Category: Engineering Homework Help

Ch.9 – Electrical and Communication Requirements ( up to and including “ElectricalSustainability Considerations,”

The Reading Journal comprises your responses to these questions:

1. What are the most important ideas, requirements, techniques you learned from the reading?
2. What are the fundamental intentions implicit in these ideas, requirements, techniques?
3. How might the ideas, requirements, techniques, and underlying intentions relate to your work as a designer and/or contribute to your professionalism?

Requirements:

• Submissions may be in outline or narrative form.
• A minimum of one typed page in 12-point font; no maximum length.
• Include assignment title, week number, and your name.

Week 8 Research Paper: Server Virtualization

You have read about server virtualization and cloud computing in chapter 6 of your textbook. For your written assignment this week, complete a case study of the organization you work for (use a hypothetical or “other” organization if more applicable) that will address the following prompts:

Describe the organization’s environment, and evaluate its preparedness for virtualization.

Explain Microsoft (or another product) licensing for virtualized environments.

Recommend a configuration for shared storage; make sure to discuss the need for high availability and redundancy for virtualization for the organization.

Explain Windows Azure capabilities for virtual machines and managing a hybrid cloud, including Windows Azure’s Internet as a Service (IaaS) and storage capabilities

The domain name system (DNS) protocol plays a critical role in enabling network communications. Before you begin this discussion, consider reviewing the optional resources in the Reading and Resources section of this module, as you may want to use them to support your posts.

For your initial post, discuss a potential consideration associated with the use of DNS. Frame your consideration in terms of potential impacts to network architecture, organizational security, or technology management. Consider the following DNS-related topics as the focus for your post:

Zones: resource record types and/or zone transfers

Zones: master (primary) zone versus slave (secondary) zones

• Public DNS versus private DNS versus split DNS
• DNS-related vulnerabilities: man-in-the-middle attacks, DNS cache poisoning/DNS spoofing, Kaminsky DNS vulnerability, dynamic DNS update vulnerabilities, or distributed denial of service (DDoS) attacks
• Static DNS versus dynamic DNS (DDNS)
• Respond to at least two of your peers by addressing one of the following:
• Select a different frame of reference (infrastructure, security, or maintenance) and compare the effect on the selected topic identified in the original post.

Or

Provide additional considerations, advantages, or implications related to the original post. 

• will post the peer posts later

Peer 1:

Benjamin Kachel posted Nov 16, 2021 4:16 PM

Subscribe

Hello Classmates,

I’m excited to see what you all come up with this week in terms of discussion posts! DNS protocols are not my forte by any means and they are a very new thing to me. So, I’m hoping this post can spark some good discussion to help me understand them better and you too if you have never really studied them before!

So, I’m slowly kind of piecing this together and the DNS type I would like to talk about is the public vs private vs split. So a private DNS is held within the company and works on the local network. It is cut off from the outside world by a firewall and is used internally. It should only answer to internal IPs. Public DNS is basically the internet. You type in a website address, the DNS server gets a request from you looking for the website, it finds the IP address you are trying to look for, and returns the information you requested. Split DNS uses multiple DNS servers to keep the traffic flow moving while also maintaining confidentiality on the internal network. I found an article on techopedia that explained it quite well. It states, “When internal network users look up hostnames, the internal DNS answers and externally forwards this information as needed. External users that lookup hostnames in an internal network are greeted by an external DNS, which contains data limited to publicly accessible resources; this prevents internal secrets from being divulged.”

This would impact the network architecture in a way that would allow for external to internal and internal to external communication so firewalls, switches, routers, DNS servers, and waps would all need to be configured to allow for these types of communications. Also, the DNS servers themselves can have rules as to which IP’s

As far as organizational security goes, I believe the settings for the DNS servers would impact this area the most. There is definitely a need for a firewall in a split DNS setup or any type of setup that allows outside traffic in or communication with the public internet.

Thanks and I’m excited to see what you all come up with.

~Ben

Resources

Techopedia, (2021), Split Domain Name System (Split DNS)
Retrieved from:https://www.techopedia.com/definition/1346/split-domain-name-system-split-dns

Peer 2:

Thomas Talbot posted Nov 17, 2021 2:55 PM

Subscribe

Well, I am not an expert by any means on anything DNS, but I will do my best to provide some useful and relevant information on the topic. The area that I opted to focus my post about is distributed denial of service (DDoS) attacks. DDoS attacks are malicious attacks on networks that disrupts normal operations and communications with a flood of malicious traffic (McAfee, 2021). The number of DDoS attacks is on the rise and both Amazon and Google have had these types of attacks launched against them (McAfee, 2021).

With DDoS attacks, groups of IoT devices or botnets which are typically, but not always affected, by malware and used to target a server or website (McAfee, 2021). Poor password habits can also lead to devices being hijacked by would-be attackers (McAfee, 2021). The attacker would likely need hundreds or thousands of devices working in unison to make one of these attacks possible (McAfee, 2021). The size of the botnet needed to take down the target depends on the intended target.

There are three main categories of DDoS attacks. These three categories are volume-based attacks, protocol attacks and application layer attacks (“What is a DDoS Attack?”, n.d.). Volume based attacks have the goal of utilizing all the bandwidth between the target and the internet (“What is a DDoS Attack?”, n.d.). Protocol attacks attempt to consume all server resources and sometimes include exhausting the resources of a firewall or load balancer (“What is a DDoS Attack?”, n.d.). Application layer attacks flood the system with what would appear to be legitimate requests in order to disrupt services (“What is a DDoS Attack?”, n.d.).

Identifying a DDoS attack can be tricky but there are a few telltale signs that one is taking place. These signs are:

• Suspicious amounts of traffic originating from a single IP address or IP range
• A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version
• An unexplained surge in requests to a single page or endpoint
• Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes) (“What is a DDoS Attack?”, n.d., para. 10).

In order to prevent a device from easily being swept up into one of these botnets, there are several actions that one should take. The first of which is to secure your router by changing the default password that came with it (McAfee, 2021). The next action is to change the default passwords that are included with Internet of Things (IoT) devices (McAfee, 2021). The third action is to use a comprehensive security solution, which are widely available from third-party vendors (McAfee, 2021). Performing these three actions is also something that one should undertake to better secure their devices and network overall.

Reference

McAfee. (2021, March 24). What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes. Retrieved from https://www.mcafee.com/blogs/tips-tricks/ddos-atta…

What is a DDoS Attack? (n.d.). Retrieved from https://www.cloudflare.com/learning/ddos/what-is-a…
 

Information Governance – Information Governance for E-Mail and Instant Messaging

We learned that e-mail is a major area of focus for information governance (IG) efforts, and has become the most common business software application and the backbone of business communications today.  In addition, the authors provided details to support their position by providing 2013 survey results from 2,400 corporate e-mail users from a global perspective.  The results indicated that two-thirds of the respondents stated that e-mail was their favorite form of business communication which surpassed not only social media but also telephone and in-person contact. 

With this detail in mind, 

Q1) Briefly state why the e-Mail has become a critical component for IG implementation? Support with references 

A substantive post will do at least two of the following:

• Ask an interesting, thoughtful      question pertaining to the topic
• Provide extensive additional      information on the topic
• Explain, define, or analyze the      topic in detail
• Share an applicable personal      experience
• Provide an outside source (for      example, an article from the google scholarly article) that applies to the      topic, along with additional information about the topic or the source      (please cite properly in APA)
• Make an argument concerning the      topic.

Subject. : emerging threats and please check the syllabus to take information of the topics covered

in the last week of class, we are going to complete a reflection activity.

This discussion topic is to be reflective and will be using your own words and not a compilation of direct citations from other papers or sources. You can use citations in your posts, but this discussion exercise should be about what you have learned through your viewpoint and not a re-hash of any particular article, topic, or the book.

Items to include in the initial thread:

“Interesting Assignments” – What were some of the more interesting assignments to you?

“Interesting Readings” – What reading or readings did you find the most interesting and why? “Interesting Readings”

“Perspective” – How has this course changed your perspective?

“Course Feedback” – What topics or activities would you add to the course, or should we focus on some areas more than others?

*Short Week* This Activity is due Tuesday for Initial Post

syllabus:

Chapter 1: Security Governance Through Principles and Policies

Chapter 2: Personnel Security and Risk Management Concepts

Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., & Papadopoulos, C. (2015, May). Privacy principles for sharing cyber security data. In 2015 IEEE Security and Privacy Workshops (pp. 193-197). IEEE.

N. Kamenskih, M. A. Filippov and A. A. Yuzhakov, “The Development of Method for Evaluation of Information Security Threats in Critical Systems,” 2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), St. Petersburg and Moscow, Russia, 2020, 333-336.

Petac Eugen, & Duma Petruţ. (2018). Exploring the New Era of Cybersecurity Governance. Ovidius University Annals: Economic Sciences Series, 1, 358.

Chapter 3: Business Continuity Planning Chapter 4: Laws, Regulations, & Compliance

Ajayi, E. F. G. (2016). Review Challenges to enforcement of cyber-crimes laws and policy. Journal of Internet and Information Systems, 6(1), 1-12.10.5897/JIIS2015.0089

Wang, H.-M. (2003). Contingency planning: emergency preparedness for terrorist attacks. IEEE 37th Annual 2003 International Carnahan Conference OnSecurity Technology, 2003. Proceedings., Security Technology, 2003. 535–543. https://doi.org/10.1109/CCST.2003.1297616

Chapter 6: Cryptography and Symmetric Key Algorithms

Chapter 7: PKI & Cryptographic Applications

Chapter 8: Principles of Security Models, Design, & Capabilities

Cagnazzo, M., Hertlein, M., Holz, T., & Pohlmann, N. (2018). Threat Modeling for Mobile Health Systesm. ResearchGate. 10.1109/WCNCW.2018.8369033

Franchi, Enrico & Poggi, Agostino & Tomaiuolo, Michele. (2017). Information and Password Attacks on Social Networks: An Argument for Cryptography. Journal of Information Technology Research, 8. 25-42. 10.4018/JITR.2015010103

Ruiz, N., Bargal, S.A., & Sclaroff, S. (2020). Disrupting DeepFakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems.

Tabari, A. Z., & Ou, X. (2020). A First Step Towards Understanding Real-world Attacks on IoT Devices.

Chapter 5: Protecting Security of Assets

Chapter 9: Security Vulnerabilities, Threats, & Countermeasures

Chapter 10: Physical Security Requirements

Abomhara, M., & Koien, G.M. (2015). Cyber security and the internet of things: Vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security, 4, 65-88. Doi: 10.13052/jcsm2245-1439.414

NIST. (2019). Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). United States Department of Commerce. National Institute of Standards and Technology Special Publication No. 800- 122.

Chapter 11: Secure Network Architecture & Secure Network Components

Chapter 12: Secure Communications and Network Attacks

Chapter 13: Managing Identity & Authentication Chapter 14: Controlling & Monitoring Access

Satapathy and L. M. J. Livingston. (2016). “A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud,” in Inidan Journal of Science and Technology, 9(6). DOI: 10.17485/ijst/2016/v9i6/81980

D. B. Rawat, 2019. “Fusion of Software Defined Networking, Edge Computing, and Blockchain Technology for Wireless Network Virtualization,” in IEEE Communications Magazine, vol. 57, no. 10, 50-55

J. Tioh, D. M. Mina and D. D. W. Jacobson, “Cyber Security Social Engineers An Extensible Teaching Tool for Social Engineering Education and Awareness,” 2019 IEEE Frontiers in Education Conference (FIE), Covington, KY, USA, 2019, pp. 1-5.

T. Surasak and S. C. -. Huang, “Enhancing VoIP Security and Efficiency using VPN,” 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 2019, pp. 180-184.

Chapter 15: Security Assessment and Testing Chapter 16: Managing Security Operations

Wangen, G., Snekkenes, E., & Hallstensen, C. (2018). A framework for estimating information security risk assessment method completeness. International Journal of Information Security, 17(6), 681–699. https://doi.org/10.1007/s10207-017-0382-0

Goutam and V. Tiwari, “Vulnerability Assessment and Penetration Testing to Enhance the Security of Web Application,” 2019 4th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India, 2019, pp. 601-605.

G. Yadav, A. Allakany, V. Kumar, K. Paul and K. Okamura, “Penetration Testing Framework for IoT,” 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), Toyama, Japan, 2019, 477-482.

Chapter 17: Preventing and Responding to Incidents

Chapter 18: Disaster Recovery Planning

M. Ioannou, E. Stavrou and M. Bada, “Cybersecurity Culture in Computer Security Incident Response Teams: Investigating difficulties in communication & coordination,” 2019 International Conference on Cyber Security & Protection of Digital Services (Cyber Security), 2019, 1-4.

J. Mendonça, W. Medeiros, E. Andrade, R. Maciel, P. Maciel and R. Lima, “Evaluating Database Replication Mechanisms for Disaster Recovery in Cloud Environments,” 2019 IEEE International Conference on Systems, Man and Cybernetics (SMC), Bari, Italy, 2019, pp. 2358-2363.

M. Zeybek, E. N. Yılmaz and İ. Alper Doğru, “A Study on Security Awareness in Mobile Devices,” 2019 1st International Informatics and Software Engineering Conference (UBMYK), Ankara, Turkey, 2019, 1-6.

Competency

In this project, you will demonstrate your mastery of the following competency:

• Determine the impact of systems on an organization

Scenario

You are the assistant director of the IT department of Lost Pines Outfitters, a medium-sized online retailer. You have recently received data showing that customers are not satisfied with the current ordering system. They report that they keep selecting items that seem to be available and then receive conflicting information when they try to complete the purchase. This has resulted in wasting customer time and causing some customers to leave the site without making a purchase. The data also shows that it is taking employees too long to fulfill those orders. Your director is contemplating acquiring a new system that makes the process of buying merchandise easier for your customers and improves the employee experience as well. She has asked you to develop a presentation for your company stakeholders. The presentation will show how the existing ordering system is currently receiving, processing, and fulfilling orders.

Directions

Customers have stated that once they select an item they want to purchase on your company website, they are told only at checkout that the item is not currently in stock. When customers do successfully place an order, a warehouse employee begins processing the order. The employee refers to the inventory report to make sure that the item is in stock and to locate it in the warehouse. The inventory report is printed every three days. Once the item is located, the employee packages it for shipping and notifies the delivery company that an item is ready to ship. If they cannot locate the item in the warehouse, the employee must inform the customer that the item is out of stock. The current process is taking one to four hours.

The director of IT has asked you to create a presentation for stakeholders. Your presentation must include a data flow diagram (DFD) that models the primary business functions (product ordering, internal order processing, and logistics or shipping) and the flow of data between them. You should also be sure to include inputs to and outputs from the processes. Finally, you will need to provide suggestions concerning where the process could be changed to make it more efficient.

The presentation must contain 5 to 7 slides.

Within your presentation, you must:

• Create a Level 0 (context diagram) data flow diagram for the existing system. This data flow diagram will show how information flows into and out of the system. Recall that a context diagram includes only the system and inputs and outputs.
• Create a Level 1 data flow diagram for the existing system. This data flow diagram will show a breakdown of the system into business processes and the flow of information from one business process to another within the system, including:
  • Product ordering
  • Internal order processing
  • Logistics or shipping
• Identify data flows, processes, data stores, and inputs and outputs by clearly labeling them within the diagram.
• Identify user requirements and business functionality for each business process. Consider the end user (customer and employee) needs for ease of use, accessibility, and performance.
• In conclusion, provide suggestions for changes that should be made to the system and explain the advantages and disadvantages of implementing those changes. Consider the organization’s desire for:
  • Ease of use
  • Accessibility
  • Performance

The COSO framework of internal controls is practiced within companies around the world. The objectives of the COSO framework are closely related to its five components. For this week’s activity, please discuss these five components of the COSO framework. Be sure to include each components’ impact on each of the COSO framework objectives. What do you feel an auditor would most be concerned with during an IT audit? Lastly, discuss suggestions for integrating COSO framework compliance into a company in which you are familiar. 

1 501 MEIT-3 Advanced Information Systems Assignment 3 Answer the following questions: 1. What is a shared workspace? Describe how you might use a shared workspace if you were the manager of an important global project for your organization. 2. Why do you think so many wireless communications protocols have been developed? Will the number of protocols increase or decrease over time? 3. What are the pros and cons of public Wi-Fi access? 4. Guided Transmission Media is a type for telecommunications media, List 4 examples with description, and advantages and disadvantages for each? 5. Wireless transmission involves the broadcast of communications in one of three frequency ranges, explain them with advantages and disadvantages for each? 6. `list the advantages and disadvantages for Client/Server Systems? 7. What is an extranet? How is it different from an intranet?

To complete the case study in a report format. (1) To then make a presentation slideshow based off of the information in the report. (2) Should have 2 files