Search for question
Question

What is Industrial Revolution 4.0 ?

Describe one example of Industrial Revolution 4.0 used in the industry. (You may

search online for appropriate answers)


Most Viewed Questions Of Cyber Security

Part A: Guided file recovery Use either your host system or a Windows VM to complete this lab. You will need the disk image dfr-01-ntfs.dd.bz2 and the tool AccessData FTK Imager, which must be installed. Reference tutorial: https://eforensicsmag.com/how-to-investigate-files-with-ftk-imager/ 1. Unzip the disk image to obtain the original file dfr-01-ntfs.dd, then open it from FTK using the menu option Add Evidence Item. Finally, expand the evidence tree up to [root] and click on $MFT in the file list pane. Explain what this special file contains and what its general purpose is. 2. After clicking on $MFT, on the viewer pane at the bottom, the contents are divided into sections each beginning with FILEO. This is called the magic marker. Select the 5 characters and check their hexadecimal value. What is it? How many hex digits are needed for each ASCII character? 3. Scroll down to the last magic markers, belonging to the files Arcturus.txt, Bunda.txt and Castor.txt. Focus on the first of these three files. Right click on its magic marker and select Find. Look for the binary string "80000000". After this string you will see "48 00 00 00". What the next 2 hex digits are? What their meaning is? 4. Four lines below "80 00 00 00", you will find the hex digits "21 01", where 21 is the data run and 01 is the number of clusters this files takes, that is, the size in clusters. To know the exact amount of bytes a cluster takes, click on "NTFS" on the Evidence Tree pane and enable the Properties view from the top menu. Capture a screenshot of its properties. What is then the size of Arcturus.txt in bytes? 5. Click back on [root] → $MFT and locate again the hex digits "21 01" below "80 00 00 00". Select the next 3 hex digits after "21 01". This would be the cluster where the actual data is located, but you need to convert it from hexadecimal to decimal. To do so, enable the Hex Value Interpreter pane from the top menu, option View. Capture a screenshot showing the hex value and its decimal conversion./n6. You have now the 1st cluster and the number of clusters, which is one (this is a small file taking 4096 bytes or less). To recover the data, click on "NTFS" in the Evidence Tree pane. Then, on the bottom right pane, right click, select "Go to sector/cluster", and introduce the decimal number you converted. Capture a screenshot before accepting. 7. Look at the bottom for a reference to the file Arcturus.txt. Right click on the 1st hex digit, which is "OA" and choose "Set Selection Length". Enter the cluster size in bytes. Without undoing the selection, right click on it and choose "Save selection...", then save to a file named recovered.dat on the Desktop. Capture a screenshot of the file properties from Windows OS. 8. Open it with WordPad and scroll down to the last block. Capture a screenshot. Part B: Another simple file recovery In this section you will recover the file Castor.txt following the same steps. Answer all questions and capture a screenshot of each finding or relevant information. 9. Is it a file or directory? Proof it as well as that it has not been deleted. 10. This file only takes one cluster. What the 1st and only cluster is? Show it both in hex and decimal. 11. In the file's data there is a reference to the file and many plus signs. Show the reference to the file and the first line of plus signs. Part C: Using Autopsy Copy dfr-01-ntfs.dd.bz2, which must be uncompressed, in your Kali Linux VM. Then, using Autopsy, follow the steps below capturing relevant screenshots and answering all questions. 12. Create a new case. Show the form you filled./n14. After adding the image, analyze the NTFS filesystem. Choose File Analysis. Capture the data at the bottom, which correspond to the txt files. 15. Why two of the are in red? Why the last file is shown twice? 16. Click on Bunda.txt and scroll to the last lines of this file. Capture them. 17. Browse the different options on the top menu to find out what the original operating system was. Proof it. Part D: Conceptual questions 18. Discuss what files can be recovered (if any) in each of these scenarios using tools similar to those you used in this lab. Assume the filesystem is NTFS in all cases. A) A file deleted using the file explorer and sent to the recycling trash B) A file deleted using the file explorer, directly removed. C) Files belonging to a drive formatted with the quick format option. D) Files belonging to a drive formatted without the quick format option (full format). 19. Why you should avoid mounting the disk image as an actual drive?/n6. The webserver's logs were stored originally in the standard directory /var/log. Therefore, to access them you need to mount the corresponding logical volume in /mnt/blog/var and access them using the new path /mnt/blog/var/log. Capture a screenshot of the corresponding mount and is commands. 7. Execute "mount" without parameters and double check that both filesystems are mount as read-only. Why do we need to make sure? What would happen if forensic evidence is altered somehow? Part B: Logs analysis Based on the information in ENISA_Webserver_Analysis.pdf, provided with the lab, you need to analyze the webserver logs as part of your forensic investigation. The server with IP 195.251.97.97, which runs WordPress and hosts http://blog[.]mycompany[.Jex, was compromised on August 19th, 2016. Refer to the section 3.4.1 as a guideline, but you do not need to perform all tasks. 8. Move to /mnt/blog/var/log/apache2 to find Apache's logs. Execute "tail -5 access.log" to get identified with the fields found in every single entry. What browser was used in the last log entry? 9. The first field is the IP address of the system that accessed the webserver. As you can see, the last entries show the server itself. To avoid them, use the parameter -v in grep. Show the last 3 lines that do not relate to the server itself, either by 195.251.97.97 or ::1. 10. You can observe the IP address in these lines is 10.0.0.15, but there could be other IP addresses. Obtain them all using the command-line example in the PDF that combines cat, awk, sort and uniq. 11. Nonetheless, most connections are originated in this local IP address. Execute "grep ^10.0.0.15 access.log | tail -5". It seems the attacker uploaded a file c99.php somewhere/nin the WordPress document root. Usually WP's document root is under /var/www/html. However, we are working with all mounted under /mnt/blog. Therefore, the full path is /mnt/blog/var/www/html. Move there, then to the wordpress directory. From this point on, you need to move to where the file c99.php is, as per the information you observed in the log. What is the full path of this file? 12. Move to the folder (you can press TAB to complete the directories' names). Execute "head -20 c99.php". What is suspicious? 13. What kind of file is it (other than a PHP script), used by attackers to gain persistence? 14. What are 3 ways of mitigating vulnerabilities in jQuery-File-Upload?


Southern New Hampshire University Separation (of Domains) The division of power within a system. No one part of a system should have complete control over another part. There should always be a system of checks and balances that leverage the ability for parts of the system to work together (Tjaden, 2015). • Simplicity (of Design) The straightforward layout of the product. The ability to reduce the learning curve when analyzing and understanding the hardware or software involved in the information system (Tjaden, 2015). • Trust Relationships A logical connection that is established between directory domains so that the rights and privileges of users and devices in one domain are shared with the other (PC Magazine, 2018). • Usability How easy hardware or software is to operate, especially for the first-time user. Considering how difficult applications and websites can be to navigate through, one would wish that all designers took usability into greater consideration than they do (PC Magazine, 2018). References Bishop, M. (2003). Computer security: Art and science. Boston, MA: Addison-Wesley Professional. Kim, D., & Solomon, M. G. (2013). Fundamentals of information systems security (2nd ed.). Burlington, MA: Jones & Bartlett Publishers. PC Magazine. (2018). Encyclopedia. Retrieved from https://www.pcmag.com/encyclopedia Sons, S., Russell, S., & Jackson, C. (2017). Security from first principles. Sebastopol, CA: O'Reilly Media, Inc. Tjaden, B. C. (2015). Appendix 1: Cybersecurity first principles. Retrieved from https://users.cs.jmu.edu/tjadenbc/Bootcamp/0-GenCyber-First-Principles.pdf/nSouthern New Hampshire University • Fail-Safe Defaults / Fail Secure The theory that unless a subject is given explicit access to an object, it should be denied access to that object (Bishop, 2003). • Information Hiding Users having an interface to interact with the system behind the scenes. The user should not be worried about the nuts and bolts behind the scenes, only the modes of access presented to them. This topic is also integrated with object-oriented programming (Tjaden, 2015). • Isolation Individual processes or tasks running in their own space. This ensures that the processes will have enough resources to run and will not interfere with other processes running (Tjaden, 2015). • Layering Having multiple forms of security. This can be from hardware or software, but it involves a series of checks and balances to make sure the entire system is secured from multiple perspectives (Tjaden, 2015). • Least Astonishment (Psychological Acceptability) Security mechanisms should not make the resource more difficult to access than when security mechanisms were not present (Bishop, 2003). • Least Privilege The assurance that an entity only has the minimal amount of privileges to perform their duties. There is no extension of privileges to senior people just because they are senior; if they don't need the permissions to perform their normal everyday tasks, then they don't receive higher privileges (Tjaden, 2015). Minimization of Implementation (Least Common Mechanism) Mechanisms used to access resources should not be shared (Bishop, 2003). • Minimize Trust Surface (Reluctance to Trust) The ability to reduce the degree to which the user or a component depends on the reliability of another component (Bishop, 2003). • Modularity The breaking down of larger tasks into smaller, more manageable tasks. This smaller task may be reused, and therefore the process can be repurposed time and time again (Tjaden, 2015). Open Design The security of a mechanism should not depend on the secrecy of its design or implementation (Bishop, 2003)./nSouthern New Hampshire University CIA Triad and Fundamental Security Design Principles The terms listed below are essential in the field of cybersecurity and will be a topic of conversation and application throughout the program. It is therefore important for you to familiarize yourself with these terms and their definitions. Note that the CIA triad is sometimes referred to as the tenets of cybersecurity. The Fundamental Security Design Principles are sometimes called fundamental design principles, cybersecurity first principles, the cornerstone of cybersecurity, and so on. CIA Triad Information that is secure satisfies three main tenets, or properties, of information. If you can ensure these three tenets, you satisfy the requirements of secure information (Kim & Solomon, 2013). • Confidentiality Only authorized users can view information (Kim & Solomon, 2013). • Integrity Only authorized users can change information (Kim & Solomon, 2013). • Availability Information is accessible by authorized users whenever they request the information (Kim & Solomon, 2013). Fundamental Security Design Principles These principles offer a balance between aspirational (and therefore unobtainable) "perfect security," and the pragmatic need to get things done. Although each of the principles can powerfully affect security, the principles have their full effect only when used in concert and throughout an organization. These principles are a powerful mental tool for approaching security: one that doesn't age out of usefulness or apply only to a few specific technologies and contexts; one that can be used for architecture, postmortem analysis, operations, and communication. The principles are ultimately only one piece in the security practitioner's toolkit, but they are a flexible piece that will serve different roles for different people (Sons, Russell, & Jackson, 2017). • Abstraction Removal of clutter. Only the needed information is provided for an object-oriented mentality. This is a way to allow adversaries to see only a minimal amount of information while securing other aspects of the model (Tjaden, 2015). • Complete Mediation All accesses to objects should be checked to ensure that they are allowed (Bishop, 2003). • Encapsulation The ability to only use a resource as it was designed to be used. This may mean that a piece of equipment is not being used maliciously or in a way that could be detrimental to the overall system (Tjaden, 2015).


Consider the following scenario. A team within your organization has brought in a WiFi access point and connected it to mobile phone to share its Internet connection with the team, bypassing all controls your security personnel have put in place for devices attached to your network. The team insists that this connection is business critical and can't shut it down without a workable alternative. They've asked you to come in and help them figure out how to conduct their business tasks while maintaining compliance to cybersecurity policies. Identify what controls you would recommend that implement the principles of defense in depth while permitting the work the team needs to complete. Classify those recommended controls according to their objective (prevent, deter, correct, etc.). Justify these choices with reference to the risks they're intended to mitigate.


Southern New Hampshire University CYB 260 Project One Milestone Template I. Analysis of Requirements Select three fair information practice principles from the privacy statement provided by your instructor. Then fill in the blank cells in the table below. Fair Information Practice Principle Requirements Table Applicable Privacy Law or Laws Level of Compliance Safeguards


Open a Web browser and search for the "OWASP Top Ten." Visit the site. What information is provided here? What does it mean? How could a security manager use this information?


Cracking Flash Drive Crypto Crypto cracking today usually requires a lot of dedicated custom computers and the continual work of a cryptoanalyst (a branch of what is called "pure mathematics" in the university system). As a result, most hackers today focus their energies on getting the information that can quickly decrypt something - for example, the encryption used to store information in most simple databases (e.g. the Ashley Madison database that was recently hacked) uses simple XOR obfuscation. Simple USB drive encryption also used simple XOR obfuscation too! Other systems still rely on substitution ciphers (which can be cracked with frequency analysis). Two examples that you explore to demonstrate how easy it is to crack simple crypto (XOR obfuscation and substitution ciphers) is in the "Crypto Extras.zip" file that your instructor will provide. Read the Crypto Extras.doc file within that zip with directions and supporting theory.


Before you respond to this discussion, review the YouTube video, "What is the Cyber Kill Chain?" in the Readings and Instructional Material section of Week 5. • How can you apply the concepts from this video as part of an overall cybersecurity and cyber resilience strategy? • What processes, tools, and techniques do you think would be effective to discover and disrupt a cyber-attack while it's underway? This week's chapter of the course textbook focuses on threats, vulnerabilities, and the management processes needed to address them within the cybersecurity and cyber resilience strategy. Chapter 4 Cyber Threats, Vulnerabilities and Intelligence Analysis (Siegel and Sweeney 2020) https://www.youtube.com/watch?v=zhClg4cLemc%20


Part II: Hands on Practices 1. Given the stacko.c and stack1.c please follow the files to create a simple program in C that has a buffer overflow vulnerability, then exploit it! Please submit your source code of program and the input you used to overflow it. 2. Write a shell script that simulates a port scan on a given IP range. Here you may use ping or other tools in Kali Linux.


• Discuss the threat actors, threat warning, and what makes cyber intelligence different from traditional intelligence disciplines. Assess how cyber threat intelligence can best support the DHS Cybersecurity and Infrastructure Security Agency (CISA). Describe how emerging technologies can support the cyber intelligence.


Risks regarding financial loss are sometimes tricky to assess and evaluate. In a situation where loss of revenue, loss of access, or loss of reliability occurs but cannot be directly attributed to the lack or failure of a security control, security personnel must obtain a critical understanding of the risks to determine which risk management strategy (remediate, transfer, accept, etc.) to use. For this post, describe such a situation involving loss of revenue or increased costs. Describe at least two techniques provided by risk management to obtain the necessary understanding of risks regarding financial loss or unexpected spending. Explain how at least one of these techniques can be applied to your example. In your responses to classmates, critical and constructively assess their examples and applications of risk management techniques, ask questions, and offer suggestions.