William Slater's CYBR 515 Blog

William Slater's CYBR 515 Blog
CYBR 515 - Security Architecture and Design

Friday, December 9, 2011

Post 055 - CYBR 515




The M.S. in Cybersecurity at Bellevue University
(Click for more information)

I started this program on Monday, August 29, 2011. The links below will take you to the course blog that has been set up for each course in this program:

=========================================================

CIS 608 - Information Security Management
CYBR 515 - Security Architecture and Design
CYBR 510 - Physical, Operations, and Personnel Security
CIS 537 - Introduction to Cyber Ethics
CIS 607 - Computer Forensics
CYBR 520 - Human Aspects of Cybersecurity
CYBR 610 - Risk Management Studies
CYBR 615 - Cybersecurity Governance and Compliance
CYBR 625 - Business Continuity Planning and Recovery
DET 630 - Cyber Warfare & Deterrence
CYBR 525 - Ethical Hacking and Response
CYBR 650 - Current Trends in Cybersecurity


=========================================================

If you are interested in me and my career, here are some additional links:

Resume
Career
Certifications
Credentials
ISO 27001
M.S.
MBA
Bio
Writing
Thoughts
Secrets
Chicago
Love Story

====================================

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
slater@billslater.com
Chicago, IL

Sunday, November 20, 2011

Post 054 - CYBR 515






The Fat Lady Has Sung, So This Blog Has Completed - Thanks for Reading!

It's over. The Fat Lady Has Sung, So This Blog has now completed. Thanks for reading, Folks!

Do you want to hear the Fat Lady sing? Click here! (Turn it up!)



=================================
William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 515 Blog: http://cybr515.blogspot.com
http://billslater.com/career
Chicago, IL

Post 053 - CYBR 515


EDF used Trojans to spy on Greenpeace


EDF is a giant French Energy company. The head of nuclear energy at EDF was fined 1.5 million euros for commissioning Kargus Consultants to use Trojans to attack Greenpeace's Yannick Jadot’s computer in 2006, stealing 1,400 documents relating to the organisation’s campaign against nuclear power. Jadot was then head of campaigns in France.

This judicial ruling was extremely important because it was the largest of its kind that was ever awarded.

From the article:

"The court in Nanterre handed EDF’s former security head, Pascal Durieux, a three-year jail sentence with one suspended, while his deputy Pierre-Paul François was given three years with 30 months suspended.

"The head of Kargus, Thierry Lorho, was given three years in jail with two suspended and a 4,000 euro fine while his technical expert and former secret service man, Alain Quiros, was given two years suspended."

"The evidence presented at the trial showed that the espionage undertaken by EDF in its efforts to discredit Greenpeace was both extensive and totally illegal. The company should now give a full account of the spying operation it mounted against its critics," said Greenpeace UK executive director, John Sauven.

What was especially astounding was that Pascal Durieux was a retired rear admiral from the French Navy and Pierre-Paul François had worked as a policeman.


=================================
William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 515 Blog: http://cybr515.blogspot.com
http://billslater.com/career
Chicago, IL

Post 052 - CYBR 515




"Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says"


This is an alarming news story and points out the vulnerability of infrastructure points in the U.S. It hits very close to home also because I think these hackers probably attacked the Jardine Water Treatment Plant (information here)that is operated by the City of Chicago. This plant pumps over one billion gallons of water out of Lake Michigan every day, and I am one of nearly 8 million people who use this water from the Jardine Water Treatment Plant daily to cook, shower, etc.

Sadly, people have been aware of such vulnerabilities for some time and such attacks have been predicted as far back as 10 to 15 years ago.

Let's hope home our city and national authorities are paying attention to this news and that they will act before it is too late.

===========================


Bill
William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
CYBR 515 Blog: http://cybr515.blogspot.com
http://billslater.com/career
Chicago, IL
United States of America

Thursday, November 17, 2011

Post 051- CYBR 515


Week Twelve Assignments

Theme for the Week - Validating a Secure Design

Learning Objectives:

• Describe how PCI Data Security Standards are used to enhance payment card data security.

• Design a certification and evaluation plan for a secure network.

• Propose solutions to network security vulnerabilities that are exposed during an audit.

Readings:

https://www.pcisecuritystandards.org/security_standards/index.php

https://www.pcisecuritystandards.org/security_standards/documents.php

https://www.pcisecuritystandards.org/documents/pci_dss_saq_instr_guide_v2.0.pdf

http://www.sans.org/score/


This week:

Now that you've created a design for a secure network, how do you know that it meets acceptable standards and practices for security? After all, both threats and the technology to meet them are constantly evolving. You need a way of ensuring that your network provides an acceptable level of risk. Fortunately, there are several organizations and methodologies that are in place to help you. Our reading assignments for this week expose you to some of the more important ones, and they, in turn, will point you to others by way of reference. If you take the time to examine these documents, you will be provided with a considerable amount of insight into how networks are certified, managed, and audited.

Some things to remember. Our networks are not static, and many of the technologies we implement can undo or circumvent security that we painstakingly put in place. Wireless is a good example. We need to consider the impact of all changes that we make and stay up to date on the latest tools and methodologies for identifying and eliminating vulnerabilities.

As part of our reading, we reference the Payment Card Industry’s Data Security Standards (PCI DSS) and their Documents Library. We also examine their Self-Assessment Questionnaire. These two documents explain the requirements for security to support payment processing. In addition, we'll review documents from the SANS. They have a Security Consensus Operational Readiness Evaluation (SCORE) that has benchmarks, scoring tools, checklists. and step-by-step guides. You can use these tools to evaluate an IT architecture. Please begin your lessons.

Week 12 Discussion

This week's reading involved both Security Consensus Operational Readiness Evaluation (SCORE) and Payment Card Industry (PCI) Data Security Standard 2.0. In your post this week, mention one important concept you have learned regarding these two assessment methodologies.

General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 12_2 (Attach to this assignment)

This assignment involves an evaluation of a secure design. Using the materials from your reading assignment, perform a security evaluation on the fictitious organization in the case study attached to this assignment. Use SCORE or PCI assessment methodology from your reading for your evaluation. Please use this week's discussion forum to post any questions or comments you have about this assignment. Save your findings in a word document named CYBR515 Assignment 12_2 , and attach it to this assignment.

Assignment 12-3 MIlestone 5 (Attach to this assignment)

Your project deliverable for this milestone is a brief PowerPoint presentation that could be presented to senior management explaining your recommendations. In your presentation, provide an overview of the present system, including any security vulnerabilities that you found. Outline the main points/diagrams/recommendations. Use the Notes section of the PowerPoint slides to explain any details about the slide. Review your semester project document for additional information on this assignment.

Please include CYBR515 Assignment 12-3 and your name in the file name for your PowerPoint presentation and attach it to the appropriate assignment for grading.

Thursday, November 10, 2011

Post 050 - CYBR 515



U.S. Charges 7 in Alleged Internet Ad Fraud Scam

November 9, 2011

For the first time, I believe, U.S. authorities Wednesday charged seven people living in Estonia and Russia with using malicious software to hijack millions of computers worldwide to redirect Internet searches toward online ads.
Starting in 2007, the suspects created fake companies that contracted with legitimate advertiser websites to drive Internet traffic toward their Internet pages, according to a Manhattan federal court indictment.

About 4 million computers in 100 countries including the United States were infected with malicious software designed by the defendants that would redirect an Internet user's browser toward the online advertisements, the indictment said. The defendants were paid about $14 million by advertisers based on the amount of "clicks" the ad pages would receive, it said.


Note - these people could have installed spyware on your computer. Maybe you should ensure that your security software protects against such malware.


====================================
William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career

Wednesday, November 9, 2011

Post 049 - CYBR 515


Week Eleven Assignments

Theme for the Week - Network Management Security
Learning Objectives:

Describe the contributions made by an automated network management system to the security of a network infrastructure.
Design a distributed network management infrastructure using commercially available components.
Explain why SNMPv3 was developed.

Readings:
Chapter 12 - Network Management Security. Please note that this chapter is not available from your textbook. Instead, you must access it on the author's companion web site at the following URL:Chapter 12

This week:
It would make our lives as network administrators much easier if the secure networks we built never needed monitoring or fine tuning. In that perfect world, we would set them up and they would work forever with no issues. Networks are only as secure as their next exploit, and they must be constantly monitored and upgraded to recognize and mitigate evolving threats. However, the act of monitoring a network is made more difficult by the security constraints that we implement. Therefore, we need to know the strong points and limitations of network management architectures.

Our lesson examines one such architecture based on Simple Network Management Protocol (SNMP). We will discuss the standards that define it, the elements it is composed of, and the data it collects. Now, let's get started.

Assignment 11_1 (On-line Quiz)

Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.

You need to take the quiz by the end of the week to earn credit.

Assignment 11_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.

1. What is view-based access control and what is it used for. In your answer provide an example of where you might use it.

2. As a lead-in to this week's reading assignment, the author provides a quote from The Art of War by Sun Tzu. How does that quote relate to Network Management Security?

3. What is a Management Information Base (MIB) and what is is used for in SNMP? Provide examples.

4. Why was SNMPv3 developed? How does it improve security over versions 1 and 2?

5. What is the meaning of the term principal, as used when describing SNMP? How does this term relate to a principal as used in Kerberos standards?

6. Put your hacking hat on for this question. If you wanted to attack SNMP, how might you do it? What would be the objective of your attack? In your answer, you get to pick the version for your attack.

7. Why would you want SNMP installed on your network and how would it improve security. Please note that, "It won't improve security and I don't want it," is not an acceptable answer.

8. What are the main modules in a traditional SNMP Engine, and what does each do?

9. What is an SNMP community? Should each community be secured the same. Explain your answer and provide an example.

10. Why is authentication and authorization required in SNMP. Explain what might happen if SNMP didn't provide for either one.

Our trivia question for the week: What is Code Red (not the drink), when did it originate, and what did it do to Cisco 675 and 678 routers?
General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 11_3 (Attach to this assignment)
Review the diagram of an example distributed network management configuration on P 12-9 of our reading assignment. For each different element shown, describe its roles and function.
Save your description to a Microsoft Word document as CYBR515 Assignment 11_3 and attach it to this assignment.


Assignment 11.4 Milestone 5 (Due next week)
You should devote some time to the Milestone 5 submission for your semester project this week. The next set of deliverables are due on the last day of Week 12. Get started as soon as you can to avoid the last minute rush.