DeVry SEC 280 All Discussions Latest
DeVry SEC 280 Week 1 Discussion 1 & 2 latest
|Data Breaches (graded)|
Use one of your favorite search engines (preferably www.google.com) and search world’s biggest data breaches.Select at least two of the major data breaches from the list you found and complete the following.
- Explain how they impacted you.
- Many of the breached companies had standard security controls like firewalls and intrusion detection systems. Discuss what was missing in their designs and processes.
- Add other items that you believe organizations should improve on to avoid breaches.
|Data Integrity as Part of CIA Triad (graded)|
Data integrity verifies that data remains unaltered in transit from creation to reception.
- Explain what would happen if we were to remove Integrityfrom the CIA triad.
- Discuss how integrity helps with confidentiality and access control.
- Discuss the overall impact to digital communication without data integrity.
DeVry SEC 280 Week 2 Discussion 1 & 2 latest
|Symmetric Encryption (graded)|
The initial encryption standard developed by NIST was called data encryption standard (DES). DES is too weak for modern applications since the key size is only 56-bit. It was replaced by advanced encryption standard (AES). AES has variable key sizes and can require a key size of 256-bit.
- Discuss if you think AES key size has a direct relationship with algorithm strength.
- Do you think that AES-256 is necessarily better than AES-128?
- How long do you think it would take to launch a brute force attack on AES-128 using a standard computer?
|Asymmetric Encryption (graded)|
Asymmetric encryption is based on the concept of a private key to decrypt and a public key to encrypt. RSA and Diffie-Hellman are two common algorithms used for asymmetric encryption, and they are extremely slow and can be used in limited applications. The key sizes are much larger than symmetric algorithms.
- Explain why asymmetric algorithms, such as RSA and Duffie-Hellman, are relatively slow.
- Discuss why asymmetric encryption algorithms require larger key sizes
DeVry SEC 280 Week 3 Discussion 1 & 2 latest
|Asymmetric Encryption—the RSA Algorithm (graded)|
Asymmetrical encryption uses one key to encrypt and another key to decrypt. The most common algorithm used in applications is the RSAalgorithm. RSAis based on prime numbers.
- Select two small prime numbers and compute Product = (p-1)(q-1)and select a number ebetween 1 and Product.The ethat you computed is a simplified example of a public key. Post your selection and computation.
- The RSA algorithm and most asymmetric encryption are considered slow. Based on your computation, explain why the algorithm is slow.
TLS/SSL is used to secure http traffic on networks. For this post, access a website requiring HTTPS.
- Find and post all the protocols that the site is using (click on the lock on the right end side of your browser menu for IE).
- Find the public key and paste it in your post.
DeVry SEC 280 Week 4 Discussion 1 & 2 latest
|Hashing Algorithms (graded)|
Secure Hash Algorithm is the current hashing standard established by the National Institute for Standard and Technology. It uses a 160-bit hash but lately most organizations are moving toward a 256-bit hash.
- Is a 128-bit hash no longer sufficient for integrity checks?
- Explain the likelihood of a collision in a 128-bit hash. You do not need to explain the mathematics.
|Digital Signatures (graded)|
A digital signature is a technique to validate the integrity and authenticity of a message. The signature provides assurance that the sender is the true sender, and the message has not been changed during transmission.
- What are the similarities between a digital signature and a handwritten signature?
- Differentiate among the three different classes of digital signatures.
DeVry SEC 280 Week 5 Discussion 1 & 2 latest
|Access Controls (graded)|
There are two basic ways to tell if a network or system is under attack. These are with intrusion-detection systems (IDSs) and intrusion-protection systems (IPSs). Discuss how each of these approaches is different. Do not forget to include how network-based and hosted-based systems come into play.
You work for a small bank that has only 11 branches, and you must design a system that gives notice of a possible attack. Discuss what tools can be used, how they can be implemented to protect the bank, and how they can notify the appropriate people when the network comes under attack.
|Application Security (graded)|
- Testing for an unknown is a virtually impossible task. What makes it possible at all is the concept of testing for categories of previously determined errors. The different categories of errors are
- 1.buffer overflows (most common);
- 2.code injections;
- 3.privilege errors; and
- 4.cryptographic failures.
Please evaluate the software engineering, secure-code techniques, and the most important rule that relates to defending against a denial-of-service attack. Here are two types of error categories: the failure to include desired functionality and the inclusion of undesired behavior in the code. Testing for the first type of error is relatively easy.
- Other items we should understand for error opportunities in applications are related to design, coding, and testing. How do we assure that these items are addressed in our software-application development or acquisition?
DeVry SEC 280 Week 6 Discussion 1 & 2 latest
|Attacks and Malware (graded)|
- What are the different ways that malware can infect a computer?
- What malware and spyware protection software do you think is the best and why?
- There are many types of attacks described in the text. Describe the attack and what method you could do to avoid such an attack.
- Many attacks are carried out by groups of hackers. Describe the objectives of some of these groups. What is the difference between white-hat and black-hat hackers?
|Identity Theft (graded)|
- What steps would you take at your current or future job to ensure that personal information, such as human resources or customer information, is not compromised?
- Do companies have a responsibility to disclose identity-theft breaches that occur in their organizations?
- Present a strategy for educating a user about avoiding e-mail risk without saying, “Do not open an e-mail from someone you do not know.” This has been said many times and has failed. Take the time to think outside of the box about how you can get people to think before they act with e-mail.
DeVry SEC 280 Week 7 Discussion 1 & 2 latest
|Mitigating Risk (graded)|
Top management asks you to present a review of the security risks associated with the various servers in the computing infrastructure. Take one of the servers and address three security risks from the least (low risk or moderate risk) to the greatest (high risk) and the kind of risk presented. For instance, if a server is closer to the network perimeter, it is at a higher risk of being compromised by a hacker. This is where it all starts. How do you implement consistent security policies?
|Incident Handling (graded)|
Surprisingly, many of us may be unknowing victims of botnets. Because of the rising sophistication of botnet schemes, your computer can become a zombie along with thousands of other computers that flood a victim’s network and bring down servers. While the attack is going on, the botnet infects the network with spam, viruses, and malware. What are the four simple rules of stopping botnets on your personal PCs?
- What are some of the symptoms that would make you suspicious that your computer has been attacked?
- What part of a security incident should be logged?
DeVry SEC 280 All Discussions Latest