Analyze access controls used to secure information systems (IS).Explore best practices for controlling access to data and systems.
SEC 3302, Advanced IS Security 1
Course Learning Outcomes for Unit IV
Upon completion of this unit, students should be able to:
1. Analyze access controls used to secure information systems (IS).Explore best practices for controlling access to data and systems.
2. Examine encryption types used for the physical security protection of an organization.
2.1 Explain the general principles of security for a network.
Required Unit Resources
Chapter 4: Secure Networks
In order to access the following resource, click the link below. You can access the transcript for the video by
clicking on the three dots below the video on the right, then clicking Open transcript.
Professor Messer. (2021, April 7). Secure networking – SY0-601 CompTIA Security+ : 3.3 [Video]. YouTube.
Unit Lesson
Principles of Secure Networks
Today, employees bring their own electronic devices to work, use personal hot spots, and tether their
cellphones to laptops. How do you keep your corporate network secure in light of all this?
It should be noted that network security, like information technology (IT) security, has to constantly adapt in
response to challenges such as these. As attackers learn more ways of exploiting weaknesses, security has
to learn ways to protect its infrastructure. Basically, as technology improves, security has to keep up. Chapter
4 covers some of the attacks that occur on networks. It also discusses defenses against these attacks. We
cannot cover them all in this lesson, but they are important to learn, so please read the chapter. You are also
encouraged to research further into the topic to learn more.
While the previous unit addressed protecting communications through the use of cryptography, this unit is
more concerned with how networks themselves are maliciously attacked. Messages in modern
telecommunications can be attacked both through their means of conveyance and through the route they
take. A secure network environment must be created that will prevent these attacks. The principles of
availability, confidentiality, functionality, and access control should be utilized to effectuate this security, as
described in the textbook.
UNIT IV STUDY GUIDE
Securing Networks
SEC 3302, Advanced IS Security 2
UNIT x STUDY GUIDE
Title
Because access control is so important, we will return to that subject in Chapter 5. For now, lets jump right
into some of the attacks that networks encounter and how they work.
Denial-of-Service (DoS) Attacks
One consideration when securing a network is that security involves more than just intruders. Securing a
network requires a balance between keeping your system and data secure and allowing users the access
they need. As mentioned above, the first goal of a secure network is availability. Authorized users have to be
able to access their data, services, and applications. Availability can be affected by conditions like poor
coding or the complications that arise when a large site links to a small site and overwhelms the smaller site.
But there are also intentional attacks that impact access. One of the most well-known is the DoS attack, which
can grind a system to a halt and cause an enormous amount of financial damage.
DoS attacks operate by stopping a service, such as a web service, or by degrading service. A service-
degrading attack can be especially damaging because it cannot be easily identified. A slow degradation of
services may not even be immediately recognized as an attack and may cause damage for a long time before
being discovered. Even worse, the entity who is attacked may spend valuable resources upgrading systems
unnecessarily when they see that their service is not allowing sufficient and reliable access to customers.
DoS attacks can be direct or indirect. They may utilize tactics such as flooding, spoofing, or backspatter, and
they may do their damage through the use of intermediaries, bots, and handlers. These concepts are covered
in your readings and should be reviewed.
SEC 3302, Advanced IS Security 3
UNIT x STUDY GUIDE
Title
Unlike other system attacks, DoS and distributed DoS (DDoS) attacks do not focus on stealing
information or other assets. Instead, these attacks are intended to prevent legitimate users from
accessing servers and services by flooding the servers with more traffic than they are set up to
handle so that they become more and more sluggish until they are either unable to respond or they
crash from the overload. DoS attacks may originate from one machine or system; for DDoS attacks,
multiple systems attack the target, as illustrated in the graphic above.
Defending against DoS attacks can be tricky, even when the attacks are detected. We have some tactics that
can get the system out of trouble, though each tactic has its strengths and weaknesses. One defense, known
as blackholing, drops all of the Internet Protocol (IP) packets from an attacker. While this will stop traffic, the
attacker can simply change IP addresses and restart the attack. Even worse, if an attacker knows blackholing
will be done automatically, they can spoof the attack packets from a known, legitimate corporate partner
which will cut off that desired traffic.
Other tactics to fight DoS attacks include validating the handshake and rate limiting, which involves limiting a
certain type of traffic to a reasonable amount. Unfortunately, rate limiting can have the unintended impact of
limiting legitimate as well as illegitimate traffic.
Address Resolution Protocol (ARP) Poisoning
ARP poisoning is an attack that is specific to local area network (LAN) traffic. For the attack to work, the
attacker must have a computer on the local network. ARP tables are manipulated to reroute LAN traffic, which
effectuates an attack on both network confidentiality and functionality. In contrast, remember that DoS attacks
are an attack on the availability of a network.
The attack works by taking advantage of the fact that hosts on the same network have to know each other
before they can start exchanging packets using IP addresses. Hosts thereby build ARP tables, and after
validation, the hosts trust all ARP replies. This opens the door for spoofing, allowing the attacker to
manipulate the tables and create false entries for internal hosts and gateways. The stream of spoofed ARP
replies have to be continuous to keep the tables from self-correcting.
ARP poisoning can be prevented using methods like static ARP tables, which involves manually setting tables
that cannot be dynamically updated. A weakness with this method is that business changes will require a
huge amount of work to manage static ARP and IP tables. Another method would simply be to limit local
access by preventing foreign hosts from operating on the LAN. This is a form of network access control,
which we will now discuss further.
SEC 3302, Advanced IS Security 4
UNIT x STUDY GUIDE
Title
Access Controls
Corporate LANs require protection to ensure confidentiality of data sent across the network, but they must
also provide access controls so that only authorized users are allowed on the network. In modern companies,
an intruder can access wired LANs from a wall jack or Ethernet wires, and wireless LANs can be accessed by
radio through an unprotected wireless access point. After gaining this access, an intruder can use a packet
sniffer to detect, intercept, and read traffic. To prevent this from happening, access controls must be utilized in
both wired (Ethernet) networks and wireless networks.
Ethernet LAN security utilizes standards such as 802.1X (port-based access control), extensible
authentication protocol (EAP), and radius serverseach of which functions in different ways and contains
different authorization, audit, and authentication features. These standards and protocols are detailed in your
Chapter 4 readings.
Wireless networks are often attacked using one of three major attack forms:
1. unauthorized access to the network;
2. an attack using an evil twin, which is also known as a man-in-the-middle attack; or
3. wireless DoS attacks, which are similar to the DoS attacks we discussed earlier in that their main aim
is to negatively impact the availability of a network.
These attacks prevent the host from accessing a wireless network by utilizing tactics such as flooding the
frequency with electromagnetic interference (EMI) or radio frequency interference (RFI). These tactics make
data packets unreadable due to noise, or disturbances in the electrical signal. Another method is to flood the
access point (AP), which would result in the AP using all of its resources to send and receive attack packets
and thereby effectively deny access to any other host. Lastly, attack commands can be sent to APs or clients
that result in a continuous stream of spoofed messages, request-to-send (RTS) frames, or clear-to-send
(CTS) frames that prevent clients from connecting to the AP.
Conclusion
As we stated at the beginning of the lesson, there are clear goals that must be determined when considering
how to secure a networking environment. These goals consist of availability, confidentiality, access control,
and functionality. When dealing with common attacks, such as DoS, ARP poisoning, and attacks on wired and
wireless LANs, one must keep these goals in mind.
Course Learning Outcomes for Unit IV
Required Unit Resources
Unit Lesson
Principles of Secure Networks
Denial-of-Service (DoS) Attacks
Address Resolution Protocol (ARP) Poisoning
Access Controls
Conclusion
Explain the characteristics and complexities associated with assessment and treatment of co-occurring disorders.
Explain the characteristics and complexities associated with assessment and treatment of co-occurring disorders.
Describe challenges associated with the case of Elena.
If you were creating a 30-day treatment plan for Elena, identify two short-term goals based on challenges that Elena is facing. Include an action step that you would include in her treatment plan.
Post your completed Treatment Plan.
Elena is a 44-year-old hearing-impaired Latina female who was admitted to the inpatient treatment facility for alcohol dependence where you are a counselor working with people with addictions. During her admission, Elena expressed reluctance to undergo treatment, stating that her family did not approve of counseling or psychiatric services because they see it as a sign of weakness. During her admission, she began crying and had difficulty stopping. She stated that her husband left her and that her two teenage children were home alone. Elena was inebriated, under emotional distress, and ended up being carried to her assigned room by two staff members.
Your psychosocial intake assessment revealed Elena is also manifesting signs and symptoms of a major depressive disorder. You know that Elena needs help with her alcohol addiction, but you also know that her depression might be a cause or an effect of alcoholism.
Addressing the needs of diverse populations and co-occurring disorders can be a challenging aspect of addiction counseling. This week, you evaluate strategies for addressing the complexities of co-occurring disorders, also known as co-morbid disorders, and you create a 30-day addiction treatment plan for Elena as presented in the case study above.
Write a white paper on a company of your choice and discuss the market segmentation within that industry along with the target market for the company and the selection process for that target market.
Write a white paper on a company of your choice and discuss the market segmentation within that industry along with the target market for the company and the selection process for that target market.
COMPANY CHOSEN IS CHIPOTLE MEXICAN GRILLE
Required Elements:
Include demographic, psychographic, geographic, and behavioral characteristics for the selected company.
A positioning statement for the company with careful consideration of their brand and strategy
es.
Analyze criminal justice issues within the systems of law enforcement, the judiciary, and corrections.
Prior to beginning work on this discussion, please review your body of work throughout your program and the Bureau of Justice Statistics The Justice SystemLinks to an external site. web page. Contemplate your initial perceptions of the criminal justice system and how and why they have changed throughout your program of study. If you have already submitted work to Folio, then you may review it there. However, if you have not, please take a look at the Final Papers and Projects you have completed during your time in the BASCJ program and add your best work to Folio now. Once you have added work to Folio, you may share with the class your portfolio for feedback. You can link your portfolio directly into your initial post.
Next, choose one of the BASCJ program learning outcomes (PLO) below:
Analyze criminal justice issues within the systems of law enforcement, the judiciary, and corrections (PLO 1).
Evaluate the application of the social justice principles of equality, solidarity, and human rights toward building a just society (PLO 2).
Apply knowledge of cultural sensitivity and diversity awareness to social and criminal justice (PLO 3).
Deconstruct the relationship between law enforcement, the judiciary, and corrections (PLO 4).
Interpret the relationship between social justice and criminal justice (PLO 5).
Develop critical perspectives in the study of social and criminal justice by drawing on the fields of criminology, law, philosophy, psychology, science, and sociology (PLO 6).
Provide a detailed assessment of your program of study, correlated to the learning outcome you have chosen.
Evaluate how your course of study developed your skills in accomplishing this program learning outcome.
Examine the challenges you may face in your future career for your chosen program learning outcome.
Support your claims with examples from the required materials from previous weeks, scholarly and /or credible sources, and properly cite any references.
Explain the epidemiologic study design that would be most appropriate to assess and address Smoking And Lung Cancer .
Please the Selected Topic is Smoking And Lung Cancer .
Briefly identify the population health topic (association between a risk factor and a health outcome) you selected. Present a research question based on this topic that you would like to answer in a proposed study. (Consult the Walden Developing Research resource for guidance on crafting a research question.)
Explain the epidemiologic study design that would be most appropriate to assess and address Smoking And Lung Cancer .. Please check the uploaded document
Load manually College data aboveÿ in Excel Sheet and manipulate the data to address the following: 1. Summarize the data using Excel Descriptive Statistics 2. Create a pie-chart for Year in College
Download Week 4-College – Data.pdf
Load manually College data aboveÿ in Excel Sheet and manipulate the data to address the following:
1.
Summarize the data using Excel Descriptive Statistics
2.
Create a pie-chart for Year in College
3.
Create a Histogram for IQ, include Normal distribution density curve.
4.
Make a scatter plot with IQ and x-axis and Exam Grade on y-axis, include trend line.ÿWhat can you conclude?
5.
Make a scatter plot with sex (gender) on the x-axis and IQ on the y-axis, include trend line.ÿWhat can you conclude?
Problem Guide:
1. You will manipulate and analyze data using Excel or SPSS.
2. You will copy charts, graphs, tables, from Excel or SPSS into a Word document.
3. Write a report on your findings in the Word document referencing the charts, graphs, and tables from Excel or SPSS.
The original questions must be typed out as headings, with follow up answers + charts, graphs, and tables in paragraph format, and a summary or conclusion at the end of the paper. Problems have no references limit and must be in APA format.
If you were to do a life review, what successes and regrets would you identify?
CASE STYUDY
COURSE: Psychotherapy:
1.If you were to do a life review, what successes and regrets would you identify?
2.Can you identify a situation in your life where you were stuck and stayed too long?
3.Are there junctures in the therapy sessions presented that you would navigate in a different way as the therapist? If so, what would you do differently?
4.If a person is aware of his or her feelings, how do you think it changes life choices?
PLEASE ANSWER THE 4 QUESTIONS ABOVEÿ
1 PAGE
2-3 REFERENCES
NO PLAGIARISM MORE THAN 10%
DUE DATE JUNE 28,2023
Describe Hybrid Restaurant Requirements
Q1. Describe Hybrid Restaurant Requirements
All requirements must start by naming the Smart System, followed by one of the following three verbs:
must (the solution fails if not provided); will (the answer may fail if not provided); ÿshould (the solution is optional and does not fail if not provided), followed by any other smart system it communicates with, followed by the outcomes expected.
Pls, Add 10 Smart Systems required for a Hybrid Restaurant.
Q2. Write a research paper according to the given template: Paper Requirements.ÿ
Please follow the given instructions and complete the research paper.ÿ
Identify a quality improvement topic you are interested in. Consider causes of decreased patient outcomes related to this topic.
Identify a quality improvement topic you are interested in. Consider causes of decreased patient outcomes related to this topic.
What is the role of the APRN in improving patient outcomes related to this topic?
Discuss benchmarks for monitoring improvement.
Consider causes of decreased patient outcomes related to this topic.
Discuss workforce challenges that may impact patient outcomes related to your topic.
Collecting information about people is part of any program evaluation. What considerations should a program evaluator take to keep the identities of individuals private?
ÿ
Read the articleManaging Marijuana: The Role of Data-Driven Regulationand the following:https://ascend.aspeninstitute.org/an-evidence-based-approach-to-child-support/.What did you find most interesting related to the use of data in the articles and podcasts?
48.Aspx
Podcast: Privacy and Predictions
1. What did you find most interesting related to the use of data in the articles and podcasts?
2. Collecting information about people is part of any program evaluation. What considerations should a program evaluator take to keep the identities of individuals private?ÿWhether it is a needs assessment (Royse, Thyer, and Padgett) or outcome evaluation, how people need, want, and use a program is of immense interest to a variety of political actors. ÿ
Question: What considerations should a program evaluator take to keep the identities of individuals private? ÿ