Running head Cryptography1Cryptography16.docx

Running head: Cryptography 1
Cryptography
16
Cryptography
Aisha Tate
UMUC
August 29, 2019
Hi Aisha
I am puzzled – didn’t we talk about a focused report for a
particular organization? Did you review the table below. Please
continue to work to improve your research skills and find peer-
reviewed/scholarly resources to support your work.
Best wishes,
Dr K
Student Name: Aisha Tate
Date: 18-Sep-2019
This form provides the same classroom instructions in a
checklist form to help students and professors quickly evaluate
a submission

Project 5: Requires the Following TWO Pieces
Areas to Improve
1. Paper
2. Lab Experience Report with Screenshots
1. Paper
IT Systems Architecture
You will provide this information in tabular format and call it
the Network Security and Vulnerability Threat Table
security architecture of the organization
the cryptographic means of protecting the assets of the
organization
the types of known attacks against those types of protections
means to ward off the attacks
Include and define the following components of security in the
architecture of your organization, and explain if threats to these
components are likely, or unlikely:
LAN security
identity management
physical security
personal security
availability

privacy
Then list the security defenses you employ in your organization
to mitigate these types of attacks.
Needs better research and writing skills
Plan of Protection
Learn more about the transmission of files that do not seem
suspicious but that actually have embedded malicious payload,
undetectable to human hearing or vision. This type of threat can
enter your organization’s networks and databases undetected
through the use of steganography or data hiding. You should
include this type of threat vector to an organization in your
report to leadership.
No details on organization or strategy?
Provide the leadership of your organization with your plan for
protecting identity, access, authorization and nonrepudiation of
information transmission, storage, and usage
Data Hiding Technologies
describe to your organization the various cryptographic means
of protecting its assets. descriptions will be included in the
network security vulnerability and threat table for leadership
Basic elements explained
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
4. Block ciphers
5. triple DES

6. RSA
7. Advanced Encryption Standard (AES)
8. Symmetric encryption
9. Text block coding
1. Information hiding and steganography
2. Digital watermarking
3. Masks and filtering
Network Security Vulnerability and Threat Table
Describe the various cryptographic means of protecting its
assets. descriptions will be included in the network security
vulnerability and threat table for leadership
Basic information provided
Access Control Based on Smart Card Strategies
Describe how identity management would be a part of your
overall security program and your CAC deployment plan:

2. Lab Experience Report
Summarizes the Lab Experience and Findings
See note below*
Responds to the Questions
Provides Screenshots of Key Results
Yes
Lab Experience Report Feedback
Cryptography
Introduction
This is a security assessment report on cyber security threats
against varying cryptographic mechanisms, and sets out control
access programs to try to stop/inhibit such security threats for a
property management firm. Within the report, there will be an
overview of the property management firm’s network.
Moreover, I will try to establish the different potential threats
that the company faces. This report will also feature suggestions
for improvement such as the property management company
needs to consider the installation of stored information
protection features, as well as controlling the access of its
employees. Perhaps, the report will also explain the enrollment
of CAC (Control Access Cards) for authentication purposes????.
Then lastly, the report will cover email security and encryption
types that can be used to aid in email security.
IT System Architecture
A distributed system is the network system used within our
company’s offices. The constituents of this system includes

WLAN, LAN and a WAN. The office’s LAN is made up of a
computer network across a small office area. LAN is mainly
used for one purpose within the office: sharing of resources,
which includes printers and data storage infrastructures. These
connections are wired due to physical connections being fast,
they are also characterized for security enhancement. The
purpose of the WAN network is to function as an
interconnection of the office’s LAN for the entire firm. The
primary advantage of this system is that the firm’s agents and
employees can work from different workstations yet have the
access to shared company’s resources (Pirandola, 2015). The
LAN also is also connected to the internet through a firewall to
further, protect the integrity of the firm’s network. All of the
firm’s offices are connected to WLAN, this allows the firm’s
agents to connect there devices (i.e. phones and laptops) to
access to important company resources via the LAN.
LAN security
This is a wireless transmission network that covers a small
network area via private VLANs
Identity management
This is a discipline in it system management that ensure only
the allowed people have access to specific resources and their
intentions are not malicious.
Physical security
It is the installation of policies to physical threats that could
lead to destruction of the organization’s hardware and software
like theft.
Personal security
This involves the personal responsibility of the employees of
the organization to safeguard the systems data and information.
Availability
It’s the state of the organization being readily accessed when
needed.
Privacy
Is the quality of being reclusive in regard to keeping your or the
company’s information confidential

Table 1: components of security system architecture
Types of attacks
A cyber-attack is a deliberate use of codes to manipulate
computer systems and networks in an attempt to manipulate and
compromise the confidentially of certain information (Bennett,
201). Perhaps there are different motivations behind every
cyber-attack, such as political or social motivations. The targets
can also vary, places such as a corporate organization, the
government or an individual might be targeted by malevolent
entities. The important factor is the internet is the main channel
through which this happens. Cybersecurity attacks are carried
out by use of malicious programs like fake websites, viruses,
and unauthorized web access among many other means. The
intention can be either for financial gain or for boosting the ego
of the perpetrator through causing harm to a victim.
From the article, “Types of attacks”, we learn of the examples
and definition of the different types of cyberattacks.
1. Back door attack – this is a type attack where an attacker
takes advantage of the vulnerabilities and flaws of a system
though use of viruses, worms and Trojan horses to gain access
into system after which he sets up a backdoor (Bennett, 2014).
This allows him access to important information without the
administrator realizing.
2. Denial of service. This can be abbreviated as DDoS. Denial
of service attack is carried out by numerous systems relaying
ICMP packets to a server. The objective of this attack is
preventing access to a certain site to due to an overload of
traffic. This type of attack is one most problematic for us, as
agents of a property management firm. The main source of leads
and traffic is the website, where clients get to know our services
and can thereafter reach out. Therefore, sometimes competitors
might want to employ this ill-natured strategy to deter clients
from having the ability to reach out to us.
3. Phishing – This is an attack where something malicious is
sent through the email. At most times, they will send out a link

and request you to click on it (Peikert, 2016). Most times, a link
will be sent in an email requesting that a user click on it these
emails will try to eliminate all sources of suspicion by making
it look as genuine as possible. There are circumstances in which
you might be directed to download something; this could be as
innocuous as antivirus software or downloading a movie. Just as
the other types of security attacks, phishing is another attack a
property management firm can be exposed to if not careful. Our
workstations would be the primary targets of this attack, in the
hopes of deteriorating our network safeguards. Since most of
our server, information contains details on our clients; such
events might lead to the tarnishing of the name of the firm
leading to reduced client flow.
4. Use of SQL – This is a programming language, which
facilitates communication with the database. When an attacker
uses SQL, he or she will send out malicious codes, which will
lead to your database giving out more information than what it
is usually meant to share (Van Tilborg, 2014). The attacker will
do this by taking advantage of the commonly identifies SQL
vulnerabilities.
5. Cross-site scripting. This is abbreviated as XXS. This kind
of attack is targeted at vulnerable websites with weak security
systems for attaining user credentials or other classified
information. Just as the SQL, XXS is also carried out by use of
malicious codes. In XXS, the site is not the primary target but
rather its visitors (Van Tilborg, 2014). As a property
management firm, our clients who have accounts/portals on our
website are the ones who could fall prey of such as attack. This
is because on registration with the firm, a client is required to
submit confidential information about one’s property and
oneself, which is meant to be confidential between the firm and
the client.
Security mechanisms
A security mechanism consists of policies and that are meant to
detect, inhibit or recover from a security threat posed by an
attacker. Example of security mechanism include:

1. Physical security – This is a mechanism that requires
installation of physical barriers to restrict access to crucial
network resources. This can include the installation of RFID
doors and the policy of who is granted access and who is not.
The advantage of this is to prevent mishandling of equipment by
new unskilled agents and to prevent criminal access.
2. Authentication – Authentication means that the information
given by a person on his or her identity is true (Katz, 2014).
These guidelines can be as deep as a three-tiered identification
process requiring a valid password, an active key, and approved
fingerprints before being authenticated. It is widely accepted
that a strong authentication process is one that involves the
incorporation of two or more of the prior mentioned three
authentication procedures. The last means of authentication is
assessment of a certain physical character trait (Katz, 2014)
3. Authorization mechanism – This involves giving the user
access to the network and whichever resource they might want
to retrieve. The administrator of the network is the person
sanctioned with the power to grant access to the network to
approved employees and contractors for the property
management firm. The managing broker of the firm will be
given access to all information on the network. On the other
hand, the agents of the firm will only have access to shared data
and data/information that they themselves have uploaded on
their personal portals in the network.
4. Data encryption – This is the formatting of information in a
way that only the intended person can decode it. This is done to
protect information from being intercepted and read by third
parties who might use the same information for hostile reasons.
This mechanism may come in handy in future efforts to strive
towards an absolute safeguard of customer data.
5. Firewalls – Firewalls enhances security policies by acting as
a boundary of two communicating networks. Use of various sets
of instructions is what is used by firewalls in deciding which of
the incoming traffic will be granted access and which are not.
6. Intrusion detection system and intrusion prevention system –

These security mechanisms are used to inhibit security risks and
prevent occurrence of new ones. An IDS makes use of intrusion
alerts to sense and analyse outbound and inbound network
traffic for suspicious undertakings (Rouse, 2017). In case of an
event of suspicious activity, the IDS kicks the users out of the
network accompanied by a notification to the security personnel
of the potential threat. The IDS works by examining incoming
traffic to reject harmful requests, doing this in tandem with the
IPS as a complimentary. The IPS averts threats by uncovering
malicious packets and blocking these packet carrying IPs and
notifying the security personnel of the incidence. The property
management firm needs to continue utilising both IPS and IDS
in its 24/7 operations to ensure enhanced security of the
network, below is a table showing access points and how they
can be secured.
Protection Plan
Security and protection of client’s information and assets is one
of our top priorities. So far, we have looked at the system
architecture of the property management firm, and the potential
types of cybersecurity needed by the firm, along with the
various types of mechanisms that can be deployed. The next
important step is the formulation of a protection plan, a multi-
tier system that will aid in the firm’s identification process. The
firm’s agents will be provided with personnel security cards, as
well as the installation of retina identification systems at major
access points to the company’s network. Along with the
distribution of the personnel security cards, agents will be
required to devise a PIN, which will be used complimentary to
the cards. These PINS created by the agents will be classified as
sensitive information, as such it will be expected that no one is
to share them with third parties. Moreover, the passwords/PINs
will comprise of numbers, letters, and special characters in
alphanumeric to ensure the stability of the network. A system
administrator will assign a network password to the WLAN and
only a select few of agents with valid credentials will be able to

access it. He will be responsible for making any future changes
when updates to the parameters for protecting the WLAN have
changed. A strong protection plan will ensure that our clients
and agents information and files is protected.
Issuance of CAC will be used to control access to the firm’s
buildings. Besides a strong six-character digit pin, the
company’s agents will have a badge with their picture,
fingerprint, name and the name of the firm on it. Outside the
building, there will be a door system which will require a
person to provide his/her fingerprint or/and the scanning of a
badge. A green light will be accompanied by an “access
granted” feedback while a red light will display “access denied”
based on assessment of a persons’ credentials. All agents will
submit their schedules to the security specialists to be
programmed in the system to ensure security. For example, any
person who randomly shows up on days in which they are not
supposed to be on duty will not be allowed entry into the firm’s
premises. So all the agents will be required to submit their
schedules so that necessary adjustment can be done to the
system to grant you access into the premises. This will be done
within 48hrs. The policy will help deny access to people who
are not supposed to be there. Perhaps, this will not only help
ensure the general security of the firm but also the company’s
personal information. Each team or group of agents will only
have access to files, which they themselves uploaded or has
been granted access to be shared as a part of company
resources. The only person supposed to have access to all files
is the managing broker only. This plan of protection will be set
in place to make sure confidential information of our clients and
agents does not land in the hands of a third party.
Nonrepudiation protections will be ensured by a digital
signature present on the CAC issued to all agents. CAC readers
will be installed on all desks besides the workstations. This will
make sure the information sent and deleted from the network
can be traced to the originator (Lord, 2017). This will help
increase accountability, as no one will be able deny their

culpability if found have done something which has
compromised the security of the network and its information.
Each employee and contractor will be responsible for anything
that happens while logged in through his or her card, PIN or
retina recognition system.???
Cryptography Protection
One of the several ways of encrypting data is called triple DES;
this method involves the application of a block cipher algorithm
to every data block thrice ensuring each block is always
characterized by 64 bits worth of data. As the word ‘triple’
suggests, in triple DES, data is encrypted three time, they major
downside of this process is its lagging speed. However, this
method is considered harder to break than most, making it the
most secure of the methods.
RSA is a public key encryption algorithm. It uses both the
public key and private key in its encryption process. One thing
to note is that both keys are paired, so while the public key is
distributed, the private key is not. The process starts with two
prime numbers, then the multiplication products of those
numbers and finally their exponents. Besides RSA being secure,
it is hard to crack though the encryption process lacks in pace
when encrypting large amounts of data.
Blowfish is another symmetric block cipher, this one makes use
of an adjustable key whose length can range from 32 - 448 bits,
and it can be used for foreign or domestic uses. No patent was
ever made for this cipher and so the licence for the use of this
cipher is free. Of all the bock ciphers, the blowfish is relatively
fast, however, its’ use does requires a key and the management
of said key is not easy.
Twofish, just as the Blowfish, is another type of block cipher
algorithm encryption, the difference being the length of the key
for this method only goes to 256 bits. Additionally, just as
Blowfish, it is not patented hence the availability to all users
for no profit. The advantage of using this type of encryption is
its’ considered swift as block ciphers go and can be used by
bigger CPUs as well as smartcards but because of its huge size,

slowdowns on the system are frequent.
Advanced Encryption Standard (AES) is another symmetrical
encryption algorithm. It constitutes AES 256, AES 192 and AES
128. Because of its symmetrical nature, the key used in its
encryption is supposed to be shared in order to decrypt.
Advanced encryption standard is usually recommended because
it is secure and the fact that it uses varying key lengths in its
encryption (Lord, 2017). One drawback is that the algebraic
structure used for decryption is generally simple and the form
used is uniform across all the blocks.
Use of AES for data encryption in our offices is highly
recommended, considering it is overall a more secure method
compared to other models of date encryption. This is promising
in terms of ensuring security for our clients as well as the firm,
more importantly, clients can securely entrust us with their most
confidential information.
1. Text block coding- This technology involves the coding of
data into bits by use of collective data correcting codes
2. Digital watermarking- This is the concealment of information
within a carrier signal
3. Masks and filtering – This process is used in identification of
which section of the message has been exposed.
DESCRIPTION
The organization’s security architecture
The system comprises of wireless switches, client devices and
Aps, which adds to the network security advantage by acting as
the basis for providing recommendations and improving the
client’s devices.
The organization’s architecture needs to be standardised in
order to it’s through this one can identify the possible
vulnerabilities and the damages the attacks can cause. WLAN
consists of independence, microcells, roaming and
infrastructure

Cryptographic means of protection
Cryptographic is the use of secret codes in writing. The
following requirements are necessary: non-repudiation, privacy,
authentication and integrity.
They include ECC cypher suites, CNG provider model, default
cipher suites and EAS cipher suites. Encryption and decryption
are the primary ways that ensures that there is free data flow
within the organization.
Potential attacks against the protection mechanisms
1. Malware –this is are codes intended to disorient the security
system of the organization with the aim of stealing or
destruction of data
2. Dos attacks- its main intend is disruption of the network but
with the right security measures, it can be prevented.
3. Password attacks- this is are attempts made to crack set
password with the aim of gaining access to a certain
information resource.
Measures to ward of the threats
· Malware attacks can be prevented by installation of strong and
reliable anti-malware software.
· DoS attacks can be prevented by regular update of security
software
· Setting up of hard to crack passwords is the reliable way of
curbing this type of challenge.
Data hiding and encryption technologies
· Shift cipher- it’s a technique where a letter is substituted by
another which is one more according to the alphabets.
· Polyalphabetic cipher- unlike the shift cipher, Polyalphabetic
cipher requires substitution by use of the multiple substitution
alphabets.
· Block cipher- involve an installation of algorithmic functions
which operates within a given intervals.
· Triple des- applies the DES functions of the algorithm 3 times
to the bits of the data within the infrastructure
· RSA is an encryption process meant to ensure secure

transmission of data
· Use of data hiding technologies such as digital watermarking,
masks and filtering and text blocks.
· Use of advanced encryption standard
· Use of symmetric encryption
CAC Deployment Strategy
CAC is a user identification method, which is a card implanted
with a chip containing information relative to the cards
owner???. It has a digital signature that allows the user/owner
to decrypt and encrypt using the card keys. The CAC
deployment plan is meant to give the agents of the firm a
common network access. During the beginning of the day,
agents will use their PINs and cards for access into the firm’s
premises. In the midst of the workday the CAC will only be
necessary when agents want to delete or upload to the network
or if they want to maintain access to the office after normal
working hours. The CAC will not be necessary whenever they
want to use the WLAN, the only necessity in this instance will
be a password. The aim of these measures is to ensure the
security of our clients, as well as the security of our employees
from cyberattacks.
Email Security Strategy
Emails and internal messaging services are the main
communication channels of the property management firm. The
agents update the clients’ information and keep track of the
clients through emails as well. Considering the number of
emails flowing through the network in a day, daytime
cyberattacks makes it easier for an attacker to find a
vulnerability within the network and gain access to important
data. In an attempt to prevent this risk, the firm has put in place
policies to ensure email security. Varying encryption
technologies can be made of use in this process, but the most
efficient method would be to use digital certificates. The
advantage of having digital certificates is that they are hard to

bypass, though access to data cannot be granted in the event a
key is lost. As a measure to ensure higher standards of security,
the digital certificates can be incorporated into all emails
originating for our firm, which will bring about an automatic
encryption of all the emails flowing through the network. (Any
references?)
Conclusion
We have explored the explanation and organization of the
property management firm and looked at the potential
cyberattack threats facing the firm. Moreover, I have also
looked at the various security mechanisms and policies that can
be implemented to prevent and neutralize the attacks. Given the
fact that our firm is a service delivery company, we need to
have all the security systems intact, it would behove the firm to
invest more on security in order to secure the firm’s future
clientele and their investments. As this would lead to an
increased trust between the clients, and us. This will increase
traffic to our website and our firm, and more traffic paves to
way to more profits. To ensure the security of future emails, the
company should use CAC’s steeped with digital certificates.
More attention to our email security is deserved, as this is the
firm’s main channel of communication internally and externally.
In short, strong security features will help our clients have
confidence in our company that we are handling their property
and their security with the respect they deserve.

References
Bennett, C. H., & Brassard, G. (2014). Quantum cryptography:
public key distribution and coin tossing. Theor. Comput.
Sci., 560(12), 7-11.
Cisco Press. (2016, February 09). Retrieved September 9, 2018,
from
http://www.ciscopress.com/articles/article.asp?p=1626588&seq
Num=2
Ledford, Jerri (2018) What is a cyber attack and how to prevent
one? Retrieved from https://www.lifewire.com/cyber-attacks-
4147067
Peikert, C. (2014, October). Lattice cryptography for the
internet. In international workshop on post-quantum
cryptography (pp. 197-219). Springer, Cham.
Peikert, C. (2016). A decade of lattice
cryptography. Foundations and Trends® in Theoretical
Computer Science, 10(4), 283-424.
Lord, Nate (2017) What is a phishing attack? Defining and
identifying different types of phishing attacks. Retrieved from
https://digitalguardian.com/blog/what-phishing-attack-defining-
and-identifying-different-types-phishing-attacks
Pirandola, S., Ottaviani, C., Spedalieri, G., Weedbrook, C.,
Braunstein, S. L., Lloyd, S., ... & Andersen, U. L. (2015). High-
rate measurement-device-independent quantum
cryptography. Nature Photonics, 9(6), 397.
Van Tilborg, H. C., & Jajodia, S. (Eds.). (2014). Encyclopedia
of cryptography and security. Springer Science & Business
Media.
Menegaz, Gery (2012) SQL Injection Attack: What is it, and
how to prevent it. Retrieved from
https://www.zdnet.com/article/sql-injection-attack-what-is-it-
and-how-to-prevent-it/
Merriam-Webster Dictionary. (n.d.). Retrieved September 19,
2018, from https://www.merriam-

webster.com/dictionary/cyberattack
Oppenheimer, Priscilla (2010) Developing Network Security
Strategies. Retrieved from
Num=2
Rouse, Margaret (2017) Ransomware, defend your data with
best practices. Retrieved from
https://searchsecurity.techtarget.com/definition/ransomware
Running Head: WINDOWS AND LINUX 1
WINDOWS AND LINUX 12
Project 2: Operating Systems Vulnerabilities
Aisha Tate
UMUC
August 8, 2019
Hi Aisha
I know you submitted this report before the detailed self
analysis you did last week. Please go through this checklist.
First, work through the lab results, perform the necessary
research and complete the SAR report. The PowerPoint
presentation is the last item to be completed. Review this
checklist and let me know if you have any questions before you
start your work.
Thanks for your continued efforts.
Dr K
Date:6-Sep-2019

a submission
Project 2: Requires the Following THREE Pieces
Areas to Improve
1. Security Assessment Report (including relevant findings from
Lab)
Revise
2. Non-Technical Presentation Slides (Narration Not Needed)
Revise
Revise
1. Security Assessment Report
Defining the OS
Brief explanation of operating systems (OS) fundamentals and
information systems architectures.
Meets expectations
1. Explain the user's role in an OS.
????
2. Explain the differences between kernel applications of the OS
and the applications installed by an organization or user.
Does not meet expectation

3. Describe the embedded OS.
More details needed
4. Describe how operating systems fit in the overall information
systems architecture, of which cloud computing is an emerging,
distributed computing network architecture.
More details needed
Include a brief definition of operating systems and information
systems in your SAR.
Other outstanding information
Need to find better references/ more details – use tables or
graphs
OS Vulnerabilities
1. Explain Windows vulnerabilities and Linux vulnerabilities.
???
2. Explain the Mac OS vulnerabilities, and vulnerabilities of
mobile devices.
Research needed
3. Explain the motives and methods for intrusion of MS and
Linux operating systems.
????
4. Explain the types of security management technologies such
as intrusion detection and intrusion prevention systems.
5. Describe how and why different corporate and government

systems are targets.
Does not meet requirements
6. Describe different types of intrusions such as SQL PL/SQL,
XML, and other injections
Preparing for the Vulnerability Scan
1. Include a description of the methodology you proposed to
assess the vulnerabilities of the operating systems.
Please review project instructionss
2. Provide an explanation and reasoning of how the
methodology you propose, will determine the existence of those
vulnerabilities in the organization’s OS.
3. Include a description of the applicable tools to be used,
limitations, and analysis.
4. Provide an explanation and reasoning of how the applicable
tools you propose will determine the existence of those
vulnerabilities in the organization’s OS.
5. In your report, discuss the strength of passwords
5a. any Internet Information Services'
5b. administrative vulnerabilities,

5c. SQL server administrative vulnerabilities,
5d. Other security updates and
5e. Management of patches, as they relate to OS vulnerabilities.
Vulnerability Assessment Tools for OS and Applications (Lab)
Use the tools' built-in checks to complete the following for
Windows OS (e.g., using Microsoft Baseline Security Analyzer,
MBSA):
1. Determine if Windows administrative vulnerabilities are
present.
2. Determine if weak passwords are being used on Windows
accounts.
3. Report which security updates are required on each
individual system.
4. You noticed that the tool you used for Windows OS (i.e.,
MBSA) provides dynamic assessment of missing security
updates. MBSA provides dynamic assessment of missing
security updates. Scan one or more computers by domain, IP
address range, or other grouping.

5. Once complete, provide a detailed report and
recommendations on how to make your system a more secure
working environment. In this case, a tool such as MBSA will
create and store individual XML security reports for each
computer scanned and will display the reports in the graphical
user interface in HTML.
Please review and share observations in Lab report – Results
and recommendations in SAR
Utilize the OpenVAS tool to complete the following:
See note above
1. Determine if Linux vulnerabilities are present.
2. Determine if weak passwords are being used on Linux
systems.
3. Determine which security updates are required for the Linux
systems.
4.You noticed that the tool you used for Linux OS (i.e.,
OpenVAS) provides dynamic assessment of missing security
updates. MBSA provides dynamic assessment of missing
security updates. Scan one or more computers by domain, IP
address range, or other grouping.
5.Once complete, provide a detailed report and
recommendations on how to make your system a more secure
working environment

3. Presentation Slides
Title Slide
Use of Readable Fonts and Color
Meets requirements
Summarizes Findings and Recommendations at High Level
Update based on your revised SAR report
Summarizes Findings and Recommendations at High Level
Update based on your revised SAR report
Presentation Slides Feedback
Use a table to summarize key findings
Does not meet requirements
Meets requirements

Operating Systems
An operating system is a collection of software that manages
computer hardware resources and provides standard services for
computer programs. Operating systems are the essential
software that runs on computers. They manage the computer's
memory and processes as well as all the software and hardware
activities. It is the OS that allows communication with the
network without knowing how to speak the computer language.
An operating system must be able to manage system resources,
and these include CPU scheduling, Process management,
Memory management, Input/output device management, Storage
device management (hard disks, CD/DVD drives, etc.), File
System Management (Silberschatz, Gagne & Galvin, 2018).
Examples of operating systems include Windows OS, which is
the most widely used over 90% of the world's computer
systems. Another category of the operating system is the Mac
OS X, an operating system used for Macintosh computers such
as the Mac Book Pro laptop series. Although IBM PCs, which
are Windows and Mac Computers, are not directly compatible,
it’s possible to use virtualization t run one operating system on
an incompatible computer. UNIX is a command-line interface
OS developed for large machines and networks. Notably, Linux,
last generation of UNIX, is a free, open-source operating system
that most computers support (Silberschatz, Gagne & Galvin,
2018).
Lastly, most electronic devices use an operating system to
manage their physical components and enhance the development
of applications for use in such instruments. An embedded
(particular purpose) operating system is one that is correctly
configured for a specific operating system. Implicitly, the

operating systems are designed for specific tasks, and they
perform them efficiently. Embedded operating systems are also
called real-time operating system (RTOS). Examples of the
specific-purpose operating system include Apple iOS, Google
Android, Symbian, Blackberry, Palm, and Windows Mobile
operating systems used for personal digital assistants (PDAs)
and mobile phones.
Applications are types of software's that help a computer user to
perform specific tasks. Applications designed for desktops or
laptops are called desktop applications, while those designed for
mobile devices are called mobile apps (Silberschatz, Gagne &
Galvin, 2018). When a user opens an app, it runs inside the
operating system until it is closed. Often, a user runs more than
a single app, which is commonly known as multitasking.
Kernel refers to the core part in the operating system which
manages system resources. Notably, kernel acts as the bridge
between the application and hardware of the computer.
Therefore, kernel applications of the OS are applications that
relate to the management of the system resources and computer
hardware. On the other hand, user applications are applications
that the user (either organizations or individual) installs for
specific purposes (Silberschatz, Gagne & Galvin, 2018). For
instance, user applications include word processors, database
programs, web browsers, and communications platforms.
Lastly, information system refers to the software that helps
organize and analyze data. The fundamental purpose of the
information system is to convert raw data into useful
information for enhanced decision making in the organization.
The four major types of information systems are transaction
processing system (TPS), decision support system (DSS),
management information system (MIS), and executive support
system (ESS) (Silberschatz, Gagne & Galvin, 2018).
Cloud computing has changed how the MIS services providers
and their employees conduct business activities. Cloud
computing refers to the practice of using networks of remote
servers hosted on the internet to store, manage, and process data

into useful information for optimal decision making. Notably, a
cloud operating system manages the operation, execution, and
processes of virtual machines, servers, and infrastructures as
well as backend software and hardware resources. Implicitly, a
cloud operating system is used to enhance information systems
agility in an organization and eradicate the need for local
servers and personal computers.
Vulnerabilities and intrusions
Windows Vulnerabilities
Blue Keep is a vulnerability that exists in various versions of
Windows Operating system, including both the 32-bit and 64-bit
versions and service packs. The versions include Windows
2000, Windows Vista, Windows XP, Windows 7, Windows
Server 2003, Windows Server 2003 R2, Windows Server 2008,
and Windows Server 2008 R2 (Jajodia, 2010).
Blue Keep exists within the Remote Desktop Protocol (RDP) in
the above versions of Ms. Windows's operating systems.
Attackers can exploit BlueKeep to perform remote code
execution on any system that is not protected. This can happen
when the attacker sends specially crafted packets to one of the
Operating System that has RDP enabled within it. Some of the
activities that attacker may perform are adding accounts with
full user rights; viewing, changing, and deleting data, and
installing programs. The Cybersecurity and Infrastructure
Security Agency encourage users and administrators to review
security guidelines and install available measures as soon as
possible (Jajodia, 2010).????? Additional research/Information?
Linux Vulnerabilities
One of the most common vulnerability is CVE-2017-18017,
Linux Kernel Netfilter: xt_TCPMSS,which sits on the Linux
kernel and helps filter network communication by defining the
maximum segment size that permits TCP headers. When an
attacker exploits this vulnerability, they send communications
floods and throw the system offline in denial of service attack.

Another vulnerability is CVE-2017-18202, which lies in the
mm/oom_kill.c file. This file is useful in killing a process when
memory is low. Vulnerability versions of the file can lead to
mishandling of operations as well as opening doors for denial of
service (DoS) attacks.
(Just two vulnerabilities? Please research this topic)
Mac OS and Mobile Device Vulnerabilities
First, Denial of Service (DoS) vulnerability exists within the
Apple or Android operating systems. The underlying purpose of
this attack is to make software resources unavailable for the
tasks it has been designed. DoS vulnerabilities are highest in
iOS than in Android operating systems. (Jajodia, 2010)
Secondly, a bypass something vulnerability makes a given
mobile device vulnerable to a third party evading protection
layer established by the user or the administrator. Both Apple
and Android are focused on limiting the vulnerabilities that
allow hackers to bypass the security process (breach security
protocol) (Jajodia, 2010).????
Furthermore, code execution is a type of security flaw which
allows hackers to bypass authentication and run any code. It can
be triggered remotely and can be used in various scenarios.
Consequently, the attack can happen without the knowledge of
the user.
Data theft is another vulnerability of Mac OS and Mobile
devices. Recently, the security firm. F-Secure unveiled
dangerous firmware exploit that affected almost all Mac and
Windows devices. This vulnerability could lead to data theft,
and even left Macs with FileVault turned on susceptible
(Jajodia, 2010).
Lastly, memory corruption vulnerability is a programming error
in the operating system, which makes the memory of the device
susceptible to hacker's exploitation. The weakness lies in the
memory location of the invention. An attack occurs when the
code is modified, violating the safety of the information stored
in the memory (Jajodia, 2010).
Microsoft and Linus OS intrusion

Intrusion, by definition, is to comprise an operating system by
breaching the security of such system. The act of intruding or
slightly gaining unauthorized access to the OS leaves traces that
can be detected by the intrusion detection system. Intruders use
various methods to gain access to operating systems by
breaching security. One of them is physically breaking through
and robbing away the operating systems from the owner.
Physical intrusion is frequent when the OS is installed in a
device that can easily be stolen (Munson & Elbaum, 2004).????
Asymmetric routing is another method of intruding the
operating system. The attackers utilize more than a single route
to the target device consisting of the desired OS. The idea of
this method is to have an overall attack evade detection by
bypassing specific security codes. Any OS devices that are not
set up for asymmetric routing are impervious to this kind of
intrusion.
Additionally, buffer overflow attack is an approach which
overwrites specific sections of memory and replaces standard
data with commands which, when executed attacks the operating
system. In other words, it's "a popular class of attacks
strategically overburdens that buffer, so the data "overflows"
into other parts of the memory" (Newman, 2019). Often, the
goal for this intrusion is to initiate a denial of service (DoS)
situation. Although, averting an overflow may sound simple, the
practice itself has proven to be a daunting task to achieve,
hence the continuous appearance of the buffer overflow attacks.
This problem recurs due to there being no generic mechanism in
use across languages in use what can perfectly specify such
capacity (Piromsopa & Enbody, 2011)????
Security awareness technologies and system attack targets????
What does this graphic mean?
The intrusion detection system ranges from antivirus to
hierarchical models which checks the traffic of the network.
This can be best described as a network intrusion detection
systems and host-based detection systems. The system is critical

as it helps in the analysis of the traffic that enters the market.
The IDS is classified as signature-based and anomaly-based
detection. A section of the intrusion detection system can detect
intrusions (Wilson & Hash, 2003).
The intrusion prevention system is a network to prevention
technology that determines the traffic, detects and prevents
vulnerability issues. The exploits come in the form of uncertain
applications that are objective to attackers and use it to
punctuate or acquire control of a device. When the exploit has
been successful, the attacker can disable the target application
or can obtain potential access to the rights of the target
applications (Munson & Elbaum, 2004).
Corporate and government systems are the one that faces
significant threats (Baccass et al., 2011). This can be attributed
to their notable high level of information that is of interest to
several people, notably politicians, rival companies, countries,
and groups. Additionally, this information is of high value, and
when they are sold to interested parties, they can fetch high
levels of income.
Types of Intrusions
An SQL injection is an explosion where the attacker can include
the SQL code to the Webform input to acquire access to the
resources. It is linked to an attack where the end-user enters a
system and places special characters and used to corrupt data.
XML injection is an attack that is applied to control or harm the
logic XML application. The infusion can undertake alteration of
logic. It can lead to the placing of harmful content. The SMTP
injection attacks the mail server in a way that would be made
possible without the use of the internet (Munson & Elbaum,
2004).
Vulnerability Results
The following vulnerabilities were identified during the lab:
· There are several Windows administrative vulnerabilities on
the host scanned.
· The following administrative vulnerabilities were found:
· Developer tools, runtimes, and redistributables are missing

security updates
· There were multiple Linux vulnerabilities detected
· Weak encryption and ciphers
· Accounts have passwords with no expiration
· Accounts have blank or weak passwords
· Multiple administrators on a computer
Vulnerability Scanning and Security Assessment Report
Considering the organization utilizes several advanced
technological systems, the majority of the security processes
and strategies can't guarantee that the system is protected from
attack. However, the routers help secure the gateway to the
internet while firewalls secure the network. This is dependent
on the abilities of the staff, the ability to patch as well as
keeping vigilance on the web. Notable from the company
systems, the networks are not well protected from risks that may
arise????. This can be attributed to poor security and inadequate
data protection from the third party. The passwords used are
weak and irregular system updates. The Linux OS was not found
to comprise of any dangers when it came to the virus. However,
there is a need to consider reliable password protection against
the third party.
The Microsoft Baseline Security Analyzer can scan several
computer software. This is effective because it saves time.
Those that have a green check are stated to be secure. It is also
a useful security feature in that it makes sure that the IE and IIS
server is set in the best way. The system is easy to run and
offers stable security features. It is the best way to keep
Microsoft windows features updated. Its essential asset is the
capacity to go above the OS to ferret gaps in several
applications. The OpenVas is the mode of analysis of several
services and tools by giving information on the level of
vulnerability (Baccass et al., 2011). Similar to the MBSA, it is a
system that is easy and reliable for the users.
MBSA is the best tool for system analysis and threat detection
(Wilson & Hash, 2003). The system, though with notable
challenges, has proved to be effective. It allows frequent

security updates as well as focusing on several machines at a go
hence saving time. Notably, risks, as noted from the paper, arise
from inferior password protection methods, unlimited access to
sensitive data in the company, and failing to update system
security mechanisms. This can be resolved by keeping the
systems up to date, restricting access to sensitive data, and use
of strong passwords as well as the use of antivirus. Eventually,
it will help in managing the threats in the company.
Operating systems are the center and nerve system of which
businesses and applications process run off. The role that
operating systems take on is to control hardware resources
within a computer system and are vulnerable to attacks in which
there is missing improper security controls and user account
controls. Due to the popularity of the Windows operating
system, it is the most susceptible to attacks in business and
home users. The vulnerability scans are only one way of
reducing attacks on a system, and vulnerability assessments
require discovery, planning an attack, and reporting to mitigate
risk. By utilizing free tools such as Microsoft Baseline Security
Analyzer and Open VAS, such vulnerabilities can be identified
early on, and remediation can take place.
(Table of key observations, analysis and recommendations?)
References
Baccass, P. et al. (2011). OS X Exploits and Defense: Own
it...Just like Windows or Linux! New York: Syngress.
Jajodia, S., (2010). Cyber Situational Awareness Issues and
Research (pp. 139-154). Springer, Boston, MA.
Munson, J. C., & Elbaum, S. G. (2004). U.S. Patent No.
6,681,331. Washington, DC: U.S. Patent and Trademark Office.
Newman, L. H. (2019, May 14). How Hackers Broke WhatsApp
With Just a Phone Call. Retrieved from

https://www.wired.com/story/whatsapp-hack-phone-call-voip-
buffer-overflow/
Piromsopa, K., & Enbody, R. J. (2011). Survey of Protections
from Buffer-Overflow Attacks. Engineering Journal, 15(2), 31–
52. doi: 10.4186/ej.2011.15.2.31
Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating
system concepts. Wiley.
Wilson, M., & Hash, J. (2003). Building an information
technology security awareness and training program. NIST
Special publication, 800(50), 1-39.
Running head: SECURITY ANALYSIS REPORT 1
SECURITY ANALYSIS REPORT 13
Project 3: Security Analysis Report on Factors that are Likely to
Affect Ombank’s Organizational Information Systems
Infrastructure
Aisha Tate
UMUC
August 26, 2019
Aisha
2nd Submission – Does not meet requirements – one more
submission allowed. Please review the checklist and review
both submissions. Read the project requirements and share an

action plan before you work and submit the last revision.
Thanks for your continued efforts. Here is what you have done
well
· You have focused on an organization and you have tried to
apply the knowledge, skills and abilities you have gained
· You have continued to improve your research skills.
· You have done a good job with your APA formatting Skills
I feel that you did not go through this checklist below. Avoid
using generic graphics from literature especially if they are not
directly pertinent to the discussion. You did a good job with
RAR report. You put much effort with your lab. Leverage
Project 2 and Project 3 lab information in this SAR report.
Please work on the quality of your references – especially in
your RAR and SAR report
Dr K
Date:6-Sep-2019
a submission
Project 3: Requires the Following THREE Pieces
Areas to Improve
1. Security Assessment Report (including relevant findings from
Lab)
See detailed comments below
2. Risk Assessment Report
Meets Requirements – revise
When you update SAR

Continue to improve
Revise and connect with SAR
1. Security Assessment Report
Enterprise Network Diagram
You will propose a local area network (LAN) and
Please research organizations
For network information s
a wide area network (WAN)
define the systems environment,
Meets expectations
incorporate this information in a network diagram.
Discuss the security benefits of your chosen network design.
Needs improvement
Threats
Define threat intelligence and explain what kind of threat
intelligence is known about the OPM breach.
Please find papers and share
Common organizational challenges
differentiate between the external threats to the system and the
insider threats.
?????
entify where these threats can occur in the previously created
diagrams.
Relate the OPM threat intelligence to your organization. How
likely is it that a similar attack will occur at your organization?
Good effort
Identifying Security Issues
Provide an analysis of the strength of passwords used by the

employees in your organization.
Tie in lab results
Are weak passwords a security issue for your organization?
????
Firewalls and Encryption
Determine the role of firewalls and encryption, and auditing
???
RDBMS that could assist in protecting information and
monitoring the confidentiality, integrity, and availability of the
information in the information systems.
Research and share
Threat Identification
Identify the potential hacking actors of these threat attacks on
vulnerabilities in networks and information systems and the
types of remediation and mitigation techniques available in your
industry, and for your organization.
Any research?
Identify the purpose and function of firewalls for organization
network systems, and how they address the threats and
vulnerabilities you have identified.
Update
Also discuss the value of using access control, database
transaction and firewall log files.
Meets expectations
Identify the purpose and function of encryption, as it relates to
files and databases and other information assets on the
organization's networks.
No mention of encryption
2. Risk Assessment Report
Risk and Remediation
Please use more peer-reviewed and scho
And scholarly references in your
RAR

What is the risk and what is the remediation?
Good overview
What is the security exploitation?
Meets expectations
Revise after SAR report is done
Continue to improve
Tie lab observations to
SAR report
Yes
Table of Contents
Introduction 3
Purpose 3
Organization 4
Scope 5
Methodology 6
Data 8
Results 10
Findings 12
References 13
Introduction
Organizational information is the key to success in modern
business environments. In this project, Ombank – a hypothetical
financial organization has been used to demonstrate key
security issues likely to face organizations, as well as the
preparation of a security assessment report. Ombank is a
financial services organization offering financial support to

customers through online assistance and physical consultancy.
The organization is tasked with managing financial resources
for customers who in turn pay for these services. For instance,
customers who seek to find out how feasible their business
ideas are for start-ups, they provide this information to
Ombank, who are going to recommend the best course of action
to take as far as investments, capital, and expenditure are
concerned.
On-site financial consultants provide services to customers who
chose to physically acquire help or services from the
organization. An online helper service facilitates remote
consultancy for customers who need assistance but they are
physically constrained. The customers who prefer online access
are presented by a means of inputting their financial
information, which may be in form of assets or personal
finances. In this Security Analysis Document, we will be
finding out the crucial security risks and vulnerabilities in the
OmBank Organization.Purpose
The purpose of this Security Assessment Analysis is to come up
with possible security concerns for the organization as well as
outlining possible threats to Ombank’s organizational
infrastructure as far as information systems are concerned.
Various I.T infrastructure will be assessed, outlining threats, to
the organizational network, underlying security issues and
overall enterprise threats. Information security is crucial to an
organization’s business viability in accordance with its
predefined goals (Bishop, 2003). Therefore, in this report, the
factors which are likely to undermine the overall business
viability and stability of the organization will be described and
the possible factors which may lead to this unpleasant situation
assessed. Organization
Ombank, is structured in a way that every department is
connected to a local area network. This infrastructure is meant
to offer seamless management policies which improves the

overall business organization, whilst providing a framework for
customer and employee interaction with the information
systems’ infrastructure. The local area network is connected to
the internet through one router and three access points. The
company makes use of technologies such as cloud computing.
This means that the organization makes use of an online cloud
database as opposed to local storage . Customer information is
processed either locally or remotely. The following is a visual
representation of the network architecture (???? Connect with
literature for similar real-life organization)
Ombank’s network is connected in the form of local and wide
area networks. The local area network provides access to the
organizational resources such as servers – which may be
application or network servers, and, at the same time providing
a framework for information sharing, data management, and
traffic congestion management (Fowler et al., 1991).
The organizational architecture is shown below:
Scope
The analysis covers assessment of the infrastructure in the
[company] organization. I.T infrastructure to be checked for
security assessment include: 1) the enterprise network layout or
infrastructure. Several concepts of networking have been
applied in the organizational infrastructure. Issues arising from
platform usage, cloud computing, centralized and distributed
computing as well as programming designs used are
investigated to find flaws, irregularities and vulnerabilities
which may be costly if manipulated. ????
Networking hardware also needs to be subjected to security
tests to affirm that there are no inconsistencies, leakages in
hardware functionality. Network hardware tested include
routers, switches and firewalls. Hardware in network
configurations is often manipulated to gain unauthorized entry
into organizational networks, which may prove costly in terms

of financial losses and data breaches which may affect an
organization’s reputation as well as business credibility (Hoo,
2000). To make sure that these factors are not manipulated,
Ombank requires a full hardware audit and assessment to
exhaustively analyze risks attached to all network hardware.
Moreover, human organization in the organization???? also
needs to be carefully scrutinized to ensure consistency, security
and access in a manner that does not compromise the
information security or pose a threat to the organization.
Nonetheless, organizational policies are also scrutinized to
ensure that no loopholes can be present which may be
manipulated by attacks to compromise data security.
Software applications making use of organizational information
such as databases and network communication too needed to be
probed for loopholes and vulnerabilities. Ernest and Lin (2007)
clearly illustrate that employee behavior is a factor that
mandates for enactment and implementation of organizational
control policies in an aim to protect information systems.
Methodology
Analysis was conducted over a period of six months. The
investigation was conducted on governance policies, human
resource and computer infrastructure. Physical security of
computer components and overall organizational structure was
handled first. This was to ensure that compromise to the
information system infrastructure would not come from physical
external contact, or, unauthorized internal contact (What
standards are appropriate?). This also curbs the problem of
vandalism or breakage.
When physical security is out of question, analysis was done on
authorization access. ????Maintaining the property of physical
security, the organization access policies to hardware was also
scrutinized. This means that only users with particular levels of
access privileges would access to certain components. For
instance, access to network servers and application servers in
the distributed computing environment needs to be restricted
only to the respective administrators. The level of privileges

among all employees was recommended ascertaining that
databases and applications would not be subject to any
manipulation by unauthorized personnel. Moreover, this would
help delegate responsibility to specific people who would
answerable in case of incidents. (Very vague – find case studies
/ scholarly reports for classification of data/access)
Network hardware under investigation was also identified, each
component being give emphasis as a vulnerability would mean a
loophole with heavy risks. The organization uses local area
networks in wireless and wired forms. Both of these
technologies are however connected to similar access points.
The wireless local area network needed to be protected using
the WPA or WPA2 encryption methods. These forms of
password protection are hard to crack or hack as opposed to
WEP encryption. Wi-Fi access points with WEP encryption
were noted down for replacement. The wired network is
connected to the routers through wired access points. These are
in form of switches and hubs. The wired network is made
possible through the use of Ethernet cables, connected to
switches and access points.
Due to the increasingly large size of Ombank’s organizational
layout, local area network access points are heavily distributed
across the organizational premises. During the assessment, it
was crucial to establish whether the Ethernet access is protected
against unauthorized access too, and the level of privileges set
for computers connected to the Ethernet.
Ombanks’s network still makes use of hubs despite being a little
overtaken by time. Hubs do not allow control of traffic as
opposed to switches. These components are becoming obsolete
since one cannot control information being transferred within
the organization. Therefore, employees with malicious
intentions may use this loophole to transmit uncensored
information outside the organization. Marianov et al., (1999)
claim that the use of toxic hubs???? may prompt computer users
into network manipulation to share malicious information due to
lack of network monitoring capabilities. (Please find more

recent papers on network security)
Moreover, the organization makes use of cloud computing. This
means that organizational information is stored in databases
provided by cloud computing service providers as opposed to
local storage. As much as this technology offers security due to
non-interference, study needed to be conducted to ensure how
information is transmitted, whether there is a possibility for
database manipulation by different employee levels.
Programming designs used for software around the organization
also needed inspection to ascertain security of applications and
bugs which may lead to inconsistencies. Object-oriented
approaches are best suitable for security designs due to factors
such as data encapsulation, inheritance and abstraction. Object
oriented designs therefore are important because they are easier
to debug and troubleshoot problems.Data
Data is crucial in a security analysis situation as it helps define
the areas which are susceptible to compromise, and makes
troubleshooting easier. This information provides an overview
of the current organization in question and flaws in any parts of
the data may lead to threats to information security. Data
collected for this assessment was in the following form.
1. I.T Infrastructure information
I. Networks
Network components such as routers, switches and firewalls.
II. Application software
Details about the software used by the organization, including
programming principles used.???? Do you mean secure coding
practices?
III. Database
Information about the organizational database, local and cloud-
based.
IV. Application servers
This information pertains the location of servers, authorized
personnel who access and the security protocols employed.
2. User Information in the organization
I. Authentication policies

Information about password policies, level of authentication and
password management. What are the differences between
Authentication, Authorization and Accounting? Why are these
three important to this organization?
II. Employee information.
Details about all employees in the organization, including
names, salaries and disciplinary reports.
III. Personal identifiable information.
This is information about all people related with the
organization, clients, managers or general employees. This
information includes Identification numbers, phone numbers,
and addresses.
3. Physical layout information
I. Physical security information.
These are all the details pertaining physical security including
number of security personnel, locks and gate passes.
II. Disaster precaution information????.
This includes information relating to how the security is
prepared against calamities such as fires. This includes fire
extinguishers and smoke detection information.
Results
Major threats to the organizational information system was
realized in transaction handling and overall management.
Threats arising from poor infrastructural organizations were
also indicated.
These threats are categorized according to the type; those that
may arise from organizational personnel and those that could be
manipulated by external attackers with malicious intents.
Scenarios of the findings are indicated as follows:
Lack of proper physical security. The organization has
employed security guards for physical security. However, the
infrastructural components could still be accessed by a majority
of employees, including those without proper authorization.
Server rooms need enhanced protection.
Organizational policies not exhaustive. Access Control Polices
(ACP) are not clearly defined and enacted. Majority of the users

use the shared network. However, there are not clearly defined
laws (do you mean policies and procedures?) restricting network
usage access. Access to administrative privileges have been
realized amongst standard users. This is dangerous as it could
easily provoke employees with more knowledge of information
technology systems to manipulate the systems to gain access to
sensitive information. Incident reporting mechanisms in the
organization have also been undermined. Working in such an
organization requires a fast means of giving feedback to the
responsible personnel of even the slightest malfunction in the
computer systems. With this kind of feedback, system
administrators can troubleshoot problems even when they are
far-coming. ????
Furthermore, with the organization access to the internet, it is
easy for employees to take work home, and submit it remotely
to the servers. The Remote Access Policy has not been clearly
defined. This policy requires an organization to set acceptable
standards for connecting to an organization’s network remotely.
The communication policy is partially defined. While it is clear
to employees about the implications of sharing company
sensitive information with outside parties, rules governing the
use of corporate communication services have not been set. An
instance was realized when an employee received an email,
through the corporate means, from an unknown source and still
accessed it from their workstations. Attackers normally use
unsuspecting employees to spread viruses, backdoors and
Trojans through such means.
Use of outdated technologies. Technology, be it hardware or
software becomes obsolete when issues arise pertaining their
usage and security. It was therefore horrifying to find out that
the company still uses outdated technologies such as hubs for
local area connections. Use of hubs poses serious challenges to
administrators as there is no possible way of monitoring or
filtering information being relayed around the organization and
the outside world. Furthermore, some Wi-Fi access points were
found to be using the obsolete WEP encryption method. The

WEP encryption method poses serious dangers of unauthorized
access given how easy it is to crack passwords encrypted with
this technology.
No tie-in with the lab report – Project 2, Project 3 Lab
work?Findings
Threats to overall security were categorized according to the
nature and the impact that would be realized in case of
employment of the vulnerabilities. These included natural
threats, human threats, environmental factors, and threats to
physical security. Natural threats arise due to unintended
environmental factors in the organizational structure. These
may include fire and water damage. An assessment of the
organization showed that the premises is well equipped to
handle such conditions. Fires started intentionally or
unintentionally pose a risk to damage of equipment resulting in
loss of information and cost inflation to the organization.
Human threats in the organization include espionage and
sabotage. The organization hosts a minimum of 200
employees.??? Should be at the start of the report?
Discontentment, dissatisfaction and feuds with management
may pose a risk of sabotage where disgruntled employees may
result in causing intentional damage or compromising
organizational information (Shaw et al., 1998). Human threats
furthermore include vandalism, theft hacking and social
engineering. It was identified that the organization’s employees
are not competent with social engineering schemes. These
include malicious emails which may be used to capture personal
information by hackers. Moreover, organizational data integrity
is prone to being compromised attributing to the fact that
employees have a tendency of taking work away from the
office.
Environmental and physical threats identified include program
errors, unauthorized entry and power outages. The organization
lacks infrastructural uninterrupted power supply systems.
Instead, these devices are located for majority of the

workstations. This however does not rule out the fact that short-
life UPSs are susceptible to malfunction or failure if power
outages prolong for long periods of time.
References
Bishop, M. (2003). What is computer security?. IEEE Security
& Privacy, 1(1), 67-69.
Fowler, H. J., Leland, W. E., & Bellcore, B. (1991). Local area
network traffic characteristics, with implications for broadband
network congestion management. IEEE Journal on Selected
Areas in Communications, 9(7), 1139-1149.
Hoo, K. J. S. (2000). How much is enough? A risk management
approach to computer security. Stanford: Stanford University.
Ernest Chang, S., & Lin, C. S. (2007). Exploring organizational
culture for information security management. Industrial
Management & Data Systems, 107(3), 438-458.
Marianov, V., Serra, D., & ReVelle, C. (1999). Location of hubs
in a competitive environment. European Journal of Operational
Research, 114(2), 363-371.
Shaw, E. D., Ruby, K. G., & Post, J. M. (1998). The insider
threat to information systems. Security Awareness
Bulletin, 2(98), 1-10.
Cloud ServicesInternetApplication
serverWorkstationWorkstationWorkstation
Cloud Services
Internet
Application server
Ethernet
Workstation
Workstation
Workstation
HubWireless Access PointWireless Access pointSwitchWork

StationWork StationWork StationWork StationWork
StationWork StationPDA/SmartphonesServerFirewallRouter
Hub
Wireless Access Point
Wireless Access point
Switch
Work Station
Work Station
Work Station
Work Station
Work Station
Work Station
PDA/Smartphones
Server
Firewall
Router
Running head: Cryptography 1
Cryptography
6

Cryptography
Aisha Tate
UMUC
August 29, 2019
Hi Aisha
You are heading in the right direction. You need to have
specific details correct. Please use this guide and use
scholarly/peer-reviewed articles. You appear to have just
googled the information. Here is the checklist. Create
appropriate tables and use the correct sources. Please see my
notes below.
Best wishes,
Dr K
Date: 7-Sep-2019
a submission
Project 5: Requires the Following TWO Pieces
Areas to Improve
1. Paper
1. Paper
IT Systems Architecture
You will provide this information in tabular format and call it
the Network Security and Vulnerability Threat Table

security architecture of the organization
the cryptographic means of protecting the assets of the
organization
the types of known attacks against those types of protections
means to ward off the attacks
Include and define the following components of security in the
architecture of your organization, and explain if threats to these
components are likely, or unlikely:
LAN security
identity management
physical security
personal security
availability
privacy
Then list the security defenses you employ in your organization
to mitigate these types of attacks.
Plan of Protection
Learn more about the transmission of files that do not seem
suspicious but that actually have embedded malicious payload,
undetectable to human hearing or vision. This type of threat can
enter your organization’s networks and databases undetected
through the use of steganography or data hiding. You should

include this type of threat vector to an organization in your
report to leadership.
Provide the leadership of your organization with your plan for
protecting identity, access, authorization and nonrepudiation of
information transmission, storage, and usage
4. Block ciphers
5. triple DES
6. RSA

Describe the various cryptographic means of protecting its
assets. descriptions will be included in the network security
vulnerability and threat table for leadership
Access Control Based on Smart Card Strategies
Describe how identity management would be a part of your
overall security program and your CAC deployment plan:
See note below*
Yes
· I am puzzled that your payload changed the size of the image
file. You just added a text file? Right? You do not have to

resubmit your Lab file.
Cryptography
Introduction
This is a security assessment report on cyber security threats
against varying cryptographic mechanisms and set out control
access programs to try to stop/inhibit such security threats for a
property management firm. Within the report, there will be an
overview of the property management firm’s network.
Moreover, I will try to establish the different potential threats
that he company faces. The report will also feature the property
management needs to consider installation of stored information
protection features as well as control to access of its employees.
Perhaps, the report will also explain the enrolment of CAC
(Control Access Cards) for authentication purposes. Then lastly,
the report will cover email security and encryption types that
can be used to aid in email security.
It system architecture
A distributed system is the network system used within our
company’s offices. The constituents of this system includes;
WLAN, LAN and a WAN. The office’s LAN is made up of a
computer network. LAN mainly used for one purpose within the
office: sharing of resources which includes printers and data
storage infrastructures. The connection is wired. Besides being
fast, it is also characterised for enhancing security. The
function of WAN is interconnection of the LAN in offices of the
entire firm. The primary advantage of this system is that the
firm’s agents and employees can work from different
workstations yet have the access to the company’s resources
(Rouse, 2017). The LAN also is also connected to the internet
through a firewall. All of the firm’s offices are connected to

WLAN. This allows the firm’s agents to connect there devices
(i.e. phones and laptops) to the company’s LAN hence access of
the internet. Through this, they are able to access to important
resources.
Lab Findings
The lab findings for project 5 involved the utilization of
cryptography; gaining experience and an understanding of
stenography and encryption/decryption. The three stenography
programs used were OpenStego, QuickStetgo and OurSecret in
addition, the two encryption/decryption programs used were
VeraCrypt and AxCrypt. The Security Manager (SM) and the
System Administrator (SA) for the system conducted research
on their own systems to determine which tools they could
recommend to the managers of the organization.
OpenStego was used to hide a secret message inside of a
picture. This allowed the SM and SA to create messages, store
the message in a text file, and lastly, text a file within the
message of an existing image. This process then granted the
message to be extracted from the picture with the payload. The
most distinguished difference between the original image (757
kb) and the image with the payload (1.59 MB), was that the
image was much larger in size with the payload.
The same technique was utilized in the hiding of a secret
message inside of an image was identified when using
QuickStego. The main contrtrast between using QuickStego and
OpenStego was that QuickStego was more of a basic tool in
terms of stenography. QuickStego didn’t grant the SM and SA
access to encrypt or decrypt the payload tex data thats hiddin in
the image. OurSecret included the same capabilities of hiding a
secret message inside of an image, just like OpenStego and
QuickStego. The most obvious distinction was that OurSecret
had the ability to encrypt files hidden in an image, as well as
assign a password that the user would need in order to extract
the hidden files. OurSecret mirrored and mimicked OpenStego
in regards that the file size would be larger if the file contained
a hidden message within an image.

The two encryption/decryption tools that were used during this
lab exercise were VeraCrypt and AxCrypt. While conducting the
OpenStego portion of the lab exercise, it was noted that the SM
and SA tested and used the VeraCrypt encryption/decryption
tool to encrypt directories, drives, or partitions as containers.
Later, those files could generate an encrypted file container,
encrypt a non-system partition/drive and/or encrypt the system
partition or the entire system drive. The SM and SA also used
this tool, to encrypt and decrypt files or folders. It’s noted that
AxCrypt worked as a separate program within its own window,
in addition to fully integrating into Windows Explorer.
To determine which tool would be best for the
organization, the SM and SA discusses which type of message
that needs to be sent and the purpose of the message. OpenStego
would be the best contender due to the fact that you only need
to send an encrypted message hidden inside of another message.
QuickStego would be best recommened if you only needed to
send a hidden message within an image but didn’t need to be
encrypted. If a hidden message needed to be encrypted and
password protected, then the SM and SA would recommend the
use of OurSecret. When it comes to determining which
encryption and/or decryption tool to use, the SM and SA
decides on whether or not they would use VeraCrypt or
AxCrypt. Once this happens, the SM and SA would need to
verify and confirm their decision with the Chief Information
Security Officer (CISO) to discuss the way ahead for the
organization in terms of cryptography. (See Checklist above)
Types of attacks
A cyber-attack is a deliberate use of codes to manipulate
computer systems and networks in an attempt to manipulate and
compromise the confidentially of certain information (Ledford,
2018). Perhaps there are different motivations behind every
cyber-attack. It can be political or social. The internet is the
main channel through which this happens. The targets also
varies. The activity might be targeted towards a corporate
organization, the government or an individual. The

cybersecurity attacks are carried out by use of malicious
programs like fake websites, viruses, unauthorized web access a
mong other means. The intention can be either for financial gain
or boosting of the ego of the perpetrator through causing harm
to the organization.
From the article, “Types of attacks”, we learn of the examples
and definition of the different types of cyberattacks.
1. Back door attack – this is a type attack where an attacker
takes advantage of the vulnerabilities and flaws of a system
though use of viruses, worms and Trojan horses to gain access
into system after which he sets up a backdoor (Oppenheimer
2010). This allows him access to important information without
the administrator realizing.
2. Denial of service. This can be abbreviated as DDoS. Denial
of service attack is carried out by numerous systems relaying
ICMP packets to a server. The objective of this attack is
preventing being to gain access to a certain site they might want
to access. This is the type of attack that is common among us as
agents of a property management firm. The main source of leads
and traffic is the website. This is where clients get to know of
our services and thereafter reach out. Therefore, sometimes the
competitors might want to deploy malicious program to deter
clients from reaching us.
3. Phishing – this is an attack where something malicious is sent
through the email. At most times, they will send out a link and
request you to click on it. Moreover, you might be requested to
download something over the net. When sending out such
emails, they will try to eliminate all sources of suspicion and
make it look genuine. Once you do that, you will have your
system infected. Just as the other types of security attacks,
phishing is also one which a property management firm is
exposed to. Our clients are the primary targets of this attack,
mostly there information on our system. Besides the threat of
our clients losing money there is also the threat of money
laundering. On top of it all, such events might lead to tarnishing
of the name of the firm leading to reduced client flow.

4. Use of SQL – This is a programming language which
facilitates communication with the database. When an attacker
uses SQL, he or she will send out malicious codes which will
lead to your database giving out more information than what it
is usually meant to share (Menegaz, 2012). The attacker will do
this by taking advantage of the commonly identifies SQL
vulnerabilities. (See checklist above)
5. Cross-site scripting. This is abbreviated as XXS. This kind
of attack is targeted at vulnerable websites with weak security
systems for the purpose of attaining user credentials or other
classified information. Just as the SQL, XXS is also carried out
by use of malicious codes. In XXS, the site is not the primary
target but rather its visitors. As a property management firm,
our clients who have accounts/portals on our website are the
ones who could fall prey of such as attack. This is because on
registration with the firm, a client is required to submit
confidential information about his property and himself which
is meant to be between the firm and the client.
Security mechanisms
A security mechanism consists of policies and that are meant to
detect, inhibit or recover from a security threat posed by an
attacker. Example of security mechanism include:
1. Physical security – this is a mechanism that requires
installation of physical barriers crucial network resources. This
can includes installation and locking of doors. The advantage of
this is to prevent mishandling of equipment by new unskilled
agents or even their clients.
2. Authentication – authentication means that the information
given by a person on his or her identity is true. Users have to
undergo a three tier identification process before approval of
the authentication process. The first step involves input of
credentials by user, which are known to him or her. These
includes PINS, private key and passwords, which they
themselves created. The next is provision of a resource they are
expected to have. Provision of a genuine resource means you
pass the authentication step and vice versa. Examples of these

resources are security cards and security tokens. The last means
of authentication is assessment of a certain physical character
trait. A good example is ones fingerprints, voice or patterns of
the retina. A strong authentication process involves
incorporation of two or more of the three mentioned
authentication procedures. The common ones is use of
fingerprint and retina pattern identification.
3. Authorization mechanism – this involves giving the user
access to the network and whichever resource they might want
to retrieve. The administrator of the network is the person
infested with the powers to grant access to the network to only
identified workers of the property management firm. Thereafter
is when they can have access to whichever resource they were
after. The managing broker of the firm will be given access to
all information on the network. On the other hand, the agents of
the firm will only have access to shared data and
data/information that they themselves have uploaded on their
personal portals in the network.
4. Data encryption – this is formatting of information in a way
that only the intended person can decode it. This is done to
protect information from read by third parties who might use
the same information to harm the firm. Perhaps this is a
mechanism that than come in handy in our efforts to ensure
customer data security.
5. Firewalls – firewalls enhances security policies by acting as
boundaries of two networks. Use of various set of instructions is
what is used by firewalls in deciding which of the incoming
traffic will be granted access and which wouldn’t.
6. Intrusion detection system and intrusion prevention system –
these security mechanisms are used to inhibit security risks and
prevent occurrence of new ones. An IDS makes use of intrusion
alerts to sense and analyse outbound and inbound network
traffic for suspicious undertakings (Rouse, 2017). In case of
event of a suspicious activity, the IDS kicks the uses out of the
network accompanied by a notification to the security personnel
of the potential threat. The IPS is a complimentary of the IDS.

The IDS works by examining incoming traffic to reject harmful
requests. The IPS averts threat by uncovering malicious packets
and blocking threat carrying IPs and notifying the security
personnel of the incidence. The property management firm
needs to continue utilising both IPS and IDS in its 24/7
operations to ensure enhanced security of the network. Below is
a table showing the access points and how they can be secured.
Protection plan
Security and protection of client’s information and assets is one
of our top priorities. So far we have taken a look at the IT
systems of the architecture of the property management firm.
We have looked at the potential types of cybersecurity faced by
the firm and the various types of mechanisms that can be
deployed. The next important step is formulation of a protection
plan. A multi-tier system will be used to in the firm’s
identification process. The firm’s agents will be provided with
security cards and retina identification systems will be installed
at all major access points to the company’s network.
Alternative, one of this will be used in complementary with use
PINs. Given the fact that it’s the agents who will come up with
these passwords, they will not be expected to share them with
third parties. Moreover, the passwords/PINs will comprise of
numbers, letters, special characters and alpha-numeric to make
sure they are not easily cracked. A network password will be
assigned to the WLAN and only a given agent will be able to
access it. He will be responsible for making any necessary
changes when needed to the WLAN. A strong protection plan
will ensure that our clients and agents information and files is
protected. (please see checklist above)
Issuance of CAC will be used to control access to the firm’s
buildings. Besides strong six character digit pin, the company’s
agents will be have a badge with their picture, fingerprint, name
and the name of the firm on it. Outside the building, there will
be a door system which will require a person to provide his/her
or and the scanning of the badge. A green light will be

accompanied by an “access granted” feedback while a red light
will display “access denied” based on assessment of a persons’
credentials. All agents will submit their schedules to the
security specialists to be programmed in the system to ensure
security. For example a person who randomly shows up in days
which he or she is not supposed to be on duty will not be
allowed entry into the firm’s premises. So all the agents will be
required to submit their schedules so that necessary adjustment
can be done to the system to grant you access into the premises.
This will be done within 48hrs. The policy will help deny
access to people who are not supposed to be there. Perhaps, this
will not only help ensure the general security of the firm but
also the company’s personal information and conversations.
Each team or group of agents will only have access to the files
which they themselves uploaded. That is, there personal files on
their private portals. The person supposed to have access to all
files is the managing broker only. This plan of protection will
be set in place to make sure confidential information of our
clients and agents does not land on a third party.
Nonrepudiation protections will be ensured by a digital
signature present on the CAC issued to all agents. CAC readers
will be installed on all desks besides the computers. This will
make sure the information sent and deleted from the network
can be traced to the originator (Lord, 2017). This will help
increase accountability. No one will deny of having done
something which compromised the security of the network and
its information because he/ she will be under watch on his or
her workdays. Therefore a person will be responsible for
anything that happens while he/she is logged in through his
card, PIN or retina recognition system.
Cryptography protection
(Symmetric Versus Asymmetric???)

Encryption Technologies – Make a simple table
4. Block ciphers
5. triple DES
6. RSA
One of the several ways of data encryption is triple DES. This
method involves application of block cipher algorithm to every
data block thrice. Each block is always characterised by 64 bits
worth of data. As the word ‘triple’ suggests, in triple DES, data
is encrypted thrice. One con is that is slow. However, on the
other hand, it is hard to break and hence more secure.
RSA is a public key encryption algorithm. It uses both the
public key and private key in its encryption process. One thing
to note is that both keys are paired. Moreover, while the public
key is distributed, while the private key isn’t. The process start
with two prime numbers, then products and finally the
exponents. Besides RSA being secure, it is also hard to crack.
On the other hand, the encryption process might be very slow
especially when encrypting large amounts of data.
Blowfish is another symmetric block cipher which makes use of
an adjustable key length ranging from 32-448 bits.it can be used
for exportable or domestic. No patent is made against it and
hence the licence is free. Of all the bock ciphers, the blowfish is
relatively fast. However, its use requires a key and management
of a key is not easy.
Twofish, just as the blowfish is block cipher algorithm

encryption. Its key goes up to 256 bits. Additionally, just as
blowfish, it is not patented hence availably free for use. Its pro
is that it is relatively fast as a block cipher and can be used by
bigger CPUs as well as smartcards. Because of its huge size,
slowdowns on the system are frequent.
Advanced Encryption Standard (AES) is another symmetrical
encryption algorithm. It constitutes AES 256, AES 192 and AES
128. Because of its symmetrical nature, the key used in its
encryption is supposed to be shared in order to decrypt.
Advanced encryption standard is recommended because its
secure and the fact that it uses varying key lengths in its
encryption (Lord, 2017). Its one con is that the algebraic
structure it uses is simple and the form used is uniform across
all the blocks.
I would recommend use of AES for data encryption in our
offices. I consider it secure compared to other modes of date
encryption and hence promising in terms of ensuring security
for our clients as well as the firm. Perhaps that is why the
security protocol is common. Most importantly, clients entrust
us with most confidential information. Breaking of the trust
would lead ruining of the reputation that the company has tried
so hard to uphold. Perhaps this will lead to lose of clients.
CAC Deployment Strategy
CAC is a user identification method. The CAC is basically a
card implanted with a chip containing information regarding its
owner. It has a digital signature that allows the user/owner to
decrypt and encrypt using the card keys. The CAC deployment
plan is meant to give the agents a common network access
method. The CAC will not be necessary whenever they want to
use the WLAN. A password is all they will need. The only time
the CAC will be necessary is when they want to delete or upload
to the network and when they want to access the office after
normal worktime hours. But during the day, the agents will use
the PINs and cards for access into the firm’s premises. The aim

of the measure is to ensure security of the clients as well as the
agents from cyberattacks.
Email security strategy
Emails and internal messaging services are the main
communication channels of the property management firm. The
agents update the clients’ information and keep track of the
clients through emails as well. Considering the number of
emails flowing through the network in a day, it makes it easier
for an attacker to find a vulnerability within the network and
gain access to important data. In an attempt to prevent this risk,
the firm has put in place policies to ensure email security.
Varying encryption technologies can be made use of in the
process but the most efficient method would be use of digital
certificates. The advantage of using digital certificates is that
they are hard to bypass. However you will not have access to
data in the event of loss of the key. As a measure to ensure to
ensure more security, the digital certificates can be incorporated
into the firm’s agent’s emails which will bring about an
automatic encryption of all the emails flowing through the
firm’s network. (Find References and specific information??)
Conclusion
We have explored the explanation and organization of the
property management firm and looked at the potential
cyberattack threats facing the firm. Moreover, I have also
looked at the various security mechanisms and policies that can
be implemented to prevent and neutralize the attacks. Given the
fact that our firm is a service delivery company, we need to
have all the security systems intact. I would urge the firm to
invest more on security in order to secure the firm’s
transactions. The investment would lead to increased
trustworthiness between us and the clients hence increased
traffic. To ensure security of emails, the company should use
CACs stepped up with digital certificates. More attention should
be given on the same considering it’s the firm’s main channel of

communication. All in all, strong security features will help our
clients have confidence us hence feel safe while we are
handling their property.
References – Please see our discussions about peer-reviewed
references and scholarly articles
Cisco Press. (2016, February 09). Retrieved September 9, 2018,
from
Num=2
Ledford, Jerri (2018) What is a cyber attack and how to prevent
one? Retrieved from https://www.lifewire.com/cyber-attacks-
4147067
Lord, Nate (2017) What is a phishing attack? Defining and
identifying different types of phishing attacks. Retrieved from
https://digitalguardian.com/blog/what-phishing-attack-defining-
and-identifying-different-types-phishing-attacks
Menegaz, Gery (2012) SQL Injection Attack: What is it, and
how to prevent it. Retrieved from
https://www.zdnet.com/article/sql-injection-attack-what-is-it-
and-how-to-prevent-it/
Merriam-Webster Dictionary. (n.d.). Retrieved September 19,
2018, from https://www.merriam-
webster.com/dictionary/cyberattack
Oppenheimer, Priscilla (2010) Developing Network Security
Strategies. Retrieved from

Num=2
Rouse, Margaret (2017) Ransomware, defend your data with
best practices. Retrieved from
https://searchsecurity.techtarget.com/definition/ransomware

Running head Cryptography1Cryptography16.docx

Recommended

Recommended

More Related Content

Similar to Running head Cryptography1Cryptography16.docx

Similar to Running head Cryptography1Cryptography16.docx (14)

More from healdkathaleen

More from healdkathaleen (20)

Recently uploaded

Recently uploaded (20)

Running head Cryptography1Cryptography16.docx