Quote for workbook

During this course, there will be several Kahoot challenges placed at the Canvas course site. After you finish the Kahoot challenge, make a screenshot of your “scoreboard” and paste the screenshot here.

In Canvas module 1, download threat quiz.xlsx. Match the threats with corresponding description. Fill in your answer in the following table:

What are the design principles that are opposite to disapproval, destruction, disclosure, corruption, correspondingly? (tip: think about CIA, AAA) Motivate your answer.

________________________________________________________________________

Jane is suspicious that an employee is sending sensitive data to one of the company’s competitors. The employee has to use this data for daily activities, thus it is difficult to properly restrict the employee’s access rights. In this scenario, which best describes the company’s vulnerability, threat, risk, and necessary control?

________________________________________________________________________

Explore cyber security news on the internet, discover a security event that is recently occurred.

a. Where did you find the information, provide (for example) the URL.

________________________________________________________________________

b. Is this event an incident or a breach? How do you determine this?

________________________________________________________________________

c. Describe this event including: vulnerabilities, threats, threat actors, risks, impact, possible security controls, etc.

________________________________________________________________________

Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech’s facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million.

Hunter consulted with flood experts and determined that the facility lies within a 200 year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility.

1. Based on the information in this scenario, what is the exposure factor for the effect of a flood on DataTech’s data center? Explain your calculation.

________________________________________________________________________

2. Based on the information in this scenario, what is the annualized rate of occurrence for a flood at DataTech’s data center? Explain your calculation.

________________________________________________________________________

3. Based on the information in this scenario, what is the annualized loss expectancy for a flood at DataTech’s data center? Explain your calculation.

________________________________________________________________________

Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million.

After consulting with actuaries, data center managers, and fire subject matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years.

1. Based on the information in this scenario, what is the exposure factor for the effect of a fire on the Roscommon Agricultural Products data center? Explain your calculation.

________________________________________________________________________

2. Based on the information in this scenario, what is the annualized rate of occurrence for a fire at the Roscommon Agricultural Products data center? Explain your calculation.

________________________________________________________________________

3. Based on the information in this scenario, what is the annualized loss expectancy for a fire at the Roscommon Agricultural Products data center? Explain your calculation.

________________________________________________________________________

A company has an e-commerce website that carries out 60 percent of its annual revenue. Under the current circumstances, the annualized loss expectancy for a website against the threat of attack is $92,000. After implementing a new application-layer firewall, the new annualized loss expectancy would be $30,000. The firewall costs $65,000 per year to implement and maintain. Would it be wise to take firewall as the risk mitigation control? Why? Explain your calculation.

________________________________________________________________________

The following figure illustrates the steps related to the business continuity plan. What do you think the missing second step is? Why?

________________________________________________________________________

Name five principles for personnel security. For each principle, give an example to explain why such principle is necessary.

________________________________________________________________________

Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations.

1. What civilian data classifications best fit this data?

___________________________________________________________________________

2. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it?

___________________________________________________________________________

3. What type of encryption should you use on the file servers for the proprietary data, and how might you secure the data when it is in motion?

___________________________________________________________________________

The healthcare company that Lauren works for handles HIPAA data as well as internal business data, protected health information, and day-to-day business communications. Its internal policy uses the following requirements for securing HIPAA data at rest and in transit.

1. What encryption technology would be appropriate for HIPAA documents in transit?

___________________________________________________________________________

2. Lauren’s employer asks Lauren to classify patient X-ray data that has an internal patient identifier associated with it but does not have any way to directly identify a patient. The company’s data owner believes that exposure of the data could cause damage (but not exceptional damage) to the organization. How should Lauren classify the data?

___________________________________________________________________________

3. What technology could Lauren’s employer implement to help prevent confidential data from being emailed out of the organization?

___________________________________________________________________________

22

Chris has recently been hired into a new organization. The organization that Chris belongs to uses the following classification process:

1. Criteria are set for classifying data.

2. Data owners are established for each type of data.

3. Data is classified.

4. Required controls are selected for each classification.

5. Baseline security standards are selected for the organization.

6. Controls are scoped and tailored.

7. Controls are applied and enforced.

8. Access is granted and managed.

1. If Chris is one of the data owners for the organization, what steps in this process is he most likely responsible for?

___________________________________________________________________________

2. Chris manages a team of system administrators. What data role are they fulfilling if they conduct steps 6, 7, and 8 of the classification process?

___________________________________________________________________________

3. If Chris’s company operates in the European Union and has been contracted to handle the data for a third party, what role is his company operating in when it uses this process to classify and handle data?

22

___________________________________________________________________________

As shown in the following security lifecycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. Using your knowledge of data roles and practices, answer the following questions based on the NIST framework process.

1. What data role will own responsibility for step 1, the categorization of information systems; to whom will they delegate step 2; and what data Role will be responsible for step 3?

___________________________________________________________________________

2. If the systems that are being assessed all handle credit card information (and no other sensitive data), at what step would the PCI DSS first play an important role?

___________________________________________________________________________

3. What data security role is primarily responsible for step 5?

___________________________________________________________________________

Greg is the security facility officer of a financial institution. His boss has told him that visitors need a secondary screening before they are allowed into sensitive areas within the building. Greg has also been told by the network administrators that after the new HVAC system was installed throughout the facility, they have noticed that power voltage to the systems in the data center sags.

Q1. Which of the following is the best control that Greg should ensure is implemented to deal with his boss’s concern? Why?

A. Access and audit logs

B. Mantrap

C. Proximity readers

D. Smart card readers

Reason: ___________________________________________________________________

Q2. What kind of electric power problem do you think the network administrators are experiencing?

___________________________________________________________________

Q3. Which control that Greg’s team could implement to address the network administrators’ issue?

___________________________________________________________________

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. Of CPTED’s three main components, what is illustrated in the following photo?

___________________________________________________________________

Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company’s physical security program and better align it with the company’s information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.

Mike’s team has decided to implement a list of controls. Indicate which category each of the following control belongs to:

a. Implement new perimeter fences and warning signs against trespassing around the company’s facility.

_______________________________________________________

b. Implement stronger locks on the exterior doors of the new company’s facility

_______________________________________________________

c. Hire and deploy security guards to monitor activities within the company’s facility.

_______________________________________________________

Lenny is a new security manager for a retail company that is expanding its functionality to its partners and customers. The company’s CEO wants to allow its partners’ customers to be able to purchase items through the company’s web stores as easily as possible. The CEO also wants the company’s partners to be able to manage inventory across companies more easily. The CEO wants to be able to understand the network traffic and activities in a holistic manner, and he wants to know from Lenny what type of technology should be put into place to allow for a more proactive approach to stopping malicious traffic if it enters the network. The company is a high-profile entity constantly dealing with zero-day attacks.

Q1. Which of the following is the best identity management technology that Lenny should consider implementing to accomplish some of the company’s needs? And explain why.

A. LDAP directories for authoritative sources

B. Digital identity provisioning

C. Active Directory

D. Federated identity

Reason: _________________________________________________________________________

Q2. Lenny has a meeting with the internal software developers who are responsible for implementing the necessary functionality within the web-based system. Which of the following best describes the two items that Lenny needs to be prepared to discuss with this team? And explain why.

A. Service Provisioning Markup Language and the Extensible Access Control Markup

Language

B. Standard Generalized Markup Language and the Generalized Markup Language

C. Extensible Markup Language and the Hypertext Markup Language

D. Service Provisioning Markup Language and the Generalized Markup Language

Reason: _________________________________________________________________________

Q3. Pertaining to the CEO’s security concerns, what should Lenny suggest the company put into place? And explain why.

A. Security event management software, an intrusion prevention system, and behavior-based Intrusion detection

B. Security information and event management software, an intrusion detection system, and signature-based protection

C. An intrusion prevention system, security event management software, and malware protection

D. An intrusion prevention system, security event management software, and war-dialing protection

Reason: _________________________________________________________________________

Tanya is working with the company’s internal software development team. Before a user of an application can access files located on the company’s centralized server, the user must present a valid one-time password, which is generated through a challenge/response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each and every file. The company is looking to Tanya and her team for solutions to better protect the data that has been classified and deemed critical to the company’s missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure.

Q1. Which of the following best describes what is currently in place? And explain why.

A. Capability-based access system

B. Synchronous tokens that generate one-time passwords

C. RADIUS

D. Kerberos

Reason: _________________________________________________________________________

Q2. Which of the following is one of the easiest and best solutions Tanya can consider for proper data protection? And explain why.

A. Implementation of mandatory access control

B. Implementation of access control lists

C. Implementation of digital signatures

D. Implementation of multilevel security

Reason: _________________________________________________________________________

Q3. Which of the following is the best single sign-on technology for this situation? And explain why.

A. PKI

B. Kerberos

C. RADIUS

D. TACACS+

Reason: _________________________________________________________________________

Perform a mini research on IAM solutions. What do you think the future of IAM will be? What would be the major challenges? What will be the trends and why?

Describe your findings in a one-page report; also include the sources where you get information from.

______________________________________________________________________________

John has been told that one of the applications installed on a web server within the DMZ accepts any length of information that a customer using a web browser inputs into the form the web server provides to collect new customer data. Which of the following describes an issue that John should be aware of pertaining to this type of vulnerability?

A. Application is written in the C programming language.

B. Application is not carrying out enforcement of the trusted computing base.

C. Application is running in ring 3 of a ring-based architecture.

D. Application is not interacting with the memory manager properly.

__________________________________________________________________

Lacy’s manager has tasked her with researching an intrusion detection system for a new dispatching center. Lacy identifies the top five products and compares their ratings. Which evaluation criteria framework most in use today can be used for these types of purposes and why?

___________________________________________________________________________

Frank is responsible for the security of his company’s online applications, web servers, and web-based activities. The web applications have the capability of being dynamically “locked” so that multiple users cannot edit a web page at the same time and overwrite each other’s work. An audit uncovered that although this software-locking capability was properly configured, multiple users were still able to modify the same web page at the same time. What do you think is the reason that causes this problem?

_______________________________________________________________

Different access control models provide specific types of security measures and functionality in applications and operating systems. Explain what model is being expressed in the graphic that follows.

________________________________________________________________________

A multitasking operating system can have several processes running at the same time. What are the components within the processes that are shown in the graphic that follows?

___________________________________________________________________________

When implementing a security solution for mobile devices, what are of primary concerns? Chose two out of the five aspects below, and motivate your answer.

· Obfuscation

· Lower power devices

· Authentication

· Non-repudiation

· Low latency

Stream and block ciphers are the two main types of symmetric algorithms. Explain the difference of these two, and name some examples of the stream ciphers and block ciphers.

Explain what MAC (message authentication code) and HMAC is. Which CIA security requirement(s) can they ensure and how? Which CIA security requirement(s) they cannot ensure and why?

Use Wireshark to start capture the traffic; open your browser and visit a website using HTTPS; then stop capturing traffic in Wireshark.

Observe your captured traffic and explain TLS handshake process. Explain the process and give screenshots of (at least) the following information:

· Client hello

· Cipher suites (symmetric encryption, key exchange, authentication method, hashing)

· Server name

· Server hello

· Cipher suites

· Server certificate

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages.

Q1 When Matthew sends Richard a message, what key should he use to encrypt the message?

___________________________________________________________________________

Q2 When Richard receives the message from Matthew, what key should he use to decrypt the message?

___________________________________________________________________________

Q3 Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce?

___________________________________________________________________________

Q4 When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature?

___________________________________________________________________________

Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

Q1 When the certificate authority (CA) created Renee’s digital certificate, what key was contained within the body of the certificate?

___________________________________________________________________________

Q2 When the certificate authority created Renee’s digital certificate, what key did it use to digitally sign the completed certificate?

___________________________________________________________________________

Q3 When Mike receives Renee’s digital certificate, what key does he use to verify the authenticity of the certificate?

___________________________________________________________________________

Q4 Mike would like to send Renee a private message using the information gained during this exchange. What key should he use to encrypt the message?

___________________________________________________________________________

The IoT Smart Home application shows the power of the IoT as a consumer technology. Home automation has provided many safety and convenience features to the home. However, it has also brought risks. Because the home gateway is exposed to the Internet, hackers could take advantage of weak passwords to take over control of the system. This could actually expose the family to danger rather than keeping it safe.

In this assignment, you will explore the smart home example as an IoT use case. Depending on the application, some data is best processed close to the source. The smart home example takes advantage of fog computing to monitor and act upon the levels of smoke detected in the home.

Background / Scenario

A home owner has been reading about the IoT and is very enthusiastic about the capabilities of home automation IoT systems. The home owner wants to install such a system in his house but does not know how to do so. He has contacted a company that can design and install the system. The company focuses on security throughout the system design, provisioning, and development process. They are currently developing a threat model for the system. You have been hired by the company and your first task is to complete the threat model.

The house is 3500 sq. ft. and includes two stories and an attic. The customers are away from home regularly and have requested the safest house possible. The customer wants to be able to remotely monitor the house and wants the following IoT-supported systems:

· Climate control

· Smoke / fire

· Temperature issues out of the normal range

· Door and window locks

· Lawn watering

· Local alarm and emergency department messaging

The system should be controllable locally and through the cloud. The user should be able to access the controller from a web browser from inside the network as well as remotely through a smartphone app. This will allow the customers to monitor or control the system when they are away.

The system should collect and store data from the remote sensors and various actions should take place based on the input from those sensors. For example, if the temperature goes above the maximum range, it probably means the AC is not working and someone needs to be notified ASAP. If the system detects smoke, the local alarm should sound, and the customer and the fire department should be alerted. Data from the system should be retained and analyzed. In addition, the customer should be able to change the threshold values that trigger different actuators and events as necessary, either locally or through the mobile app. The triggers and behaviors, data analytics, and remote-control access are all available through a home automation cloud application service that the system will interface with.

The home owners should have password protected accounts for access to the system. In addition, the company should have access to system diagnostics in case problems occur with the system. Only the homeowner should have access to the cloud applications.

It is also important to make note of these other details of the house:

· 3 bedrooms, 1 den, 2 baths

· 2 stories and an attic

· 1 main front door and 1 side door entry

· 2 sliding doors to the backyard – one coming from the master bedroom

· 2-car garage

The topology of the smart home is illustrated below:

This use case has been prototyped in Packet Tracer. You can find the packet tracer files needed for this assignment under the module IoT security at the Canvas course site.

Commonly ISPs deliver data and video over a single coaxial cable. Starting from the attic, a coaxial splitter is used to separate the video signal from the data signal.

Two coaxial cables leave the coaxial splitter in the topology shown. Which devices does the coaxial cable connect to?

The cable modem is the interface between the ISP’s network and the home’s network. To which devices does the cable modem connect to?

The Home Gateway acts as a concentrator and router to all internal home devices. It also provides a web-based interface that allows users to monitor and control various smart home devices. Notice that the home devices can connect to the Home Gateway through either a wireless and/or wired connection.

Note: Packet Tracer uses dashed beams to represent wireless connections. However, this can make a topology difficult to understand if too many devices are connected. Because of this, wireless connections have been hidden. To show wireless connections, go to Options > Preferences > Hide Tab > uncheck Hide Wireless/Cellular Connection.

List all home devices connected to the Home Gateway.

The devices in the smart home can be monitored and controlled remotely through any computer in the home. Because all smart devices connect to the Home Gateway which hosts a web-based interface, tablets, smartphones, laptops or desktop computers can be used to interact with the smart devices.

Click the Tablet. (The tablet is located on the bed in the master bedroom).

Navigate to Desktop > Web Browser.

In the address bar, type in 192.168.25.1 and press Enter. This is the IP address of the Home Gateway.

Use admin/admin as username and password to log into the Home Gateway.

What is displayed?

The smart door is currently unlocked (represented by a green light on its door knob) but it can be locked remotely. Click the smart door in the browser to expand the option.

Click Lock to lock the door.

Was the door locked? How do you know?

Click Unlock to unlock the door.

Click the smoke detector in the browser to expand the section. What is the smoke level reading provided by the smoke detector?

Can the smoke detector be controlled?

Smart devices can also be controlled directly, representing physical interaction.

Within the Logical work area of Packet Tracer, hold down the ALT key and click the Smart Coffee Maker to turn it on or off.

The MCU added to the smart home is used to monitor the smoke levels read by the smoke sensor and decide if the house should be ventilated. If the carbon monoxide (CO) levels raises above 10.3 units, the MCU is programmed to automatically open the window, front door, garage door and start the fan in high speed. This action is only reverted (close doors and windows and stop the fan) when the CO levels drop below 1 unit.

The owner keeps a classic car in the garage and needs to be run occasionally. The classic car generates carbon monoxide which raises the levels within the premises.

Click the Tablet located on the bed in the master bedroom.

Navigate to Desktop > Web Browser.

In the address bar, type in 192.168.25.1. This is the IP address of the Home Gateway.

Use admin/admin as username and password to log into the Home Gateway.

Click on the Smoke Detector within the smart home; leave this window visible so you can monitor the smoke levels.

Start the car engine by holding the Alt key and clicking the classic car.

What happens to the air inside the house with the car running inside the garage?

What happens to air inside the house after the MCU opens the doors and window, and start the fan?

Does the MCU close the doors and window, and stop the fan?

While still monitoring the levels, stop the classic car’s engine by holding the Alt key and clicking the classic car.

What happens to air quality inside the house after the engine is stopped?

What happens to the doors, window and fan?

Reflection

What are the potential impacts if a hacker gained access to this system?

___________________________________________________________________

In your opinion, what is the most likely way that a hacker could get into the system?

___________________________________________________________________

How could the system be made more secure?

___________________________________________________________________

You will now complete an inventory of assets by identifying all the physical assets that are part of the home automation network and entering them into the asset table below.

Note: in the following steps, one or two examples are given in red for inspiration purposes. The rows of the tables can be extended as you wish.

Another component of asset management is understanding the network protocols and infrastructure devices that are in use on the network. Fill-in the table that is provided below, which should include all the networks, protocols, and IP devices that are part of the home automation network system. Determine the communication relationships between assets. The network is a collection of things that uses the same protocol. It is not necessary to list each individual IoT device here. Instead, just refer to the wireless sensor-actuator network. This has been filled in for you.

Similar with step 1, use the STRIDE model to create a list of potential threats.

You can create a basic data flow diagram of the system. This will help you to understand the system at a functional level and create trust boundaries that will help with understanding security risks.

You will use your STRIDE tables from the physical, communication, and application layers of the IoT attack surface and apply the DREAD model to create risk metrics for some of the threats. Normally, a threat model would include risk metrics for all of the relevant threats that have been identified, however, for the sake of time, you will work with only some of them.

After creating the risk metrics, you will decide how to respond to the risks using the four Ts risk response model.

In the three previous threat modeling Packet Tracers, you created device inventories and identified vulnerabilities in them using the STRIDE model. The next step is to use a scoring mechanism that allows you to determine and prioritize risk. The DREAD system lets you do this by creating a composite risk metric that consists of scores for the five DREAD risk categories:

· Damage potential - What is the degree of impact on the organization's assets? (1 = low impact, 3 = high impact)

· Reproducibility - How easily can a variety of threat actors reproduce the attack? (always 3 - easy)

· Exploitability - How easy is the attack to execute? (1 = difficult, 3 = easy)

· Affected Users - Who and how many users will be affected? (1 = few, 3 = many)

· Discoverability - How easily can the vulnerability be found? (always 3 - easy)

For the purposes of this Packet Tracer, make the following assumptions. First, because this is a home automation system, assume that all members of the family that live in the home will be affected by any exploit. In addition, it is recommended that the reproducibility and discoverability metrics always be rated as high. Therefore, the metrics Reproducibility, Affected Users, and Discoverability metrics have already been scored as 3 for all vulnerabilities.

In an actual risk assessment, the A metric would not be assumed to be 3. However, it is recommended that R and second D always be rated 3.

Use the following table to grade your previously discovered threats according to the scoring explanation shown above. Normally, every relevant identified threat would be rated. However, for the purposes of this Packet Tracer, you can choose several threats from each of the three elements of the IoT attack surface that we have discussed in this course. Further estimate the likelihood that the risk will occur; score the likelihood as 1 for unlikely and 3 for very likely.

Refer to the four risk treatments in the graphic below or in the PDF version of these Packet Tracer instructions. According to your risk ratings and likelihoods, decide how the risks should be handled.

Finally, any risks that have been identified with a "treat" response (in step 3) need to be mitigated.

21