William Slater's CYBR 515 Blog

Sunday, October 9, 2011

Post 023 - CYBR 515

Steve Jobs shows off the new Apple iPad 2 in 2011

Can a Leadership Style Adversely Affect the State and Quality of an Organization's Information Security?

Apple's Co-founder and former CEO, Steven Paul Jobs (1955 - 2011), passed away on October 5, 2011. May he rest in peace, and may his family and friends be comforted and experience rapid healing during their time of intense loss.

Much has been said of Mr. Job's visionary contributions to the work of computing and personal communications, and how he empowered the masses by having the vision to humanize technology and make it useful. That is all noteworthy, and significant, and it has certainly made the world a more interesting place.

But this article shows the real Steve Jobs, and the way he treated the people around him, who were executing his vision to change the world. http://gawker.com/5847344/what-everyone-is-too-polite-to-say-about-steve-jobs. I was aware of these traits, but it's documented so well here that it deserves to be shared. I was also aware that Mr. Jobs' tyrannical ways worked some people so hard that it broke up marriages and almost drove some people crazy. It's a poor leadership style that in my opinion could not have continued, if he had continued to live.

And since this is a blog for a course in Security Architecture and Design, the point of this post, however, is that I personally believe that a poor tyrannical, leadership style, based on bullying, intimidation, and humiliation, can itself constitute a threat to information security because it increases risks that an organization doesn't want. This is because when things start to go awry, many people who work on the Team of a Tyrant may become passive aggressive and enjoying watching a Tyrannical Leader fail. I believe that there is a human trait in which people like to see what goes around comes around. If a tyrant mistreats people, those people will probably be happy to see him or her get what is coming to them. If that means watching a tyrant take the heat for situations like 1) the compliance penalities associated with a data breach; or 2) failing to secure something that should have been secured during an information security-related project; or 3) a Business Continuity Plan that is missing critical components that will ultimately doom it to failure if and when it is ever executed; employees will be only too glad to see these things occur, despite the fact that it could and will adversely affect an organization. So I believe that a poor leader can create situations that in raise the information security risk factors in an organization.

What's the answer? I will share what I believe is the answer in a in a post that follows this one.

Friday, October 7, 2011

Post 022 - CYBR 515

U.S. Air Force Predator firing a deadly Hellfire Missile

U.S. Air Force Predator Crew

Exclusive: Computer Virus Hits U.S. Drone Fleet

By Noah Shachtman October 7, 2011 | 1:11 pm | Categories: Drones

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”

My comments:

This is the first public release of such information. About 14 months ago with the disclosure of the Stuxnet worm and its effect on equipment in the Iranian Nuclear facilities, one industry observer noted that this was the public beginning of specialized, weaponized computer software. With the advent of a virus that is quietly monitoring U.S. Air Force Drone Crews as they fly operational missions in Afghanistan and other forward operating locations, we may be witnessing the second chapter of specialized, weaponized computer software.

As a former U.S. Air Force Officer, I sincerely wish the men and women of the U.S. Air Force Drone Team the best as they fight this newly identified danger to their operational mission.

------------------

Source: http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

Post 021 - CYBR 515

Source: White paper from General Dynamics

Electronic Health Records, the Department of Veterans Affairs, the Department of Defense and the Future

The white paper link about the VA and the DoD and the State of Health Records Initiatives and diagram above describe a big picture view of what I am doing in my career now with VA and DoD-related Health Care Records Initiatives. You may want to download and view this new white paper

http://download.1105media.com/GIG/Custom/2011PDFS/InsightsHealthIT.pdf

I am managing a program that develops the enabling software for these initiatives.

This is truly the future of Health Care Records and because it will pass Personally Identifiable Information (PII) and other related sensitive information over a complex network of MANY distributed systems and applications, it represents MANY opportunities for the application of security controls and Cybersecurity best practices to protect this information. This is one more reason I am happy that I enrolled in the M.S. in Cybersecurity program at Bellevue University on August 29, 2011.

=====================

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
slater@billslater.com
http://billslater.com/career
Chicago, IL
United States of America

Post 020 - CYBR 515

October is now National Cybersecurity Awareness Month

As an M.S. student in Cybersecurity at Bellevue University, I am happy to inform you that October is now National Cybersecurity Awareness Month. Please share with your friends, kids, grandkids, co-workers, neighbors, Facebook Friends, etc.

http://www.staysafeonline.org/

Stay Safe Online!

William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27001 Auditor, ISO 27002, MCP #3585

Project Manager / Program Manager
Chicago, IL
slater@billslater.com

Post 019 - CYBR 515

Week 6 Assignments

Theme for the Week - Wireless Network Security

Learning Objectives:

• Characterize the services, protocols, and cryptographic algorithms that are elements of a robust wireless security network as defined by IEEE Standard 802.11i.

• Produce a design for a wireless network that provides adequate security for a business environment.

• Assess the strengths and weaknesses of current wireless standards and protocols.

• Propose a wireless security solution that addresses weaknesses in existing security protocols.

Readings:

• Chapter 6 in your textbook.

This week:

We shift our focus to secure wireless networks this week. Although wireless is a relatively new technology to local area networks, it has been around for over ten years and is considered to be mature. Wireless security has evolved over the years, and is now considered to be adequate for most business networks. However, wireless networks have built-in disadvantages that make them more prone to attack than wired networks. We'll discuss how wireless networks are currently protected, and examine the strengths and weaknesses of standards and protocols. We also examine a framework for extending security to portable network devices that use the cellular phone network to communicate.

Assignment 6_1 (On-line Quiz)

Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.

You need to take the quiz by the end of the week to earn credit.

Assignment 6_2 (Post to this week's discussion forum)

Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.

1. If you were a malicious attacker, how would you attack a wireless network? Provide details of your plan of attack.

2. Given the available settings in a typical wireless access point (a Linksys WRT54G Broadband Router would be adequate if you have difficulty deciding on one to use as an example,) what is the most secure configuration you can create? You may use the Internet and other appropriate sources to answer this question. In your answer, explain the purpose, strengths, and weaknesses of each setting.

3. Our reading assignment this week is acronym soup. Do you feel that it is necessary to memorize acronyms at the graduate level? Explain your answer.

4. Why is a wired Local Area Network (LAN) inherently more secure than a Wireless LAN? Fully explain your reasoning.

5. What are some of the ways that wireless security could be improved? In your answer, provide examples of how your might implement your improvements.

6. You happen to notice that a vehicle pulls up and parks in the same spot outside of your office each night. The person remains in the vehicle and appears to be working. What could the occupant of the vehicle be doing and how would you address the problem?

7. Given WiFi Protected Access 2 (WPA2) with Temporal Key Integrity Protocol (TKIP) and Pre-Shared Keys (PSKs), how does key exchange take place, and how often are keys updated?

8. What is a nonce? Explain the use and derivation of this word and how it applies to IEEE 802.11i wireless security.

9. What is Wireless Application Protocol (WAP) and how does it apply to mobile devices? In your answer, include an explanation of WAP security features.

10. Your text states that the Wi-Fi Alliance has, "..developed certification procedures for IEEE 802.11 security standards." What does this mean to you? Hint: http://www.wi-fi.org/certification_programs.php

Our trivia question for the week: What is the name of the first worm to be released into the Internet, who released it, and what did it do?

General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 6_3

Put yourself in the role of a consultant. You have been hired to propose a wireless solution for a small company. The background information on the company is contained in the attachment to this assignment. Based on that information, your reading, and any other source materials at your disposal, provide a simple design for a secure wireless network. In your design, include a list of the security features that you would enable and why you would enable them. Save your deliverables in individual files named CYBR515 Assignment 6_3a and CYBR515 Assignment 6_3b , and attach them to this assignment.

Please note that they must both be attached at the same time that you submit your assignment. If you submit the assignment with only one file, you will not be able to attach the second one without help from your instructor.

Forever Young Case Study.doc

Assignment 6.4 Milestone 2

Our second set of deliverables is due this week. In this milestone, we utilize encryption to improve network security, as well as exploring improvements to the wireless network. We will be using everything that we have learned up to this point to design improvements to the network infrastructure.

Use the information from your studies and feedback from previous assignments, to help you with this process. Revise your original Visio diagram to depict any changes that you propose to make. You can either show the changes on your original Visio diagram or add your original diagram as a tab at the bottom. You also need to summarize your recommendations for change in a Microsoft Word document. You may use any appropriate sources for your requirements. Remember to cite your sources in APA format.

Attach your completed documents to this assignment. Please include CYBR515 Assignment 6_4 and your name in the file name for your diagram and summary. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.

Post 018 - CYBR 515

Week 5 Assignments

Theme for the Week - Security using Transport Layer Services

Learning Objectives:

• Differentiate between Secure Socket Layer (SSL), Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), and Secure Shell (SSH).

• Create a model that depicts the four phases of the handshake protocol for SSL.

• Describe how SSL/TLS is used to encrypt Web traffic for HTTPS.

• Explain how the key exchange process is implemented in SSH.

Readings:

• Chapter 5 in your textbook.

This week:

This week's lesson continues our exploration of protocols that implement symmetric and asymmetric encryption techniques. We will examine four protocols that operate in the Transport layer of the protocol stack: Secure Socket Layer (SSL), Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), and Secure Shell (SSH). SSL/TLS is a means of providing end-to-end encryption using certificates and key exchanges. HTTPS makes use of SSL/TLS to secure Web-based traffic from browser to server. SSH was originally designed to replace telnet for remote access, but has taken on a wider role, including file transfer and email. As part of our reading assignment, we will study descriptions and models that show in great detail how these protocols work. Now let's get started.

Assignment 5_1 (On-line Quiz)

You need to take the quiz by the end of the week to earn credit.

Assignment 5_2 (Post to this week's discussion forum)

1. Which one of the big three transport-level security protocols (SSL/TLS, HTTPS, and SSH) is the most vulnerable to attack and why? Provide an example of how someone might attack it.

2. In most secure Web sessions, SSH authenticates the Web server using certificates. How does this process work?

Hint: You might start by opening Internet Explorer and navigating to Tools->Internet Options->Content->Certificates.

3. What are the primary differences between SSL version 3 and TLS as defined in RFC 5246.

4. What does hash (ClientHello.random || ServerHello.random || ServerParams) mean? In your answer, you should include an explanation of the symbols that are used.

5. How are the keys protected during key exchange in an SSH packet exchange? In your answer, provide specific examples of how it is done, and state your opinion as to why or why not the key exchange process adequately protects the keys.

6. In SSH, what is the difference between local forwarding and remote forwarding. Provide an example of where you might use each type of forwarding that is not in your book.

7. As a network designer, where would these protocols (SSL, HTTPS, and SSH) be implemented and why? If you wish, you may propose a hypothetical secure network to use as a framework for your answer.

8. Why was it necessary to develop SSH to replace telnet? Use the Internet and other appropriate sources to locate information on this question. Be specific, and remember to cite your sources. As part of your answer, explain what is better about SSH.

9. Most network administrators agree that the TCP/IP protocol stack doesn't implement the Session layer from the Open Systems Interconnect (OSI) model. However, in the explanation of how Transport layer protocols work, our author uses the term "session" frequently. Are the network administrator wrong, or is it just a misunderstanding? Elaborate.

10. What is an SSH tunnel and how does it work?

Our trivia question for the week: What is the Star Property and why is it called the Star Property?

Assignment 5_3

Implementing SSL/TLS, HTTPS, and SSH is a matter of configuring clients, servers, and network infrastructure. For this assignment, select one of the three protocols and create a one page plan for implementing it for a generic organization. For example, you could choose installation of a SonicWall Virtual Private Network (VPN) server that implements an HTTPS tunnel. Your plan would include general instructions for installing the SonicWall security appliance, configuring it to access authentication information from an existing LDAP database (Windows Active Directory would work), defining authorized users, and setting permissions to allow them to use the VPN. Include a simple network diagram showing notional IP addresses and port numbers (an HTTPS VPN would use TCP port 443.) Please note that your plan doesn't have to be a highly detailed, step by step checklist. All I am looking for is a general explanation of the work that needs to be done to implement the protocol for a particular application.

Save your work to a Word document as CYBR515 Assignment 5_3 and attach it to this assignment.

Assignment 5.4 Milestone 2 (Due next week)

You should devote some time to the Milestone 2 submission for your semester project this week. The next set of deliverables are due on the last day of Week 6. Get started as soon as you can to avoid the last minute rush.