cryptography

 After reading chapter 4, evaluate the history of the Data Encryption Standard (DES) and then how it has transformed cryptography with the advancement of triple DES. 

Propose the necessary

Propose the necessary network interconnection materials ( material 1 material 2 and material 3) and briefly justify your choice.

Propose a possible IP addressing for the material 3. 

CVE vs NVD

  

CVE vs NVD

Description: In this project, you will explore both CVE and NVD.

Submission: Answer the following questions and upload to the Blackboard Assignments tab.

Vulnerability feeds are available to provide updated information to scanning software about the latest vulnerabilities. One of the most highly regarded vulnerability feeds is the Mitre Common Vulnerabilities and Exposures (CVE). 

1. Open your web browser and enter the URL https://cve.mitre.org/.

2. Hover over About and click on About CVE

3. This page gives a brief overview of CVE. Read through the information regarding CVE. 

a) In your own words, how would you describe it? How does it work? What advantages does it provide?

4. Next Hover over About, click FAQs, and click on CVE Records

a) Describe the three elements that make up a CVE Entry.

Now that you have a better idea of what the CVE list is designed for let’s use it to cross-reference a current security situation in the United States. The SolarWinds massive security hack took place throughout 2020. This attack compromised thousands of US government-owned systems, among countless other systems where the software was integrated.

SolarWinds has been a highly valued company for many years and is known for some of the best Network Management software on the market. SolarWinds is a top performer in their field. The Orion platform, which they produce, is designed to manage many different infrastructure areas under the hood of a single piece of software. Orion is what was in the heat of the controversy. The SolarWinds actual supply chain was compromised, and a nation-state threat actor was able to insert a modified .dll file into their source code repository. When updates got pushed out to their users, the infected files were then brought over to systems worldwide.

At that point, the remote attacker could bypass authentication and execute API commands on the software. Linked below is a high-level overview of how the attack took place. I recommend reading the article, it’s very interesting. 

https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack

Search for the SolarWinds Orion vulnerability in the CVE database.

5. Navigate back to the CVE Mitre site and scroll up to the top of the page. Click Search CVE List.

6. Search “SolarWinds Orion” to display the CVE entries.

7. Locate CVE-ID: CVE-2020-10148 and click into it. The CVE will provide a brief overview of the vulnerability and provide references supporting its release. A lot of the time this will be an official statement provided by the company.

8. Under References click on “CONFIRM:https://www.solarwinds.com/securityadvisory” to read more about the advisory notice released by SolarWinds along with fixes. 

9. Navigate back to the SolarWinds CVE record. Notice next to the CVE-ID it says, “Learn more at National Vulnerability Database (NVD)” This is where you can find more detailed information and version numbers of the software that has been affected. Click on the “Learn more at National Vulnerability Database (NVD)” to view this database and how it relates to the CVE.

The National Vulnerability Database (NVD) is managed by the U.S. government as a repository for security checklists, vulnerability management data, software flaws, misconfigurations, product names, and their impacts. This data enables automation of vulnerability management, security measurement, and compliance.

10. Navigate to the National Vulnerability Database home page. https://nvd.nist.gov/ 

11. Click the plus sign next to General.

12. Click FAQ.

13. Click General FAQs.

14. Read through the material. 

a) In your own words, how does the Mitre CVE compare with the NIST NVD? 

b) When would you use the CVE? 

c) When would you use the NVD? 

d) How frequently is the NVD updated? 

15. Return to the home page and again click the plus sign next to General.

16. Click NVD Dashboard to view the latest information. 

a) Do the numbers surprise you? 

b) How does the number of vulnerabilities under the score distribution compare? 

c) How many CVEs were received and processed today?

17. Scroll through the Last 20 Scored Vulnerability IDs & Summaries. 

a) Have you heard of any of these vulnerabilities? 

18. Return to the home page and again click the plus sign next to General.

19. Click Visualizations to display graphical information.

20. Click Vulnerabilities – CVE.

21. Click Description Summary Word to display a bar graph of the most common words used as part of a vulnerability description. Hover over the three highest bars to view the three most frequent words used. 

a) List the top three most frequently used words in a vulnerability description.

22. Return to the NVD Visualizations page: https://nvd.nist.gov/general/visualizations. Click Products – CPE. 

a) Which vendor has the highest number of total products that appears in the NVD? 

View other vendors by hovering over the bars. 

a) What do you find interesting about this distribution?

23. Return to the home page. https://nvd.nist.gov/ and click the plus sign next to “Other Sites”.

24. Click Checklist (NCP) Repository.

25. This page displays a form you can use to search for checklists, benchmarks, and secure configuration guides. This repository provides guidance on applying these security configurations and best practices to operating systems and applications. 

Now let’s look at the Department of Defense (DOD) recommend best practices for applying and modifying Group Policy Objects on Windows Server 2019. 

Group policy is what defines user/computer configurations and security access of an operating system. These group policy objects (GPOs) control what the computer is allowed to do and what the user is allowed to do in the OS. 

26. Click the target dropdown box and select Microsoft Windows Server 2019. Click search

27. Under resources click on Group Policy Objects (GPOs)- July 2022.

28. Download the check list resource and unpackage the zip file by double clicking on it. Open the folder.

29. Open the DoD Windows Server 2019 MS and DC v2r4 folder. Open Reports folder.

30. Open: DoD Windows Server 2019 Member Server STIG Computer v2r4.html

31. Under Computer Configuration expand Security Settings expand Account Policies/Password Policy. This is the recommended password guidance for the most secure environment. It shows the recommended length and setting that should be applied to Windows Server 2019. This is just one example of many thousands of GPOs that can be imported into any OS. By adopting and applying these policies to an operating system, you are creating a more secure environment. 

32. Finally navigate the GPO list and find three other policies you find important from this list.

a)  

b)  

c)  

33. Close all windows.

CS

    

We will be building a class (e.g., CS_Trivia) to manage the data structures mentioned. You must have the following functions; the information that these functions need to work with should be passed as an argument. For example, to add a new trivia question and answer, the information about the item should be passed to the function from “the client program”. 

 

Task 1. Task 2. Task 3. 

Task 4. Task 5. Task 6. 

Task 7. 

Task 8. 

Construct an object (constructor)
Release all dynamic memory (destructor) Add a Trivia Question 

• pass in the category, the question, and the answer Display Questions of a particular category
Display all Questions (for debugging purposes) Remove a Category of Questions 

• Pass in the category and remove all questions in that list Select a Trivia Question 

  • Pass in the category and randomly select a question
     
  • Display the question Check Answer
     
  • For the most recently played Trivia question, compare the answer supplied as an argument with that trivia question
     
  • Return true if there is a match, false otherwise
     
  • This should not be case sensitive
     

Project paper

Your final report will consist of your project topic, external system analysis (i.e. Blog 2), set of user requirements (i.e. P2: Personas) and prototype with detailed. explanations for all design considerations. Design considerations should be informed by existing literature, whether the textbook or other resources. Your prototype should consist of a minimal of 3 system mock-ups with detailed descriptions for each.
Example: If I were to redesign my academic social network, SocialXYZ to be mobile friendly, I might showcase 3 distinct views of the new system including one for the homepage, another for the discussion board and a third for the profile since those feature are very important for how I use the system. For each of these views, I would use Photoshop or another image editor (even MS Paint would work) to redesign the look and feel of the system as it should look on a smartphone. These design considerations would relate back to the textbook.
Report Grading Rubric
Introduction (2.5pts): The introduction will provide an overview of the system you plan to (re)design.
Background (5pts): The background will integrate Blog 2 (Analysis of Existing Systems) and P2 (Requirements Gathering). In this section, identify the strengths and weaknesses of existing systems and what design considerations you, as the designer, have considered. In this space, you will want to include screenshots and / or mock-ups of those existing systems. You should not include any components of the system you plan to propose.
Design (30pts): The design section will include at least 3 detailed screenshots of your proposed system with detailed explanations. You can construct mock-ups using any techniques available. There are lots of free-Photoshop alternatives, so I encourage you to explore them. Each mock-up should also be accompanied by a detailed description of the design and how it relates to material discussed in this course.
Textbook Terms: (10pts) Bold and include at least 10 HCI-Related Terms from the textbook, class notes or slides.
Conclusion (2.5pts): Your conclusion should highlight your overall approach and summarize your work.
References (5pts): Include a minimum of 5 resources / references that provided you with information for your system. Resources may consist of personal interviews, system documentation, newspaper, magazine, or journal articles, websites, etc. Follow proper MLA formatting.
Formatting (5pts): Spelling and grammar should be thoroughly checked before submitting your work. Points are deducted for spelling/keyboarding and grammatical errors. All work should be attempted using the SocialXYZ wiki. If do not use the wiki, reports must be double spaced using a 12-point font and 1″ (inch) side margins. Heading should be used to designate appropriate sections of the paper.
Format: PDF document 
Notes: Please note that your paper is a culmination of much of the work you have already done (SUS analysis, Personas) with added sections for your system design. Regarding the prototype, keep in mind that it is a non-working prototype, which simply means it will consist of 3 system mock-ups (aka renderings / drawings / screenshots) of your proposed system along with explanations for your design considerations. If you are having grave difficulty using software, you may hand-draw / sketch your design. Remember, the primary goal of this exercise is to get your concept across and provide some rationale, so have fun with the design. Also, if you have any concerns, please consult me. I’ll help out, of course. Finally, I have provided a paper template that you can follow. Considering that your paper will include numerous screenshots, please shoot for a minimum of 5 pages.

Create a class named Person that holds the following fields: two String objects for the person’s first

  

Create a class named Person that holds the following fields: two String objects for the person’s first and last name and a LocalDate object for the person’s birthdate. Create a class named Couple that contains two Person objects. Create a class named Wedding for a wedding planner that includes the date of the wedding, the names of the Couple being married, and a String for the location. Provide constructors for each class that accept parameters for each field, and provide get methods for each field. Then write a program that creates two Wedding objects and in turn passes each to a method that displays all the details. Save the files as 

Person.java, Couple.java, Wedding.java, and TestWedding.java.

assignment

What are the characteristics of anomaly detection? 

  1. What are the detection problems and methods?
  2. What are the statistical approaches when there is an anomaly found?
  3. Compare and contrast proximity and clustering based approaches.