Current Events Crisis Analysis Essay This paper should be written in an APA-Style format. Your paper will be evaluated on the following: · Content · Grammar · Structure and mechanics · Relevance to the topic(s) Note: Each essay will be submitted through Canvas Current Events Crisis Analysis: This assignment requires students to identify and examine a current example of a crisis taken from the news. Students will analyze various elements for consideration and apply course concepts. Students will critique the company/individual in terms of what was done well and what perhaps could have been orchestrated better and why. Instructions: Write about a company or industry that has faced or currently faces a crisis (or that is grappling with an issue which threatens to become a crisis.) Include the following components: 1) analyze the underlying causation); 2) a stakeholder analysis; 3) review what the organization did in response, and 4) evaluate its effectiveness and determine whether other approaches might have been taken. You should do an analysis rather than a description. In addition, you should include documentation of source material. Finally, whichever sort of topic you choose should be of real interest to you. Length: 3-5 pages (it’s expected that you employ sources, attributions and bibliography.) Be sure to provide informed and thoughtful answers to all of the guideline suggestions/questions. Style: APA Format Visit the Purdue Online Writing Lab for more help with APA formatting. Guidelines: I. Define the organization and its crisis / potential crisis. II. Crises develop in four stages: Warning (detection, prevention, preparation), Point-of- no-return (containment), Cleanup (recovery), and Back-to-normal (learning). What stage(s) apply to this crisis? III. Who do you think is in charge of managing the crisis? a. What are their highest priorities? b. What are their motives behind their decisions? IV. Attempt to define the stakeholders and their concerns. a. What are the communication strategies? b. What are the messages? c. Are there any inconsistencies between early response and later response? d. Did the organization utilize any intermediaries to help manage its relationships with stakeholders? V. Evaluate the organization’s responses. a. Restores trust? Damaging? Honest? Explanatory? Plain speech vs. technical speech? Deflects or invites participation of those affected to seek solutions? Ignores, meets or exceeds stakeholder expectations? b. Were concerns dismissed? Was blame cast elsewhere? Were mistakes acknowledged? Sympathetic? Were public apologies made? VI. In your opinion, how well was the organization prepared for this crisis? Explain. VII. If an organization’s reputation has been damaged, how might it be restored? VIII. Can you detect or predict any potential benefits from this crisis? Written Submission Guidelines 1. Review the detailed written assignment instructions on how to submit your assignments and how to revi.

1. Current Events Crisis Analysis Essay
This paper should be written in an APA-Style format.
Your paper will be evaluated on the following:
· Content
· Grammar
· Structure and mechanics
· Relevance to the topic(s)
Note: Each essay will be submitted through Canvas
Current Events Crisis Analysis:
This assignment requires students to identify and examine a
current example of a crisis taken from the news. Students will
analyze various elements for consideration and apply course
concepts. Students will critique the company/individual in terms
of what was done well and what perhaps could have been
orchestrated better and why.
Instructions:
Write about a company or industry that has faced or currently
faces a crisis (or that is grappling with an issue which threatens
to become a crisis.)
Include the following components: 1) analyze the underlying
causation); 2) a stakeholder analysis; 3) review what the
organization did in response, and 4) evaluate its effectiveness
and determine whether other approaches might have been taken.
You should do an analysis rather than a description. In addition,
you should include documentation of source material. Finally,
whichever sort of topic you choose should be of real interest to
you.
Length:
3-5 pages (it’s expected that you employ sources, attributions
and bibliography.)
Be sure to provide informed and thoughtful answers to all of the
guideline suggestions/questions.
Style:

2. APA Format
Visit the Purdue Online Writing Lab for more help with APA
formatting.
Guidelines:
I. Define the organization and its crisis / potential crisis.
II. Crises develop in four stages: Warning (detection,
prevention, preparation), Point-of- no-return (containment),
Cleanup (recovery), and Back-to-normal (learning). What
stage(s) apply to this crisis?
III. Who do you think is in charge of managing the crisis?
a. What are their highest priorities?
b. What are their motives behind their decisions?
IV. Attempt to define the stakeholders and their concerns.
a. What are the communication strategies?
b. What are the messages?
c. Are there any inconsistencies between early response and
later response?
d. Did the organization utilize any intermediaries to help
manage its relationships with stakeholders?
V. Evaluate the organization’s responses.
a. Restores trust? Damaging? Honest? Explanatory? Plain
speech vs. technical speech? Deflects or invites participation of
those affected to seek solutions? Ignores, meets or exceeds
stakeholder expectations?
b. Were concerns dismissed? Was blame cast elsewhere? Were
mistakes acknowledged? Sympathetic? Were public apologies
made?
VI. In your opinion, how well was the organization prepared for
this crisis? Explain.
VII. If an organization’s reputation has been damaged, how
might it be restored?
VIII. Can you detect or predict any potential benefits from this
crisis?
Written Submission Guidelines

3. 1. Review the detailed written assignment instructions on how
to submit your assignments and how to review the comments
(feedback) from your professor.
2. All written assignments on Canvas will be run through
Turnitin to check for plagiarism. Your submission should not
exceed 25% in similarity.
3. Written assignment dropboxes will be available within the
Assignments link off the course tools menu on the left-hand
side of the page within Canvas, as well as in their respective
modules as outlined in the syllabus.
4. Within one week after the assignment's deadline has passed,
you will receive written feedback on your assignment.
5. Late submissions will only be accepted for a maximum of 7
days past the due date. For every day an assignment is late, 10%
will be deducted from the original point value, with a maximum
reduction of 50% on assignments submitted 7 days past the
original due date. Please refer to the "Acceptance of Late
Assignments" section of the syllabus for more information.
Week 1 Assignment Timothy Cope
CMIT 495 Current Trends and Projects in Computer Networks
and Security
Week 1 – Virtualization
Login to your newly created AWS account and take a screen
capture of the dashboard and embed it below. The screen
capture should include the username you created during setup.
Provide a detailed overview of the steps required to install the
Ubuntu Server operating system on the virtual machine. The
steps may be listed in bullet points or complete sentences. Use
as much space as required.

4. -Go to Https://aws.amazon.com/
-Create a free account and login to AWS
-Click on Launch a virtual machine (w/ EC2)
-Then, you are given the option to choose an Amazon Machine
Image (AMI)
-Choose Ubuntu Server 16.04 (64-Bit). This is “Free tier
eligible” and free to utilize
-Again choose the “Free tier eligible” computing power…it is
labeled in green.
-Review/Configure your instance details ensuring all the setting
are correct and ‘Click Launch’
-You will be prompted to Select an existing key pair or create a
new key pair.
-Now you can create a new key pair, name your key pair, and
click ‘Download Key Pair’
-Be sure to save it in a file you are able access.
-Now your instance is created, and I advise you name your
instance.
-Take a moment to review your public IP address and Public
DNS.
-Highlight the box left of your instance and click ‘Connect’.
-You will then see a ‘Connect To Your Instance’ instructing you
to connect using PuTTy
-Download a PuTTy and PuTTygen.
-Utilize PuTTygen to convert your key pair into a private key.
Run PuTTygen, (Load) your key, and be sure to save your
newly generated - now private key.
-Open PuTTy and inside PuTTy Configuration enter the DNS
entry or public IP address provided in the ‘Connect To Your
Instance’ type this in the Host Name box provided.
-Now browse to Connection, SSH, Auth select your private key
just generated, click Open.
-The Command Line Interface window will appear and you will
prompted to login

5. -username Ubuntu or Root…I used Ubuntu
-You are now logged into the Ubuntu server.
If we decided to install Windows 10 instead of Ubuntu, would
the steps necessary for a successful outcome have been much
different? Why or why not?
Yes, the steps would be very different. We would use either
Remote Desktop Connection or VMware.
Example:
Instead of installing the operating system OS Unbuntu and
PuTTy; we could install Win 10 utilizing Oracle VM Virtual
Box.
-Open your web browser and go to
http://adf.ly/9928339/virtualbox - Virtual Box.
-Download Virtual Box for your OS and install.
-Launch virtual Box and minimize.
-Open your browser and browse to the official Microsoft
website for Win 10 ISO 64-bet version.
-Choose ‘Create Installation Media for another PC’ and
download
-Return to your Oracle VMware, name your virtual instance Win
10 or your preference, select memory options, create virtual
hard-disk, choose virtual optical disk file, browse for your
recently downloaded Win 10 ISO, select SADA option and start
your virtual machine.
-Continue just like any other Windows installation within your
virtual machine and you will be prompted for a license. Please
see screenshot below.
Figure is a screenshot of Windows 10.1.1 setup within Oracle
VM Virtual Box
The difference between a Microsoft Windows and Linux
installation is:

6. The leading difference between installation of these two
operating systems OS is with a Linux General Public License
(GPL) operating system, the user is free to modify software and
even republish or sell it (as long as the code is made available).
Also, with a GPL such as Linux, one can download a single
copy of a Linux distribution (or application) and install it on as
many machines as they like. On the other hand, with Microsoft
licenses, the user can do none of the above. You are bound to
the number of licenses you purchase, so if you purchase 10
licenses, you can legally install that operating system (or
application) on only 10 machines (Wallen, 2008).
Reference:
Wallen, J. (2008). 10 fundamental differences between Linux
and Windows. Retrieved from
https://www.techrepublic.com/blog/10-things/10-fundamental-
differences-between-linux-and-windows/
As far as flexibility, I can explain Linux and Windows as if they
were two separate houses:
With Linux, you have ability to change the floors, add a new
kitchen and stove, knock down a few wall and remodel as you
see fit.
With Windows, the floors and walls are immovable. You can't
go further than Microsoft (your landlord) has deemed necessary
to go within your house. You are merely a renter.
Based on your experience, what was the most challenging aspect
of installing the Ubuntu Server operating systems in the virtual
environment?
The most difficult aspect of installing the Ubuntu Server seems

7. very trivial now, but was figuring out how to convert my key
pair into a private key utilizing PuTTygen. The directions were
clear, however it was lengthy and completed the install only
after additional research and further understanding on my part
of what needed to take place prior to accessing Ubuntu server
via PuTTy.
Open a command prompt on your personal computer and run an
ipconfig (e.g., Microsoft Windows) or ifconfig (e.g., Unix or
Linux variant) command, depending on what operating system
you are using. Perform a screen capture of the command
prompt and embed it below.

8. After successfully installing the Ubuntu Server operating
systems, login via an SSH client. Instructions are provided
Amazon on how to do so. When connected, run the following
commands:
· whoami command
· ifconfig command
· pwd command
· ping www.google.com
·
Next, perform a screen capture of the results and embed it
below.
Note the difference between IP addresses. Specifically, when
you perform the ipconfig or ifconfig on your personal system,

9. versus the ifconfig command within the virtual machine
command prompt. Why are the IP addresses different? Explain
your answer.
-My PC: Is utilizing a VPN on an IPV6 network. I was provided
a private IPV4 address 192.168.1.10 /24
-Ubuntu Virtual Machine: Is also utilizing a private IP
172.31.43.168 /20. However, it is in a different network and
subnet.
-The IPV6 addresses are different as well. Both IPV6 and 4
address are in different networks.
The addresses are different first because of virtualization, but
more specifically, each virtual machine has its own virtual
network interface adapter. Virtual Machines are in private
networks similar to VPNs. In most cases virtual machine require
access to a physical network and the physical network access is
provided by what is commonly referred to as an “up link”.
Virtual Machines utilize shared networking through Network
Address Translation (NAT). Address translation allows users to
configure a connection between a VM and an external network.
Therefore, NAT is one way of accessing an external network
from a virtual machine.
Please screen shots of ipconfig on PC & ifconfig on VM.
Virtualization allows us to place the functionality of many
servers into a single host while maintaining configurable levels
of separation between all virtual machines. How do you believe
virtualization could help in datacenter consolidation? What
would you be leery about during and after any transition?

10. Physical to virtual or P2V of a datacenter creates a much
smaller carbon footprint. It takes time and money to house
server stacks. Less big box servers require less power, less
space and less HVAC to cool said space. Physical security plays
a role as well. A full blown data center with rows and rows of
servers much like the Marine Corps Enterprise Network
(MCEN) datacenter requires constant upkeep and manpower to
do so, and we have just scratched the surface of virtualization/
datacenter consolidation. Currently, there are servers spread
throughout our AO. This is a physical security nightmare.
Aside from the physical advances, virtualization allows a more
manageable, scalable, and flexible datacenter. After
consolidation of a data center, administrators are offered a fully
operation server build as well as a self-contained lab
environment to update, configure and prep for future operations.
Both running simultaneously. If/when required, an in-place
upgrade can be performed, therefore providing continuous/
uninterrupted services to end-users.
Things to be leery of:
It is highly recommended to have a COOP or continuous of
operation plan for your datacenter, especially with datacenter
consolidation. In the event of a fire or disaster all is lost
without an offsite COOP for restoration and disaster recovery.
It is not advised to have one “single point of failure” therefore
multiple physical hosts should be available when hosting a
multitude of virtual servers within one host as well as software
and backups configurations.

11. Additional concerns are listed as followed:
-Routine backup of Storage area Network SAN
-managing and deploy a planned virtual machine life cycle of
WMs. This will recover unneeded/ unutilized virtual instances
to prevent excessive images running on a single device. This is
commonly referred to at WM sprawl.
-One thing to still be concerned with is the remaining licenses
cost of virtual machines. Software licenses still persist in a
virtual environment.
-User access is a concern an intentional (or UN-intentional)
insider threat is always a concern especially when consolidating
services where damage done can bring down an entire network.
Does virtualization increase the cybersecurity posture of the
organization? If so, describe how and why. If not, describe
how and why not.
In my opinion, virtualization does not increase the cybersecurity
posture of an organization.
There are a laundry list of virtualization specific attacks.
Virtualization opens up a whole new window for potential
attackers to exploit. Virtual Machines all on the same host or
with access to memory on the host machine create opportunities
for exploitation. If an attacker gains access to the hypervisor on
the hosting/physical machine it can potentially compromise all
the VMs on that machine, as well as other physical servers.
Likewise, if a virtual machine is compromised it can potentially
compromise all the WMs running alongside it. “Traditional
threats such as: Legacy viruses, Trojans, rookits, keyloggers
and other malware can all do substantial damage to a VM and
its host. Additionally, an infected VM can carry out attacks

12. against other VMs as well as other physical servers on the
network” (Avenging, 2012).
Reference:
Avenging host: The impact of virtualization on network
security. (2012, May 10). Retrieved from
https://www.scmagazine.com/avenging-host-the-impact-of-
virtualization-on-network-security/article/557698/
The key to physical or cybersecurity is having multiple layers
of security (layered security).
An effective strategy for a virtualized environments is to apply
fundamental security tactics, making sure to take a layered
approach to security technologies. There is no such thing as a
bulletproof cyber security posture. This is even more the case
for an organization implementing a heavily virtualized
environment. By creating layers, I am referring to the following
steps:
-Anti-virus software deployed on every virtual machine VM.
Especially on the hosting machine.
-Access need to be heavily restricted to prevent insider threat
(intentional and un-intentional).
-Anti-malware security solutions deployed at the network
gateway, especially for VMs, which may have been the result of
sprawl and not had an update for weeks or even months.
-Network intrusion prevention for non-malware based attacks.
In closure, as more organizations rush to implement virtual
machines residing in a virtual environment, they must also
consider newfound vulnerabilities and security risks specific to

13. virtual computing and environments.
There are various virtualization options. Bare-metal (type 1)
whereby the hypervisors run directly on the hardware as their
own operating systems, and User-space (type 2) hypervisors that
run within the conventional operating systems. Which of these
options is more secure? Describe the vulnerabilities you
believe exist in either type 1, type 2, or both configurations.
As mentioned above, Bare-metal (type 1) is more secure. Bare-
metal is sometimes referred to as Native hypervisor which runs
directly on a system’s hardware. When utilizing Bare-metal
(type 1) virtualization option, the virtual machine (guest
machine) OS runs on a completely different or isolated level
than that of the (host machine), which run directly above the
hypervisor. By implementing type-1 client hypervisor are
creating another layer of security which makes more difficult
for attacks to access the virtual machine due to an additional
layer of security.
On the other hand, User-space (type 2) runs on a system’s
existing operating system (OS). Like I said, the type 2 is hosted
or installed on an already existing OS and the existing OS
houses other operating systems that is above it. “With type 2,
any problem or problems occurring within the (host machines)
OS will affect (guest machines) operating system that are
running on the hypervisor. It affects the hypervisor itself,
although sometime the hypervisor running above the operating
system might be secured but the guest operating system
wouldn’t be” (Int J. Comm,2015).
Reference:
Int. J. Communications, Network and System Sciences, 2015, 8,
260-273 Published Online July 2015 in SciRes.

14. http://www.scirp.org/journal/ijcns
http://dx.doi.org/10.4236/ijcns.2015.87026
Given that, what do you believe can be done to mitigate these
vulnerabilities?
To answer the last portion of this question, I have listed a few
ways to mitigate security vulnerabilities.
Host machine Security - this is the machine housing the
parenting operating system for a virtual machine and in some
cases it's used to host the guest OS and share resources between
VMs on the same host. Virtualizing enables sharing of data with
other VMs by using disks or folders housed by the most
machine. Pushing updates systematically and running backups
of physical as well as virtual drives are recommended.
Hypervisor security:
1.) Immediately installing hypervisor updates released by
vendors and automatically updating software is recommended.
2.) Secure with thin hypervisors reduces the chances of an
attack by malicious code which has potential to reach the
hypervisor.
3.) For physical security of a network you would shut off any
unused port and not connecting any unknown machine to the
network. The same goes for virtualizing…if you aren’t using
file sharing service or any other service between the guests and
host OS, disable those services to prevent risk of exploitation.
4.) An administrator must establish security between guest
operating systems in order for them to communicate. Thing of
this just as a non-virtualized environment impediments
firewalls.
5.) When running Bare-metal, it is recommended that guest OS
run at a lower privilege level then the housing OS.
-Sandboxing:
Which brings us to Sandboxing. Sandboxing is a tool utilize to

15. separate running programs with untested code and/or programs
from an unverified external party. The primary goal of
sandboxing is to harden virtualization security by isolating
applications running on an OS in order to defend from outside
malicious software such as malware, viruses or denial of
service.
In the scholarly publication Xen and the Art of Virtualization,
the authors describe a virtualization solution. Read the article
and visit https://www.xenproject.org/ to gain a perspective on
this open source solution, those that support it, and what it
offers today. Why should organizations consider Xen as an
open-source virtualization solution when they can purchase a
solution for virtualization service providers such as Amazon?
There was a lot to read any learn about the Xen Project and all
the contributions Xen has made to commercializing as well as
innovating the virtual environment. I will list some of the key
takeaway from my research.
Xen is a type 1 Bare-Metal hypervisor built and runs
independently from a hosting OS. In fact, Xen runs on a
separate layer than an OS as well as hardware, and is considered

16. to be an Infrastructure Virtualization Platform. Xen is a
virtualization platform designed for companies and users alike
to build their own virtualization and cloud solutions.
Below is a list are reasons to use Xen open-source virtualization
solutions:
-Secured isolation between virtual machines
-Guaranteed resource control and QoS
-Only guest kernel needs to be ported
-A company’s user level apps and libraries can run unmodified
(preventing rewriting of binary code).
-Broad (Linux) hardware support is provided
-Xen provides live relocation of VMs between Xen nodes
-Kernel-based OS with a very small footprint
From what I have read, if an organization utilized Amazon's
EC2 in the past, they were actually using Xen. Yet, as you
probably already know, there is also another widely utilized
open-sourced virtualization solution to consider, and that is
Kernel-based Virtual Machine (KVM). KVM is a hypervisor
that is in the mainline Linux kernel. With KVM, users can run
multiple VMs on unmodified Linux or Windows images. KVM,
just like Xen, can operate with unmodified applications
preventing the re-writing of binary code. That being said, “in
2017 Amazon announced they are moving away from Xen to
KVM” (Clinton, 2017). However, KVM is a type-2 hypervisor
built into the Linux kernel as a module requiring no additional
work for the Linux distributors to add KVM. However,
Customers will lose the flexibility to run a bare-metal (type 1)
hypervisor, configure the hypervisor independent of the host
operating system, and provide machine level security as a guest
virtual machine has the potential to bring down the operating
system on KVM (Brockmeier, 2012). I would recommend Xen
open-sourced virtualization solutions for all the aforementioned
reasons, but mainly for hardened security purposed and the
ability to make hyper-call drastically increasing performance.

17. Reference:
Clinton, D. (2017, November 13). AWS just announced a move
from Xen towards KVM. So what is KVM? Retrieved May 27,
2018, from https://medium.com/@dbclin/aws-just-announced-a-
move-from-xen-towards-kvm-so-what-is-kvm-2091f123991
J Brockmeier, Choosing a Virtualization Platform. (2010, July
12). Retrieved May 27, 2018, from
https://www.linux.com/news/kvm-or-xen-choosing-
virtualization- -text
Citations Check
Confirm that you have stopped and terminated your AWS
instance (e.g. Ubuntu Server deployment).
Upon completion of this assignment, export your file as a PDF
and upload to the LEO/Assignments folder.
Week 1 Assignment Timothy Cope
CMIT 495 Current Trends and Projects in Computer Networks
and Security
Week 1 – Virtualization
Login to your newly created AWS account and take a screen

18. capture of the dashboard and embed it below. The screen
capture should include the username you created during setup.
Provide a detailed overview of the steps required to install the
Ubuntu Server operating system on the virtual machine. The
steps may be listed in bullet points or complete sentences. Use
as much space as required.
-Go to Https://aws.amazon.com/
-Create a free account and login to AWS
-Click on Launch a virtual machine (w/ EC2)
-Then, you are given the option to choose an Amazon Machine
Image (AMI)
-Choose Ubuntu Server 16.04 (64-Bit). This is “Free tier
eligible” and free to utilize
-Again choose the “Free tier eligible” computing power…it is
labeled in green.
-Review/Configure your instance details ensuring all the setting
are correct and ‘Click Launch’
-You will be prompted to Select an existing key pair or create a
new key pair.
-Now you can create a new key pair, name your key pair, and
click ‘Download Key Pair’
-Be sure to save it in a file you are able access.
-Now your instance is created, and I advise you name your
instance.
-Take a moment to review your public IP address and Public
DNS.
-Highlight the box left of your instance and click ‘Connect’.
-You will then see a ‘Connect To Your Instance’ instructing you
to connect using PuTTy
-Download a PuTTy and PuTTygen.
-Utilize PuTTygen to convert your key pair into a private key.

19. Run PuTTygen, (Load) your key, and be sure to save your
newly generated - now private key.
-Open PuTTy and inside PuTTy Configuration enter the DNS
entry or public IP address provided in the ‘Connect To Your
Instance’ type this in the Host Name box provided.
-Now browse to Connection, SSH, Auth select your private key
just generated, click Open.
-The Command Line Interface window will appear and you will
prompted to login
-username Ubuntu or Root…I used Ubuntu
-You are now logged into the Ubuntu server.
If we decided to install Windows 10 instead of Ubuntu, would
the steps necessary for a successful outcome have been much
different? Why or why not?
Yes, the steps would be very different. We would use either
Remote Desktop Connection or VMware.
Example:
Instead of installing the operating system OS Unbuntu and
PuTTy; we could install Win 10 utilizing Oracle VM Virtual
Box.
-Open your web browser and go to
http://adf.ly/9928339/virtualbox - Virtual Box.
-Download Virtual Box for your OS and install.
-Launch virtual Box and minimize.
-Open your browser and browse to the official Microsoft
website for Win 10 ISO 64-bet version.
-Choose ‘Create Installation Media for another PC’ and
download
-Return to your Oracle VMware, name your virtual instance Win
10 or your preference, select memory options, create virtual
hard-disk, choose virtual optical disk file, browse for your
recently downloaded Win 10 ISO, select SADA option and start
your virtual machine.

20. -Continue just like any other Windows installation within your
virtual machine and you will be prompted for a license. Please
see screenshot below.
Figure is a screenshot of Windows 10.1.1 setup within Oracle
VM Virtual Box
The difference between a Microsoft Windows and Linux
installation is:
The leading difference between installation of these two
operating systems OS is with a Linux General Public License
(GPL) operating system, the user is free to modify software and
even republish or sell it (as long as the code is made available).
Also, with a GPL such as Linux, one can download a single
copy of a Linux distribution (or application) and install it on as
many machines as they like. On the other hand, with Microsoft
licenses, the user can do none of the above. You are bound to
the number of licenses you purchase, so if you purchase 10
licenses, you can legally install that operating system (or
application) on only 10 machines (Wallen, 2008).
Reference:
Wallen, J. (2008). 10 fundamental differences between Linux
and Windows. Retrieved from
https://www.techrepublic.com/blog/10-things/10-fundamental-
differences-between-linux-and-windows/
As far as flexibility, I can explain Linux and Windows as if they
were two separate houses:
With Linux, you have ability to change the floors, add a new
kitchen and stove, knock down a few wall and remodel as you
see fit.
With Windows, the floors and walls are immovable. You can't

21. go further than Microsoft (your landlord) has deemed necessary
to go within your house. You are merely a renter.
Based on your experience, what was the most challenging aspect
of installing the Ubuntu Server operating systems in the virtual
environment?
The most difficult aspect of installing the Ubuntu Server seems
very trivial now, but was figuring out how to convert my key
pair into a private key utilizing PuTTygen. The directions were
clear, however it was lengthy and completed the install only
after additional research and further understanding on my part
of what needed to take place prior to accessing Ubuntu server
via PuTTy.
Open a command prompt on your personal computer and run an
ipconfig (e.g., Microsoft Windows) or ifconfig (e.g., Unix or
Linux variant) command, depending on what operating system
you are using. Perform a screen capture of the command
prompt and embed it below.

22. After successfully installing the Ubuntu Server operating
systems, login via an SSH client. Instructions are provided
Amazon on how to do so. When connected, run the following
commands:
· whoami command
· ifconfig command
· pwd command
· ping www.google.com
·
Next, perform a screen capture of the results and embed it
below.

23. Note the difference between IP addresses. Specifically, when
you perform the ipconfig or ifconfig on your personal system,
versus the ifconfig command within the virtual machine
command prompt. Why are the IP addresses different? Explain
your answer.
-My PC: Is utilizing a VPN on an IPV6 network. I was provided
a private IPV4 address 192.168.1.10 /24
-Ubuntu Virtual Machine: Is also utilizing a private IP
172.31.43.168 /20. However, it is in a different network and
subnet.
-The IPV6 addresses are different as well. Both IPV6 and 4
address are in different networks.
The addresses are different first because of virtualization, but
more specifically, each virtual machine has its own virtual
network interface adapter. Virtual Machines are in private
networks similar to VPNs. In most cases virtual machine require
access to a physical network and the physical network access is
provided by what is commonly referred to as an “up link”.
Virtual Machines utilize shared networking through Network
Address Translation (NAT). Address translation allows users to
configure a connection between a VM and an external network.
Therefore, NAT is one way of accessing an external network
from a virtual machine.
Please screen shots of ipconfig on PC & ifconfig on VM.

24. Virtualization allows us to place the functionality of many
servers into a single host while maintaining configurable levels
of separation between all virtual machines. How do you believe
virtualization could help in datacenter consolidation? What
would you be leery about during and after any transition?
Physical to virtual or P2V of a datacenter creates a much
smaller carbon footprint. It takes time and money to house
server stacks. Less big box servers require less power, less
space and less HVAC to cool said space. Physical security plays
a role as well. A full blown data center with rows and rows of
servers much like the Marine Corps Enterprise Network
(MCEN) datacenter requires constant upkeep and manpower to
do so, and we have just scratched the surface of virtualization/
datacenter consolidation. Currently, there are servers spread
throughout our AO. This is a physical security nightmare.
Aside from the physical advances, virtualization allows a more
manageable, scalable, and flexible datacenter. After
consolidation of a data center, administrators are offered a fully
operation server build as well as a self-contained lab
environment to update, configure and prep for future operations.
Both running simultaneously. If/when required, an in-place
upgrade can be performed, therefore providing continuous/
uninterrupted services to end-users.
Things to be leery of:
It is highly recommended to have a COOP or continuous of
operation plan for your datacenter, especially with datacenter
consolidation. In the event of a fire or disaster all is lost
without an offsite COOP for restoration and disaster recovery.

25. It is not advised to have one “single point of failure” therefore
multiple physical hosts should be available when hosting a
multitude of virtual servers within one host as well as software
and backups configurations.
Additional concerns are listed as followed:
-Routine backup of Storage area Network SAN
-managing and deploy a planned virtual machine life cycle of
WMs. This will recover unneeded/ unutilized virtual instances
to prevent excessive images running on a single device. This is
commonly referred to at WM sprawl.
-One thing to still be concerned with is the remaining licenses
cost of virtual machines. Software licenses still persist in a
virtual environment.
-User access is a concern an intentional (or UN-intentional)
insider threat is always a concern especially when consolidating
services where damage done can bring down an entire network.
Does virtualization increase the cybersecurity posture of the
organization? If so, describe how and why. If not, describe
how and why not.
In my opinion, virtualization does not increase the cybersecurity
posture of an organization.
There are a laundry list of virtualization specific attacks.
Virtualization opens up a whole new window for potential
attackers to exploit. Virtual Machines all on the same host or

26. with access to memory on the host machine create opportunities
for exploitation. If an attacker gains access to the hypervisor on
the hosting/physical machine it can potentially compromise all
the VMs on that machine, as well as other physical servers.
Likewise, if a virtual machine is compromised it can potentially
compromise all the WMs running alongside it. “Traditional
threats such as: Legacy viruses, Trojans, rookits, keyloggers
and other malware can all do substantial damage to a VM and
its host. Additionally, an infected VM can carry out attacks
against other VMs as well as other physical servers on the
network” (Avenging, 2012).
Reference:
Avenging host: The impact of virtualization on network
security. (2012, May 10). Retrieved from
https://www.scmagazine.com/avenging-host-the-impact-of-
virtualization-on-network-security/article/557698/
The key to physical or cybersecurity is having multiple layers
of security (layered security).
An effective strategy for a virtualized environments is to apply
fundamental security tactics, making sure to take a layered
approach to security technologies. There is no such thing as a
bulletproof cyber security posture. This is even more the case
for an organization implementing a heavily virtualized
environment. By creating layers, I am referring to the following
steps:
-Anti-virus software deployed on every virtual machine VM.
Especially on the hosting machine.

27. -Access need to be heavily restricted to prevent insider threat
(intentional and un-intentional).
-Anti-malware security solutions deployed at the network
gateway, especially for VMs, which may have been the result of
sprawl and not had an update for weeks or even months.
-Network intrusion prevention for non-malware based attacks.
In closure, as more organizations rush to implement virtual
machines residing in a virtual environment, they must also
consider newfound vulnerabilities and security risks specific to
virtual computing and environments.
There are various virtualization options. Bare-metal (type 1)
whereby the hypervisors run directly on the hardware as their
own operating systems, and User-space (type 2) hypervisors that
run within the conventional operating systems. Which of these
options is more secure? Describe the vulnerabilities you
believe exist in either type 1, type 2, or both configurations.
As mentioned above, Bare-metal (type 1) is more secure. Bare-
metal is sometimes referred to as Native hypervisor which runs
directly on a system’s hardware. When utilizing Bare-metal
(type 1) virtualization option, the virtual machine (guest
machine) OS runs on a completely different or isolated level
than that of the (host machine), which run directly above the
hypervisor. By implementing type-1 client hypervisor are
creating another layer of security which makes more difficult
for attacks to access the virtual machine due to an additional
layer of security.
On the other hand, User-space (type 2) runs on a system’s
existing operating system (OS). Like I said, the type 2 is hosted
or installed on an already existing OS and the existing OS
houses other operating systems that is above it. “With type 2,
any problem or problems occurring within the (host machines)

28. OS will affect (guest machines) operating system that are
running on the hypervisor. It affects the hypervisor itself,
although sometime the hypervisor running above the operating
system might be secured but the guest operating system
wouldn’t be” (Int J. Comm,2015).
Reference:
Int. J. Communications, Network and System Sciences, 2015, 8,
260-273 Published Online July 2015 in SciRes.
http://www.scirp.org/journal/ijcns
http://dx.doi.org/10.4236/ijcns.2015.87026
Given that, what do you believe can be done to mitigate these
vulnerabilities?
To answer the last portion of this question, I have listed a few
ways to mitigate security vulnerabilities.
Host machine Security - this is the machine housing the
parenting operating system for a virtual machine and in some
cases it's used to host the guest OS and share resources between
VMs on the same host. Virtualizing enables sharing of data with
other VMs by using disks or folders housed by the most
machine. Pushing updates systematically and running backups
of physical as well as virtual drives are recommended.
Hypervisor security:
1.) Immediately installing hypervisor updates released by
vendors and automatically updating software is recommended.
2.) Secure with thin hypervisors reduces the chances of an
attack by malicious code which has potential to reach the
hypervisor.
3.) For physical security of a network you would shut off any
unused port and not connecting any unknown machine to the
network. The same goes for virtualizing…if you aren’t using
file sharing service or any other service between the guests and
host OS, disable those services to prevent risk of exploitation.

29. 4.) An administrator must establish security between guest
operating systems in order for them to communicate. Thing of
this just as a non-virtualized environment impediments
firewalls.
5.) When running Bare-metal, it is recommended that guest OS
run at a lower privilege level then the housing OS.
-Sandboxing:
Which brings us to Sandboxing. Sandboxing is a tool utilize to
separate running programs with untested code and/or programs
from an unverified external party. The primary goal of
sandboxing is to harden virtualization security by isolating
applications running on an OS in order to defend from outside
malicious software such as malware, viruses or denial of
service.
In the scholarly publication Xen and the Art of Virtualization,
the authors describe a virtualization solution. Read the article
and visit https://www.xenproject.org/ to gain a perspective on
this open source solution, those that support it, and what it
offers today. Why should organizations consider Xen as an
open-source virtualization solution when they can purchase a
solution for virtualization service providers such as Amazon?

30. There was a lot to read any learn about the Xen Project and all
the contributions Xen has made to commercializing as well as
innovating the virtual environment. I will list some of the key
takeaway from my research.
Xen is a type 1 Bare-Metal hypervisor built and runs
independently from a hosting OS. In fact, Xen runs on a
separate layer than an OS as well as hardware, and is considered
to be an Infrastructure Virtualization Platform. Xen is a
virtualization platform designed for companies and users alike
to build their own virtualization and cloud solutions.
Below is a list are reasons to use Xen open-source virtualization
solutions:
-Secured isolation between virtual machines
-Guaranteed resource control and QoS
-Only guest kernel needs to be ported
-A company’s user level apps and libraries can run unmodified
(preventing rewriting of binary code).
-Broad (Linux) hardware support is provided
-Xen provides live relocation of VMs between Xen nodes
-Kernel-based OS with a very small footprint
From what I have read, if an organization utilized Amazon's
EC2 in the past, they were actually using Xen. Yet, as you
probably already know, there is also another widely utilized
open-sourced virtualization solution to consider, and that is
Kernel-based Virtual Machine (KVM). KVM is a hypervisor
that is in the mainline Linux kernel. With KVM, users can run
multiple VMs on unmodified Linux or Windows images. KVM,
just like Xen, can operate with unmodified applications
preventing the re-writing of binary code. That being said, “in
2017 Amazon announced they are moving away from Xen to
KVM” (Clinton, 2017). However, KVM is a type-2 hypervisor
built into the Linux kernel as a module requiring no additional

31. work for the Linux distributors to add KVM. However,
Customers will lose the flexibility to run a bare-metal (type 1)
hypervisor, configure the hypervisor independent of the host
operating system, and provide machine level security as a guest
virtual machine has the potential to bring down the operating
system on KVM (Brockmeier, 2012). I would recommend Xen
open-sourced virtualization solutions for all the aforementioned
reasons, but mainly for hardened security purposed and the
ability to make hyper-call drastically increasing performance.
Reference:
Clinton, D. (2017, November 13). AWS just announced a move
from Xen towards KVM. So what is KVM? Retrieved May 27,
2018, from https://medium.com/@dbclin/aws-just-announced-a-
move-from-xen-towards-kvm-so-what-is-kvm-2091f123991
J Brockmeier, Choosing a Virtualization Platform. (2010, July
12). Retrieved May 27, 2018, from
https://www.linux.com/news/kvm-or-xen-choosing-
virtualization- -text
Citations Check
Confirm that you have stopped and terminated your AWS
instance (e.g. Ubuntu Server deployment).
Upon completion of this assignment, export your file as a PDF

32. and upload to the LEO/Assignments folder.
Week 1 Assignment Template [STUDENT NAME GOES
HERE]
CMIT 495 Current Trends and Projects in Computer Networks
and Security
Week 1 – Virtualization
1. Log in to your newly created AWS account and take a screen
capture of the AWS Management Console (Dashboard) and
embed it below.
2. Provide a detailed overview of the steps required to install
the Ubuntu server operating system on the virtual machine. The
steps may be listed in bullet points or complete sentences. Use
as much space as required.
3. What are the benefits of virtualization in a cloud
environment? Discuss a minimum of three benefits in detail.
4. Based on your experience, what was the most challenging
aspect of installing the Ubuntu server operating systems in the
virtual environment?
5. Launch the terminal and update the Ubuntu Server using sudo
apt-get update and sudoapt-get upgrade. Perform a screen
capture after having each command successfully run. Next,
describe in depth what the update and upgrade commands are
doing (explain why it is important to run these commands, how
often should these commands be run, where do the commands
pull the updates).
6. After successfully installing the Ubuntu Server operating
systems, login via an SSH client. Instructions are provided by

33. Amazon on how to do so. When connected, run the following
commands to obtain information about the host and network
settings:
whoami command
ifconfig command
pwd command
ping www.google.com
Next, perform a screen capture of each of the results and embed
it below.
7. Note the difference between IP addresses—specifically, when
you perform the ifconfig or ipconfig on your personal system,
versus the ifconfig command within the virtual machine
command prompt. Describe the network settings of each system.
Why are the IP addresses different? Are the IP addresses private
or public? What is the difference between a public and private
IP address? Explain in detail.
8. The CTO is fascinated at how easy it was for you to launch
the Ubuntu virtual machine. She is now curious about the
overall costs of doing so for all developers within the
organization. The developers within the organization receive a
new laptop or desktop each year per the refresh cycle.
Specifically, she has tasked you to provide an estimate of yearly
costs using AWS versus the organization refreshing developer
laptops and desktops, given the following information and
constraints.
Organizational Costs for Existing Equipment:
· 35 laptops are refreshed yearly at an average cost of $1,200

34. per machine.
· These laptops have a 90W power supply, but run at 37W.
· 65 desktops (and peripherals) are refreshed yearly at an
average cost of $1,600 per machine.
· These desktops have a 650W power supply, but run at 220W.
· Due to the unique development environment, the laptops and
desktops are not powered off. The average electricity cost for
the organization is $0.15 KWH. Thus, each laptop costs $48.60
to run for a year, and each desktop costs $289.50 to run for a
year.
· Consider all of the aforementioned expenses the organization
incurs when making your recommendation, and be sure to show
your work.
Amazon AWS Costs for Hosting the Virtual Desktop
· The organization would need to replace all of the developer
laptops and desktops with a AWS Linux virtual machine.
· Using the AWS Dashboard Calculator, calculate the cost to
meet the organizational needs given the aforementioned details.
After performing the necessary calculations based on the
organizational requirements,
perform a cost-benefit analysis and provide your
recommendation. Make sure to
summarize your findings and justify your solution.
9. Virtualization allows us to place the functionality of many
servers into a single host while maintaining configurable levels
of separation between all virtual machines. How do you believe

35. virtualization could help in data center consolidation? What
would you be leery about during and after any transition?
10. Does virtualization increase the cybersecurity posture of the
organization? If so, describe how and why. If not, describe how
and why not.
11. There are various virtualization options: bare-metal (type 1)
in which the hypervisors run directly on the hardware as their
own operating systems, and user-space (type 2) hypervisors that
run within the conventional operating systems. Which of these
options is more secure? Describe the vulnerabilities you believe
exist in either type 1, type 2, or both configurations. Given that,
what do you believe can be done to mitigate these
vulnerabilities?
12. Confirm that you have stopped and terminated your AWS
Linux server instance. To confirm, simply type your name
below.
Upon completion of this assignment, export your file as a PDF
and upload to the LEO/Assignments folder.
Essay/Paper Rubric
The following rubric will be used to evaluate your writing
sample. When preparing your document, please
follow the Five C’s of Effective Writing. Make your writing:
Clear, Concise, Correct, Courteous, and

36. Comprehensive.
Excellent
Good
Acceptable
Unacceptable
Score
Content
(40 points
possible)
The essay illustrates
exemplary understanding
of the course material by
thoroughly and correctly:
(1) addressing the relevant
content; (2) identifying
and explaining all of the
key concepts/ideas; (3)
using correct terminology;
(4) explaining the
reasoning behind key
points/claims; and (5)
(where necessary or

37. useful) substantiating
points with several
accurate and original
examples.
(40 points)
The essay illustrates
solid understanding of
the course material by
correctly: (1) addressing
most of the relevant
content; (2) identifying
and explaining most of
the key concepts/ideas;
(3) using correct
terminology; (4)
explaining the reasoning
behind most of the key
points/claims; and (5)
(where necessary or
useful) substantiating
some points with
accurate examples.
(35 points)
The essay illustrates
rudimentary understanding
of the course material by:
(1) mentioning, but not
fully explaining, the
relevant content; (2)
identifying some of the key
concepts/ideas (though
failing to fully or accurately
explain many of them); (3)
using terminology, though

38. sometimes inaccurately or
inappropriately; and (4)
incorporating some key
claims/points, but failing to
explain the reasoning
behind them (or doing so
inaccurately).
(30 points)
The essay illustrates poor
understanding of the
course material by (1)
failing to address or
incorrectly addressing the
relevant content; (2)
failing to identify or
inaccurately
explaining/defining key
concepts/ideas; (3)
ignoring or incorrectly
explaining key
points/claims and the
reasoning behind them;
and (4) incorrectly or
inappropriately using
terminology.
(20 points)
Reasoning
(40 points
possible)
The essay reflects expert
reasoning by:

39. (1) synthesizing material;
(2) making connections
between relevant
ideas/claims/points; (3)
presenting an insightful
and thorough evaluation
of the relevant issue or
problem; (4) identifying
and discussing important
nuances in the relevant
material; and (5)
identifying and discussing
key assumptions and/or
implications.
(40 points)
The essay reflects fairly
strong reasoning by:
(1) synthesizing material,
(2) making appropriate
connections between
some of the key
ideas/claims/points; (3)
accurately evaluating the
issue/problem; and (4)
identifying ad discussing
key assumptions and/or
implications.
(35 points)
The essay reflects basic
reasoning by:
(1) synthesizing some of
the material, though
remains vague and
undeveloped; (2) making a

40. few connections between
ideas/claims/points, but
ignoring or inaccurately
connecting others; (3)
evaluating the
issue/problem at a very
basic/superficial level; and
(4) ignoring assumptions
and implications.
(30 points)
The essay reflects
substandard or poor
reasoning by: (1) failing to
synthesize the material or
doing so inaccurately; (2)
failing to make
connections between
ideas/claims/points or
doing so inaccurately; and
(3) failing to evaluate the
issue or problem.
(20 points)
Writing,
Grammar
and
Mechanics
(20 points
possible)
The essay is clear, and
concise as a result of: (1)
appropriate and precise

41. use of terminology; (2)
absence of tangents and
coherence of thoughts;
and (3) logical
organization of ideas and
thoughts. (4) complete
sentences, free of spelling
errors and uses correct
grammar, (5) follows
correct formatting style,
(6) falls between the
minimum and maximum
page requirement.
(20 points)
The essay is mostly clear
as a result of: (1)
appropriate use of
terminology and minimal
vagueness; (2) minimal
number of tangents and
lack of repetition; and (3)
fairly good organization
(4) complete sentences,
few spelling errors and
grammar mistakes, (5)
follows correct
formatting style with
minimal mistakes, (6)
falls between the
minimum and maximum
page requirement.
(15 points)
The essay is often unclear
and difficult to follow due

42. to: (1) some inappropriate
terminology and/or vague
language; (2) ideas
sometimes being
fragmented, wondering
and/or repetitive; and (3)
poor organization. (4)
incomplete sentences, has
spelling errors and uses
acceptable grammar, (5)
barely follows correct
formatting style, (6) does
not fall between the
minimum and maximum
page requirement.
(10 points)
The essay does not
communicate ideas/points
clearly due to: (1)
inappropriate use of
terminology and vague
language; (2) reliance on
disjointed and
incomprehensible
thoughts and clauses; and
(3) lack of recognizable
organization. (4) no
sentence structure, many
spelling errors and
unacceptable grammar, (5)
does not follow correct
formatting style, (6) does
not fall between the
minimum and maximum
page requirement.

43. (5 points)
Evaluation Criteria
Outstanding: (90-100)
The essay/paper demonstrates superior application of
communication concepts and principles
outlined in the readings and exercises. The assignment does not
contain errors in content,
reasoning, writing, grammar and mechanics.
Above Average: (80-89)
The essay/paper demonstrates above average application of
communication concepts and
principles outlined in the readings and exercises. The
assignment has a few minor content,
reasoning, writing, grammar and mechanics.
Satisfactory: (70-79)
The essay/paper demonstrates satisfactory application of
communication concepts and
principles outlined in the readings and exercises. The
assignment has a moderate number of
errors in content, reasoning, writing, grammar and mechanics.
Poor: (1-69)
The essay/paper has an inconsistent application of
communication concepts and principles
outlined in the readings and exercises and/or has frequent and
serious errors in content,
reasoning, writing, grammar and mechanics.
Incomplete: (0)
The essay/paper was not submitted before the due date and/or

44. was not completed according
to the published instructions.
/100 Total
Accessibility ReportFilename: Current Events Crisis Analysis
Paper Rubric_100_V1.pdfReport created by: Organization:
[Enter personal and organization information through the
Preferences > Identity dialog.]
Summary
The checker found problems which may prevent the document
from being fully accessible.Needs manual check: 1Passed
manually: 1Failed manually: 0Skipped: 1Passed: 28Failed: 1
Detailed ReportDocumentRule
NameStatusDescriptionAccessibility permission
flagPassedAccessibility permission flag must be setImage-only
PDFPassedDocument is not image-only PDFTagged
PDFPassedDocument is tagged PDFLogical Reading
OrderPassed manuallyDocument structure provides a logical
reading orderPrimary languagePassedText language is
specifiedTitlePassedDocument title is showing in title
barBookmarksPassedBookmarks are present in large
documentsColor contrastNeeds manual checkDocument has
appropriate color contrastPage ContentRule
NameStatusDescriptionTagged contentSkippedAll page content
is taggedTagged annotationsPassedAll annotations are
taggedTab orderPassedTab order is consistent with structure
orderCharacter encodingPassedReliable character encoding is
providedTagged multimediaPassedAll multimedia objects are
taggedScreen flickerPassedPage will not cause screen
flickerScriptsPassedNo inaccessible scriptsTimed
responsesPassedPage does not require timed
responsesNavigation linksPassedNavigation links are not
repetitiveFormsRule NameStatusDescriptionTagged form
fieldsPassedAll form fields are taggedField

45. descriptionsPassedAll form fields have descriptionAlternate
TextRule NameStatusDescriptionFigures alternate
textPassedFigures require alternate textNested alternate
textPassedAlternate text that will never be readAssociated with
contentPassedAlternate text must be associated with some
contentHides annotationPassedAlternate text should not hide
annotationOther elements alternate textFailedOther elements
that require alternate textTablesRule
NameStatusDescriptionRowsPassedTR must be a child of Table,
THead, TBody, or TFootTH and TDPassedTH and TD must be
children of TRHeadersPassedTables should have
headersRegularityPassedTables must contain the same number
of columns in each row and rows in each
columnSummaryPassedTables must have a summaryListsRule
NameStatusDescriptionList itemsPassedLI must be a child of
LLbl and LBodyPassedLbl and LBody must be children of
LIHeadingsRule NameStatusDescriptionAppropriate
nestingPassedAppropriate nestingBack to Top