SlideShare a Scribd company logo

This week your focus should be on figuring out what the Red Team did.docx

Download as DOCX, PDF
J
juliennehar

This week your focus should be on figuring out what the Red Team did and how they did it. (See the - Incident Response Exercise & Report below - the detailed assignment description for the course final project).For your first posting this week, you must provide an analysis of the Red Team's report (as listed in the final project-check below). At a minimum you must identify and discuss three specific vulnerabilities that were exploited by the Red Team as part of its penetration testing. You will need to research similar types of attacks using Red Team or Ethical Hacking resources from the Internet.Final Project: Incident Response Exercise & Report Your Task You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5). Overview of the Incident Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers). The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters. Background Sifers-Grayson is a family owned business headquartered in G ...

Education
1 of 6
This week your focus should be on figuring out what the Red Team did and how they did it. (See the - Incident Response Exercise & Report below - the detailed assignment description for the course final project).For your first posting this week, you must provide an analysis of the Red Team's report (as listed in the final project-check below). At a minimum you must identify and discuss three specific vulnerabilities that were exploited by the Red Team as part of its penetration testing. You will need to research similar types of attacks using Red Team or Ethical Hacking resources from the Internet.Final Project: Incident Response Exercise & Report Your Task You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5). Overview of the Incident Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it
had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers). The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters. Background Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great- grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also serves as the head of personnel for the company. Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon the company and its R&D DevOps and SCADA labs operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply
with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson R&D DevOps and SCADA labs, is protected from unauthorized disclosure. This information includes software designs and source code. The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner.SCADA Lab The SCADA lab was originally setup in 1974. It has been upgraded and rehabbed several times since then. The most recent hardware and software upgrades were completed three years ago after the lab was hit with a ransomware attack that exploited several Windows XP vulnerabilities. At that time, the engineering and design workstations were upgraded to Windows 8.1 professional. A second successful ransomware attack occurred three months ago. The company paid the ransom in both cases because the lab did not have file backups that it could use to recover the damaged files (in the first case) and did not have system backups that it could use to rebuild the system hard drives (in the second case). The SCADA Lab is locked into using Windows 8.1. The planned transition to Windows 10 is on indefinite hold due to technical problems encountered during previous attempts to modify required software applications to work under the new version of the operating system. This means that an incident response and recovery capability for the lab must support the Windows 8.1 operating system and its utilities.R&D DevOps Lab The R&D DevOps Lab was built in 2010 and is used to develop, integrate, test, support, and maintain software and firmware (software embedded in chips) for the company’s robots, drones, and non-SCADA industrial control systems product lines. The workstations in this lab are running Windows 10 and are configured to receive security updates per Microsoft’s monthly
schedule. Enterprise IT Operations The company uses a combination of Windows 10 workstations and laptops as the foundation of its enterprise IT capabilities. The servers in the data center and the engineering R&D center are built upon Windows Server 2012. Issues Summary: 1. Newly won government contracts now require compliance with DFARS §252.204-7008, 7009, and 7012 · http://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.ht m · http://www.acq.osd.mil/se/docs/DFARS-guide.pdf 2. Derivative requirements include: · Implementation of and compliance with NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8 00-171r1.pdf · Compliance with DFARS 252.239-7009 Representation of Use of Cloud Computing and 7010 Cloud Computing Services (see https://www.acq.osd.mil/dpap/dars/dfars/html/current/252239.ht m#252.239-7009 3. Additional Contractual Requirements for Lab Operations include: · Incident Response per NIST SP-800-61 (Computer Security Incident Handling Guide) · SCADA Security per NIST SP 800-82 (Guide to Industrial Control Systems Security) · Software / Systems Development Lifecycle (SDLC) Security per NIST SP 800-64 (Security Considerations in the System Development Life Cycle) · Configuration Management per NIST SP 800-128 (Guide for Security-Focused Configuration Management of Information Systems) Words for the Wise …
Do not let “perfection” be a barrier to completing this assignment. It’s more important to be on-time and provide SOME analysis in a professional format than to find and document every single possible vulnerability. · Figure 1. Overview of Sifers-Grayson Enterprise IT Architecture Figure 2. Combined Network and Systems Views: Sifers-Grayson Headquarters, R&D Center, and Data Center Figure 3. Combined Network and Systems View for Sifers- Grayson R&D DevOps Lab Figure 4. Combined Communications and Systems Views for Sifers-Grayson Test Range Figure 5. Threat Landscape for Sifers-Grayson R&D DevOps Lab
This week your focus should be on figuring out what the Red Team did.docx

Recommended

Final Project Incident Response Exercise & ReportYour TaskYou hav.docx
Final Project Incident Response Exercise & ReportYour TaskYou hav.docxFinal Project Incident Response Exercise & ReportYour TaskYou hav.docx
Final Project Incident Response Exercise & ReportYour TaskYou hav.docxAKHIL969626
 
Final Project Incident Response Exercise & ReportYour TaskYou.docx
Final Project Incident Response Exercise & ReportYour TaskYou.docxFinal Project Incident Response Exercise & ReportYour TaskYou.docx
Final Project Incident Response Exercise & ReportYour TaskYou.docxlmelaine
 
Final Project Incident Response Exercise & ReportYour Task
Final Project Incident Response Exercise & ReportYour TaskFinal Project Incident Response Exercise & ReportYour Task
Final Project Incident Response Exercise & ReportYour Taskalisondakintxt
 
9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this as9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this asrhetttrevannion
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Project Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxProject Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwoodruffeloisa
 

Recommended

Final Project Incident Response Exercise & ReportYour TaskYou hav.docx
Final Project Incident Response Exercise & ReportYour TaskYou hav.docxFinal Project Incident Response Exercise & ReportYour TaskYou hav.docx
Final Project Incident Response Exercise & ReportYour TaskYou hav.docxAKHIL969626
 
Final Project Incident Response Exercise & ReportYour TaskYou.docx
Final Project Incident Response Exercise & ReportYour TaskYou.docxFinal Project Incident Response Exercise & ReportYour TaskYou.docx
Final Project Incident Response Exercise & ReportYour TaskYou.docxlmelaine
 
Final Project Incident Response Exercise & ReportYour Task
Final Project Incident Response Exercise & ReportYour TaskFinal Project Incident Response Exercise & ReportYour Task
Final Project Incident Response Exercise & ReportYour Taskalisondakintxt
 
9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this as9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this asrhetttrevannion
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Project Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxProject Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwoodruffeloisa
 
erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woerm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
 
Project Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxProject Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwkyra78
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Maurice Dawson
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327vimal Kumar Gupta
 
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxTerm Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Tony_Reid_Resume
Tony_Reid_ResumeTony_Reid_Resume
Tony_Reid_ResumeTony Reid
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Department of Defense
Department of DefenseDepartment of Defense
Department of DefenseDarius Dozier
 
1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docxelliotkimberlee
 
Project NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxProject NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
 
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...IRJET Journal
 
Computer aided design, computer aided manufacturing, computer aided engineering
Computer aided design, computer aided manufacturing, computer aided engineeringComputer aided design, computer aided manufacturing, computer aided engineering
Computer aided design, computer aided manufacturing, computer aided engineeringuniversity of sust.
 
Abhishek-Resume_latest.doc
Abhishek-Resume_latest.docAbhishek-Resume_latest.doc
Abhishek-Resume_latest.docAbhishek Parida
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...IJCNCJournal
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...IJCNCJournal
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
 
One way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxOne way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxjuliennehar
 
One paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxOne paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxjuliennehar
 

More Related Content

Similar to This week your focus should be on figuring out what the Red Team did.docx

erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woerm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
 
Project Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxProject Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwkyra78
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Maurice Dawson
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327vimal Kumar Gupta
 
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxTerm Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Tony_Reid_Resume
Tony_Reid_ResumeTony_Reid_Resume
Tony_Reid_ResumeTony Reid
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Department of Defense
Department of DefenseDepartment of Defense
Department of DefenseDarius Dozier
 
1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docxelliotkimberlee
 
Project NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxProject NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
 
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...IRJET Journal
 
Computer aided design, computer aided manufacturing, computer aided engineering
Computer aided design, computer aided manufacturing, computer aided engineeringComputer aided design, computer aided manufacturing, computer aided engineering
Computer aided design, computer aided manufacturing, computer aided engineeringuniversity of sust.
 
Abhishek-Resume_latest.doc
Abhishek-Resume_latest.docAbhishek-Resume_latest.doc
Abhishek-Resume_latest.docAbhishek Parida
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...IJCNCJournal
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...IJCNCJournal
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
 

Similar to This week your focus should be on figuring out what the Red Team did.docx (20)

erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woerm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
 
Project Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxProject Deliverable 5 Infrastructure and SecurityThis assignm.docx
Project Deliverable 5 Infrastructure and SecurityThis assignm.docx
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327
 
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxTerm Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docx
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
Tony_Reid_Resume
Tony_Reid_ResumeTony_Reid_Resume
Tony_Reid_Resume
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
Department of Defense
Department of DefenseDepartment of Defense
Department of Defense
 
1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx
 
Project NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxProject NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docx
 
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
 
Computer aided design, computer aided manufacturing, computer aided engineering
Computer aided design, computer aided manufacturing, computer aided engineeringComputer aided design, computer aided manufacturing, computer aided engineering
Computer aided design, computer aided manufacturing, computer aided engineering
 
Abhishek-Resume_latest.doc
Abhishek-Resume_latest.docAbhishek-Resume_latest.doc
Abhishek-Resume_latest.doc
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
 

More from juliennehar

One way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxOne way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxjuliennehar
 
One paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxOne paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxjuliennehar
 
one paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docxone paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docxjuliennehar
 
one pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docxone pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docxjuliennehar
 
One-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docxOne-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docxjuliennehar
 
One way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docxOne way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docxjuliennehar
 
One page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docxOne page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docxjuliennehar
 
One page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docxOne page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docxjuliennehar
 
one page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docxone page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docxjuliennehar
 
One more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docxOne more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docxjuliennehar
 
One of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docxOne of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docxjuliennehar
 
One of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docxOne of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docxjuliennehar
 
One of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docxOne of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docxjuliennehar
 
One of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docxOne of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docxjuliennehar
 
One of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docxOne of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docxjuliennehar
 
One of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docxOne of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docxjuliennehar
 
One of the most difficult components of effective .docx
One of the most difficult components of effective .docxOne of the most difficult components of effective .docx
One of the most difficult components of effective .docxjuliennehar
 
One of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docxOne of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docxjuliennehar
 
One of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docxOne of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docxjuliennehar
 
One of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docxOne of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docxjuliennehar
 

More from juliennehar (20)

One way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxOne way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docx
 
One paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxOne paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docx
 
one paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docxone paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docx
 
one pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docxone pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docx
 
One-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docxOne-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docx
 
One way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docxOne way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docx
 
One page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docxOne page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docx
 
One page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docxOne page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docx
 
one page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docxone page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docx
 
One more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docxOne more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docx
 
One of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docxOne of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docx
 
One of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docxOne of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docx
 
One of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docxOne of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docx
 
One of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docxOne of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docx
 
One of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docxOne of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docx
 
One of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docxOne of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docx
 
One of the most difficult components of effective .docx
One of the most difficult components of effective .docxOne of the most difficult components of effective .docx
One of the most difficult components of effective .docx
 
One of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docxOne of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docx
 
One of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docxOne of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docx
 
One of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docxOne of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docx
 

Recently uploaded

Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfstareducators107
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111GangaMaiya1
 
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdfDiuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdfKartik Tiwari
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningMarc Dusseiller Dusjagr
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSAnaAcapella
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptNishitharanjan Rout
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxAdelaideRefugio
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....Ritu480198
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxCeline George
 
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxMichaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxRugvedSathawane
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfNirmal Dwivedi
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...Gary Wood
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptxJoelynRubio1
 

Recently uploaded (20)

Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdfDiuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxMichaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 

This week your focus should be on figuring out what the Red Team did.docx

  • 1. This week your focus should be on figuring out what the Red Team did and how they did it. (See the - Incident Response Exercise & Report below - the detailed assignment description for the course final project).For your first posting this week, you must provide an analysis of the Red Team's report (as listed in the final project-check below). At a minimum you must identify and discuss three specific vulnerabilities that were exploited by the Red Team as part of its penetration testing. You will need to research similar types of attacks using Red Team or Ethical Hacking resources from the Internet.Final Project: Incident Response Exercise & Report Your Task You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5). Overview of the Incident Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it
  • 2. had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers). The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters. Background Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great- grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also serves as the head of personnel for the company. Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon the company and its R&D DevOps and SCADA labs operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply
  • 3. with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson R&D DevOps and SCADA labs, is protected from unauthorized disclosure. This information includes software designs and source code. The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner.SCADA Lab The SCADA lab was originally setup in 1974. It has been upgraded and rehabbed several times since then. The most recent hardware and software upgrades were completed three years ago after the lab was hit with a ransomware attack that exploited several Windows XP vulnerabilities. At that time, the engineering and design workstations were upgraded to Windows 8.1 professional. A second successful ransomware attack occurred three months ago. The company paid the ransom in both cases because the lab did not have file backups that it could use to recover the damaged files (in the first case) and did not have system backups that it could use to rebuild the system hard drives (in the second case). The SCADA Lab is locked into using Windows 8.1. The planned transition to Windows 10 is on indefinite hold due to technical problems encountered during previous attempts to modify required software applications to work under the new version of the operating system. This means that an incident response and recovery capability for the lab must support the Windows 8.1 operating system and its utilities.R&D DevOps Lab The R&D DevOps Lab was built in 2010 and is used to develop, integrate, test, support, and maintain software and firmware (software embedded in chips) for the company’s robots, drones, and non-SCADA industrial control systems product lines. The workstations in this lab are running Windows 10 and are configured to receive security updates per Microsoft’s monthly
  • 4. schedule. Enterprise IT Operations The company uses a combination of Windows 10 workstations and laptops as the foundation of its enterprise IT capabilities. The servers in the data center and the engineering R&D center are built upon Windows Server 2012. Issues Summary: 1. Newly won government contracts now require compliance with DFARS §252.204-7008, 7009, and 7012 · http://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.ht m · http://www.acq.osd.mil/se/docs/DFARS-guide.pdf 2. Derivative requirements include: · Implementation of and compliance with NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8 00-171r1.pdf · Compliance with DFARS 252.239-7009 Representation of Use of Cloud Computing and 7010 Cloud Computing Services (see https://www.acq.osd.mil/dpap/dars/dfars/html/current/252239.ht m#252.239-7009 3. Additional Contractual Requirements for Lab Operations include: · Incident Response per NIST SP-800-61 (Computer Security Incident Handling Guide) · SCADA Security per NIST SP 800-82 (Guide to Industrial Control Systems Security) · Software / Systems Development Lifecycle (SDLC) Security per NIST SP 800-64 (Security Considerations in the System Development Life Cycle) · Configuration Management per NIST SP 800-128 (Guide for Security-Focused Configuration Management of Information Systems) Words for the Wise …
  • 5. Do not let “perfection” be a barrier to completing this assignment. It’s more important to be on-time and provide SOME analysis in a professional format than to find and document every single possible vulnerability. · Figure 1. Overview of Sifers-Grayson Enterprise IT Architecture Figure 2. Combined Network and Systems Views: Sifers-Grayson Headquarters, R&D Center, and Data Center Figure 3. Combined Network and Systems View for Sifers- Grayson R&D DevOps Lab Figure 4. Combined Communications and Systems Views for Sifers-Grayson Test Range Figure 5. Threat Landscape for Sifers-Grayson R&D DevOps Lab