[ Cyber Attack & Ethical Hacking
01a1] Unit 1 Assignment 1
Week 2 –
· Applying Encryption and Hashing Algorithms for Secure Communications (Assignment)
Instructions
To demonstrate your understanding of core concepts and procedures presented in this unit, you are required to complete the Applying Encryption and Hashing Algorithms for Secure Communications lab, linked in the course room.
1. Explain why hash values are an important part of performing a forensic investigation.
2. Do hash values typically change if data is modified? Explain why or why not.
3. List a method of securing message integrity during e-mail communications without encrypting the e-mail.
4. Explain the purpose of the –e switch in the GnuPG command.
5. Compare and contrast MD5sum and SHA1sum hashing algorithms.
6. During the lab, several cryptographic algorithms were used. Name them.
7. Explain what is required to decrypt an encrypted message.
8. Explain the purpose of the –d switch in the GnuPG command.
9. List some ways to create entropy in a GnuPG encryption key.
Refer to the Applying Encryption and Hashing Algorithms for Secure Communications scoring guide to ensure that your work meets the grading criteria for this assignment.
Submit your assignment by midnight Sunday (CST).
Submission Requirements
· Written communication: Writing should be clear and well organized, with no technical writing errors, as expected of a business professional.
· Format: Typed, double-spaced lines.
· Font: Times New Roman, 12 points.
[u02a2] Unit 2 Assignment 2
Web-Based Attacks (Assignment)
Introduction
Cybercriminals have orchestrated a hybrid attack on your city’s municipal website. The Federal Bureau of Investigation (FBI) has asked that the municipal website be taken offline and that infrastructure that supports the website be isolated until a thorough investigation has been completed. You have been asked to create a PowerPoint presentation for senior management to address the problem.
Instructions
In your presentation, you will need to:
1. Describe different types of attack strategies attackers may employ.
1. Evaluate mitigation strategies for each type of attack.
1. Recommend a course of action for addressing the Web attack.
1. Support your presentation with a minimum of four references.
1. Communicate in a manner that is highly professional and consistent with expectations for professionals in the field of information technology.
Your presentation must:
. Include a minimum of 16–18 slides, along with extensive speaker notes (see Submission Requirements, below).
. Address at least eight of the Web-based attack strategies listed below:
. Cross-site scripting (XSS) attack.
. Cross-site request forgery (CSRF).
. SQL injection.
. Code injection.
. Command injection.
. Parameter tampering.
. Cookie poisoning.
. Buffer overflow.
. Cookie snooping.
. DMZ protocol attack.
. Zero-day attack.
. Authentication hijacking.
. Log tampering.
. Directory traversal.
. Cryptographic interception.
. URL interpretation.
. Impersonation attack.
Structure your presentation as follows:
· Title (one slide).
· Introduction (two slides): Identify the problem and list the Web-attack strategies you have chosen to address.
· Main slides (a minimum of eight slides): On each slide, describe one of the possible attack strategies and analyze possible mitigation strategies.
· Recommended course of action (1–2 slides).
· References on the final slide (a minimum of one slide).
Tips for your slide presentation:
· Use the speaker notes to include the information you want to share with your audience. The speaker notes must be coordinated with the information on the slides.
· Be sure to provide APA-formatted citations for your sources.
· Be creative. You can add audio to the presentation if you choose to do so; however, it is not required.
Capella academic integrity standards must be strictly followed.
Submission Requirements
· PowerPoint presentation: Should be clear and well organized, with no technical writing errors, as expected of a business professional.
· Number of slides: 16–18 slides. Information in the slides should be in bulleted list format with a minimum of four bullets per slide.
· Speaker notes: Include a minimum of 100–150 words for each main slide. The information in the speaker notes must contain at least one reference per slide. Double-spaced the lines.
· References: Include a minimum of four recent, peer-reviewed references.
· APA style: References and citations should be formatted using current APA style.
· Font for slides: Times New Roman, 28–32 points.
· Font for speaker notes: Times New Roman, 12 points.
[u02d1] Unit 2 Discussion 1
Cryptography and Vulnerability Management (1-page Discussion)
Introduction
Encryption is used to provide confidentiality, integrity, and non-repudiation, to name a few. Three main types of encryption are symmetric encryption, asymmetric encryption, and hashing algorithms. There are advantages associated with each method and they are often combined to provide the most benefit. Although encryption can be used to increase security, it also requires processing power to perform. Security professionals must carefully balance the cost of encryption versus the risk of not encrypting to determine the most appropriate approach for their environment.
Instructions
You have been working long hours and have been taking work home on an external USB drive. Much of the work you do involves proprietary company information. You place your USB drive in your pocket and head out. On the way to work, you stop by a restaurant to grab a quick bite to eat before another long day. When you get to work you realize the USB drive is no longer in your pocket. You carefully check your car and still cannot find it. You realize you must have dropped it earlier. You go back to the restaurant and the USB drive is not there. The data on the USB drive was encrypted. Do you need to be concerned with losing the USB drive? Does the type of encryption used matter; why or why not?
