William Slater's CYBR 515 Blog

William Slater's CYBR 515 Blog
CYBR 515 - Security Architecture and Design

Sunday, November 20, 2011

Post 054 - CYBR 515






The Fat Lady Has Sung, So This Blog Has Completed - Thanks for Reading!

It's over. The Fat Lady Has Sung, So This Blog has now completed. Thanks for reading, Folks!

Do you want to hear the Fat Lady sing? Click here! (Turn it up!)



=================================
William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 515 Blog: http://cybr515.blogspot.com
http://billslater.com/career
Chicago, IL

Post 053 - CYBR 515


EDF used Trojans to spy on Greenpeace


EDF is a giant French Energy company. The head of nuclear energy at EDF was fined 1.5 million euros for commissioning Kargus Consultants to use Trojans to attack Greenpeace's Yannick Jadot’s computer in 2006, stealing 1,400 documents relating to the organisation’s campaign against nuclear power. Jadot was then head of campaigns in France.

This judicial ruling was extremely important because it was the largest of its kind that was ever awarded.

From the article:

"The court in Nanterre handed EDF’s former security head, Pascal Durieux, a three-year jail sentence with one suspended, while his deputy Pierre-Paul François was given three years with 30 months suspended.

"The head of Kargus, Thierry Lorho, was given three years in jail with two suspended and a 4,000 euro fine while his technical expert and former secret service man, Alain Quiros, was given two years suspended."

"The evidence presented at the trial showed that the espionage undertaken by EDF in its efforts to discredit Greenpeace was both extensive and totally illegal. The company should now give a full account of the spying operation it mounted against its critics," said Greenpeace UK executive director, John Sauven.

What was especially astounding was that Pascal Durieux was a retired rear admiral from the French Navy and Pierre-Paul François had worked as a policeman.


=================================
William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 515 Blog: http://cybr515.blogspot.com
http://billslater.com/career
Chicago, IL

Post 052 - CYBR 515




"Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says"


This is an alarming news story and points out the vulnerability of infrastructure points in the U.S. It hits very close to home also because I think these hackers probably attacked the Jardine Water Treatment Plant (information here)that is operated by the City of Chicago. This plant pumps over one billion gallons of water out of Lake Michigan every day, and I am one of nearly 8 million people who use this water from the Jardine Water Treatment Plant daily to cook, shower, etc.

Sadly, people have been aware of such vulnerabilities for some time and such attacks have been predicted as far back as 10 to 15 years ago.

Let's hope home our city and national authorities are paying attention to this news and that they will act before it is too late.

===========================


Bill
William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
CYBR 515 Blog: http://cybr515.blogspot.com
http://billslater.com/career
Chicago, IL
United States of America

Thursday, November 17, 2011

Post 051- CYBR 515


Week Twelve Assignments

Theme for the Week - Validating a Secure Design

Learning Objectives:

• Describe how PCI Data Security Standards are used to enhance payment card data security.

• Design a certification and evaluation plan for a secure network.

• Propose solutions to network security vulnerabilities that are exposed during an audit.

Readings:

https://www.pcisecuritystandards.org/security_standards/index.php

https://www.pcisecuritystandards.org/security_standards/documents.php

https://www.pcisecuritystandards.org/documents/pci_dss_saq_instr_guide_v2.0.pdf

http://www.sans.org/score/


This week:

Now that you've created a design for a secure network, how do you know that it meets acceptable standards and practices for security? After all, both threats and the technology to meet them are constantly evolving. You need a way of ensuring that your network provides an acceptable level of risk. Fortunately, there are several organizations and methodologies that are in place to help you. Our reading assignments for this week expose you to some of the more important ones, and they, in turn, will point you to others by way of reference. If you take the time to examine these documents, you will be provided with a considerable amount of insight into how networks are certified, managed, and audited.

Some things to remember. Our networks are not static, and many of the technologies we implement can undo or circumvent security that we painstakingly put in place. Wireless is a good example. We need to consider the impact of all changes that we make and stay up to date on the latest tools and methodologies for identifying and eliminating vulnerabilities.

As part of our reading, we reference the Payment Card Industry’s Data Security Standards (PCI DSS) and their Documents Library. We also examine their Self-Assessment Questionnaire. These two documents explain the requirements for security to support payment processing. In addition, we'll review documents from the SANS. They have a Security Consensus Operational Readiness Evaluation (SCORE) that has benchmarks, scoring tools, checklists. and step-by-step guides. You can use these tools to evaluate an IT architecture. Please begin your lessons.

Week 12 Discussion

This week's reading involved both Security Consensus Operational Readiness Evaluation (SCORE) and Payment Card Industry (PCI) Data Security Standard 2.0. In your post this week, mention one important concept you have learned regarding these two assessment methodologies.

General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 12_2 (Attach to this assignment)

This assignment involves an evaluation of a secure design. Using the materials from your reading assignment, perform a security evaluation on the fictitious organization in the case study attached to this assignment. Use SCORE or PCI assessment methodology from your reading for your evaluation. Please use this week's discussion forum to post any questions or comments you have about this assignment. Save your findings in a word document named CYBR515 Assignment 12_2 , and attach it to this assignment.

Assignment 12-3 MIlestone 5 (Attach to this assignment)

Your project deliverable for this milestone is a brief PowerPoint presentation that could be presented to senior management explaining your recommendations. In your presentation, provide an overview of the present system, including any security vulnerabilities that you found. Outline the main points/diagrams/recommendations. Use the Notes section of the PowerPoint slides to explain any details about the slide. Review your semester project document for additional information on this assignment.

Please include CYBR515 Assignment 12-3 and your name in the file name for your PowerPoint presentation and attach it to the appropriate assignment for grading.

Thursday, November 10, 2011

Post 050 - CYBR 515



U.S. Charges 7 in Alleged Internet Ad Fraud Scam

November 9, 2011

For the first time, I believe, U.S. authorities Wednesday charged seven people living in Estonia and Russia with using malicious software to hijack millions of computers worldwide to redirect Internet searches toward online ads.
Starting in 2007, the suspects created fake companies that contracted with legitimate advertiser websites to drive Internet traffic toward their Internet pages, according to a Manhattan federal court indictment.

About 4 million computers in 100 countries including the United States were infected with malicious software designed by the defendants that would redirect an Internet user's browser toward the online advertisements, the indictment said. The defendants were paid about $14 million by advertisers based on the amount of "clicks" the ad pages would receive, it said.


Note - these people could have installed spyware on your computer. Maybe you should ensure that your security software protects against such malware.


====================================
William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career

Wednesday, November 9, 2011

Post 049 - CYBR 515


Week Eleven Assignments

Theme for the Week - Network Management Security
Learning Objectives:

Describe the contributions made by an automated network management system to the security of a network infrastructure.
Design a distributed network management infrastructure using commercially available components.
Explain why SNMPv3 was developed.

Readings:
Chapter 12 - Network Management Security. Please note that this chapter is not available from your textbook. Instead, you must access it on the author's companion web site at the following URL:Chapter 12

This week:
It would make our lives as network administrators much easier if the secure networks we built never needed monitoring or fine tuning. In that perfect world, we would set them up and they would work forever with no issues. Networks are only as secure as their next exploit, and they must be constantly monitored and upgraded to recognize and mitigate evolving threats. However, the act of monitoring a network is made more difficult by the security constraints that we implement. Therefore, we need to know the strong points and limitations of network management architectures.

Our lesson examines one such architecture based on Simple Network Management Protocol (SNMP). We will discuss the standards that define it, the elements it is composed of, and the data it collects. Now, let's get started.

Assignment 11_1 (On-line Quiz)

Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.

You need to take the quiz by the end of the week to earn credit.

Assignment 11_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.

1. What is view-based access control and what is it used for. In your answer provide an example of where you might use it.

2. As a lead-in to this week's reading assignment, the author provides a quote from The Art of War by Sun Tzu. How does that quote relate to Network Management Security?

3. What is a Management Information Base (MIB) and what is is used for in SNMP? Provide examples.

4. Why was SNMPv3 developed? How does it improve security over versions 1 and 2?

5. What is the meaning of the term principal, as used when describing SNMP? How does this term relate to a principal as used in Kerberos standards?

6. Put your hacking hat on for this question. If you wanted to attack SNMP, how might you do it? What would be the objective of your attack? In your answer, you get to pick the version for your attack.

7. Why would you want SNMP installed on your network and how would it improve security. Please note that, "It won't improve security and I don't want it," is not an acceptable answer.

8. What are the main modules in a traditional SNMP Engine, and what does each do?

9. What is an SNMP community? Should each community be secured the same. Explain your answer and provide an example.

10. Why is authentication and authorization required in SNMP. Explain what might happen if SNMP didn't provide for either one.

Our trivia question for the week: What is Code Red (not the drink), when did it originate, and what did it do to Cisco 675 and 678 routers?
General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 11_3 (Attach to this assignment)
Review the diagram of an example distributed network management configuration on P 12-9 of our reading assignment. For each different element shown, describe its roles and function.
Save your description to a Microsoft Word document as CYBR515 Assignment 11_3 and attach it to this assignment.


Assignment 11.4 Milestone 5 (Due next week)
You should devote some time to the Milestone 5 submission for your semester project this week. The next set of deliverables are due on the last day of Week 12. Get started as soon as you can to avoid the last minute rush.

Monday, November 7, 2011

Post 048 - CYBR 515


Prisoners from California Prisons

A Real Automation Integration Nightmare: Can Hackers Release Prisoners from California Prisons?

The articles below explain the probability of Hackers being able to break into the computer systems and networks that control the release mechanisms that lock the doors in California Prisons. This further highlights the need for strong leadership, policies, and efforts in sound Information Security Management.


===========================================
William Favre Slater, III, MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
http://billslater.com/career
Chicago, IL
United States of America

Sunday, November 6, 2011

Post 047 - CYBR 515


USA PATRIOT ACT and Its Effect on the American People

Many of you may be unaware of the USA PATRIOT ACT that was passed in October 2001 as a quick response to the terrorist attacks of September 11, 2001. This post explains some facts that you need to know about the USA PATRIOT ACT and how it changed the freedoms that the Founding Fathers tried to provide for the citizens of this country when the first wrote and ratified the Constitution of the United States and the first 10 Ammedments, commonly known as the Bill of Rights.

USA PATRIOT ACT essentially nullified 5 of the first 10 Amendments to the U.S. Constitution.

Many citizens feel strongly that the powers now granted to the Executive branch of government and its agents are in direct conflict with the 1st, 4th, 5th, 6th and 8th Amendments in the Bill of Rights to the U.S. Constitution (see Bill of Rights, below.). In other words, we now live in such times that many of the rights to privacy that we thought we were guaranteed under the U.S. Constitution, are now preempted, at least temporarily by the PATRIOT Act. In fact, the only way that the PATRIOT Act could be successfully passed in both chambers of Congress was to include a “Sunset Clause,” which caused many of the more far-reaching provisions of the Act to expire automatically, unless they were again reviewed and approved by both chambers of Congress. Though there was a “Sunset Clause" the PATRIOT Act has now been renewed TWICE, once under President Bush and once under President Obama.

= = = = = = = = = = = = = = = = = = = = = = = = = = = =

Bill of Rights – First 10 Amendments to the U.S. Constitution

ARTICLES IN ADDITION TO, AND AMENDMENTS OF, THE Amendments to the Constitution

CONSTITUTION OF THE UNITED STATES OF AMERICA, PROPOSED BY CONGRESS, AND RATIFIED BY THE LEGISLATURES OF THE SEVERAL STATES, PURSUANT TO THE FIFTH ARTICLE OF THE ORIGINAL CONSTITUTION

Article [I.]

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Article [II.]

A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

Article [III.]

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.

Article [IV.]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Article [V.]

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Article [VI.]

In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence.

Article [VII.]

In Suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise re-examined in any Court of the United States, than according to the rules of the common law.

Article [VIII.]

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

Article [IX.]

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Article [X.]

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

References:

The Constitution of the U.S. (1788). U.S. Constitution. Retrieved from the web athttp://www.billslater.com/wfs_us_constitution.htm on November 6, 2011.

Wikipedia. (2011). USA PATRIOT Act. A Wikipedia article retrieved from the web athttp://en.wikipedia.org/wiki/Usa_patriot_act on November 6, 2011.


===========================

William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career

Thursday, November 3, 2011

Post 046 - CYBR 515

Foreign Spies Stealing US Economic Secrets in Cyberspace

Many of you may want to read this report and perhaps share it with your families, friends, and colleagues.

Foreign Spies Stealing US Economic Secrets in Cyberspace
http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf

It details the threats of China and Russia and how active they are in their respective efforts to steal secrets from U.S. Companies.

More about this report in this article from the web:

In a world of cybertheft, U.S. names China, Russia as main culprits

http://www.washingtonpost.com/world/national-security/us-cyber-espionage-report-names-china-and-russia-as-main-culprits/2011/11/02/gIQAF5fRiM_story.html?wprss=

The threats described in these reports are some of the main reasons that I signed up for this 18 month program for an M.S. in Cybersecurity at Bellevue University in Bellevue, NE.


==========================================================

William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career

Post 045 - CYBR 515



Time to Get Naked... Naked Security - An Award-winning IT Security Blog Worth Checking Out

Today, the good folks at Naked Security helped save me and my wife from a Facebook scam related to giving away two "free" Southwest Airlines tickets. This is the linkk that saved us from that scam: http://nakedsecurity.sophos.com/2011/10/03/freesouthwest-airlines-tickets/
I found it using Google, then checked it out and this an award-winning IT Security Blog and it is definitely worth checking out.

Get Naked(Security) and Enjoy!


William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager

Wednesday, November 2, 2011

Post 044 - CYBR 515


Week Ten Assignments

Theme for the Week - Firewalls

Learning Objectives:
Choose an appropriate firewall for a given secure network.
Differentiate between hardware and software firewalls.
Describe the types of firewalls and what features they provide.
Explain the strengths and weaknesses of firewalls.

Readings:

• Chapter 11 in your textbook.

http://www.cisco.com/en/US/products/hw/vpndevc/index.html (this page leads to several Cisco product lines for secure networking)

http://www.sonicwall.com/us/


This week:
Firewalls are an indispensable means to regulate traffic between hosts or between networks. Firewalls are implemented in many forms, and they may be hardware devices or programs that run on individual computers. However, regardless of where they are located, they ultimately serve only one purpose: allow good packets to pass and block bad ones.
A firewall is the first line of defense between your network and an external attacker. Therefore, it would be poor network security design to omit a firewall from your network architecture. In addition, it would not be wise to install hosts on your network that were not protected by software firewalls. All major operating systems have built-in firewalls, and there are additional layers of protection that are available from third party vendors.
Our reading assignment for this week provides a good overview of firewalls. In addition, the supplemental readings give insight into some firewall products that are available today. Please take the time to go through these readings, as they will provide valuable information to you when attempting to design the correct firewall solution for a secure network.
Assignment 10_1 (On-line Quiz)
Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.

You need to take the quiz by the end of the week to earn credit.
Assignment 10_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.

1. What techniques could an intruder use to break into or circumvent a firewall? Provide examples to illustrate your answer.

2. How does a firewall work? Provide examples. Also, avoid answers like, "It works very well," as they will not get you any credit for your post.

3. Which are better, hardware or software firewalls? Support your answer.

4. If your network could have only one hardware firewall, where should it be placed and why? You may use a picture or diagram.

5. If all traffic entering or leaving a local network passes through a firewall, couldn't that firewall negatively impact performance? What would you do if that was the case?

6. If a virtual private network is allowed to pass through a firewall (for example, between a Windows server in the local network and a laptop on the Internet,) what problems might occur? Provide an example.

7. What secure network design considerations are important when selecting and configuring a firewall?

8. What is a local security policy and how would you implement one?

9. If a hacker broke into your firewall and configured it to allow all traffic from any originator to go to any destination, what would be the impact to your network in terms of security? Elaborate.

10. Do you believe any of the design goals for firewalls, as discussed in your reading, are achievable? Elaborate.

Our trivia question for the week: What is a Blue Box and what was it used for?

General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!
Assignment 10_3 (Attach to this assignment)
Using the Internet and other appropriate references, locate a hardware or software firewall product or service that has not previously been discussed in this assignment. It may be a program, a security appliance, or a router that has the ability to do stateful and deep packet inspection. Describe your firewall and its capabilities and explain how it could be used in a secure network to provide protection. List any sites or references used in your research in APA format. Save your description to a Microsoft Word document as CYBR515 Assignment 10_3_ and attach it to this assignment.


Assignment 10-4 Milestone 4

Our fourth set of project deliverables is due this week. For this milestone you will be making your final design changes to the network infrastructure. Review all of your work to this point, and use everything that you have learned from this course to provide the appropriate level of security at each level of the network. Again, use the information from your studies and feedback from previous assignments, to help you with this process.

Produce a final revision of your Visio diagram and a final set of recommendations for change in a Microsoft Word document. You should include any past Visio diagrams as tabs, so we can track changes and progress. Your written discussion should explain your recommendations in enough detail to be easily understood by the "customer." Remember to cite any sources that you choose to use in APA format.

Attach your completed documents to this assignment. Please include CYBR515 Assignment 10-4 and your name in the file name for your diagram and summary. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.