Objective 1.
Create a network infrastructure design communications document that includes identified hardware components, connections to outside world, identified physical layer connectivity (media) and addressing, including operational and security components in the design.
The NetBroke
This assignment was a hands-on final for the NTW103 course, where the student had to troubleshoot and fix various network issues in a simulated environment. The tasks included fixing a major network outage, resolving connectivity issues for various devices, setting up a new network subnet, adding Wi-Fi, and assigning passwords to the router. The final task was to find a “rogue service” on the network as an optional challenge.
Certificate Services
This lab memorandum documents Monte Gualtiere’s experience installing Certificate Services for the NTW216 course. The lab included configuring Active Directory Certificate Services, creating a new private key, enabling automatic enrollment, creating a new certificate template, and revoking certification. Finally, auditing was enabled for object access, and security settings were checked.
SAN Upgrade
This paper discusses the new upgrades that a company, Me Myself and I, is introducing to its internet infrastructure. The upgrades include a new Storage Area Network system (SAN), modernized servers, and moving the old database servers into the main office. The SAN upgrade will allow the company to treat storage as a collective resource, improving storage capabilities and increasing speed efficiency.
Objective 2.
Install, configure and test security hardware and software tools with supporting documentation such as port scanners, vulnerability detection systems, intrusion detection systems, firewalls, system hardening, anti-virus tools, patch management, auditing and assessment.
Able Image Report
This assignment involved conducting a detailed forensic examination using FTK Imager and Autopsy on an Able Image file provided by the instructor. The report includes identifying the media/device and verifying the integrity of the evidence by hash, as well as a workflow description and screenshots. The case summary describes evidence supporting the alleged crime of running a phishing scam, including a large number of email addresses, IP addresses, and phone numbers found in the User files.
Wireshark
This assignment involves downloading and installing Wireshark. The assignment includes watching a basic tutorial, capturing traffic for 30 seconds and 5 minutes, and identifying and researching 5 protocols. As well as Identifying the number of packets captured and the number of different destinations their computer communicated with. Overall, this assignment provides a hands-on opportunity to understand the intricacies of network traffic and the importance of network protocols.
Objective 3.
Construct, implement and document a script or a program to automate a security- related process or other tasks such as installation, administration, management, mapping resources, logon scripts, patch management, updates, auditing, analysis and assessment.
DeepLens Weapon Tracker
The project aims to develop a prototype using the AWS DeepLens camera to track and identify firearms in open areas, with the goal of alerting school staff and students in case of a potential threat. The proposal includes objectives, tasks, and an evaluation plan, with a focus on innovation and usefulness. This video describes the learning process and the challenges faced during the project.
NMAP Script
This paper outlines the creation of a simple NMAP script that can scan a range of class servers. The script prompts the user for starting and ending IP addresses, uses various methods to scan them, and outputs the results in a single text file. The code utilizes the FOR command and is available on GitHub under the repository name “Project-1.3–NMAP-Script.”
Objective 4.
Create a policy or procedure that addresses events such as: a disaster recovery plan, a business continuity plan, an incident response policy, an acceptable usage document, an information security policy, a physical security policy, assessments or troubleshooting procedures.
BCDR Plan
This paper is divided into 11 phases and covers topics such as the cost of downtime, identifying and prioritizing threats, risk mitigation strategies, insurance information, inventory and contact lists, backup plans for alternate worksites, backing up data, emergency response organizations, evacuation procedures, and planned maintenance. The paper also discusses the advantages and disadvantages of retaining members, approaches for reviewing the plan, and provides references.
Firewall Policy
This assignment discusses firewalls, their capabilities, equipment needed, and a tentative implementation timeline. I suggest adding a second layer of protection by using a dedicated proxy server behind the firewall system to analyze and validate common application protocols such as HTTP. The paper also discusses the equipment and personnel needed for implementation, budget considerations, evaluation systems, benefits, and the importance of maintaining and updating firewall policies.
Objective 5.
Develop a research report or implementation plan concerning legal and ethical best practices and mandated requirements that pertain to information security.
Security Policy
The policy outlines measures that First Bank of Acmeland (FBA) employees, contractors, and third-party service providers must take to safeguard personal and financial information of employees and customers from physical theft, hacking, social engineering, and misuse of company resources. The policy also outlines the consequences for failing to comply with the policy. However, it is important to note that this policy does not address all potential threats to information security, and a comprehensive policy would require input from various stakeholders and regular review and updating to remain effective.
Cyber Stalking
Cyberstalking is a criminal act that involves the use of technology to harass, threaten, or intimidate individuals, and can negatively impact both individuals and society. There are different types of cyberstalking, each with different characteristics and impacts. It is important for individuals to understand the dangers of technology, protect themselves, and report any suspicious activity to the authorities, while society needs to take cyberstalking seriously by developing effective laws and policies to address this growing problem.
Objective 6.
Research, document, test and evaluate several current industry information security based threats, risks, malicious activities, covert methodology, encryption technologies, mitigation techniques or unconventional tactics to prevent loss of sensitive information and data confidentiality, integrity and availability.
Social Enginering
This project involved conducting research on a target, in this case, Professor Aaron Jones, to create a convincing phishing email. The email was crafted to invite Professor Jones to an upcoming anime convention based on his known interest in the topic. The research included looking into sponsorship opportunities and invitation emails used by other companies for similar events. The email was sent from a convincing email address and included a fake link that led to a Rick Roll video. The project aimed to demonstrate the ease with which phishing attacks can be carried out and the importance of being vigilant when receiving unsolicited emails.
System Hardening Lab
This paper outlines ten different steps that can be taken to harden a computer system and make it more secure against potential threats. These steps include creating a non-administrator user account, changing the default password, disabling remote access and file sharing, disabling telemetry, removing unnecessary applications, configuring firewall options, turning on pop-up blockers in the browser, and enabling Microsoft BitLocker encryption. By following these recommendations, users can help to protect their sensitive information and prevent unauthorized access to their system.
Try Hack Me
This paper outlines my experience completing the Try Hack Me assignment. I describe the steps taken to find the hidden directory on the web server, the username, and the password using tools such as nmap, dirsearch, hydra, and a rockyou file system. I also detail how I found the second user and the secondary password using a keyhash.txt file. Overall, the paper provides insight into the process of completing a Try Hack Me assignment and the tools and techniques used to complete the tasks.
Monte Gualtiere 