leave the signature page and click on Digital Signature/PKI and click on Verify Signature.
Select the key pair and click on Verify Signature. You will get a message that the signatures are
correct. They have to be because we just created the signatures. Capture the Signature
Verification page and paste it in your Week4_Template. Now click on Digital Signatures/PKI
and Click on Extract a Signature. A pop-up window will be displayed with the extracted
signature. The signature and the signed message are displayed. Capture the page and paste it in
the Week4_Template. Close all open Windows.

Now, create a text file in your document folder on your PC (save it as MYTEST.txt). This text
document can contain any you would like and can be created using Notepad. Back to Cryptool,
click on Digital Signatures/PKI. Select Signature Demonstration. The pop-up will contain a
diagram of a schematic of the digital signature process. Click on Open document. Select the text
document you created earlier. Click on Select Hash function. Choose SHA-1 and then click on
OK. Click on Compute hash value and click on Hash value. The hash value of your file will be
displayed at the bottom of the window. Now click on Generate key. Click on Generate Primes
(accept default values) and Accept Primes. Click on Store Key. Now click on Encrypt Hash
Value. Click on Encrypted Hash value. The Encrypted Hash value will be displayed at the
bottom of the window. Now you are going to click on Provide Certificate. Enter your first and
last name and a PIN (confirm the PIN). Click on Generate Signature. The signature will be
displayed at the bottom of the window. Now click on Store signature. Capture the display screen
and paste it in your Week4_Template. Click OK and close Cryptool.

Assignment Grading Rubric Points %

Hands-on lab assignment

14 X 4 = 56

93.4%

APA

1.6%

Spelling

1.7%

Grammar

3.3%

Total 60 100%

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how
to use the Dropbox, read these step-by-step instructions.

See the Syllabus section Due Dates for Assignments & Exams for due date information.

Week 4 Assignment

1. 1. Digital Signature Screen Capture

 2. 2. Signature Verification Screen Capture
3. 3. Extracted Signature Screen Capture
4. 4. Stored Signature Screen Capture

DeVry SEC280 Week 6 Exercise

For this exercise, you are going to start with this site: http://botlab.org.BotLab is a platform at the
University of Washington that continually monitors and analyzes the behavior of spam-oriented
botnets. There are many other locations on the Internet that keep real-time activities of botnets
across the globe. My recommendation is to use your favorite search engine and search real-time
botnet tracking and you will hit many results on botnet tracking. Using the information you
found, develop a five-slide PowerPoint (seven bullets minimum per page) to describe the status
of botnets in the world.

DeVry SEC280 Week 7 Exercise

ExerciseBulk Extractor

In this assignment, you are going to perform a forensic analysis of the C:\users (or
C:\windows\users) folder in Windows of your computer to investigate possible credit card
frauds. To perform this forensic analysis, you are going to need Bulk Extractor. Bulk Extractor is
a computer forensics tool that scans a disk image, file, or directory of files and extracts
information such as credit card numbers, domains, e-mail addresses, URLs, and ZIP files. The
extracted information is output to a series of text files. You will need these files to complete this
assignment.

Bulk Extractor can be downloaded from http://digitalcorpora.org/downloads/bulk_extractor/. For

consistency, you want to download the version below. Once downloaded, run the installation.
This process will take less than five minutes.

bulk_extractor-1.5.1-windowsinstaller.exe 05-Aug-2014 13:03 20M

Once completed, you will need to create a storage folder on your computer where Bulk Extractor
will write the output of the forensic investigation. Now you are ready to start the Bulk Extractor
application.

Downloading and Installing Bulk Extractor

Watch this short video on the steps needed to complete this assignment.

See the Syllabus section Due Dates for Assignments & Exams for due date information.