IT Department Roadmap | National Management Olympiad Season 4
Backup of FinalExam-EssayQ-Mon
1. Eunice Park
This is my final exam submission Professor Park. I thoroughly enjoyed your class with your charismatic spirit
and enthusiasmin this course. This information was animated to me in a way that I was able to understand according
to the sincerity of your time taken to include the class in discussion and lecture. I can tell you took your time to
search and find videos, which made the class entertaining. These factors concerning your teachingstyle are the likely
precursor to me deciding to specialize in info sec. I wanted to thank you for allowing me the opportunity to be in your
class itwas such a wonderful and upliftingexperience! I wish the best for you thank you for the memories
G e o r g i a S t a t e S p r i n g 2 0 1 4
Fares Sharif Final Exam
2. CIS 4680 Final Exam
2
Final Exam Questions
Name: ______Fares Sharif____________
Date: ______5/2/2104____________
1. (Case) Internet Shopping House (ISH) (an imaginary company) is a small online business that
has around 100 employees. It handles thousands of online transactions in a day by buying and
selling sports goods from buyers and sellers. The company aims at protecting its ‘web server’
from insider and outsider attacks. Now you need to design network security architecture.
Write a unified essay in which you perform the following tasks. (1) Design the secure network
architecture (e.g., location of web server, type of firewall, and other types of network security
devices) (You can draw the network architecture and describe it). Support your position by
providing reasons or evidences. (2) Identify appropriate ‘cryptographic tools’ and ‘protocols’
that can assure secure business transactions with your business partners and support your
position with reasons or evidences (25 points).
Using security programs can create architecture for this network.
These are used. The selection in particular for this will be for the goal of
future success for this small company. The architecture has to be thought
out in a very supplementary manner to the organizations goals initially
speaking. So whether so the primary goal of this architecture is going to be
a firewall.
We know that the company for example is a small company relatively
speaking. Therefore I suggest a small modem made for such a case.
Something such as a SonicWall TZ 200.This firewall starts at somewhere
around three hundred dollars. It supplements the company perfectly and
gives it exactly what it needs to flourish and develop. The location of the
web server depends entirely on the company’s manager. Depending on that
entirety is the amount of discretion and free will the manager might be.
?
3. CIS 4680 Final Exam
3
Managers can choose for their clients to be allowed a certain exponentially
effective cryptographic number combination that is strong. Thus, avoiding
the problem that many software development studies and developers face
when they use numbers that either aren’t random enough or aren’t strong
enough to secure their network. So that things such as command injection
hacks do not occur. This company is dealing with online transactions,
therefore use of this hardware with the proper installation should take care
of the initial wireless tracking of online customers by having filtering for
false keys so that hackers do not access random bank accounts and attempt
to purchase information which can lose the company money and the
cardholder loss of faith in their bank account and online shopping in
general. Cryptography has been defined as the process of making and using
codes to secure the transmission of information. Cryptographic tools are
the tools we will use to secure effective and safe Internet business
transactions. The cryptographic tools potential areas of use can include
both the ability to conceal the contents of sensitive messages, as well as the
verification of message contents and identities of their senders. Tools we
should incorporate through the use of this firewall include the integrated
system of software, encryption methodologies, protocols, legal agreements,
and third party services enabling users to communicate securely:
The securing of the web transactions for this small company should be done
through the SET or secure electronic transactions developed by MasterCard
and Visa. Company further can then allow DES encryption of credit card
4. CIS 4680 Final Exam
4
information to protect transfers against the fraudulent transfers for their
sporting goods. The security of sporting goods sales can be done on the
Internet traffic and as well as the credit card swipe system in retail stores. If
a customer decides they want to make up and create an account due to
frequent purchase, they should be careful however of cookie storage of such
credit card information to further protect from fraudulent charges. Wi-Fi
network can require a WPA and WPA2 protected password account to have
the protocol of the company be protected by requiring a complex password
by the manager and employees which expires every 120 days or so.
Implementation of the IPSec open-source protocol framework could also
additionally add security development within the TCP/IP framework for
security development under the protocol of standards. If this however
doesn’t suffice and is outdated, the implementation of the PGP hybrid
cryptosystem uses a combination of cryptographic algorithms to be used as
open source de facto standard for encryption and authentication of e-mail
and file storage applications. This is also applicable because this
cryptosystem is economically efficient with low cost commercial versions
online and available for download or torrent. The six services of PGP
solution allow for digital signature authorization, message encryption,
compatibility of e-mails and segmentation while finally key management.
The overall depending success of the encryption tools and the protocols is
dependent on the management structure and code of conduct for the online
interaction between employees and clients. This also depends on the
acceptance of company policy agreement checkboxes on the websites open
server that can agree to the company disregarding liability of fraudulence
and hence avoiding loss on the sales done illegally. ISH is a company that
buys and sells sports goods to and from other customers. Operating as the
middleman, much traffic is going on and many keys are constantly being
sent and received. Therefore ideally the firewall and cryptographic tools in
addition to protocol should be cohesively efficient without gaps. This
requires synchronization of the systems from the manager and
communicating these urgencies for security precaution.
Finally, an illustration of a packet filtering router will be used to
incorporate the first generation firewall from allowing unwanted
information inside the company.
5. CIS 4680 Final Exam
5
2. (Case) HappyOnlineBookStore, which is a small online business company, sells and buys
new/old books. It has two branches across the southern part of Georgia. In its data center, tens of
servers support online transactions. Administrators in the data center are monitoring the network
activities. Currently, the company makes a great effort to provide customers with fast,
convenient, and secure service.
Write a unified essay in which you perform the following tasks. (1) Identify proper type(s) of
IDPS for the HappyOnlineBookStore case and support your position by providing explanation.
(2) Identify appropriate IDPS detection method(s) that can detect DoS and DDos attacks during
normal system usages and support your position. (3) Discuss other security tools and
scanning/analysis tools that the administrator can use together with the IDPS (25 points).
Happy Online Books Store is a small business and has two branches and
one data center with tens of servers to support the online transactions.
Administrators monitor the data and network activities in that center. The
first question I am asked is to identify the proper IDPS detection method
for this company and support your position by providing explanation. The
first thing is the IDPS is defined as the intrusion detection and prevention
systems. These are designed to protect an organizations asset dependent on
the people and the controls. Therefore, we are going to establish this IDPS
in particular to prevent from intrusion by such means as a virus or a DDoS
attack. We know that we have to detect the intrusion as the first step, react
to the intrusion as the following step, and finally we have to correct the
intrusion as the third step. This will insure that the procedures of all the
systems created and operated to detect the intrusions are encompassed by
actions and finalize by restoring the operations back to their normal state.
The first decision we have to make as the managers of this company is what
IDPS detection methods we choose to use and explain the beneficial factors
of each. Then through examination I will select the most appropriate choice
of the options available for this company. This honeycomb illustration will
attempt to bring forth the different security tools and scanning analysis
tools that an administrator can use in alliance with the IDPS. Following the
illustration is a summarizing conclusive decision as to which method is
most appropriate.
6. CIS 4680 Final Exam
6
Network-
based
•focus on network
info asses
abnormalities
Host-Based
•benchmark&
monitor intruder
Signature-
based
•searches data
patters
IDPS types
7. CIS 4680 Final Exam
7
The question now boils down to which one to decide for this small
company. My personal opinion is that they should use a network based
IDPS operating system. It seems the only one feasible with the small
amounts of supervisors who walk about concerned to see whether or not
the service is being conducted in an orthodox manner.
The question just boils down to management style. This group wants to
conduct a fast and convenient secure service. They would not want to use
signature based because it requires continuous updating and would take to
long to update every network and computer. They most certainly would not
want host based because host based is far too complex and analytical and
requires a much higher amount of monitoring than does network based
monitoring. Network based seems the most feasible and practical solution
in my opinion as concerning the needs of the company and needs of the
customers. Indeed it does have drawbacks of its own, yet it still operates in
the most formidable manner considering the circumstances that have
arisen from a result of the lesser options.
NIDPS can use signature matching to detect attacks or attack patterns. They
can implement the TCP/IP stack and use the protocol stack verification.
This would insure the quick and efficient selling of books from company to
customer. Additionally, the in app protocol verification can examine
unexpected pattern behavior or improper use. The improper use of
patterns can then be identified, assessed, and eventually corrected in a
proper and normal matter.
This determination whether or not attacks seem to be infiltrating is
interpreted by the attack patterns. These attack patterns are measured into
known signatures. This can be the company’s defense when dealing with
unknown signatures trying to buy books or use fraudulent credit cards. The
knowledge base has known signatures to compare the network traffic
8. CIS 4680 Final Exam
8
trapped that was seen as a threat. TCP/IP stacks verify these packets and
apply the protocol stack for the application verification of that protocol.
Notifications of hacked attacks can be sent to the network administrators
for further termination of the hacked packets and information. The
network can be installed somewhere on the database where it can be safely
monitored. This can be installed on either the inside or the outside of the
company’s router. They can also use the NIDPS in between the other
computers on the network to ensure that all the ten computers they have
are not affected. Stateful protocol analysis is similar and is a tool that can
be used because it stores and uses the relevant data detected in a session to
show the possible intrusions. Comparing predetermined profile definitions
of benign activity is similar to the TCP/IP stack verification and is another
way that this tool can be successfully used. It can also record the deviations
to be sent back to the manager as an alert that someone is trying to hack the
system. Honeypots can additionally be used to encourage people who are
trying to hack the system to internally damage them by reversing the hack.
Diversion and collection about hackers activity and critical systems
encourage the hacker to stay long enough until notification is received by
the NIDPS system and the problem is resolved that way. These honeypots
can all one honey net.
9. CIS 4680 Final Exam
9
3. (Case) On June 12, 2013, fire damaged the Atlanta factory in HighTechAuto Manufacturing
Company that produces auto parts for GM (General Motors). The Atlanta factory lost raw
materials and finished goods. Also the fire damaged most of auto part manufacturing machines.
Write a unified essay in which you perform the following tasks. (1) Identify proper contingency
plan(s) to assure recovering the main factory and continuous business availability in a secondary
site and support your position. (2) Discuss the steps to recover this situation from the fire in
detail (25 points).
Contingency plans is defined as the entire planning conducted by the
organization to prepare for, react to, and recover from events that threaten
the security of information and information assets in the organization. It
also encompasses the subsequent restoration of modes deemed as normal
and regular to the mode of daily business operations. If this was my
company and I was the manager, I would have presumed to have already
had IRP planning ready and available.
IRP is considered the incident response planning. It is the planning process
associated with identify the classified problem, and then the ability to
recover and respond to a particular situation which in this case, has to do
with a manufacturing company and equipment. Heavy machinery that
could have been inside the buildings when they burnt down may still be
salvageable depending on the severity of the fire and the burns inflicted on
such heavy machinery. Depending on the context, this fire could be seen as
well as DRP and BCP. The terms DRP term the disaster recovery plan. The
term is also closely linked and often defined to a further sense as BCP.
Which we will cover as one of the questions follow this one. As BCP is
primarily associated with DRP simultaneously and is applicable to the
damage being major or long term. The simple restoration of information
with information resources is also important in the contingency plan.
Depending on which extent the fire reached and how bad it really made life
for some people is the reasoning for the status of the situation escalating.
The plans to recover the machinery in my eyes would be done by the
insurance company sending over contractors to salvage the machinery they
could and to use the property to either sell or rebuild my business. For the
time being however and the building is destroyed. Any natural resources
left or items that could be salvaged should be exported to the nearest
manufacturer. Or the purchase of a new facility is also an option as well.
However this is an ineffective way of managing resources and should be
avoided. The first thing the company should do or the manager should do is
to hire a professional to see whether the property is or is not applicable to
be built over again for further use in the future.
10. CIS 4680 Final Exam
10
The contingency plans for DRP are used to save the business
information that is stored that can be recovered from the disaster.
Unaffected computers and software that was saved and emailed could be
considered DRP. The first phase for this development of the CP process can
be identified as the business impact analysis or the BIA. It is an
investigation and assessment of the impact that various attacks can have on
the organization and takes up where the risk assessment process leaves off.
We assume that the controls have been bypassed, failed, or ineffective in
stopping the attack. The attack was therefore unsuccessful. We take the
following steps for the stages of the rebuilding of this company:
1. Threat attack identification
2. Business Unit analysis
3. Attack success scenarios
4. Potential damage assessment
5. Subordinate plan classification
The first step would be to have the threat attack identification and
prioritization to continue the business availability of this company. The
system has to be updated with the threat list already existing. The attack
profile has to be added and to be documented in order for the business to
eventually be ready again. The attack profile consists of detailed
descriptions of activities that occur during the attack. The fire must be
developed and be documented to show that a story was developed for every
serious threat that the organization faces. The attack profile should be
serious and determine the damage that could result to a business unit if the
attack was successful.
The second big task when assessing the BIA is the analysis and
prioritization of the company and its business functions within the
organization. This company was a manufacturer of auto parts for General
Motors. Therefore the most vital parts of the operations that make the most
profit have to be saved and assessed to see which of these are the most
essential to keeping the organization afloat. Efforts in function analysis
focus on the result of the prioritized list of the various functions an
organization prefers.
Following this is the attack success scenario development. This is when the
BIA team creates a series of scenarios depicting and predicting the boards
reaction and consequence. Then the potential damage assessment is talking
about how the cost of the best, worst, and most likely of the cases will be.
This will end the attack scenario case. The potential damage has been
assessed and each evaluated. Finally the subordinate ending plan is
classified to and from board members to take effective action during an
attack.
11. CIS 4680 Final Exam
11
The incident however in this case could be classified as a disaster. The
incident becomes a disaster when the organization is not able to decipher
the impact of an incident as it takes place. The level of damage or
destruction is so sever that typically it takes an organization a long time to
recover. Businesses need a blueprint for desired solution and applications
capable of providing needed services are selected. They also need data
support structures capable of providing need inputs identified and
technologies to implement physical solutions to be determined. Feasibility
analysis is to be performed at the end. This company essentially should
create a BCP, which stands for a business continuity plan. These plans are
strategic and long-term plan that encompasses the continuation of business
activities if a catastrophic event occurs. The loos of a database, building, or
operation center is what happened in this case. This is the primary
reasoning for BCP. The steps listed above when the scope or the scale
surpasses the DRP that in this case is true. A re-evaluation of priorities and
resources to be used for allocation and further sale should be done by
methods such as benchmarking to find out what the organization needs.
Transfer and allocation of all remaining intact resources on software or on
hardware need to be allocated to an alternate location to be conducted and
processed without being lost. The methods could be used as steps to save
the company from the fire if there was a proper risk control strategy done
through cost benefit analysis and a feasibility study. Followed by a
quantitative risk control and residual risk and residual appetite factors
were put into location. Leave the resources in an alternate location for long
enough so that the company can get back on its feet again and purchase a
new property.
4. (Case) Southern American Bank company provides online banking services and has ten
branches across the southern part of America. In its data center in Atlanta, thousands of servers
support online banking services. Administrators in the data center are monitoring the large
network activies.
12. CIS 4680 Final Exam
12
In risk management perspective, organizations should evaluate the tradeoffs between perfect
security and unlimited accessibility…Organizations should decide the level of risk appetite to
accept the tradeoffs (Whitman and Mattord 2011, Chapter 4).
Write a unified essay in which you perform the following tasks. (1) Explain what the above
statement means. (2) Imagine and describe two specific situations in which the Southern
American Bank company may pursue more ‘perfect security’ than ‘unlimited accessibility.’ (3)
Discuss what type of risk control strategies might be appropriate in such situations and provide
your justification for the selection of risk control strategy (25 points).
This statement above is talking about the opportunity cost a company has to
decide when it comes to their organizational security management. The
analysis is discussing the positive values of a tradeoff by making the
assumption that it is an ultimatum. Managers of these systems can either
have a system that is labeled as “perfect” or a system that “allows unlimited
access”.
From deducing the philosophy behind this statement, I will attempt to show
the advantages and disadvantages of both having too much and having to
little security. The level of risk assessed with bank accounts is a heavy
amount. Banks store personal information and keep electronic databases of
essential information people wish to retain. Nonetheless, if too much
security is added as a precautionary measure, online actions can be
hindered. Banks do not want to lose customers based on the online banking
bugs that might occur through too many security concerns caused by those
people also wanting their money to be safe. The safety of the IP address
attempting to log onto an individuals bank account could be them but using
an untrusted source such as a strangers cell phone or a friends laptop. The
bank wants to keep the customers but also wants their money to be safe.
Disabling cookies on stored devices might pose as a threat or maybe an
unauthorized key in the likes of some web development systems.
Organizations such as this bank have to identify what level of risk they can
live with. This quote is also a reference to the terminology called risk
appetite. Risk appetite involves the numerical value and organic natural
value of risk that a company is will to accept as trade-offs between perfect
security and unlimited accessibility. This is a very common risk
management discussion point that we discussed in class. Not every
organization has collective will to manage every vulnerability through
applying controls. Depending on the willingness for the bank to assume the
risk, the risk appetite is developed. We can never have truly perfect
security, but we can try to and we can limit much of the residual risk but
limit the accessibility of the company. Identifying the risk is the formal
process of documenting and examining the risk in information systems.
Risk controls are the steps in the process of taking carefully calculated
decisions to ensure the confidentiality, integrity, and availability of
components of an information system. Risk identification is a risk
13. CIS 4680 Final Exam
13
management strategy that identifies classification of the organizations
assets. The residual risk is the remaining information asset even after the
existing control is applied.
Risk control can be application of the five strategies used to control
risks from vulnerabilities, this includes
1. Defend
2. Transfer
3. Mitigate
4. Accept
5. Terminate
Following are two example scenarios to exemplify my reasoning:
Logging risk area Infastructure
Data integrity is
hindered by the useof
audittrails to
investigateissues. Loss
of audittrail &
integrity causes
confusion and hinders
service levels
Mitigating controls
Sendingbank audit
logs to a centralized
log server will send
alert mail from
matches that filter its
rulebase. Use tools for
HIPAA logging when
requirementsaremet
Results
Windowsserversfor
bank auditsdeploy
solutionsfor bad
auditson syslogbased
log client. Server
implementation of
security savesrisk of
bank information
14. CIS 4680 Final Exam
14
Personal Device Confidentiality
Hacker tries to steal
account information
stored on the server by
administering an attack
to withdraw money
from a bank account
Reactions
Host Based IDPS uses
benchmark activity on
master computer.
Host system detects
inconsistencies in audit
logs and decrypts
incoming traffic
Results
Identify hacker and
benchmark key systems
by examining records in
audit logs. Company can
identify and arrest
hacker