sec 280 devry entire course latest n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SEC 280 DEVRY ENTIRE COURSE LATEST PowerPoint Presentation
Download Presentation
SEC 280 DEVRY ENTIRE COURSE LATEST

Loading in 2 Seconds...

play fullscreen
1 / 16

SEC 280 DEVRY ENTIRE COURSE LATEST - PowerPoint PPT Presentation


  • 9 Views
  • Uploaded on

Visit Below Link, To Download This Course:\n\nhttps://www.tutorialsservice.net/product/sec-280-devry-entire-course-latest/\n\nOr \nEmail us on\nSUPPORT@TUTORIALSSERVICE.NET\n\n\nSEC 280 DeVry Entire Course Latest\nSEC280\n \nSEC 280 DeVry Week 1 Discussion 1 Latest\nData Breaches (graded)\nUse one of your favorite search engines (preferably www.google.com) and search world’s biggest data breaches. Select at least two of the major data breaches from the list you found and complete the following.\n

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SEC 280 DEVRY ENTIRE COURSE LATEST' - tutorialsservicesnet


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sec 280 devry entire course latest

SEC 280 DEVRY ENTIRE COURSE LATEST

Visit Below Link, To Download This Course:

https://www.tutorialsservice.net/product/sec-280-devry-entire-course-latest/

Or

Email us on

SUPPORT@TUTORIALSSERVICE.NET

SEC 280 DeVry Entire Course Latest

SEC280

SEC 280 DeVry Week 1 Discussion 1 Latest

Data Breaches (graded)

Use one of your favorite search engines (preferably www.google.com) and search world’s biggest data

breaches. Select at least two of the major data breaches from the list you found and complete the

following.

Explain how they impacted you.

Many of the breached companies had standard security controls like firewalls and intrusion

detection systems. Discuss what was missing in their designs and processes.

Add other items that you believe organizations should improve on to avoid breaches.

SEC 280 DeVry Week 1 Discussion 2 Latest

Data Integrity as Part of CIA Triad (graded)

Data integrity verifies that data remains unaltered in transit from creation to reception.

Explain what would happen if we were to remove Integrity from the CIA triad.

Discuss how integrity helps with confidentiality and access control.

Discuss the overall impact to digital communication without data integrity.

SEC 280 DeVry Week 2 Discussion 1 Latest

symmetric encryption graded

Symmetric Encryption (graded)

The initial encryption standard developed by NIST was called data encryption standard (DES). DES is too

weak for modern applications since the key size is only 56-bit. It was replaced by advanced encryption

standard (AES). AES has variable key sizes and can require a key size of 256-bit.

Discuss if you think AES key size has a direct relationship with algorithm strength.

Do you think that AES-256 is necessarily better than AES-128?

How long do you think it would take to launch a brute force attack on AES-128 using a standard

computer?

SEC 280 DeVry Week 2 Discussion 2 Latest

Asymmetric Encryption (graded)

Asymmetric encryption is based on the concept of a private key to decrypt and a public key to encrypt.

RSA and Diffie-Hellman are two common algorithms used for asymmetric encryption, and they are

extremely slow and can be used in limited applications. The key sizes are much larger than symmetric

algorithms.

Explain why asymmetric algorithms, such as RSA and Duffie-Hellman, are relatively slow.

Discuss why asymmetric encryption algorithms require larger key sizes

SEC 280 DeVry Week 3 Discussion 1 Latest

Asymmetric Encryption—the RSA Algorithm (graded)

Asymmetrical encryption uses one key to encrypt and another key to decrypt. The most common

algorithm used in applications is the RSA algorithm. RSAis based on prime numbers.

Select two small prime numbers and compute Product = (p-1)(q-1)and select a number e

between 1 and Product. The ethat you computed is a simplified example of a public key. Post

your selection and computation.

The RSA algorithm and most asymmetric encryption are considered slow. Based on your

computation, explain why the algorithm is slow.

SEC 280 DeVry Week 3 Discussion 2 Latest

TLS/SSL (graded)

TLS/SSL is used to secure http traffic on networks. For this post, access a website requiring HTTPS.

Find and post all the protocols that the site is using (click on the lock on the right end side of your

browser menu for IE).

Find the public key and paste it in your post.

sec 280 devry week 4 discussion 1 latest

SEC 280 DeVry Week 4 Discussion 1 Latest

Hashing Algorithms (graded)

Secure Hash Algorithm is the current hashing standard established by the National Institute for Standard

and Technology. It uses a 160-bit hash but lately most organizations are moving toward a 256-bit hash.

Is a 128-bit hash no longer sufficient for integrity checks?

Explain the likelihood of a collision in a 128-bit hash. You do not need to explain the mathematics.

SEC 280 DeVry Week 4 Discussion 2 Latest

Digital Signatures (graded)

A digital signature is a technique to validate the integrity and authenticity of a message. The signature

provides assurance that the sender is the true sender, and the message has not been changed during

transmission.

What are the similarities between a digital signature and a handwritten signature?

Differentiate among the three different classes of digital signatures.

SEC 280 DeVry Week 5 Discussion 1 Latest

Access Controls (graded)

There are two basic ways to tell if a network or system is under attack. These are with intrusion-detection

systems (IDSs) and intrusion-protection systems (IPSs). Discuss how each of these approaches is

different. Do not forget to include how network-based and hosted-based systems come into play.

You work for a small bank that has only 11 branches, and you must design a system that gives notice of a

possible attack. Discuss what tools can be used, how they can be implemented to protect the bank, and

how they can notify the appropriate people when the network comes under attack.

SEC 280 DeVry Week 5 Discussion 2 Latest

Application Security (graded)

Testing for an unknown is a virtually impossible task. What makes it possible at all is the concept of

testing for categories of previously determined errors. The different categories of errors are

1. buffer overflows (most common);

2. code injections;

3 privilege errors and

3. privilege errors; and

4. cryptographic failures.

Please evaluate the software engineering, secure-code techniques, and the most important rule that

relates to defending against a denial-of-service attack. Here are two types of error categories: the failure

to include desired functionality and the inclusion of undesired behavior in the code. Testing for the first

type of error is relatively easy.

Other items we should understand for error opportunities in applications are related to design, coding,

and testing. How do we assure that these items are addressed in our software-application development

or acquisition?

SEC 280 DeVry Week 6 Discussion 1 Latest

Attacks and Malware (graded)

What are the different ways that malware can infect a computer?

What malware and spyware protection software do you think is the best and why?

There are many types of attacks described in the text. Describe the attack and what method you could do

to avoid such an attack.

Many attacks are carried out by groups of hackers. Describe the objectives of some of these groups.

What is the difference between white-hat and black-hat hackers?

SEC 280 DeVry Week 6 Discussion 2 Latest

Identity Theft (graded)

What steps would you take at your current or future job to ensure that personal information, such as

human resources or customer information, is not compromised?

Do companies have a responsibility to disclose identity-theft breaches that occur in their organizations?

Present a strategy for educating a user about avoiding e-mail risk without saying, “Do not open an e-mail

from someone you do not know.” This has been said many times and has failed. Take the time to think

outside of the box about how you can get people to think before they act with e-mail.

SEC 280 DeVry Week 7 Discussion 1 Latest

Mitigating Risk (graded)

top management asks you to present a review

Top management asks you to present a review of the security risks associated with the various servers in

the computing infrastructure. Take one of the servers and address three security risks from the least (low

risk or moderate risk) to the greatest (high risk) and the kind of risk presented. For instance, if a server is

closer to the network perimeter, it is at a higher risk of being compromised by a hacker. This is where it all

starts. How do you implement consistent security policies?

SEC 280 DeVry Week 7 Discussion 2 Latest

Incident Handling (graded)

Surprisingly, many of us may be unknowing victims of botnets. Because of the rising sophistication of

botnet schemes, your computer can become a zombie along with thousands of other computers that flood

a victim’s network and bring down servers. While the attack is going on, the botnet infects the network

with spam, viruses, and malware. What are the four simple rules of stopping botnets on your personal

PCs?

What are some of the symptoms that would make you suspicious that your computer has been

attacked?

What part of a security incident should be logged?

SEC 280 DeVry Week 1 Quiz Latest

Question 1. Question : (TCO 1) Which of the following is not part of the information security triad?

Confidentiality

Integrity

Availability

Ethics

Question 2. Question : (TCO 1) Symmetrical encryption uses

one key to encrypt and another key to decrypt.

the same key to encrypt and decrypt.

a certificate authority to manage the keys.

large prime numbers.

Question 3. Question : (TCO 1) What is the most common name for the first large-scale attack on the

Internet, which occurred in November of 1988?

The Code Red Worm

The Morris Worm

The Slammer Worm

The Jester Worm

question 4 question tco 1 what is a solar sunrise

Question 4. Question : (TCO 1) What is a solar sunrise?

An attack that was made to look like an attack from Iraq but that was actually made by two

teenagers from California who got training in Israel.

Electronic interference resulting from solar flares and occurring most commonly in the early

morning hours.

A penetration test conducted by the FBI and other government agencies to test the defenses of

government networks and critical infrastructures.

The name of a virus that would burn up a hard drive at 6 a.m. on the day of the summer solstice.

Question 5. Question : (TCO 1) A successful attack on a network may adversely impact security in all

the following ways except _____.

loss of confidentiality

loss of integrity

loss of functionality

loss of availability

Question 6. Question : (TCO 1) The first step an administrator can take to reduce possible attacks is to

_____.

ensure that all patches for the operating system and the applications are installed

install a firewall

install antispyware software

configure an intrusion-detection system

Question 7. Question : (TCO 1) A hacker is anyone who

attempts to break into computers for malicious reasons.

attempts to steal data for any reason.

attempts to take over systems without permission.

All of the above

Question 8. Question : (TCO 1) Which of the following is considered sensitive information?

Medical records

Driver’s license number

Passport number

All of the above

Question 9. Question : (TCO 1) To ensure the privacy of your driver’s license number during electronic

communications, you want to _____ the data.

hide

encrypt

mask

slide7

not print

Question 10. Question : (TCO 1) Date encryption standard (DES) is a(n) _____ algorithm. masking

encryption hashing switching

SEC 280 DeVry Week 3 Quiz Latest

Question 1. Question : (TCO 4) Attackers need a certain amount of information before launching their

attack. One common place to find information that could be useful to the attacker is to go through the

trash of the target. The process of going through a target’s trash is known in the community as _____.

trash rummaging

garbage surfing

piggy diving

dumpster diving

Question 2. Question : (TCO 4) The art of secret writing that enables an individual to hide the contents

of a message from all but the intended recipient is called _____.

steganography

cryptanalysis

cryptography

key management

Question 3. Question : (TCO 4) The cipher that replaces each letter of the alphabet with a different letter

(not in sequence) is a _____.

shift cipher

substitution cipher

transposition cipher

Vigenère cipher

Question 4. Question : (TCO 4) Keyspace refers to _____.

the location where keys are stored

the number of keys needed to encrypt or decrypt a message

all the possible key values

the portion of the algorithm that the key connects with to encrypt or decrypt a message

Question 5. Question : (TCO 4) A special mathematical function that performs one-way encryption is

called _____.

asymmetric encryption

transposition cipher

slide8

a hashing function

multiple encryption

Question 6. Question : (TCO 4) The encryption method that is base on the idea of two keys–one that is

public and one that is private–is _____.

a hashing function

symmetric encryption

asymmetric encryption

elliptical-curve encryption

Question 7. Question : (TCO 4) What is a registration authority?

An entity that requires proof of identity from the individual requesting a certificate.

An entity that generates a digitally signed identification certificate

A centralized directory where the registered certificate is stored

An entity that generates electronic credentials

Question 8. Question : (TCO 5) The difference between centralized and decentralized infrastructures is

_____.

that the key pairs and certificates do not have a set lifetime in centralized infrastructures

that the location where the cryptographic key is generated and stored is different

that the network administrator sets up the distribution points in centralized infrastructures

that, in a decentralized infrastructure, the certificate may have an extended lifetime

Question 9. Question : (TCO 5) What is a digital certificate?

It’s a means of establishing the validity of an offer from a person, entity, website, or e-mail

It’s a centralized directory wherein registered keys are created and stored.

It’s a means of establishing your credentials electronically when doing business or other

transactions on the Web.

It’s an entity that generates electronic credentials and distributes them after proving their identity

sufficiently.

Question 10. Question : (TCO 5) A trust domain is defined as _____.

the agreed upon, trusted third party

a scenario where one user needs to validate the other’s certificate

a construct of systems, personnel, applications, protocols, technologies, and policies that work

together to provide a certain level of protection

a scenario in which the certificate’s issuer and the subject fields hold the same information

SEC 280 DeVry Week 5 Quiz Latest

question 1 question tco 6 in terms of physical

Question 1. Question : (TCO 6) In terms of physical security, _____ refers to protecting important assets

by using several perimeters.

layered access

multifactor access control

dual authentication

an intrusion-detection system

Question 2. Question : (TCO 6) Which of these, according to this chapter, is not a step that can be taken

to help mitigate physical security risk?

All users need security training.

Electronic physical security systems need to be protected from network-based attacks.

Authentication systems should use multiple factors when feasible.

Constantly monitor all employees via camera.

Question 3. Question : (TCO 6) The best fire extinguisher for petroleum products is a _____.

Class A

Class B

Class C

Class D

Question 4. Question : (TCO 6) _____ are computers in a network that host applications and data for

everyone to share.

Linux boxes

Servers

Firewalls

Cryptographies

Question 5. Question : (TCO 6) A virtual private network (VPN) is a construct used to provide _____.

users with an individual web space on the network

an area of relaxation for employees

a secure communication channel between users across public networks, such as the Internet

a learning area for programming languages

Question 6. Question : (TCO 6) Media can be divided into three categories: _____.

paper, plastic, and cloth

magnetic, optical, and electronic

confidential, integrity, and authority

red, yellow, and blue

question 7 question tco 6 are types of magnetic

Question 7. Question : (TCO 6) _____ are types of magnetic media.

CDR, CDRW, and DVD

Linux, Windows, and Oracle

Hard drives, diskettes, and tapes

Keyboards, mice, and monitors

Question 8. Question : (TCO 6) Which of the following is not a component of an IDS?

Traffic collector

Signature database

Expert-knowledge database

User interface and reporting

Question 9. Question : (TCO 6) A new breed of IDS that is designed to identify and to prevent malicious

activity from harming a system is called _____.

preemptive IDS

preventive IDS

active IDS

dynamic IDSA

Question 10. Question : (TCO 6) Egress filtering _____.

scans incoming mail to catch SPAM

scans outgoing mail to catch SPAM

scans messages for specific words or phrases

filters out POP traffic

SEC 280 DeVry Week 1 Exercise Latest

Exercise – CIA Triad

Download the Excel Template.equella.ecollege.com/file/af0b2314-58b6-4106-bf5e-

2e720c6410c0/21/Data_Week1.xlsx”>Data_Week1.xlsxand review column A (Information Type). Based

on what you have learned in Week 1, chose the most important security attribute for the data field in

column A using the drop down list. As an example, for a social security number, is the first priority to keep

the numbers confidential, guarded from modifications, or available in digital format? If you feel all three

attributes are equally important, select “Same Level of Importance” for all three priorities. The comment

column (column E), must be used to justify your selections.

Assignment Grading Rubric

Selection of associated security attributes

Justification for your selections (column E)

Spelling and grammar

Points

25

25

6

%

42%

42%

10%

apa style total

APA style

Total

4

60

6%

100%

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use

the Dropbox, read these.equella.ecollege.com/file/8ff9f27a-3772-48cf-9855-

4bec4e6706bf/1/Dropbox.html”>step-by-step instructions.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

Information Type

Social Security Number of an Individual

First Name and Last Name

Credit Card Number

Qualification

Medical Information

Publications

Salary

Place of Employment

Country of Origin

Parent Names

Children Names

Marital Status

Passport Number

Languages Spoken

Drivers License Number

Level of Education

Major in College

Date of Birth

Citizenship

ethnic background

Ethnic Background

Criminal Records

Spouse Name

Grade Point Average in College

Research Interest

Investment Accounts

SEC 280 DeVry Week 2 Exercise Latest

Exercise—Encryption Activity

Use your favorite browser to access https://www.cryptool.org. The free download area on the right of the

page has three download options. Download CrypTool 1.4.30 English and install the software on your

personal computer. Download the Word template called Week2.docx and complete the activities. You will

need to capture screens and paste them into your template. Once completed, upload your template in the

Unit 2 Dropbox. There is also a video instruction to help you complete this assignment. Do not uninstall

the software from your PC until you complete Unit 3.

Week 2 Assignment

View this video to help you complete this assignment. Do not uninstall the software from your PC until you

complete Unit 3.

Transcript

Assignment Grading Rubric

Template completion (4 x 20)

Explanation of concepts (1 X 10)

Spelling and grammar

APA style

Total

Points

80

10

5

5

100

%

80%

10%

5%

5%

100%

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use

the Dropbox, read these step-by-step instructions.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

Exercise 1

Symmetric Encryption using Vigenere Cipher

1 click on file from the menu and select new

1. Click on File from the menu and select New.

2. Enter (paste) the following text in the window:

On September 25, 1789, the First Congress of the United States proposed 12 amendments to the

Constitution. The 1789 Joint Resolution of Congress proposing the amendments is on display in the

Rotunda in the National Archives Museum. Ten of the proposed 12 amendments were ratified by three-

fourths of the state legislatures on December 15, 1791. The ratified Articles (Articles 3–12) constitute the

first 10 amendments of the Constitution, or the U.S. Bill of Rights. In 1992, 203 years after it was

proposed, Article 2 was ratified as the 27th Amendment to the Constitution. Article 1 was never ratified.

3. Click on the Encrypt/Decrypt.

4. Select Symmetric (classic) from the drop down list.

5. Select Vigenere.

6. Enter a key –ORANGE (you may want to try the encryption with other keys).

7. Click Encrypt. 8. Capture this screen (SHIFT + PRTSCN) in Windows and paste below.

Exercise 2

Encryption with DES in CBC mode

1. Repeat the process above and select Symmetric (Modern).

2. Select DES CBC mode.

3. In the pop-up window, select Encrypt.

4. Capture this screen (SHIFT + PRTSCN) in Windows and paste below.

Exercise 3

Asymmetric encryption using RSA Encryption

1. Repeat the process above and select Asymmetric.

2. Select RSA Encryption.

3. Select Side Channel (under Last Name).

4. Click Encrypt.

5 capture this screen shift prtscn in windows

5. Capture this screen (SHIFT + PRTSCN) in Windows and paste below.

6. Close Cryptool.

Exercise 4

1. Create a text file made up of at least five pages of text. The text can be anything you would like.

2. Save the file on your C: Drive as TEXT.txt

3. Open Cryptool.

4. Click on File.

5. This time, select Open.

6. Browse to c:TEXT.txt

7. Click on Encrypt/Decrypt.

8. Select Asymmetric.

9. Select RSA Encrypt.

10. Check DISPLAY ENCRYPTION TIME at the bottom on the page.

11. Select Side Channel in the window.

12. Click on Encrypt.

Record your time below.

TIME =

Notice that the time taken is somewhat large for computing. Symmetrical encryption would take less than

.001 of a sec to encrypt the same text.

SEC 280 DeVry Week 4 Exercise Latest

In this assignment, you will use Cryptool to generate encryption keys (if you deleted your earlier one, you

will need to generate another one), sign a document, verify a signature, and extract a signature. Before

we continue, let’s recap how a signature works. A document has a unique hashed value. The hash value

can be encrypted with an individual’s private key to tie the document to the holder of the private key. The

encrypted hashed value is called signing a document.

to start this exercise open cryptool installed

To start this exercise, open Cryptool (installed in Week 2). Click on File and Open. In the open window,

type the following message: “It is a great day at DeVry University.” Click on Digital Signature/PKI from the

menu bar. Select Generate/Import keys. In the pop-up window, select RSA and complete the User Data

portion on the right panel. Select a PIN. I recommend “1234” for now. Click on Generate new key pair at

the bottom of the screen. You will receive a message that the keys were generated successfully. Close

any open windows except the windows with our message: “It is a great day at DeVry University.” Now,

select SHA-1 (160 bits) for hash function and choose RSA for signature algorithm and now select your

key pair from the bottom pane. Remember to enter your PIN (1234). The digital signature will be

displayed in another window. Capture this screen and paste it in the Week4_Template.

Leave the signature page and click on Digital Signature/PKI and click on Verify Signature. Select the key

pair and click on Verify Signature. You will get a message that the signatures are correct. They have to be

because we just created the signatures. Capture the Signature Verification page and paste it in your

Week4_Template. Now click on Digital Signatures/PKI and Click on Extract a Signature. A pop-up

window will be displayed with the extracted signature. The signature and the signed message are

displayed. Capture the page and paste it in the Week4_Template. Close all open Windows.

Now, create a text file in your document folder on your PC (save it as MYTEST.txt). This text document

can contain any you would like and can be created using Notepad. Back to Cryptool, click on Digital

Signatures/PKI. Select Signature Demonstration. The pop-up will contain a diagram of a schematic of the

digital signature process. Click on Open document. Select the text document you created earlier. Click on

Select Hash function. Choose SHA-1 and then click on OK. Click on Compute hash value and click on

Hash value. The hash value of your file will be displayed at the bottom of the window. Now click on

Generate key. Click on Generate Primes (accept default values) and Accept Primes. Click on Store Key.

Now click on Encrypt Hash Value. Click on Encrypted Hash value. The Encrypted Hash value will be

displayed at the bottom of the window. Now you are going to click on Provide Certificate. Enter your first

and last name and a PIN (confirm the PIN). Click on Generate Signature. The signature will be displayed

at the bottom of the window. Now click on Store signature. Capture the display screen and paste it in your

Week4_Template. Click OK and close Cryptool.

Assignment Grading Rubric

Hands-on lab assignment

APA

Spelling

Grammar

Total

Points

14 X 4 = 56

1

1

2

60

%

93.4%

1.6%

1.7%

3.3%

100%

submit your assignment to the dropbox located

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use

the Dropbox, read these step-by-step instructions.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

SEC 280 DeVry Week 7 Exercise Latest

Exercise—Bulk Extractor

In this assignment, you are going to perform a forensic analysis of the C:users (or C:windowsusers) folder

in Windows of your computer to investigate possible credit card frauds. To perform this forensic analysis,

you are going to need Bulk Extractor. Bulk Extractor is a computer forensics tool that scans a disk image,

file, or directory of files and extracts information such as credit card numbers, domains, e-mail addresses,

URLs, and ZIP files. The extracted information is output to a series of text files. You will need these files

to complete this assignment.

Bulk Extractor can be downloaded from http://digitalcorpora.org/downloads/bulk_extractor/. For

consistency, you want to download the version below. Once downloaded, run the installation. This

process will take less than five minutes.

bulk_extractor-1.5.1-windowsinstaller.exe 05-Aug-2014 13:03 20M

Once completed, you will need to create a storage folder on your computer where Bulk Extractor will write

the output of the forensic investigation. Now you are ready to start the Bulk Extractor application.

Downloading and Installing Bulk Extractor

Watch this short video on the steps needed to complete this assignment.

See the Syllabus section “Due Dates for Assignments &Exams” for due date information.

Download Now