Cyber Operations and Risk Management Briefing

As a synthesis of all prior steps in this project, you will now develop and submit the first component of your deliverable to your CISO: the Cyber Operations and Risk Management Briefing. The briefing will consist of a written evaluation and video presentation. Each team member should develop his or her own briefing, and submit independently. Research and evaluate the maintenance requirements for each option identified in the software development matrix you submitted in the previous step. What resources and processes are required for each option? You should also address the schedule to implement the recommended software and identify any potential impacts to the mission, any vulnerabilities or risks, and the likelihood of success.

OO Final Project

Requirements
For the final project, you are to design and develop a Java application that you choose. The goal of the final project is for you to combine the things that you've learned this semester into a working and useful application. The best project idea is something that interests you! This is also an opportunity to develop something that you can put in your portfolio to show a prospective employer.
The scope of the application you develop is something you can design and develop in the time remaining in the semester. The application should not be trivial, but it should also not be so big and complex that you are unable to finish and test it.
Due date: 11:59pm, Friday, Reading Day
Program name: You may choose any name that is appropriate for your application’s main class. But, as has been the case with other programming challenges the name is to begin with your pawprint with the first letter capitalized and the other letters in lower case. The remainder of the name is to be camel-cased. For example, if the application is to be named DocumentEditor and the pawprint is abcxyz9 then the main class name is to be named Abcxyz9DocumentEditor.
Language: Java 8 SE
Tools: NetBeans IDE and JavaFX Scene Builder UI
Development: The application’s user interface is to be created using JavaFX. Scene Builder should be used to develop the interface based on FXML. If you choose to develop the interface using code to create the JavaFX objects rather than using FXML created by Scene Builder then you need to present a good reason for doing so in the final project documentation.
Architecture: The application is to be built on the Model View Controller (MVC) architecture as shown in class.
 Required Elements: The following are elements that are required to be included in the application:
 1. Object oriented elements that you write the code for:
 a. Classes.
 b. Subclasses.
 c. At least one abstract class
d. At least one Interface
 2. Code elements that you utilize:
 a. One or more collection classes.
 b. Exception Handling.
3. The application must have a clearly defined model (as in the M in MVC). OO Final Project
4. The UI must utilize multiple scenes and at least one of the scenes will have the contents of the scene graph changed based on the application state.
 5. There must be a way to access “About” information that includes information about you and the application.
 6. The application must save data and load data. The target for saving/loading data can be files, a network service, and/or a database.
 Expectations:
1. The application is functional for a defined activity, task, and purpose. The goal is to develop a complete application not just a pile of code that doesn’t serve a purpose.
 2. The user interface is useable, organized, and understandable.
 3. The code is well-structured and logically organized.
 4. The application you build is not to be trivial in simply meeting the requirements set forth in this document. Yes, you are to meet the requirements but you are also to build an application that has a purpose and delivers functionality or capability. The requirements are parameters to be used in design and implementation of the application. They are not intended to be the end product.
 5. You should design and build an application that you would be happy to show a prospective employer or client. Documentation: A document is to be written titled “ProjectDocumentation” that is a plain text file (.txt) or a PDF (.pdf) and included in the zip file for the project that describes how you met the requirements provided in this document. You should be able to point to instances in your application where the requirements have been met. This means, you should name which requirement you are meeting, label which file it is in, and which lines of code the requirement is accomplished on. This document is for your protection!! If the grader/instructor must search your application’s code to find the places where you met the requirements then they may miss where you met them. This document should be like you are looking over the shoulder of the grader and saying, "Yeah, right there is where I have the code that allows you to save data to a file." By explicitly identifying how you met the criteria the grader/instructor can be sure they are not missing something. It will also save time for the grader that is in short supply during finals week. Easy to find things --> makes grader happy --> good grade. UML: A UML diagram of the application is to also be included in the zip file for the project. The UML diagram can be a PDF, PNG, JPG, or GIF file with a base name of PawprintUML. So, for example if the file is a PDF and your pawprint is Abcxyz9, it is to be called Abcxyz9UML.pdf. NOTE: If you have any questions about the requirements, what you can do, or if you are unsure about a project idea, then feel free to run it by the TAs to double check. It will be wise to check your project by the TAs during office hours to determine if you have met the requirements before submission. If you have any other questions, then ask the TAs or come by office hours. TAs will not check whether you have satisfied the requirements via email. However, you can ask general questions via email. 

Ex-filtration cyber attack

Introduction

There was an incident where an attacker successfully transferred files from the web server. The attack is known as ex-filtration and it was detected by the hosting nation intrusion detection system. The type of attack might result in web servers being vulnerable to other attacks such as denial of services. The attack is from within the member nations attending the conference and it should be stopped before it spreads further. Ex-filtration is a dangerous type of attack because it enables an attack to access resources they are not authorized. The kind of attack might result in major problems since nations keep highly classified information that should never be accessible to other nations at any given period of time. The source of data leak and the tools used to perform the attack should be identified and necessary steps put in place to stop such an attack from happening in the coming future. The resources being targeted should be made unavailable until the web server targeted and the whole network has be secured. The protocols for accessing the resources should be changed so as to give the team an ample time to solve the problem.

Analysis

Wireshark is a dynamic tool capable of sniffing and capturing network activities. Using the tool it is established that a total of 1,907,899 packets were sent over the period of the attack. The participants were computer A and B, computer A sent a total of 1,864,853 and computer B sent a total of 43,046 packets. A total of 170 mega bytes were sent over the total conversation, computer A sent a total of 143 mega bytes and computer B sent a total of 26 mega bytes.  The conversation took a total of 358.3253 seconds; this is the total time the ex-filtration took place.

After the wireshark capture is parsed the process of identifying the time the attack begin starts and it is indicated as 21:59:17.432035000. That is the period the attackers were able to actively copy files from the web server. The protocol the attackers utilized is the UDP and the destination port affected was port 55. Port 55 makes it possible for messages to be transferred from one computer to another and it is utilized in the internet network layer, transport layer and session layer.  The IP address of the web server affected is 192.168.19.111 and the IP addresses for the system the attackers used is 192.168.10.101. The total size of the packet transferred successfully by the attackers to their system is 74 bytes. The system administrator was alerted by the host monitoring system using the user datagram protocol.

Using UDP flood unicorn to perform the denial of service attack is relatively easy. It is done by entering the target IP address and for our case the target is 192.168.19.111 and the target port is 55. The packet size for the attack can be any amount but for testing case 1 KB is enough. Performing a denial of service attack is simple because there are different types of tools available to aid in the process. There is a increase in HTTP request sent to the internal web server and it might be linked to the attack. The resources that is receiving more requests is the /worldpress/randomfile1 HTTP/1.1\r\n. That is the targeted resource in the internal web server and the attackers might be aiming at copying the file or making it inaccessible through the denial of service attack.

The servers’ HTTP response code is 500 and it means the internal server encountered a problem and could not fulfill the required request. The error means that the resource cannot be accessed by legitimate users of the resource due to a problem the server is encountering and it might be linked to the increase in requests to the server. The IP of the computer requesting the resource resulting in the error is 192.168.10.101 and it is the attacking computer. The attacker user-agent for the request is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n.

The type of web server that is occurring is distributed denial of service attack this is because the resource targeted cannot be accessed by legitimate users. The attackers are also performing a SQL injection to the web server. The abnormal requests send by attackers is 404 not fount (text/html). This is because the request send by attackers are not available hence the error code is displayed. The URL being used by the attackers to perform on distributed denial of service is /wordpress/web/BetaBlockModules/EnableModule/EnableModule.php?path_prefix-http://cirt.net/rfil_.

More attacks are being performed to the web server by sending of abnormal GET requests. The nature of the attack is brute force hacking. This is evident due to the HTTP response code returned for the abnormal requests. The HTTP/1.1 Bad Request (text/html) signifies that the server is receiver bad requests from the attackers. The user-agent for the request received from the attackers is Mozilla/5.00.

There is a repetition of username and password being used by the attacker during the brute force attack. The password and usernames being repeated are located in the root/password folder it is evident by the traffic captured using wireshark tool. The user-agents contained in the attack requests is Mozilla/5.00. The HTTP response code returned for the attack requests sent is HTTP/1.1 404 Not Found (text/html).

The interesting repetition string value is responsible for the denial of service experienced. The user-agent for the interesting string is Mozilla/5.00 and the HTTP response code for the request is HTTP/1.1 Not Found (text/html). The user-agent Mozilla/5.00 points at Nikto web server testing tool. The tool is the one responsible for the attacks the web server is under-going at the moment.

Findings

·         The system is under the following types of attack.

1.      Distributed denial of service

2.      SQL injection

3.      Brute force attack

·         Nikto tool is being used by the attackers to hack the web server

·         The IP address for the victim web server is 192.168.19.111

·         The IP address of the computer being used by attackers is 192.168.10.101

·         The port number affected by the attack is 55

Recommendations

I would recommend that the system administrator blocks traffic from IP address 192.168.10.101 for accessing the network. It can be done by adding the policy on the firewall or configuring the intrusion detection system to drop traffic from the IP address. The port 55 should be blocked using the firewall to reduce its vulnerability of leaking data through ex-filtration. The system administrator should also configure their firewall and intrusion detection and penetration systems to drop traffic to /wordpress/web/BetaBlockModules/EnableModule/EnableModule.php?path_prefix-http://cirt.net/rfil_ and /worldpress/randomfile1 HTTP/1.1\r\n. This should be done until the problem is resolved so as to reduce more attacks to the network resulting in major damages.

Works Cited

Jaiswal, A., Raj, G., & Singh, D. (2014). Security Testing of Web Applications: Issues and

Challenges. International Journal of Computer Applications , 26-30.

Ullah, F., Edwards, M. a., Ramdhany, R., Chitchyan, R., Babar, M. A., & Awais, R. (2018). Data

Exfiltration:A Review of External Attack Vectors and Countermeasures. Journal of Network and Computer Applications , 18-54.

Ullah, F., Edwards, M., Ramdhany, R., & Chitchyan, R. (2017). Data Exfiltration: A Review of

External Attack Vectors and Countermeasures. Journal of Network and Computer Applications , 2-13.

Big Data and its Business Impacts

Research paper basics:

•      8 pages inlength

•      APAformatted

•      Minimum six (6) sources – at least two (2)from peer reviewedjournals

•      Include an abstract, introduction, andconclusion

•      Use an Compelling Chart, Table, or Map to Illustrate Something in the Paper

•      Intext citations

Don’t forget the headings.

Functions of DNS and DHCP in Windows(R) Server 2012

Description

write a 1- to 2-page (400 words)`24678 technical document on the installation and configuration of DNS and DHCP in Windows®Server 2012 for Wadley, Inc. This will become part of the final install, configuration, and support plan for Wadley.

Include the following:

How to install DNS and configure it, including the DNS tree
Explain ongoing monitoring and management of server installation
Recommendations for utilizing Hyper-V®
Format according to APA guidelines.

Security & Safety in IFF – Assessment Task 2

Scenario for questions 1 - 10
Your company provides freight forwarding services along with operating a freight storage warehouse in Sydney.
You have been asked by your manager to review the Transport Security Plan (TSP) for your company.
Question 1
Briefly describe the purpose of a TSP.
Question 2
What are 2 INTERNAL (within your company) resources that you can use to do the TSP assessment?
Question 3
What are 2 EXTERNAL (outside of your company) resources that you can use to do the TSP assessment?
Question 4
Provide a link or contact information for your responses to question #3.
Question 5
How often and why should the TSP be reviewed?
Question 6
Who is accountable for ensuring the TSP is reviewed and contains the correct information to resolve a safety or security situation?
Question
7 What is your recommendation on how to train the employees in your company on the content of the TSP?
Question 8
What is a key performance indicator (KPI) that you can use to determine the effectiveness of the SAFETY section of your TSP?
Question 9
What is a key performance indicator (KPI) that you can use to determine the effectiveness of the SECURITY section of your TSP?
Question 10
You have a security concern about the upcoming storage of several high value containers in your warehouse for the next 2 days. You do not have time or the budget to purchase and install new security equipment. Your warehouse does have basic security measures installed such as internal and external lighting, door locks and video cameras. Given the budget and timing constraints, outline at least 3 security measures that can you implement to reduce risk of theft or damage to these high valued containers?
Question 11
A. What current Australian legislation applies to:
I. ASIC (Aviation Security Identification Card)
II. MSIC (Maritime Security Identification Card)
B. Who are the issuing bodies for?
I. ASIC Identification Card
II. MSIC Identification card

UNIFIED COMMUNICATIONS AT BOEING

Discussion Points
1. Some virtual teams at Boeing have discussions focused on military aircraft. Do some Internet research on UC security mechanisms and identify and briefly describe several that Boeing should have in place to ensure the privacy and integrity of such discussions.

2. To what extent do the UC benefits experienced by Boeing mirror those of other firms that have deployed UC capabilities over converged IP networks?

3. To date, Boeing has not implemented the full range of capabilities available through UC systems. If you were the CIO at Boeing, what additional UC capabilities would you implement? What benefits would you expect Boeing to derive from deploying these capabilities?

Sources
[MICR10] Microsoft Case Studies. “Boeing Expects to Lower Costs and Improve Productivity with Messaging Solution.” March 16, 2010. Retrieved online at: http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid =4000006703.
[MICR11] Microsoft Case Studies. “Boeing Promotes Knowledge Sharing for Global Workforce with Communications Solution.” April 29, 2011. Retrieved online at: http://www.microsoft.com/casestudies/Microsoft-Lync-Server2010/Boeing/Boeing-Promotes-Knowledge-Sharing-for-Global-Workforcewith-Communications-Solution/4000009654.
[REED08] Reed, B. “AT&T snags big Boeing voice/data contract.” NetworkWorld. August 12, 2008. Retrieved online at: http://www.networkworld.com/news/2008/081208-boeing-att-contract.html