BMIS 664
Threat Interception Project Assignment Instructions
Overview
When accessing the Internet via wireless methodologies, a certain level of protection has been granted to the users. This protection is largely due to the many types of security protocols that have been developed. Without these different security protocols, users would not be able to engage in the activity that they have become accustomed to on the Internet. In order to preserve this freedom with which users utilize the Internet, IT professionals must have both a thorough understanding of the primary forms of security protocols as well as how each security protocol functions.
One of the best methods that can be utilized to minimize security threats is by intercepting these attacks before they are successfully utilized. Three security protocols that are used to achieve this include Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Private Communications Transport (PCT). Do any other security protocols exist? Research one additional modern security protocol and add this to your analysis.
Instructions
Assume that you are the information security officer of a business, and you must evaluate these four (4) security protocols in order to determine which should be implemented in your organization. Analyze the protocols on at least two (2) different operating systems from a threat interception standpoint. Use current threat and vulnerability data when performing this assessment. US-CERT, the United States Computer Emergency Readiness Team, is one example of a U.S. Department that has information on current threats to information systems. Regardless, many other public and private sector organizations can be used as long as they are credible.
In order to perform this analysis, if you do not have access to two different physical workstations with different operating systems, it is recommended you use virtual machines. VMware and Oracle VirtualBox are examples. Search for either and download them free of charge. Subsequently, you can use open source pre-built images or install from the operating system ISO images. For instance, Kali Linux is a popular operating system that has the tools to do this analysis. Search “Kali Linux VirtualBox Image” to find a virtual box image pre-installed with Kali Linux.
In your analysis, be sure to assess the threats that each protocol is likely to mitigate or prevent and evaluate the strengths and weaknesses associated with each of these protocols. Be sure to include the following in your project:
· A properly formatted APA paper;
· Screenshots with visible OS dates of the network security threat assessments on the two different operating systems, at least one OS being Linux, using relevant security tools on Kali Linux or Linux alternatives;
· Justification and use of appropriate security tools to demonstrate and evaluate the vulnerability of intercepting information from each of the four (4) networking protocols;
· A review ...
1. BMIS 664
Threat Interception Project Assignment Instructions
Overview
When accessing the Internet via wireless methodologies, a
certain level of protection has been granted to the users. This
protection is largely due to the many types of security protocols
that have been developed. Without these different security
protocols, users would not be able to engage in the activity that
they have become accustomed to on the Internet. In order to
preserve this freedom with which users utilize the Internet, IT
professionals must have both a thorough understanding of the
primary forms of security protocols as well as how each
security protocol functions.
One of the best methods that can be utilized to minimize
security threats is by intercepting these attacks before they are
successfully utilized. Three security protocols that are used to
achieve this include Transport Layer Security (TLS), Secure
Sockets Layer (SSL), and Private Communications Transport
(PCT). Do any other security protocols exist? Research one
additional modern security protocol and add this to your
analysis.
Instructions
Assume that you are the information security officer of a
business, and you must evaluate these four (4) security
protocols in order to determine which should be implemented in
your organization. Analyze the protocols on at least two (2)
different operating systems from a threat interception
standpoint. Use current threat and vulnerability data when
performing this assessment. US-CERT, the United States
Computer Emergency Readiness Team, is one example of a U.S.
Department that has information on current threats to
information systems. Regardless, many other public and private
sector organizations can be used as long as they are credible.
In order to perform this analysis, if you do not have access to
2. two different physical workstations with different operating
systems, it is recommended you use virtual machines. VMware
and Oracle VirtualBox are examples. Search for either and
download them free of charge. Subsequentl y, you can use open
source pre-built images or install from the operating system ISO
images. For instance, Kali Linux is a popular operating system
that has the tools to do this analysis. Search “Kali Linux
VirtualBox Image” to find a virtual box image pre-installed
with Kali Linux.
In your analysis, be sure to assess the threats that each protocol
is likely to mitigate or prevent and evaluate the strengths and
weaknesses associated with each of these protocols. Be sure to
include the following in your project:
· A properly formatted APA paper;
· Screenshots with visible OS dates of the network security
threat assessments on the two different operating systems, at
least one OS being Linux, using relevant security tools on Kali
Linux or Linux alternatives;
· Justification and use of appropriate security tools to
demonstrate and evaluate the vulnerability of intercepting
information from each of the four (4) networking protocols;
· A review of which safeguards the organization could
implement to guard against these attacks, and
· A well supported report regarding the most advantageous
safeguard/mitigating factors of the network security threats your
project addresses;
· Hint: Create Microsoft Excel spreadsheets that list the
operating systems, security assessments, tools used, four (4)
networking protocols, and findings from the threat interceptions
that occurred;
· Your project must be a minimum of 1500 words and must
contain at least 7 peer-reviewed sources;
· Before being graded, all code, security tool logs/reports,
server logs, access control rules, and diagrams (each) must
include screenshots with a valid OS date/timestamp and a
unique piece of data that shows completion on the student’s
3. Kali Linux distribution or relevant alternative security OS.
Include the screenshots in appendices in your written paper.
Page 2 of 2
Criteria Ratings Points
Demonstrates
content
mastery and a
well-rounded
understanding
of security in a
written report.
30 to >27.0 pts
Advanced
APA written report
demonstrates clear
content mastery,
exceeds the instruction
requirements, uses
data from a working
virtual machine (VM)
environment, and uses
strong scholarly
support within the
evaluations. Cyber
security frameworks,
standards, and
research results are
represented accurately
and rigorously appraise
4. network packet,
protocols, and threat
interventions.
27 to >24.0 pts
Proficient
APA written report
demonstrates content
comprehension, meets
less than 90% of the
instruction
requirements, uses
data from a working
virtual machine (VM)
environment, and uses
proper scholarly
support within the
evaluations and/or
cyber security
frameworks, standards,
and research results
are mostly represented
accurately and/or
appropriately appraise
network packet,
protocols, and threat
interventions.
24 to >0.0 pts
Developing
APA written report
demonstrates
5. inadequate content
comprehension and/or
meets less than 70% of
the instruction
requirements, uses
data from a working
virtual machine (VM)
environment, and/or
uses irrelevant
scholarly support within
the evaluations and/or
cyber security
frameworks, standards,
and research results
are not always
represented accurately
and/or appropriately
appraise network
packet, protocols, and
threat interventions.
0 pts
Not Present
No data from
Linux and
other virtual
machines
and/or misses
over 90% of
the instruction
requirements
and/or does
not provide
evidence of
6. subject
mastery and/or
more than
90% of the
instruction
requirements
are unmet.
30 pts
Threat Interception Project Grading Rubric |
BMIS664_D01_202140
Criteria Ratings Points
Demonstrates
excellent use
of security
knowledge,
appropriate
evaluations of
security
components,
and use of
proper
assessment
frameworks,
standards,
and tools
through a
Linux and
subsequent
operating
system.
7. 33 to >29.0 pts
Advanced
Excellent emulation in
a real virtual machine
(VM) environment and
evaluation of over four
(4) unique networking
protocols and packet
interventions using
Linux. Optimal use of
graphs and
spreadsheets that
compare the criterion.
Indicates a
comprehensive
knowledge of
evaluating modern
cyber security threat
and packet
interventions, uses a
minimum of two (2)
unique security
operating systems, at
least one (1) being
Linux, to perform
accurate evaluations of
security components,
and applies proper
assessment
frameworks, standards,
and security
applications.
8. 29 to >27.0 pts
Proficient
Proper emulation in a
real virtual machine
(VM) environment and
evaluation of over four
(4) unique networking
protocols and packet
interventions using
Linux and/or good use
of graphs and
spreadsheets that
compare the criterion
and/or indicates an
adequate knowledge of
evaluating modern
cyber security threat
and packet
interventions and uses
a minimum of two (2)
unique security
operating systems, at
least one (1) being
Linux, to perform
accurate evaluations of
security components,
and applies proper
assessment
frameworks, standards,
and security
applications.
27 to >0.0 pts
9. Developing
Some emulation in a
real virtual machine
(VM) environment and
evaluation of over four
(4) unique networking
protocols and packet
interventions using
Linux and/or inadequate
use of graphs and
spreadsheets that
compare the criterion
and/or indicates an
inadequate knowledge
of evaluating modern
cyber security threats
and packet
interventions and/or
uses a minimum of two
(2) unique security
operating systems, at
least one (1) being
Linux, to perform
evaluations of security
components, and/or
applies inadequate
assessment
frameworks, standards,
and security
applications.
0 pts
Not Present
10. No emulation
of network
security threat
and packet
interventions
using Linux
virtual
machines
and/or misses
over 90% of
the instruction
requirements
and/or does
not provide
evidence of
subject
mastery and/or
proper
screenshots
are not
included with a
visible OS
date/time
and/or does
not use proper
security
operating
systems
including at
least one (1)
Linux
operating
system.
33 pts
11. Threat Interception Project Grading Rubric |
BMIS664_D01_202140
Criteria Ratings Points
APA,
Grammar,
Requirements,
and Spelling
27 to >24.0 pts
Advanced
Word count of over
1,800 words that are
applicable to cyber
security evaluation.
Use of over 7 scholarly
research articles that
are current and
relevant to the security
assessment. Correct
spelling and grammar
used. Fewer than 2
errors in grammar or
spelling that distract
the reader from the
content and/or minimal
errors (1-2) noted in
the interpretation or
execution of proper
APA format. Security
evaluation and report
12. indicates excellent
comprehension of the
discipline, is sufficient
in level of detail, and is
of original authorship
and work.
24 to >22.0 pts
Proficient
Less than 90% of the
required word count
that is applicable to
cyber security
evaluation and/or less
than 90% of the
required scholarly
research articles that
are current and
relevant to the security
assessment and/or
contains fewer than 4
errors in grammar or
spelling that distract the
reader from the content
and/or few errors (3-4)
noted in the
interpretation or
execution of proper
APA format and/or
security evaluation and
report indicates
comprehension of the
subject, is sufficient in
level of detail, and is of
13. original authorship and
work.
22 to >0.0 pts
Developing
Less than 70% of the
required word count
that is applicable to
cyber security
evaluation and/or less
than 70% of the
required scholarly
research articles that
are current and relevant
to the security
assessment and/or
contains more than 4
errors in grammar or
spelling that distract the
reader from the content
and/or more than 4
errors in the
interpretation or
execution of proper APA
format and/or security
evaluation and report
indicates inadequate
comprehension of the
subject and/or is
insufficient in level of
detail and/or is of
original authorship and
work.
14. 0 pts
Not Present
Misses over
90% of the
instruction
requirements
and/or does
not cite or
paraphrase
correctly by
giving proper
in-text citation
to the original
author(s)
and/or does
not include
proper
screenshots
with a visible
OS date/time
and/or
consistent
APA,
grammar,
and/or spelling
errors exist.
27 pts
Total Points: 90
Threat Interception Project Grading Rubric |
BMIS664_D01_202140