Monthly Archives: January 2024

Now is the time to make your project look good and as professional as possible.

By now you should have created your MySQL database and PHP scripts that can be used to query, insert, and delete data.  The objective of Phase 3 is to make it look nice. For example, you can use HTML in your PHP scripts to put the queried data into a table.  You might also choose to create a style sheet to control colors, fonts, etc.

You must have a home page which links to other pages you have created to manipulate your database.  Be sure that all pages have a button to link back to the home page and possibly buttons to link to other pages as necessary.  If you only create one page and display everything on that page you will have not met the minimum requirement for this class.  I will be looking to see if you put some real work into this final project.

When you have finished with your project, create a text file in which to turn in a hyperlink to your home page and if you wish hyperlinks to your PHP scripts.  Include your name in this file and any other comments you choose to include about your project.  Upload the file to the appropriate submission box.

 In this lab, students need to conduct attacks on the TCP/IP protocols. They can use the Netwox tools and/or other tools in the attacks. All the attacks are performed on Linux operating systems. However, instructors can require students to also conduct the same attacks on other operating systems and compare the observations. To simplify the “guess” of TCP sequence numbers and source port numbers, we assume that attackers are on the same physical network as the victims. Therefore, you can use sniffer tools to get that information. The following is the list of attacks that need to be implemented. 3.1 Task 1 : SYN Flooding Attack ` ` User Server SYN SYN+ACK ACK Active TCP Connection ` ` Attacker Server SYN Spoofed Addresses SYN+ACK ` Legitimate User SYN No Reply Normal TCP 3-way handshake between user and server SYN Flood: attacker sends many SYN to server without ACK. The server is not able to process request from legitimate user 1 2 3 4 1 2 3 Figure 2: SYN Flooding Attack SEED Labs – TCP/IP Attack Lab 4 SYN flood is a form of DoS attack in which attackers send many SYN requests to a victim’s TCP port, but the attackers have no intention to finish the 3-way handshake procedure. Attackers either use spoofed IP address or do not continue the procedure. Through this attack, attackers can flood the victim’s queue that is used for half-opened connections, i.e. the connections that has finished SYN, SYN-ACK, but has not yet gotten a final ACK back. When this queue is full, the victim cannot take any more connection. Figure 2 illustrates the attack. The size of the queue has a system-wide setting. In Linux, we can check the setting using the following command: # sysctl -q net.ipv4.tcp_max_syn_backlog We can use command “netstat -na” to check the usage of the queue, i.e., the number of halfopened connection associated with a listening port. The state for such connections is SYN-RECV. If the 3-way handshake is finished, the state of the connections will be ESTABLISHED. In this task, you need to demonstrate the SYN flooding attack. You can use the Netwox tool to conduct the attack, and then use a sniffer tool to capture the attacking packets. While the attack is going on, run the “netstat -na” command on the victim machine, and compare the result with that before the attack. Please also describe how you know whether the attack is successful or not. The corresponding Netwox tool for this task is numbered 76. Here is a simple help screen for this tool. You can also type “netwox 76 –help” to get the help information. Listing 1: The usage of the Netwox Tool 76 Title: Synflood Usage: netwox 76 -i ip -p port [-s spoofip] Parameters: -i|–dst-ip ip destination IP address -p|–dst-port port destination port number -s|–spoofip spoofip IP spoof initialzation type SYN Cookie Countermeasure: If your attack seems unsuccessful, one thing that you can investigate is whether the SYN cookie mechanism is turned on. SYN cookie is a defense mechanism to counter the SYN flooding attack. The mechanism will kick in if the machine detects that it is under the SYN flooding attack. You can use the sysctl command to turn on/off the SYN cookie mechanism: # sysctl -a | grep cookie (Display the SYN cookie flag) # sysctl -w net.ipv4.tcp_syncookies=0 (turn off SYN cookie) # sysctl -w net.ipv4.tcp_syncookies=1 (turn on SYN cookie) Please run your attacks with the SYN cookie mechanism on and off, and compare the results. In your report, please describe why the SYN cookie can effectively protect the machine against the SYN flooding attack. If your instructor does not cover the mechanism in the lecture, you can find out how the SYN cookie mechanism works from the Internet. 3.2 Task 2 : TCP RST Attacks on telnet and ssh Connections The TCP RST Attack can terminate an established TCP connection between two victims. For example, if there is an established telnet connection (TCP) between two users A and B, attackers can spoof a RST packet from A to B, breaking this existing connection. To succeed in this attack, attackers need to correctly construct the TCP RST packet. SEED Labs – TCP/IP Attack Lab 5 In this task, you need to launch an TCP RST attack to break an existing telnet connection between A and B. After that, try the same attack on an ssh connection. Please describe your observations. To simplify the lab, we assume that the attacker and the victim are on the same LAN, i.e., the attacker can observe the TCP traffic between A and B. The corresponding Netwox tool for this task is numbered 78. Here is a simple help screen for this tool. You can also type “netwox 78 –help” to get the help information. Listing 2: The usage of the Netwox Tool 78 Title: Reset every TCP packet Usage: netwox 78 [-d device] [-f filter] [-s spoofip] Parameters: -d|–device device device name {Eth0} -f|–filter filter pcap filter -s|–spoofip spoofip IP spoof initialization type {linkbraw} 3.3 Task 3 : TCP RST Attacks on Video Streaming Applications Let us make the TCP RST attack more interesting by experimenting it on the applications that are widely used in nowadays. We choose the video streaming application in this task. For this task, you can choose a video streaming web site that you are familiar with (we will not name any specific web site here). Most of video sharing websites establish a TCP connection with the client for streaming the video content. The attacker’s goal is to disrupt the TCP session established between the victim and video streaming machine. To simplify the lab, we assume that the attacker and the victim are on the same LAN. In the following, we describe the common interaction between a user (the victim) and some video-streaming web site: • The victim browses for a video content in the video-streaming web site, and selects one of the videos for streaming. • Normally video contents are hosted by a different machine, where all the video contents are located. After the victim selects a video, a TCP session will be established between the victim machine and the content server for the video streaming. The victim can then view the video he/she has selected. Your task is to disrupt the video streaming by breaking the TCP connection between the victim and the content server. You can let the victim user browse the video-streaming site from another (virtual) machine or from the same (virtual) machine as the attacker. Please be noted that, to avoid liability issues, any attacking packets should be targeted at the victim machine (which is the machine run by yourself), not at the content server machine (which does not belong to you). 3.4 Task 4 : TCP Session Hijacking The objective of the TCP Session Hijacking attack is to hijack an existing TCP connection (session) between two victims by injecting malicious contents into this session. If this connection is a telnet session, attackers can inject malicious commands (e.g. deleting an important file) into this session, causing the victims to execute the malicious commands. Figure 3 depicts how the attack works. In this task, you need to demonstrate how you can hijack a telnet session between two computers. Your goal is to get the the telnet server to run a malicious command from you. For the simplicity of the task, we assume that the attacker and the victim are on the same LAN. SEED Labs – TCP/IP Attack Lab 6 Note: If you use Wireshark to observe the network traffic, you should be aware that when Wireshark displays the TCP sequence number, by default, it displays the relative sequence number, which equals to the actual sequence number minus the initial sequence number. If you want to see the actual sequence number in a packet, you need to right click the TCP section of the Wireshark output, and select “Protocol Preference”. In the popup window, uncheck the “Relative Sequence Number and Window Scaling” option. The corresponding Netwox tool for this task is numbered 40. Here is part of the help screen for this tool. You can also type “netwox 40 –help” to get the full help information. You may also need to use Wireshark to find out the correct parameters for building the spoofed TCP packet. Listing 3: Part usage of netwox tool 40 Title: Spoof Ip4Tcp packet Usage: netwox 40 [-l ip] [-m ip] [-o port] [-p port] [-q uint32] [-B] Parameters: -l|–ip4-src ip IP4 src {10.0.2.6} -m|–ip4-dst ip IP4 dst {5.6.7.8} -o|–tcp-src port TCP src {1234} -p|–tcp-dst port TCP dst {80} -q|–tcp-seqnum uint32 TCP seqnum (rand if unset) {0} -H|–tcp-data mixed_data mixed data ` ` User Server ` Attacker Attacker hijacks the TCP session and sends “Z” to server on behalf of client Data: “A” Data: “Z” Seq No.: ? ACK 3-way Handshake Data: “B” ACK Sniffing Figure 3: TCP Session Hijacking Attack SEED Labs – TCP/IP Attack Lab 7 3.5 Task 5 : Creating Reverse Shell using TCP Session Hijacking When attackers are able to inject a command to the victim’s machine using TCP session hijacking, they are not interested in running one simple command on the victim machine; they are interested in running many commands. Obviously, running these commands all through TCP session hijacking is inconvenient. What attackers want to achieve is to use the attack to set up a back door, so they can use this back door to conveniently conduct further damages. A typical way to set up back doors is to run a reverse shell from the victim machine to give the attack the shell access to the victim machine. Reverse shell is a shell process running on a remote machine, connecting back to the attacker’s machine. This gives an attacker a convenient way to access a remote machine once it has been compromised. In the following, we will show how we can set up a reverse shell if we can directly run a command on the victim machine (i.e. the server machine). In the TCP session hijacking attack, attackers cannot directly run a command on the victim machine, so their jobs is to run a reverse-shell command through the session hijacking attack. In this task, students need to demonstrate that they can achieve this goal. 

1.Assignment – Input Form Assignment

identify and apply the different analysis and design methods for business applications.

Use Wufoo to develop an input form using some of the key fields from your project. Copy (or take a screenshot of) the design and paste it into Word document with a title page. 

Provide the resulting URL as well.

Criteria: Design incorporates good choice of colors, text, font, arrangement, and evidence of possible navigation (as in a “submit” button).

Your essay should be 3 pages in length and fully explore all of the following items described above. Include at least 2 outside citations (not including your text) and use proper APA formatting.

Atleast 2 In-line citations and references required.

2. Weekly Memo – Memo should be related to the discussions , assignment and should be one page(citations,references, APA not required). 

Relate this weeks assignment and discussions to your work in office/organization.

3.Discussions

1) Why is content awareness important? 

2)UX Design Principles – Explain three important user interface design principles.

Each discussion should have atleast 3 paragraphs, 2 inline citations, 2 references. Due by 11/16/2020 .

Plagiarism should be very minimal. I may ask for changes if required.

the author discusses different options for testing blockchain applications. For our course, we have chosen to use Ganache, a local test blockchain. Explore some of the advantages and disadvantages of using local and public blockchains to test apps and contrast the two options.  

• Create a new thread (by the FIRST DUE DATE)
  • Contract the advantages and disadvantages of using local and public blockchains to test applications.
  • Explain how each advantage and disadvantage impacts blockchain application development, and why each is important to successful blockchain implementation.

Please read the below discussion post and provide response in 75 to 100 words

Post#1

Cloud security plays an important role in every field like business and personal world. With a large number of benefits it has some myths also. Cloud security is solely the cloud provider’s responsibility: a standard misconception is that the cloud provider automatically takes care of all the safety needs of the customer’s data and process while in the cloud. Password policies, release management for software patches, management of user roles, security training of staff, and data management policies are all responsibilities of the purchasers and a minimum of as critical because the security is done by the general public cloud provider. While users are hardening internal security, don’t assume that cloud provider backs up data and will be able to restore it just in case of a security breach. It is instrumental and important that users simply implement a backup solution that backs up data that’s hosted on the cloud to an onsite backup or to a different cloud provider. In addition, in case of a security breach, user will get to restore data from backups. “There is indeed a good case to make for fair taxation and that uneven effective tax rates can distort competition and lead to smaller tax revenues” (Bauer, 2018).

Don’t get to manage the cloud: many people believe that since the cloud infrastructure is usually basically just a managed service, that the safety of the services is additionally managed. Many cloud based systems are left inadvertently unsecured because the customer doesn’t know that they have to try to something to secure them, as they assume that the provider has done what an in-house staff would traditionally have done by default. Cloud security requires an equivalent discipline for security of any data center. Cloud data centers are as resilient as any, but the weakness comes if the policies, processes and tools aren’t regularly monitored by the IT operations staff responsible (Determann, 2016).

Ignore BYOD and be more secure: not supporting and implementing a BYOD policy does not mean an enterprise will be less at risk of a data breach, SVP of cloud and hosting sales. The BYOD movement is here to stay. Some experts recommend deploying a mobile content management (MCM) solution, as protecting the data will be what ultimately defines business’ security and compliance requirements. “Despite the Australian Federal Government’s ‘cloud-first’ strategy and policies, and the Queensland State Government’s ‘digital-first’ strategy, cloud services adoption at local government level has been limited—largely due to data security concerns” (Ali, Shrestha, Chatfield, & Murray, 2020). Cloud data isn’t saved on mobile devices: I still hear people speaking about cloud deployment as if using this service means users are not saving any enterprise data on mobile devices, which this might make device data protection a moot point. Apps that are connecting to devices are always caching data, which cached data is stored on your employees’ mobile devices. This data can be breached and hacked and therefore must be protected.

Single tenant systems are more secured than multi-tenant: Multitenant systems ensure that software updates, including security patches, are applied to all customers simultaneously. With single-tenant systems, software vendors are required to update individual customers’ virtual machines. Cloud security provides an additional level of security to the network and protects data of personal and professional network (Martinez, Cano, & Vilajosana, 2020). Multi-tenant systems are safer than single tenant: there are not any absolutes in cloud security. The complete opposite statement regarding cloud tenancy also can be viewed as a myth. “Blockchain is an eccentric technology, at the same time, the most vaunted, least understood and most disrupting technology of the current era” (Chitranshi, & Chawla, 2020).

Post#2

Cloud computing is one of the most innovative development in the field of computer science. Cloud computing although covers variety of services but software as a service, platform as a service and infrastructure as a service are the three most widely used and known. However the list contains many other such as function as a service, backend as a service and container as a service and the designer, developer and related professionals use the service as per need. “While moving towards the concept of on-demand service, resource pooling, shifting everything on the distributive environment, security is the major obstacle for this new dreamed vision of computing capability” (Singh, 2016).

The outside view of the cloud IT infrastructure looks simple and easily understandable but the background of it is very complex and requires efficient knowledge about the cloud to deal with the complex infrastructure. With the advances in technology the demand for serverless function and facility increases. Organizations move from on-site to the cloud and while doing so the security is compromised and not given enough attention which results in a decline in the security of the cloud service. Cloud security tools use various steps like access control, permission control, audit, authorities, etc.

“Cloud computing enables cost-effective and scalable growth of IT services that can enhance government services” (Ali, 2020). Those who are well aware of cloud service and have proper knowledge about the same don’t indulge in any myths but those who lack information make false statements about the cloud which it gets known as the cloud security myths. The major myth is that the cloud is not secure and the reason why people believe in this myth is because of the cases of cloud compromise and attack. After taking appropriate measures and implementation security tools along with the security management from the provider side it can be stated that the cloud is secure. Some people on the other hand believe that the cloud is perfectly secure, which is again a false myth. No security tool or precaution can guarantee perfect security in any case.

Another myth states that on-site organization is more secure than the cloud, however depends upon the security steps taken on-premise and on cloud both. When moving to the cloud, special care needs to be taken to ensure the information is secure from any attack. Cloud service providers are the organizations that indulge in providing the concerned cloud service to those who sign for it. Cloud service providers are many in number and have their headquarters based in different locations thus the statement that all cloud service providers are the same is a false myth. Lack of knowledge about cloud computing and fake statements being made by people has resulted in cloud security myths. “Trust is another security issue in the cloud, the establishment of trust might become a  key establishment of the better relationship among the users and service provider in the cloud computing” (Seemakurti, n.d.).

computer

The term paper for this class is worth 200 points, and it requires you to do a research and write a 2000-2500 word paper describing  RIPv2 Protocol

 The paper will include the following:

• The paper must have a distinct and well written Introduction, Supporting Body and Conclusion; 
  • In the body include the following 
    • The history of the protocol chosen;
    • The programmable parameters of the protocol and how they affect traffic flow;
    • The major differences between the routing protocol chosen and the others that were not chosen;
    • How the chosen protocol can be used in a modern day routed network environment.
• ·  Site at least two advantages and two disadvantages, of your chosen routing protocol subject

·  Site at least two of the most common programmable parameters of the protocol, and how they affect traffic flow

·  Discuss the major differences between the routing protocol chosen and all others that were not chosen

In the Conclusion of your Paper 

·  Discuss how your chosen protocol can be used in a modern day routed network environment. (seen in Conclusion)

Paper Sections:

Description: Your Paper MUST contain the following sections. 

* Title Page

– Title of Paper

– Author

– Class

– Professor

* Introduction

* Body

– Support Introduction 

– Elements (see above)

– History

– Advantages/Dis-advantages

– Two Programmable Parameters

– How do they effect traffic flow

– Compared your chosen Protocol to all Routing Protocols we have studied

* Conclusion

– Your Opinion of selected Routing Protocol

– A Summary

– Modern Day Usage 

In 2007, the high-end signature handbag and luggage maker, Louis Vuitton Malletier, lost an outrageous copyright infringement case against comedy fashion company Haute Diggity Dog.

1. What was the principle issue in the legal dispute? This should surround the legal issue at the heart of the lawsuit and may include the essential facts of the matter.
2. What was the rule or set of rules that the court analyzed to frame the legal dispute? Maybe they are federal laws or regulations, or it could be at the state level, or a combination.?
3. How did the court apply the rules to the set of facts posed by each side? Here, we want your summary of the logic, the critical thinking, and the rationale that the court built its conclusion upon.
4. What did the court conclude? Who won, who lost, what’s left unanswered for the next phase of litigation if there is one to follow?

· No Plagiarism 

· Should be 400 words without References.

· APA Format Required

References: 

https://www.casebriefs.com/blog/law/intellectual-property-law/intellectual-property-keyed-to-merges/trademark-law/louis-vuitton-malletier-s-a-v-haute-diggity-dog-llc/

Louis Vuitton’s Other Lawsuit Was a Winner, but Loses to a Parody Defense – Again.

https://www.law.berkeley.edu/files/louisvuitton.pdf

In order to have a successful IG program, one of the eight (8) Information Risk Planning and Management steps is to develop metrics and measure results. From your required readings, discuss the value that metrics brings to the organization, and identify critical measures of success that should be tracked.

250-300 words with a minimum of 2 references in APA format

Que 1: Read the attached case study and write analysis and answer the case study question in APA 7th edition with 2 and a half page 

Que 2: With the on-going developments in combating and understanding the COVID-19 pandemic, there is a growing market opportunities in convergent technology marketplaces and sustained levels of public and private investment in research and development. What type of opportunities are available for technology-based entrepreneurs? – 1 page. 

My assignments will need actual references from EBSCO host, google scholar and semantic scholar With a website link at the end. 

There are many ways to misrepresent data through visualizations of data. There are a variety of websites that exist solely to put these types of graphics on display, to discredit otherwise somewhat credible sources. Leo (2019), an employee of The Economist, wrote an article about the mistakes found within the magazine she works for. Misrepresentations were the topic of Sosulski (2016) in her blog. This is discussed in the course textbook, as well (Kirk, 2016, p. 305).

After reading through these references use the data attached to this forum to create two visualizations in R depicting the same information. In one, create a subtle misrepresentation of the data. In the other remove the misrepresentation. Add static images of the two visualizations to your post. Provide your interpretations of each visualization along with the programming code you used to create the plots. Do not attach anything to the forum: insert images as shown and enter the programming code in your post.

When adding images to the discussion board, select the plus sign in the toolbar, then choose the image from your files.

This is the data to use for this post: Country_Data.csv

Before plotting, you must subset, group, or summarize this data into a much smaller set of points. Include your programming code for all programming work. It would be more likely that one would win a multi-million dollar lottery than plot the same information the same exact way. However, if you have, you will need to repost and make your post unique. The first post to provide the content does not need to change.

References

Kirk, A. (2016). Data visualisation: A handbook for data driven design. Sage.

Leo, S. (2019, May 27). Mistakes, we’ve drawn a few: Learning from our errors in data visualization. The Economist. https://medium.economist.com/mistakes-weve-drawn-a-few-8cdd8a42d368

Sosulski, K. (2016, January). Top 5 visualization errors [Blog]. http://www.kristensosulski.com/2016/01/top-5-data-visualization-errors/

Considerations for every forum:

Remember your initial post on the main topic must be posted by Wednesday 11:59 PM (EST). Your 2 following posts, discussing and interacting with peers’ posts must be completed by Sunday at 11:59 PM (EST). 

Your initial post should include your references, thoroughly present your ideas, and provide evidence to support those ideas.  A quality peer response post is more than stating, “I agree with you.” State why you agree with your classmate’s post. Use the purpose of the forum is to generate discussion. 

No credit will be earned for posts that are disrespectful or not on the topic of the forum.

An example post:

The factual and misrepresented plots in this post are under the context that the visualizations represent the strength of the economy in five Asian countries: Japan, Israel, and Singapore, South Korea, and Oman. The gross domestic product is the amount of product throughput. GDP per capita is the manner in which the health of the economy can be represented.

The visual is provided to access the following research question:

How does the health of the economy between five Asian countries: Japan, Israel, and Singapore, South Korea, and Oman, compare from 1952 to 2011?

The plot titled with “GDP per Capita” is the true representation of economic health over the years of the presented countries. Japan consistently has seen the best economic health of the depicted countries. Singapore and South Korea both have large increases over the years, accelerating faster than the other countries in economic health. Oman saw significant growth in the years between 1960 and 1970, but the growth tapered off. All of the countries saw an increase in health over the provided time frame, per this dataset. Israel saw growth, but not as much as the other countries.

The plot titled without “per capita” is only GDP and does not actually represent economic health. Without acknowledging the number of persons the GDP represents, Japan is still the leading country over the time frame and within the scope of this dataset. Singapore’s metrics depict some of the larger issues of representing the GDP without considering the population. Instead of Singapore’s metrics depicting significant growth and having a level of health competitive with Japan in the true representation, Singapore has the fourth-smallest GDP. It indicates that Singapore’s economy is one of the least healthy amongst the five countries.

The programming used in R to subset, create, and save the plots:

# make two plots of the same information - one misrepresenting the data and one that does not

# use Country_Data.csv data

# plots based on the assumption the information is provided to represent the health of the countries' economy compared to other countries

# August 2020

# Dr. McClure

library(tidyverse)

library(funModeling)

library(ggthemes)

—————– Coding removed due to issues with students reposting the example post in prior courses —————–
You are required to post your code on the discussion, despite the removal in this example.

Your peers and I should be able to copy and paste your code into RStudio to render your graphics.

——————————————————————————————————————————————–

# save each plot with a transparent background in the archive image folder 

ggsave(filename = "PerCapita.png",

      plot = p1,

      bg = "transparent",

      path = "./code archive/_images")

ggsave(filename = "GDP.png", 

      plot = p2,

      bg = "transparent",