CJA 314 Week 1 Discussion Question 3


In what ways has federal and state funding influenced social policy? How does a lack of funding affect the research process?

http://Get Plagiarism-Free and Quality Papers Without Overpaying at Homeworkmavens.com

http://Solution preview:

When crime is perceived to be rampant in a particular area thepublic demands action todecrease crime, reduce criminal activity, and improve safety. Funding increases allowstheaddition of law enforcement personnel, and equipment to combat crime, and is seen as apositive way to impact crime prevention. Additional funding for education, food stamps, andcrime prevention in thelocal hot spots, can also impact crime. Here in central Washingtonstate thebiggest issue is theincreased presence of gangs, and therelated gang problems.Recently thepeople of a local city voted to increase thesales tax to fund seven additionalpolice officers on thestreet, and establish a gang unit. Funding will also be used to combatthesocialization of children into gangs in local schools, and build a new larger capacity jail(Schmalleger, 2012).Research costs money, and thelack of funding directly impacts research. One area of researchthat makes sense is tracking criminal activity locations using software. Law enforcementofficers would then be assigned to thehot spots to monitor, and reduce crime. Adequatefunding to maintain crime data bases is a vital part of community policing. Public access tothis information can be used by people to determine where they what to live, or not want tolive.

State and Federal funding can influence social policy. An example is over theyears theUnitedStates have seen an enormous amount of illegal immigrants coming into our Country and alsothedrug trafficking problems from Mexico. Federal funding was increased to hire moreBorder Patrol Officers to protect our boarders and also try to reduce theamount of drugscoming into our Country. Funding will also be used to combat thesocialization of childreninto gangs in local schools, and build a new larger capacity jail (Schmalleger, 2012). Gangs

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Describe karl marx theory of social class


Create a 8 pages page paper that discusses karl marx theory of social class. In a capitalistic economy, capitalists oppress the proletariat by providing them with resources sufficient to sustain their lives and maintain those workers to continuing providing them with labor. The meager pay that workers get is only sufficient for food and shelter (Levine 21). Unfortunately, most of these workers have a lot of respect for their employers because they perceive them as the only means of their survival. Those workers are so contented with life, and the kind of earnings they get from their employers. The relationship p between the workers and the employers is based on the workers believes that employers are doing their employee’s favor by offering them jobs and that they&nbsp.are the source of livelihood for those workers (Berberoglu 11). The fact of the matter is that employers are the one who gets more from the workers and without those workers, the survival of the capitalists is at risk (Wright 4). In a capitalist economy, investors control the wealth of the economy and determine what workers get as a share of their contribution to wealth creation. However, in order to reduce the income differences between investors and the workers, workers should charge for labor in accordance with the contribution they make to the creation of resources. The government should intervene in order to safeguard the workers against the scrupulous capitalists.

Karl Max perceived a social revolution in which all the means of production would be communally owned. He perceived that in the future the capitalist would lose control of workers and due to enlightenment of the workforce the resources would change ownership as workers claim for an equal share of nation’s resources (Wood 97). However, this time has not yet come since the differences between the&nbsp.affluent&nbsp.and the&nbsp.needy&nbsp.is continuing to widen.&nbsp.

 

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

contractual remedies


Haply Inc. contracts with Barksdale LLC to have an engine repaired. After much negotiation, the parties agree that the pump will be repaired and reinstalled at Haply’s facilities in 5 days.  Haply plans on losing $40,000 a day for each day the engine is not delivered after the five-day window (this is the cost for a replacement engine).

Haply talks Barksdale’s representatives that if the engine is not repaired on time that bad press will cause Haply to lose a client’s business totaling $3,000,000. Barksdale does not complete the contract until day 7.

It cost Haply $500 to secure the delivery of a replacement engine.  The actual rental of the replacement engine cost $40,000 a day.  And, Haply lost the business of a client totaling $3,000,000.  Haply sues Barksdale for incidental, consequential and compensatory damages.  The court finds that there is a breach of contract. What are the consequential, incidental, and compensatory damages that Barksdale is liable for in this case? Be sure to define each of those terms.

Your paper should be 1-2 pages in length (double-spaced, with one inch margins all around).  Be certain to explain and support your answer.

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Project management process activity 7


 Activity I: As part of your company’s effort to select a project management software package, you have been asked to approach several other companies that presently use such packages.

  1. Develop a questionnaire to help collect the relevant information.
  2. Fill out two questionnaires, each representing a different software package.
  3. Compare the responses of the companies and select the best software of the two.

Activity II: Identify two projects in which you have been involved recently.

  1. Describe each project briefly.
  2. Suggest criteria that may have been used to identify the start of the termination phase of each project.
  3. Give two examples of activities that were performed poorly during the termination phase of either project, and suggest measures that might have been taken to improve the situation.

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Describe public health issue – Essay Furious


public health issue Paper must be at least 2250 words. Please, no plagiarized work! Obesity is a growing health issue among both developed and underdeveloped countries. There has been an increase in the number of obese people according to most studies conducted on this topic. This has been attributed to a changing lifestyle in today’s community. While there are those who argue that obesity is not a public health issue, this report will work on the assumption that obesity is a public health issue considering the fact that increasing number of people are susceptible to this disease and this is the leading non-communicable disease that has led to an increase in mortality rate.

The report aims to represent the problem of obesity, its causes, and its effects. It will uncover the public policy in England with regard to obesity and the situation in England regarding obesity. Also, recommendations developed by the World Health Organization would be discussed and finally, recommendations specific to England would be presented.

In a recent article published by Paul Zollinger-Read in The Guardian, the writer sheds light on the fact that obesity is a growing problem that is increasing at an alarming rate and is offset by an increase in fast-food restaurants around the world. This article further goes on to explain despite the awareness that fast food is not healthy food, people continue to eat them as they present an easy and quick food option.

I am interested in the issue as I am becoming increasingly concerned about the food intake of the world. While malnutrition is growing throughout the world, this is another kind of malnutrition that is leading to bigger health issues such as high cholesterol, diabetes, heart diseases, cancer, an increase in mortality rate, and osteoarthritis. Fast food consumption is not the only contributor to this health issue, there are other problems as well such as low physical activity and excessive food intake combined with hereditary traits. I am particularly interested in this disease because it is one of the leading preventable diseases that are contributing to increasing death rates in not just adults but also children.

This report will discuss the negative implications of obesity. It will look at obesity prevalent in England and how national policy and WHO recommendations and directives are contributing to a healthier society in terms of the obesity issue. The report will lastly provide recommendations taking into account the condition prevalent in England.

 

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Essay Furious – Custom Essay Writing Service Only at 7$


Essay Furious – Custom Essay Writing Service Only at 7$

Essay Furious – Custom Essay Writing Service Only at 7$

CompTIA Security1 SY0-601 Certification Exam ObjectivesSecurity1 Exam Domain/ObjectivesSectionBloom’sTaxonomy1Vulnerabilities and AttacksUnderstanding3Attacks Using MalwareAnalyzingModule1.0 Threats, Attacks, and Vulnerabilities1.1 Compare and contrast different types of socialengineering techniques.●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●PhishingSmishingVishingSpamSpam over Internet messaging (SPIM)Spear phishingDumpster divingShoulder surfingPharmingTailgatingEliciting informationWhalingPrependingIdentity fraudInvoice scamsCredential harvestingReconnaissanceHoaxImpersonationWatering hole attackTypo squattingInfluence campaigns❍❍ Hybrid warfare❍❍ Social mediaPrinciples (reasons for effectiveness)❍❍ Authority❍❍ Intimidation❍❍ Consensus❍❍ Scarcity❍❍ Familiarity❍❍ Trust❍❍ Urgency1.2 Given a scenario, analyze potential indicators todetermine the type of attack.●●Malware❍❍ Ransomware❍❍ Trojans❍❍ Worms❍❍ Potentially unwanted programs (PUPs)❍❍ Fileless virus❍❍ Command and control❍❍ Bots❍❍ Cryptomalware❍❍ Logic bombs❍❍ Spyware❍❍ Keyloggers❍❍ Remote access Trojan (RAT)❍❍ Rootkit❍❍ BackdoorCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Security + Exam Domain/Objectives●●●●●●●●●●●●Password attacks❍❍ Spraying❍❍ Dictionary❍❍ Brute force■■ Offline■■ Online❍❍ Rainbow tables❍❍ Plaintext/unencryptedPhysical attacks❍❍ Malicious universal serial bus (USB) cable❍❍ Malicious flash drive❍❍ Card cloning❍❍ SkimmingAdversarial artificial intelligence (AI)❍❍ Tainted training data for machine learning(ML)❍❍ Security of machine learning algorithmsSupply-chain attacksCloud-based vs. on-premises attacksCryptographic attacks❍❍ Birthday❍❍ Collision❍❍ Downgrade1.3 Given a scenario, analyze potential indicatorsassociated with application attacks.●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●Privilege escalationCross-site scriptingInjections❍❍ Structured query language (SQL)❍❍ Dynamic link library (DLL)❍❍ Lightweight directory access protocol(LDAP)❍❍ Extensible markup language (XML)Pointer/object dereferenceDirectory traversalBuffer overflowsRace conditions❍❍ Time of check/time of useError handlingImproper input handlingReplay attack❍❍ Session replaysInteger overflowRequest forgeries❍❍ Server-side❍❍ Client-side❍❍ Cross-siteApplication programming interface (API)attacksResource exhaustionMemory leakSecure sockets layer (SSL) strippingDriver manipulation❍❍ Shimming❍❍ RefactoringPass the hashModuleSectionBloom’sTaxonomy12Types of AuthenticationCredentialsCreating5Securing Mobile DevicesApplying3Adversarial ArtificialIntelligence AttacksUnderstanding6Cryptographic Attacks andDefensesApplyingSegmenting the NetworkUnderstandingCreating Network DeceptionImplementing EndpointSecurityApplyingApplyingHardening the NetworkAnalyzing3Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Seventh EditionCompTIASecurity+Guide toNetwork SecurityFundamentalsMark Ciampa, Ph.D.INFORMATIONSECURITYAustralia • Brazil • Canada • Mexico • Singapore • United Kingdom • United StatesCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.This is an electronic version of the print textbook. Due to electronic rights restrictions,some third party content may be suppressed. Editorial review has deemed that any suppressedcontent does not materially affect the overall learning experience. The publisher reserves the rightto remove content from this title at any time if subsequent rights restrictions require it. Forvaluable information on pricing, previous editions, changes to current editions, and alternateformats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword formaterials in your areas of interest.Important Notice: Media content referenced within the product description or the producttext may not be available in the eBook version.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.CompTIA® Security+ Guide to Network­Security Fundamentals, Seventh EditionMark Ciampa© 2022, 2018 Cengage Learning, Inc.WCN: 02-300SVP, Higher Education Product Management: ErinUnless otherwise noted, all content is © Cengage.JoynerALL RIGHTS RESERVED. No part of this work covered by the copyright hereinVP, Product Management: Thais AlencarProduct Team Manager: Kristin McNarymay be reproduced or distributed in any form or by any means, except aspermitted by U.S. copyright law, without the prior written permission of thecopyright owner.Associate Product Manager: Danielle KlahrFor product information and technology assistance, contact us atProduct Assistant: Tom BenedettoCengage Customer & Sales Support, 1-800-354-9706or support.cengage.com.Director, Learning Design: Rebecca von GillernSenior Manager, Learning Design: Leigh HefferonFor permission to use material from this text or product,Learning Designer: Natalie Onderdonksubmit all requests online at www.cengage.com/permissions.Vice President, Marketing – Science, Technology,& Math: Jason SakosSenior Marketing Director: Michele McTigheMarketing Manager: Cassie CloutierProduct Specialist: Mackenzie PaineDirector, Content Creation: Juliet SteinerSenior Manager, Content Creation: Patty StephanSenior Content Manager: Brooke GreenhouseDirector, Digital Production Services: KristaKellmanDigital Delivery Lead: Jim VaugheyDevelopmental Editor: Lisa RuffaloProduction Service/Composition: SPiDesign Director: Jack PendletonLibrary of Congress Control Number: 2020920904ISBN-13: 978-0-357-42437-7Loose-leaf Edition: 978-0-357-42438-4Cengage200 Pier 4 BoulevardBoston, MA 02210USACengage is a leading provider of customized learning solutions withemployees residing in nearly 40 different countries and sales in more than125 countries around the world. Find your local representative atwww.cengage.com.To learn more about Cengage platforms and services, register or accessyour online learning solution, or purchase materials for your course, visitwww.cengage.com.Designer: Erin GriffinCover Image(s): iStockPhoto.com/phochiPublisher does not warrant or guarantee any of the products described herein or perform any independent analysis in connectionwith any of the product information contained herein. Publisher does not assume, and expressly disclaims, any obligation to obtainand include information other than that provided to it by the manufacturer. The reader is expressly warned to consider and adoptall safety precautions that might be indicated by the activities described herein and to avoid all potential hazards. By followingthe instructions contained herein, the reader willingly assumes all risks in connection with such instructions. The publisher makesno representations or warranties of any kind, including but not limited to, the warranties of fitness for particular purpose ormerchantability, nor are any such representations implied with respect to the material set forth herein, and the publisher takes noresponsibility with respect to such material. The publisher shall not be liable for any special, consequential, or exemplary damagesresulting, in whole or part, from the readers’ use of, or reliance upon, this material.Printed in the United States of AmericaPrint Number: 01Print Year: 2020Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.BRIEF CONTENTSIntroductionIXpart 4part 1NETWoRK SECURITYSECURITY FUNDAMENTAlS1Introduction to Security3Module 2Threat Management and CybersecurityResources33Module 3Threats and Attacks on Endpoints65Endpoint and Application DevelopmentSecurity95Mobile, Embedded, and Specialized DeviceSecurity127part 3CRYpTogRApHY155317part 5351Module 12353Module 13Incident Preparation, Response, andInvestigation389Module 14Cybersecurity Resilience423Module 15Module 6Basic CryptographyWireless Network SecurityAuthenticationModule 5285Module 11Enterprise SecurityModule 4255Module 10Cloud And Virtualization Security63225Module 9Network Security Appliances andTechnologiespart 2ENDpoINT SECURITYModule 8Networking Threats, Assessments, andDefensesModule 1223157Risk Management and Data Privacy453Module 7Public Key Infrastructure and CryptographicProtocols191appendicesAppendix A: CompTIA Security+ Sy0-601Certification Exam ObjectivesAppendix B: Two Rights & A Wrong: Answers479505GLOSSARY515Index543Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Table of ContentsIntroductionIXPart 1Security Fundamentals1Module 1Cybersecurity ResourcesFrameworksRegulationsLegislationStandardsBenchmarks/Secure Configuration GuidesInformation Sources55Key Terms56Review Questions57613What Is Information Security?5Understanding SecurityDefining Information Security55Case Projects7Part 2Script KiddiesHacktivistsState ActorsInsidersOther Threat Actors8991010Vulnerabilities and Attacks11VulnerabilitiesAttack VectorsSocial Engineering AttacksImpacts of Attacks11141521Summary22Key Terms23Review Questions24Case Projects30Module 2Threat Management andCybersecurity Resources33Penetration Testing34Defining Penetration TestingWhy Conduct a Test?Who Should Perform the Test?Rules of EngagementPerforming a Penetration TestVulnerability ScanningWhat Is a Vulnerability Scan?Conducting a Vulnerability ScanData Management ToolsThreat Hunting3435353739505253535454SummaryIntroduction to SecurityWho Are the Threat Actors?50Endpoint Security63Module 3Threats and Attackson Endpoints65Attacks Using Malware66ImprisonLaunchSnoopDeceiveEvade6769737576Application Attacks77ScriptingInjectionRequest ForgeryReplayAttacks on Software7878808081Adversarial Artificial IntelligenceAttacks83What Are Artificial Intelligence (AI) andMachine Learning (ML)?Uses in CybersecurityRisks in Using AI and ML in Cybersecurity84848542Summary8642434749Key Terms88Review Questions88Case Projects93Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Table of ContentsvModule 4Part 3Endpoint andApplication DevelopmentSecurity95Cryptography155Threat Intelligence Sources96Categories of SourcesSources of Threat Intelligence9799Basic CryptographySecuring Endpoint ComputersConfirm Boot IntegrityProtect EndpointsHarden EndpointsCreating and Deploying SecDevOpsApplication Development ConceptsSecure Coding TechniquesCode Testing101101103107112114115115Summary118Key Terms120Review Questions120Case Projects125Module 5Mobile, Embedded,and Specialized DeviceSecurity127Securing Mobile DevicesIntroduction to Mobile DevicesMobile Device RisksProtecting Mobile Devices129129134136Embedded Systems and SpecializedDevices140Types of DevicesSecurity Issues140144Summary145Key Terms147Review Questions148Case Projects152Module 6Defining Cryptography157158What Is Cryptography?Cryptography Use CasesLimitations of Cryptography158160162Cryptographic Algorithms164Hash AlgorithmsSymmetric Cryptographic AlgorithmsAsymmetric Cryptographic Algorithms165166168Cryptographic Attacks and Defenses172Attacks on CryptographyQuantum Cryptographic DefensesUsing CryptographyEncryption through SoftwareHardware EncryptionBlockchain173174175175177178Summary180Key Terms181Review Questions181Case Projects187Module 7Public Key Infrastructureand CryptographicProtocols191Digital CertificatesDefining Digital CertificatesManaging Digital CertificatesTypes of Digital CertificatesPublic Key Infrastructure (PKI)What Is Public Key Infrastructure (PKI)?Trust ModelsManaging PKIKey ManagementCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.192192194197202202202204205viCOMPTIA Security+ Guide to Network Security FundamentalsCryptographic ProtocolsSecure Sockets Layer (SSL)Transport Layer Security (TLS)Secure Shell (SSH)Hypertext Transport Protocol Secure (HTTPS)Secure/Multipurpose Internet MailExtensions (S/MIME)Secure Real-time Transport Protocol (SRTP)IP Security (IPsec)Weaknesses of Cryptographic Protocols207Summary246208208208209Key Terms248Review Questions248Case Projects252209209210210Implementing Cryptography211Key StrengthSecret AlgorithmsBlock Cipher Modes of OperationCrypto Service Providers211212212213Summary214Key Terms215Review Questions216Case Projects220Part 4Network Security223Module 9Network Security Appliancesand Technologies255Security AppliancesFirewallsProxy ServersDeception InstrumentsIntrusion Detection and PreventionSystemsNetwork Hardware Security ModulesConfiguration ManagementSecurity TechnologiesAccess TechnologiesTechnologies for Monitoring andManagingDesign Technologies256257261261263264265266266269272Module 8Summary276Networking Threats,Assessments, and DefensesKey Terms278Review Questions279Case Projects282225Attacks on Networks226Interception AttacksLayer 2 AttacksDNS AttacksDistributed Denial of Service AttackMalicious Coding and Scripting Attacks227228231233234Tools for Assessment and Defense236Network Reconnaissance and Discovery ToolsLinux File Manipulation ToolsScripting ToolsPacket Capture and Replay ToolsPhysical Security ControlsExternal Perimeter DefensesInternal Physical Security ControlsComputer Hardware Security237238238238240240243245Module 10Cloud and VirtualizationSecurity285Cloud SecurityIntroduction to Cloud ComputingSecuring Cloud ComputingVirtualization SecurityDefining VirtualizationInfrastructure as CodeSecurity Concerns for VirtualEnvironments286286292298298300302Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Table of ContentsSecure Network ProtocolsSimple Network Management Protocol (SNMP)Domain Name System Security Extensions(DNSSEC)File Transfer Protocol (FTP)Secure Email ProtocolsLightweight Directory Access Protocol (LDAP)Internet Protocol Version 6 (IPv6)Use CasesSummary304304304305306306307307308Key Terms310Review Questions311Case Projects315Part 5Enterprise SecurityWireless Network SecurityAuthentication353Types of Authentication CredentialsSomething You Know: PasswordsSomething You Have: Smartphone andSecurity KeysSomething You Are: BiometricsSomething You Do: Behavioral BiometricsPassword SecuritySecure Authentication TechnologiesWireless AttacksBluetooth AttacksNear Field Communication (NFC) AttacksRadio Frequency Identification (RFID)AttacksWireless Local Area Network AttacksVulnerabilities of WLAN SecurityWired Equivalent PrivacyWi-Fi Protected SetupMAC Address FilteringWi-Fi Protected Access (WPA)Wireless Security SolutionsWi-Fi Protected Access 2 (WPA2)Wi-Fi Protected Access 3 (WPA3)317319319321322323331331332332333334334336Additional Wireless SecurityProtections336InstallationConfigurationSpecialized Systems CommunicationsRogue AP System Detection337338339339351Module 12Authentication SolutionsModule 11vii354355361364368369370373Summary378Key Terms379Review Questions380Case Projects386Module 13Incident Preparation,Response, and Investigation 389Incident PreparationReasons for Cybersecurity IncidentsPreparing for an IncidentIncident ResponseUse SOAR Runbooks and PlaybooksPerform ContainmentMake Configuration ChangesIncident InvestigationData SourcesDigital Forensics390391397400401401402402402405Summary340Summary413Key Terms342Key Terms415Review Questions342Review Questions415Case Projects347Case Projects420Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.viiiCOMPTIA Security+ Guide to Network Security FundamentalsModule 14Cybersecurity ResilienceBusiness ContinuityIntroduction to Business ContinuityResilience Through RedundancyData Privacy423424424427Policies436User ConcernsData Breach ConsequencesData TypesProtecting DataData Destruction466467468468468470Summary470436437Key Terms472Review Questions473Summary444Case Projects476Key Terms445Review Questions446Case Projects451Definition of a PolicyTypes of Security PoliciesModule 15Risk Management and DataPrivacy453Managing RiskDefining RiskRisk TypesRisk AnalysisRisk Management454455456457461appendices ACOMPTIA SECURITY+ SY0-601CERTIFICATION EXAMOBJECTIVES479appendices BTWO RIGHTS & A WRONG:ANSWERS505GLOSSARY515index543Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.IntroductionThe number of cyberattacks has reached epidemic proportions. According to one report, the number of new malware releases every month exceeds 20 million, and the total malware in existence isapproaching 900 million variants. More than 11.5 billion records have been exposed through databreaches since 2005. In 2019, four out of every five organizations experienced at least one successfulcyberattack, and more than one-third suffered six or more successful attacks.1 It is estimated thatby 2021, a business will fall victim to a ransomware attack once every 11 seconds. Cybercrime willcost the world $6 trillion annually by 2021, an increase of 100 percent in just six years, representingthe greatest transfer of economic wealth in human history.2 Compounding the problem, 85 percentof organizations are experiencing a shortfall of skilled security professionals.3The need to identify and defend against these continual attacks has created an essential workforce that is now at the very core of the information technology (IT) industry. Known as informationsecurity, these professionals are focused on protecting electronic information. Various elements ofinformation security, such as application security, infrastructure security, forensics and malwareanalysis, and security leadership, along with several others, make up this workforce. The demandfor certified professionals in information security has never been higher.When filling cybersecurity positions, an overwhelming majority of enterprises use the Computing Technology Industry Association (CompTIA) Security+ certification to verify security competency. Of the hundreds of security certifications currently available, Security+ is one of the mostwidely acclaimed security certifications. Because it is internationally recognized as validating afoundation level of security skills and knowledge, the Security+ certification has become the foundation for today’s IT security professionals. The value for an IT professional who holds a CompTIAsecurity certification is significant. On average, an employee with a CompTIA certification commands a salary between 5 and 15 percent higher than their counterparts with similar qualificationsbut lacking a certification.The CompTIA Security+ certification is a vendor-neutral credential that requires passing thecurrent certification exam SY0-601. A successful candidate has the knowledge and skills requiredto identify attacks, threats, and vulnerabilities; design a strong security architecture; implementsecurity controls; be knowledgeable of security operations and incident response; and be wellversed in governance, risk, and compliance requirements.Certification provides job applicants with more than a competitive edge over their noncertified counterparts competing for the same IT positions. Some institutions of higher educationgrant college credit to students who successfully pass certification exams, moving them further along in their degree programs. For those already employed, achieving a new certificationincreases job effectiveness, which opens doors for advancement and job security. Certificationalso gives individuals interested in careers in the military the ability to move into higher positions more quickly.CompTIA® Security+ Guide to Network Security Fundamentals, Seventh Edition, is intended toequip learners with the knowledge and skills needed to be information security IT professionals.Yet it is more than an “exam prep” book. While teaching the fundamentals of cybersecurity byusing the CompTIA Security+ exam objectives as its framework, the book takes a comprehensiveview of security by examining in depth today’s attacks against networks and endpoints and what isneeded to defend against these attacks. Security+ Guide to Network Security Fundamentals, SeventhEdition, is a valuable tool for those who want to learn about security and enter the field of information security. It also provides the foundation that will help prepare for the CompTIA Security+certification exam. For more information on CompTIA Security+ certification, visit the CompTIAwebsite at comptia.org.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.xCOMPTIA Security+ Guide to Network Security FundamentalsIntended AudienceThis book is designed to meet the needs of students and professionals who want to master basic information security.A fundamental knowledge of computers and networks is all that is required to use this book. Those seeking to pass theCompTIA Security+ certification exam will find the text’s approach and content especially helpful; all Security+ SY0-601exam objectives are covered in the text (see Appendix A). Security+ Guide to Network Security Fundamentals, SeventhEdition, covers all aspects of network and computer security while satisfying the Security+ objectives.The book’s pedagogical features are designed to provide a truly interactive learning experience to help prepareyou for the challenges of network and computer security. In addition to the information presented in the text, eachmodule includes Hands-On Projects that guide you through implementing practical hardware, software, network, andInternet security configurations step by step. Each module also contains case studies that place you in the role ofproblem solver, requiring you to apply concepts presented in the module to achieve successful solutions.Module DescriptionsThe following list summarizes the topics covered in each module of this course:Module 1, “Introduction to Security,” introduces the cybersecurity fundamentals that form the basis of theSecurity+ certification. The module begins by defining information security and identifying attackers. It also looks atvulnerabilities in systems and the types of attacks that take advantage of the vulnerabilities.Module 2, “Threat Management and Cybersecurity Resources,” looks at threat management as it pertains topenetration testing and vulnerability scans. The module also explores cybersecurity standards, regulations, frameworks, and configuration guidelines.Module 3, “Threats and Attacks on Endpoints,” focuses on network-connected hardware devices, better knownas endpoints. It begins by looking at attacks using various types of malware and then surveys application attacks. Italso examines adversarial artificial intelligence attacks.Module 4, “Endpoint and Application Development Security,” describes different sources of threat intelligenceinformation. The module also explores securing endpoint devices and creating and deploying secure applications torun on those devices.Module 5, “Mobile, Embedded, and Specialized Device Security,” looks at securing mobile devices. As usershave embraced mobile devices, so too have attackers embraced them as targets. This module also explores embeddedsystems and the Internet of Things devices. Finally, it examines keeping specialized devices secure.Module 6, “Basic Cryptography,” explores how encryption can be used to protect data. The module covers whatcryptography is and how it can be used for protection, and then examines how to protect data using three commontypes of encryption algorithms: hashing, symmetric encryption, and asymmetric encryption. It also covers how to usecryptography on files and disks to keep data secure.Module 7, “Public Key Infrastructure and Cryptographic Protocols,” examines how to implement cryptographyand use digital certificates. It also looks at public key infrastructure and key management. This module covers cryptographic protocols to see how cryptography is used on data that is being transported and concludes with how toimplement cryptography.Module 8, “Networking Threats, Assessments, and Defenses,” begins a study of network attacks and defenses.First, the module explores some of the common attacks that are launched against networks today. Then it looks attools for assessing and defending networks. Finally, it examines physical security defenses that can be used to protectnetwork technology devices.Module 9, “Network Security Appliances and Technologies,” examines security appliances that provide resilienceto attackers—such as firewalls, proxy servers, deception instruments, and other security appliances. It also exploressecurity technologies such as access technologies, technologies for monitoring and managing networks, and principlesfor designing a secure network.Module 10, “Cloud and Virtualization Security,” looks at both cloud computing and virtualization. It examineswhat both of these technologies are, how they function, and how they can be secured. Because cloud computing relieson secure network connections, it also discusses secure network protocols.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.IntroductionxiModule 11, “Wireless Network Security,” explores the attacks on wireless devices that are common today. It alsoidentifies vulnerabilities in wireless security and examines several secure wireless protections.Module 12, “Authentication,” defines authentication and the secure management techniques that enforce authentication. This module looks at the types of authentication credentials that can be used to verify a user’s identity andthe techniques and technology used to manage user accounts in a secure fashion.Module 13, “Incident Preparation, Response, and Investigation,” focuses on the plans that must be made forwhen a cybersecurity incident occurs. These plans cover incident preparation, incident response, and then a follow-upinvestigation as to how the incident occurred and how similar future events can be mitigated.Module 14, “Cybersecurity Resilience,” explores the capacity of an organization to recover quickly from difficulties and spring back into shape. This module defines business continuity and why it is important. Next, it investigateshow to prevent disruptions through redundancy. Finally, it explains how business policies can help provide resilienceto an organization.Module 15, “Risk Management and Data Privacy,” examines two elements of cybersecurity that are of high importance to both enterprises and users. The first involves risk and the strategies for mitigating risks. It also explores dataprivacy and the issues that surround it.Appendix A, “CompTIA SY0-601 Certification Examination Objectives,” provides a complete listing of the latest CompTIA Security+ certification exam objectives and shows the modules and headings in the modules that covermaterial associated with each objective, as well as the Bloom’s Taxonomy level of that coverage.Appendix B, “Two Rights & a Wrong: Answers,” contains the answers to the “Two Rights and a Wrong” assessment questions.FeaturesThe course’s pedagogical features are designed to provide a truly interactive learning experience and prepare you toface the challenges of cybersecurity. To aid you in fully understanding computer and network security, this courseincludes many features designed to enhance your learning experience.• Maps to CompTIA Objectives. The material in this text covers all the CompTIA Security+ SY0-601 examobjectives.• Module Objectives. Each module lists the concepts to be mastered within that module. This list serves as aquick reference to the module’s contents and as a useful study aid.• Front-Page Cybersecurity. This section opens each module and provides an explanation and analysis of someof the latest attacks and defenses related to topics that are covered in the module. The sections establish areal-world context for understanding cybersecurity.• Illustrations, Tables, and Bulleted Lists. Numerous full-color diagrams illustrating abstract ideas and screenshots of cybersecurity tools help learners better visualize the concepts of cybersecurity. In addition, the manytables and bulleted lists provide details and comparisons of both practical and theoretical information thatcan be easily reviewed and referenced in the future.• Module Summaries. Each module reading concludes with a summary of the concepts introduced in thatmodule. These summaries revisit the ideas covered in each module.• Key Terms. All of the terms in each module that were introduced with bold text are gathered in a Key Termslist, providing additional review and highlighting key concepts. Key Term definitions are included in the Glossary at the end of the text.• Review Questions. The end-of-module assessment begins with a set of review questions that reinforce theideas introduced in each module. These questions help you evaluate and apply the material you have learned.Answering these questions will ensure that you have mastered the important concepts and provide valuablepractice for taking CompTIA’s Security+ exam.• Hands-On Projects. Projects at the end of each module give you the opportunity to apply in practice whatyou have just learned. These projects include detailed step-by-step instructions to walk you through endpointsecurity configuration settings and demonstrate actual security defenses using websites or software downloaded from the Internet. In addition, instructions are provided regarding how to perform these projects in aprotected sandbox or virtual machine environment so that the underlying computer is not impacted.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.xiiCOMPTIA Security+ Guide to Network Security Fundamentals• Case Projects. Although it is important to understand the theory behind cybersecurity technology, nothingbeats real-world experience. To this end, each module includes several case projects aimed at providing practical implementation experience as well as practice in applying critical thinking skills to reinforce the conceptslearned throughout the module.New to this Edition• Maps fully to the latest CompTIA Security+ exam SY0-601• Completely revised and updated with expanded coverage on attacks and defenses• New module units: Security Fundamentals, Endpoint Security, Cryptography, Network Security, and EnterpriseSecurity• All new “Front-Page Cybersecurity” opener in each module• Two Rights & a Wrong self-assessments that give you opportunities to quickly assess your understanding ofthe topics• All new virtual machine labs that help you refine the hands-on skills needed to master today’s cybersecuritytoolset• New and updated Hands-On Projects cover some of the latest security software• All new introductions to the Hands-On Projects provide time estimates, Security+ objective mappings, andproject descriptions• New cybersecurity consultant and assurance service scenarios in which you serve as an intern and gain practical experience regarding what you might encounter on the job• New Information Security Community Site activities allow you to interact with other learners and securityprofessionals from around the world through a regularly updated blog, discussion boards, and other features• All SY0-601 exam topics fully defined• Linking of each exam subdomain to Bloom’s Taxonomy (see Appendix A)Text and Graphic ConventionsWherever appropriate, additional information and exercises have been added to this book to help you better understand the topic at hand. Icons throughout the text alert you to additional materials. The following icons and elementsare used in this textbook:Note 1Note elements draw your attention to additional helpful material related to the subject being described.CautionThe Caution icons warn you about potential mistakes or problems and explain how to avoid them.Two Rights & a wrongThe “Two Rights & a Wrong” elements let you quickly assess your understanding of the topics. The answers to theseassessments appear in Appendix B.VM LabThe VM Lab icons alert you to live, virtual machine labs that reinforce the material in eachmodule.✔ CertificationCertification icons indicate CompTIA Security+ objectives covered under major module headings.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.IntroductionxiiiInstructor MaterialsEverything you need for your course is in one place. This collection of book-specific lecture and class tools is availableonline. Please visit login.cengage.com and log in to access instructor-specific resources on the Instructor Resources,which includes the Guide to Teaching Online; Instructor Manual; Solutions to the textbook, lab manual, and live, virtualmachine labs; Test Bank files; PowerPoint Presentations; Syllabus; and Student Downloads.• Guide to Teaching Online. The Guide to Teaching Online includes two main parts. Part 1 offers general technological and pedagogical considerations and resources, and Part 2 provides discipline-specific suggestionsfor teaching when you can’t be in the same room with students.• Electronic Instructor Manual. The Instructor Manual that accompanies this textbook includes the followingitems: additional instructional material to assist in class preparation—including suggestions for lecture topics,additional projects, and class discussion topics.• Solutions Manuals. The instructor resources include solutions to all end-of-module material, including reviewquestions and case projects. The Lab Manual Solutions include answers to the review questions found in thelab manual modules. The Live, Virtual Machine Labs Solutions include examples of correct screenshots andanswers to the inline questions found within the labs.• Test Banks with Cengage Testing Powered by Cognero. This flexible, online system allows you to do thefollowing:❍❍ Author, edit, and manage test bank content from multiple Cengage solutions.❍❍ Create multiple test versions in an instant.❍❍ Deliver tests from your LMS, your classroom, or wherever you want.• PowerPoint Presentations. This book comes with a set of Microsoft PowerPoint slides for each module. Theseslides are meant to be used as a teaching aid for classroom presentations, to be made available to studentson the network for module review, or to be printed for classroom distribution. Instructors are also at libertyto add their own slides for other topics introduced.• Syllabus. The sample syllabus provides an example of a template for setting up a 14-week course.• Student Downloads. The student downloads include Accessible Launch Text for MindTap Lab Simulationsand Accessible Launch Text for MindTap Live Virtual Machine Labs.Total Solutions for SecurityTo access additional course materials, please visit www.cengage.com. At the cengage.com home page, search for theISBN of your title (from the back cover of your book) using the search box at the top of the page. This will take you tothe product page where these resources can be found.MindTapMindTap for Security+ Guide to Network Security Fundamentals, Seventh Edition, is a personalized, fully online digitallearning platform of content, assignments, and services that engages students and encourages them to think criticallywhile allowing you to easily set your course through simple customization options.MindTap is designed to help students master the skills they need in today’s workforce. Research shows employersneed critical thinkers, troubleshooters, and creative problem solvers to stay relevant in our fast-paced, technologydriven world. MindTap helps you achieve this with assignments and activities that provide hands-on practice, real-liferelevance, and certification test prep. Students are guided through assignments that help them master basic knowledgeand understanding before moving on to more challenging problems.All MindTap activities and assignments are tied to defined learning objectives. Readings support course objectives,while Security for Life activities encourage learners to read articles, listen to podcasts, or watch videos to stay currentwith what is happening in the field of IT and cybersecurity. You can use these activities to help build student interestin the field of information security as well as lifelong learning habits.Reflection activities encourage self-reflection and open sharing among students to help improve their retention andunderstanding of the material. Visualize Videos help explain and illustrate difficult information technology concepts.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.xivCOMPTIA Security+ Guide to Network Security FundamentalsLab simulations provide students with an opportunity for hands-on experience and problem-solving practice withautomatic feedback. The live, virtual machine labs provide hands-on practice and give students an opportunity totroubleshoot, explore, and try different real-life solutions in a secure, private sandbox environment.Test Prep questions in the ATP app allow students to quiz themselves on specific exam domains, and the pre- andpost-course assessments measure exactly how much they have learned. CNOW quizzes provide test questions in thestyle of the Security+ certification exam and help you measure how well learners mastered the material after completing each MindTap module.MindTap is designed around learning objectives and provides the analytics and reporting to easily see where theclass stands in terms of progress, engagement, and completion rates.Students can access eBook content in the MindTap Reader—which offers highlighting, note taking, search, andaudio, as well as mobile access. Learn more at www.cengage.com/mindtap/.Instant Access Code: (ISBN: 9780357424407)Printed Access Code: (ISBN: 9780357424414)Lab ManualHands-on learning is necessary to master the security skills needed for both CompTIA’s Security+ Exam and for a careerin network security. Included only in the MindTap, Security+ Guide to Network Security Fundamentals Lab Manual, 7thEdition, contains hands-on exercises that use fundamental networking security concepts as they are applied in thereal world. Each module offers review questions to reinforce your mastery of network security topics and to sharpenyour critical thinking and problem-solving skills.Bloom’s TaxonomyBloom’s Taxonomy is an industry-standard classification system used to help identify the level of ability that learners need to demonstrate proficiency. It is often used to classify educational learning objectives into different levels ofcomplexity. Bloom’s Taxonomy reflects the “cognitive process dimension.” This represents a continuum of increasingcognitive complexity, from remember (lowest level) to create (highest level).There are six categories in Bloom’s Taxonomy as seen in Figure A.In all instances, the level of coverage the domains in Security+ Guide to Network Security Fundamentals, SeventhEdition, meets or exceeds the Bloom’s Taxonomy level indicated by CompTIA for that objective. See Appendix A formore detail.Bloom’s TaxonomycreateProduce new or original workDesign, assemble, construct, conjecture, develop, formulate, author, investigateevaluateJustify a stand or decisionappraise, argue, defend, judge, select, support, value, critique, weighDraw connections among ideasanalyzeapplyunderstandrememberdifferentiate, organize, relate, compare, contrast, distinguish,examine, experiment, question, testUse information in new situationsexecute, implement, solve, use, demonstrate, interpret,operate, schedule, sketchExplain ideas or conceptsclassify, describe, discuss, explain, identify, locate,recognize, report, select, translateRecall facts and basic conceptsdefine, duplicate, list, memorize, repeat, stateFIGURE A Bloom’s TaxonomyCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.IntroductionxvInformation Security Community SiteStay secure with the Information Security Community Site. Connect with students, professors, and professionals fromaround the world, and stay on top of this ever-changing field. Visit http://community.cengage.com/Infosec2/ to•••••Ask authors, professors, and students the questions that are on your mind in the Discussion Forums.See up-to-date news, videos, and articles.Read regular blogs from author Mark Ciampa.Listen to podcasts on the latest Information Security topics.Review textbook updates and errata.Each module’s Case Projects include information on a current security topic and specific projects ask the learnerto post reactions and comments to the Information Security Community Site. This allows users from around the worldto interact and learn from other users as well as security professionals and researchers.What’s New with CompTIA Security+CertificationThe CompTIA Security+ SY0-601 exam was updated in November 2020. Several significant changes have been madeto the exam objectives. The exam objectives have been significantly expanded to reflect current security issues andknowledge requirements more accurately. These exam objectives place importance on knowing “how to” rather thanjust knowing or recognizing security concepts.The following are the domains covered on the new Security+ exam:Domain% of Examination1.0 Attacks, Threats, and Vulnerabilities24%2.0 Architecture and Design21%3.0 Implementation25%4.0 Operations and Incident Response16%5.0 Governance, Risk, and Compliance14%Total100%About the AuthorDr. Mark Ciampa is Professor of Information Systems in the Gordon Ford College of Business at Western KentuckyUniversity in Bowling Green, Kentucky. Previously, he was Associate Professor and Director of Academic Computingat Volunteer State Community College in Gallatin, Tennessee, for 20 years. Mark has worked in the IT industry as acomputer consultant for businesses, government agencies, and educational institutions. He has published more than25 articles in peer-reviewed journals and is also the author of more than 25 technology textbooks, including CompTIAGuide to CySA+, CWNA Guide to Wireless LANs 3e, Guide to Wireless Communications, Security Awareness: ApplyingPractical Security In Your World 5e, and Networking BASICS. Dr. Ciampa holds a PhD in technology management witha specialization in digital communication systems from Indiana State University, and he has certifications in securityand health care.AcknowledgmentsA large team of dedicated professionals all contributed to this project, and I am honored to be part of such an outstanding group of professionals. First, thanks go to Cengage Product Managers Amy Savino and Danielle Klahr for providingme the opportunity to work on this project and for providing their continual support. Thanks also to Senior ContentCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.xviCOMPTIA Security+ Guide to Network Security FundamentalsCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.IntroductionxviiManager Brooke Greenhouse for answering all my questions, to Learning Designer Natalie Onderdonk for her valuableinput, and to Danielle Shaw for her technical reviews. I would like to give special recognition to developmental editorLisa Ruffolo. Although this was our first major project together, it was like we had worked together for many yearsbecause she knew exactly what I needed. Lisa provided numerous helpful suggestions, made excellent comments, andexpertly managed all the pieces that this fast-moving project required. I also appreciated the significant contributionsof the reviewers for this edition: Joyce Thompson, Professor of Computer Science and GIS at Lehigh Carbon Community College, and Jeffrey Koch, Professor of Computer Science at Tarrant County College. To everyone on the team Iextend my sincere thanks.Finally, I want to thank my wonderful wife, Susan. Her patience, support, and love were, as always, there from thefirst page to the last. I could not have done it without her.DedicationTo Braden, Mia, Abby, Gabe, Cora, Will, and Rowan.To the UserThis book should be read in sequence, from beginning to end. Each module builds on those that precede it to providea solid understanding of networking security fundamentals. The book may also be used to prepare for CompTIA’sSecurity+ certification exam. Appendix A pinpoints the modules and sections in which specific Security+ exam objectives are covered.Hardware and Software RequirementsFollowing are the hardware and software requirements needed to perform the end-of-module Hands-On Projects.• Microsoft Windows 10• An Internet connection and web browser• Microsoft OfficeFree Downloadable Software RequirementsFree, downloadable software is required for the Hands-On Projects in the following modules.Module 1:• Microsoft Safety Scanner• Oracle VirtualBoxModule 3:• Refog Keylogger• EICAR AntiVirus Test FileModule 4:• ConfigureDefenderModule 5:• Prey• BlueStacksNorton Security (Android app)Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.xviiiCOMPTIA Security+ Guide to Network Security FundamentalsModule 6:• OpenPuff Steganography• HashCalc• Jetico BestCryptModule 7:• Adobe ReaderModule 9:• GlassWireModule 10:• VMware vCenter ConverterModule 11:• NirSoft WifiInfoView• VistumblerModule 12:• BioID Facial Recognition Authenticator• KeePassModule 13:• Directory SnoopModule 14:• UNetbootin• Linux MintModule 15:• BrowzarReferences1. “2020 Cyberthreat defense report,” Cyberedge Group, accessed Apr. 20, 2020, https://cyber-edge.com/cdr/.2. Morgan, Steve, “2019 official annual cybercrime report,” Cybersecurity Ventures, accessed Apr. 20, 2020, www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf.3. “2020 Cyberthreat defense report,” Cyberedge Group, accessed Apr. 20, 2020, https://cyber-edge.com/cdr/.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.SecurityFundamentalsRelentless is perhaps the best way to describe today’s cyberattacks. Theseto tiny Internet of Things (IoT) sensors, are designed to steal or manipulatethe sensitive data stored in them. The modules in Part 1 introduce securityand outline the causes of these attacks. The modules also discuss how toperform security evaluations to identify the weaknesses that need to beaddressed to repel attacks.Module 1Introduction to SecurityModule 2Threat Management andCybersecurity ResourcesPart 1attacks, directed against devices ranging from huge cloud computing serversCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Module 1Introduction toSecurityAfter completing this module, you should be able to do the following:1Define information security and explain why it is important2Identify threat actors and their attributes3Describe the different types of vulnerabilities and attacks4Explain the impact of attacksFront-Page CybersecurityThreat actors have a long history of using current events to take advantage of distracted and unsuspecting users. Forexample, whenever a natural disaster such as a hurricane or flood occurs, unscrupulous attackers send out email messageswith tempting subject lines such as “Contribute to Disaster Relief Here” or “These Flood Pictures Are Unbelievable!” Thesemessages are, of course, intended to trick a user to open an email attachment that contains malware or click a hyperlinkthat redirects them to a malicious website.The 2020 pandemic caused by the coronavirus disease (COVID-19) was no exception. Threat actors used this tragicworldwide event as cover for their attacks. A variety of campaigns distributed malware, stole user credentials, and scammedvictims out of their money.Many email scams offered to sell hard-to-find face masks or even medication to cure COVID-19 infections. Some scamsasked for investments in fake companies that claimed to be developing vaccines, while other email scams asked for donations to fictitious charities, such as the World Health Community. (This organization does not exist, but the name is similarenough to the World Health Organization to cause confusion.)Some malicious emails were designed to infect a victim’s computer with malware. Email subject lines such as a “BreakingCoronavirus News Update” or “You Must Do This Right Now!” were common and caused anxious victims to open an attachment that infected their computer. Often emails that pretended to come from the Centers of Disease Control and Prevention(CDC) claimed to contain a list of new COVID-19 cases in the vicinity and included the instructions, “You are instructed toimmediately read this list of cases to avoid potential hazards.” Unfortunately, opening the attachment installed malware onthe computer and stole user passwords.1In one particularly egregious email attack, the threat actors claimed to have access to personal information about theemail recipient, including where they lived. The attackers threatened to visit the user to infect them and their family withCOVID-19 unless a ransom was paid online. Over a span of two days, this attack was detected more than 1,000 times.Perhaps the award for the most innovative attack goes to the AI Corona Antivirus website. This site advertised “CoronaAntivirus—World’s best protection.” Downloading and installing its digital “AI Corona Antivirus” would protect the computerCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.4COMPTIA Security+ Guide to Network Security Fundamentalsfrom digital malware infections and keep the user from being infected by the biological COVID-19. In case someone mightbe skeptical that downloading and installing computer antivirus software would protect them from COVID-19, the websiteclaimed proof that their product actually worked: “Our scientists from Harvard University have been working on a special AIdevelopment to combat the virus using a Windows app. Your PC actively protects you against the coronaviruses while theapp is running.”However, downloading the AI Corona Antivirus software on a computer did not protect the user from the biologicalCOVID-19—though it took several other actions. It turned the computer into a launching pad to attack other computers. Italso took screenshots of what was displayed on the monitor, stole web browser cookies and saved passwords, installed aprogram to capture keystrokes, and even took any Bitcoin wallets saved on the computer.2How many cyberattacks have you heard about over the past month? The past week? Even today? The number of attackshas reached astronomical proportions. According to one report, the number of new malware releases every monthexceeds 20 million, and the total malware in existence is approaching 900 million instances.3 In 2019, four out of everyfive organizations experienced at least one successful cyberattack, and more than one-third suffered six or more successful attacks.4 It is estimated that by 2021, a business will fall victim to a ransomware attack once every 11 seconds.Cybercrime will cost the world $6 trillion annually by 2021, an increase of 100 percent in just six years, representingthe greatest transfer of economic wealth in human history.5 Compounding the problem, 85 percent of organizationsare experiencing a shortfall of skilled security professionals.6 The dismal numbers go on and on.The need to identify and defend against these constant attacks has created an essential workforce that is now at thecore of the information technology (IT) industry. Known as information security, personnel in this field are focused onprotecting electronic information. Various elements of information security—such as application security, infrastructuresecurity, forensics and malware analysis, and security leadership, along with several others—make up this workforce.The information security workforce is usually divided into two broad categories. Information security managerial personnel administer and manage plans, policies, and people, while information security technical personnel are­concerned with designing, configuring, installing, and maintaining technical security equipment. Within these twobroad categories are four generally recognized types security positions:• Chief information security officer (CISO). This person reports directly to the chief information officer (CIO).(Large enterprises may have more layers of management between this person and the CIO.) The CISO isresponsible for assessing, managing, and implementing security.• Security manager. The security manager reports to the CISO and supervisestechnicians, administrators, and security staff. Typically, a security manNote 1ager works on tasks identified by the CISO and resolves issues identified bytechnicians. This position requires an understanding of configuration andThe job outlook for securityoperation but not necessarily technical mastery.professionals is exception• Security administrator. The security administrator has both technical knowlally strong. According to theedge and managerial skills. A security administrator manages daily operaU.S. Bureau of Labor Statisticstions of security technology and may analyze and design security solutions(BLS) “Occupational Outlookwithin a specific entity as well as identifying users’ needs.Handbook,” the job outlook• Security technician. This position is generally entry level for a person whofor information security anahas the necessary technical skills. Technicians provide technical supportlysts through 2024 is expectedto configure security hardware, implement security software, and diagnoseto grow by 18 percent, muchand troubleshoot problems.faster than the average jobgrowth rate. 8 One reportstates that by the end of thedecade, demand for securityprofessionals worldwide willrise to 6 million, with a projected shortfall of 1.5 millionunfilled positions.9As noted earlier, organizations have a desperate need for trained security personnel. The number of unfilled cybersecurity positions has increased by 50 percentsince 2015.7 By some estimates, 3.5 million positions will open by 2021.When filling cybersecurity positions, an overwhelming majority of enterprisesuse the Computing Technology Industry Association (CompTIA) Security1 certification to verify security competency. Of the hundreds of security certifications currently available, Security1 is one of the most widely acclaimed security certifications.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Module 1Introduction to Security5Because it is internationally recognized as validating a foundation level of security skills and knowledge, the Security1certification has become the foundation for today’s IT security professionals.Note 2The value for an IT professional who holds a CompTIA security certification is significant. On average, an employee witha CompTIA certification commands a salary from 5 to 15 times higher than their counterparts with similar qualificationsbut lacking a certification.10The CompTIA Security1 certification is a vendor-neutral credential that requires passing the current certificationexam, SY0-601. A successful candidate has the knowledge and skills required to identify attacks, threats, and vulnerabilities; design a strong security architecture; implement security controls, be knowledgeable of security operationsand incident response; and be well versed in governance, risk, and compliance requirements.Note 3The CompTIA Security1 certification meets the ISO 17024 standard and is approved by U.S. Department of Defense (DoD)to fulfill multiple levels of the DoD 8140 directive, which is an expansion of and replacement for the earlier DoD 8570directive. This directive outlines which cybersecurity certifications are approved to validate the skills for certain job roles.This module introduces the security fundamentals that form the basis of the Security1 certification. It begins bydefining information security and then examines the attackers and how they function. It also covers vulnerabilities,categories of attacks, and the impacts of attacks.What Is Information Security?The first step in a study of information security is to define exactly what it is. This involves examining the definitionof security and how it relates to information security.Understanding SecurityWhat is security? The word comes from Latin, meaning free from care. Sometimes security is defined as the state ofbeing free from danger, which is the goal of security. It is also defined as the measures taken to ensure safety, which isthe process of security. Since complete security can never be fully achieved, the focus of security is more often on theprocess instead of the goal. In this light, security can be defined as the necessary steps to protect from harm.The relationship between security and convenience is inversely proportional (the symbol a), as illustrated inFigure 1-1: as security is increased, convenience is decreased. That is, the more secure something is, the less convenient it may become to use. Consider a house in which the homeowner installs anautomated alarm system. The alarm requires a resident to enter a code on a keypadNote 4within 30 seconds of entering the house. Although the alarm system makes the houseSecurity is often described asmore secure, it is less convenient to race to the keypad than to casually walk intosacrificing convenience for safety.the house.Defining Information SecuritySeveral terms describe security in an IT environment: computer security, IT security, cybersecurity, and informationassurance, to name just a few. Whereas each has its share of proponents and slight variations of meanings, the terminformation security may be the most appropriate because it is the broadest: protecting information from harm. Information security is often used to describe the tasks of securing digital information, whether it is manipulated by amicroprocessor (such as on a personal computer), preserved on a storage device (such as a hard drive or USB flashdrive), or transmitted over a network (such as a local area network or the Internet).Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.6COMPTIA Security+ Guide to Network Security FundamentalsConvenienceHighLowLowHighSecurityFigure 1-1 Relationship of security to convenienceCautionInformation security should not be viewed as a war to win or lose. Just as crimes such as burglarycan never be completely eradicated, neither can attacks against technology devices. The goal isnot achieving complete victory but instead maintaining equilibrium: as attackers take advantageof a weakness in a defense, defenders must respond with an improved defense. Informationsecurity is an endless cycle between attacker and defender.Information security cannot completely prevent successful attacks or guarantee that a system is totally secure,just as the security measures taken for a house can never guarantee complete safety from a burglar. The goal of information security is to ensure that protective measures are properly implemented to ward off attacks, prevent the totalcollapse of the system when a successful attack does occur, and recover as quickly as possible. Thus, informationsecurity is first protection.Second, information security is intended to protect information that provides value to people and enterprises.Known as the CIA Triad, three protections must be extended over information:1. Confidentiality. Only approved individuals should be able to access sensitive information. For example, thecredit card number used to make an online purchase must be kept secure and unavailable to unapprovedentities. Confidentiality ensures that only authorized parties can view the information. Providingconfidentiality can involve several security tools, ranging from software to encrypt the credit card numberstored on the web server to door locks to prevent access to those servers.2. Integrity. Integrity ensures that the information is correct and no unauthorized person or malicious softwarehas altered the data. In the example of an online purchase, an attacker who could change the amount of apurchase from $10,000.00 to $1.00 would violate the integrity of the information.3. Availability. Information has value if the authorized parties who are assured of its integrity can access theinformation. Availability ensures that data is accessible to only authorized users and not to unapprovedindividuals. For example, the total number of items ordered as the result of an online purchase must bemade available to an employee in a warehouse so that the correct items can be shipped to the customer,but the information should not be available to a competitor.Because information is stored on computer hardware, manipulated by software, and transmitted by communications, each of these areas must be protected. The third objective of information security is to protect the integrity,confidentiality, and availability of information on the devices that store, manipulate, and transmit the information.Protection is achieved through a process that combines three entities. As shown in Figure 1-2, information andhardware, software, and communications are protected in three layers: products, people, and policies and procedures.The procedures enable people to understand how to use products to protect information.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Module 1Introduction to Security7Policies and proceduresPeopleProductsTransmittedConfidentialityIntegrityyInformationAvvailabilityAvailabilityProcessedStoredFigure 1-2 Information security layersThus, information security may be defined as that which protects the integrity, confidentiality, and availability ofinformation through products, people, and procedures on the devices that store, manipulate, and transmit the information.Two Rights & A Wrong1. A security manager works on tasks identified by the CISO and resolves issues identified by technicians.2. Since 2015, the number of unfilled cybersecurity positions has increased by 10 percent.3. The relationship between security and convenience is inversely proportional: as security is increased,convenience is decreased.See Appendix B for the answer.Who Are the Threat Actors?✔ Certification1.5 Explain different threat actors, vectors, and intelligence sources.In cybersecurity, a threat actor (also called a malicious actor) is an individual or entity responsible for cyber incidentsagainst the technology equipment of enterprises and users. The generic term attacker is also commonly used.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.8COMPTIA Security+ Guide to Network Security FundamentalsThe very first cyberattacks were mainly for the threat actors to show off their technology skills (fame). However,that soon gave way to threat actors with the focused goal of financial gain (fortune). Financial cybercrime is oftendivided into three categories based on its targets:• Individual users. The first category focuses on individuals as the victims. The threat actors steal and use stolen data, credit card numbers, online financial account information, or Social Security numbers to profit fromtheir victims or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, andpornography.• Enterprises. The second category focuses on enterprises and business organizations. Threat actors attempt tosteal research on a new product so that they can sell it to an unscrupulous foreign supplier who then buildsan imitation model of the product to sell worldwide. This deprives the legitimate business of profits afterinvesting hundreds of millions of dollars in product development, and because these foreign suppliers are ina different country, they are beyond the reach of domestic enforcement agencies and courts.• Governments. Governments are also the targets of threat actors. If the latest information on a new missiledefense system can be stolen, it can be sold—at a high price—to that government’s enemies. In addition,government information is often stolen and published to embarrass the government in front of its citizens andforce it to stop what is considered a nefarious action.The attributes, or characteristic features, of the groups of threat actors can vary widely. Some groups have a highlevel of power and complexity (called level of capability/sophistication) with a massive network of resources, whileothers are “lone wolves” with minimal skills and no resources. In addition, some groups have deep resources andfunding while others have none. Whereas some groups of threat actors may work within the enterprise (internal),others are strictly outside the organization (external). Finally, the intent/motivation—that is, the reason for theattacks—of the threat actors also varies widely.In the past, the term hacker referred to a person who used advanced computer skills to attack computers. Becausethat title often carried a negative connotation, it was qualified in an attempt to distinguish between different types ofthe attackers. The types of hackers are summarized in Table 1-1.Table 1-1 Types of hackersHacker TypeDescriptionBlack hat hackersThreat actors who violate computer security for personal gain (such as to steal creditcard numbers) or to inflict malicious damage (corrupt a hard drive).White hat hackersAlso known as ethical attackers, they attempt to probe a system (with an organization’spermission) for weaknesses and then privately provide that information back to theorganization.Gray hat hackersAttackers who attempt to break into a computer system without the organization’spermission (an illegal activity) but not for their own advantage; instead, they publiclydisclose the attack in order to shame the organization into taking action.However, these broad categories of hackers no longer accurately reflect the differences between attackers. Todaythreat actors are classified in more distinct categories, such as script kiddies, hacktivists, state actors, insiders, andothers.Script KiddiesScript kiddies are individuals who want to perform attacks, yet lack the technical knowledge to carry them out. Scriptkiddies instead do their work by downloading freely available automated attack software (scripts) and use it to performmalicious acts. Figure 1-3 illustrates a widely available software package that launches a sophisticated attack whena user simply makes selections from a menu. Due to their lack of knowledge, script kiddies are not always successfulin penetrating defenses, but when they are, they may end up causing damage to systems and data instead of stealingthe data.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Introduction to Security9Source: Kali LinuxModule 1Figure 1-3 Menu of attack toolsHacktivistsIndividuals that are strongly motivated by ideology (for the sake of their principles or beliefs) are hacktivists (acombination of the words hack and activism). Most hacktivists do not explicitly call themselves “hacktivists,” but theterm is commonly used by security researchers and journalists to distinguish them from other types of threat actors.In the past, the types of attacks by hacktivists often involved breaking into a website and changing its contents asa means of making a political statement. (One hacktivist group changed the website of the U.S. Department of Justice toread Department of Injustice.) Other attacks were retaliatory: hacktivists have disabled a bank’s website because the bankstopped accepting online payments deposited into accounts belonging to groups supported by the hacktivists. Todaymany hacktivists work through disinformation campaigns by spreading fake news and supporting conspiracy theories.Note 5Hacktivists were particularly active during the coronavirus disease (COVID-19) pandemic of 2020. One large group of whatwere considered far-right neo-Nazi hacktivists embarked on a months-long disinformation campaign designed to weaponizethe pandemic by questioning scientific evidence and research. In another instance, thousands of breached email addressesand passwords from U.S. and global health organizations—including the U.S. National Institutes of Health, CDC, and theWorld Health Organization—were distributed on Twitter by these groups to harass and distract the health organizations.State ActorsInstead of using an army to march across the battlefield to strike an adversary, governments are increasingly employingtheir own state-sponsored attackers for launching cyberattacks against their foes. These attackers are known as stateactors. Their foes may be foreign governments or even citizens of their own nation that the government considersCopyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.10COMPTIA Security+ Guide to Network Security Fundamentalshostile or threatening. A growing number of attacks from state actors are directed toward businesses in foreign countries with the goal of causing financial harm or damage to the enterprise’s reputation.Many security researchers believe that state actors might be the deadliest of any threat actors. When fortune motivates a threat actor, but the target’s defenses are too strong, the attacker simply moves on to another promising targetwith less effective defenses. State actors, however, have a specific target and keep working until they are successful.They are highly skilled and have enough government resources to breach almost any security defense.State actors are often involved in multiyear intrusion campaigns targeting highly sensitive economic, proprietary,or national security information. The campaigns have created a new class of attacks called advanced persistent threat(APT). The attacks use innovative tools (advanced ) and once a system is infected, they silently extract data over anextended period of time (persistent). APTs are most commonly associated with state actors.InsidersAnother serious threat to an enterprise comes from its own employees, contractors, and business partners, called­insiders, who pose an insider threat of manipulating data from the position of a trusted employee. For example, a healthcare worker disgruntled about being passed over for a promotion might illegally gather health records on celebrities andsell them to the media, or a securities trader who loses billions of dollars on bad stock bets could use her knowledgeof the bank’s computer security system to conceal the losses through fake transactions. These attacks are harder torecognize because they come from within the enterprise, yet they may be costlier than attacks from the outside.Six out of 10 enterprises reported being a victim of at least one insider attack during 2019. The focus of the i­nsiderswas intellectual property (IP) theft (43 percent), sabotage (41 percent), and espionage (32 percent).11 Because most IPthefts occur within 30 days of an employee resigning, the insiders may believe that either the IP belongs to them insteadof the enterprise or that they were not properly compensated for their work on the IP. In recent years, governmentinsiders have stolen large volumes of sensitive information and then published it to alert its citizens of clandestinegovernmental actions.Other Threat ActorsOther categories of threat actors are summarized in Table 1-2.Table 1-2 Descriptions of other threat actorsThreat ActorDescriptionExplanationCompetitorsLaunch attacks against an opponent’s systemto steal classified information.May steal new product research or a listof current customers to gain a competitiveadvantage.Criminal syndicatesMove from traditional criminal activities tomore rewarding and less risky online attacks.Usually run by a small number ofexperienced online criminal networks thatdo not commit crimes themselves but act asentrepreneurs.Shadow ITEmployees become frustrated with theslow pace of acquiring technology, so theypurchase and install their own equipment orresources in violation of company policies.Installing personal equipment, unauthorizedsoftware, or using external cloud resourcescan create a weakness or expose sensitivecorporate data.BrokersSell their knowledge of a weakness to otherattackers or governments.Individuals who uncover weaknesses donot report it to the software vendor butinstead sell them to the highest bidder whois willing to pay a high price for the unknownweakness.CyberterroristsAttack a nation’s network and computerinfrastructure to cause disruption and panicamong citizens.Targets may include a small group ofcomputers or networks that can affectthe largest number of users, such as thecomputers that control the electrical powergrid of a state or region.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Module 1CautionIntroduction to Security11Often the perception of an attacker by the general public is a “hacker in a hoodie,” a disgruntled teenager looking for an easy target. Nothing could be further from the truth. Threat actorstoday generally have excellent technology skills, are tenacious, and have strong financial backing. Attackers have even modeled their work after modern economic theories (such as findingthe optimum “price point” in which victims will pay a ransom) and software development (attacktools that threat actors sell are often software suites that receive regular updates). It is a seriousmistake to underestimate modern threat actors.Two Rights & A Wrong1. Script kiddies are responsible for the class of attacks called advanced persistent threats.2. Hacktivists are strongly motivated by ideology.3. Brokers sell their knowledge of a weakness to other attackers or a government.See Appendix B for the answer.Vulnerabilities and Attacks✔ Certification1.1 Compare and contrast different types of social engineering techniques.1.5 Explain different threat actors, vectors, and intelligence sources.1.6 Explain the security concerns associated with various types of vulnerabilities.When exploiting vulnerabilities, threat actors use several avenues for their attacks. However, one of the most ­successfultypes of attack—social engineering—does not even exploit technology vulnerabilities. Regardless of how attacks occur,each successful attack has serious ramifications.VulnerabilitiesA vulnerability (from Latin meaning wound ) is defined as the state of being exposed to the possibility of being attackedor harmed. Cybersecurity vulnerabilities can be categorized into platforms, configurations, third parties, patches, andzero-day vulnerabilities.PlatformsSeveral vulnerabilities are the result of the platform being used. (A computer platform is a system that consists ofthe hardware device and an operating system (OS) that runs software such as applications, programs, or processes.)Although all platforms have vulnerabilities to some degree, some platforms by their very nature have more seriousvulnerabilities. These include legacy platforms, on-premises platforms, and cloud platforms.Legacy PlatformsOne type of platform that is well known for its vulnerabilities is a legacy platform. A legacyplatform is no longer in widespread use, often because it has been replaced by an updated version of the earliertechnology. Although legacy hardware introduces some vulnerabilities, more often vulnerabilities result from legacysoftware, such as an OS or program.Modern OS software, such as Microsoft Windows, Apple macOS, and Linux, continually evolve and are updated withnew enhancements and—most critically—fixes to uncovered vulnerabilities. For a variety of reasons—limited hardwarecapacity, an application that only operates on a specific OS version, or even neglect—an OS may not be updated, thusdepriving it of these security fixes. This creates a legacy platform just asking to be attacked.Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.12COMPTIA Security+ Guide to Network Security FundamentalsNote 6Prior to Microsoft Windows10, all versions of the OS had aFixed Lifecycle Policy with published end-of-support dates.For instance, Windows 7 wasfirst released in October 2009,it was no longer available forpurchase in October 2016, andall support ceased in January2020. Windows 10, however,introduced the Modern Lifecycle Policy in which Windows 10versions receive continuoussupport and servicing.On-Premises PlatformsAnother platform that has significant vulnerabilities isthe on-premises platform. On-premises (“on-prem”) is the software and technologylocated within the physical confines of an enterprise, which is usually consolidatedin the company’s data center. At one time, the on-premises platform was consideredthe secure model of computing: an organization’s servers and data were protectedbehind its firewalls to prevent attacks.However, this model proved to be faulty. Organizations found that they had toadd more servers, network resources, support for remote access, and new softwareto support emerging business processes and user needs. This often resulted in ahodgepodge of resources that were quickly provisioned but not adequately configured for security. In addition, numerous entry points from the outside into theon-premises platform (through USB flash drives, wireless network transmissions,mobile devices, and email messages, for example) made protecting the on-premisesplatform an ever-changing and never-ending challenge.Cloud PlatformsForty years ago, as computing technology became widespread,enterprises employed an on-premises model, in which they purchased all the hardware and software necessary to run the organization. As more resources wereneeded, more purchases were made, and more personnel were hired to manage the technology. Because this resultedin spiraling costs, some enterprises turned to hosted services.In a hosted services environment, servers, storage, and the supporting networking infrastructure are shared bymultiple enterprises over a remote network connection that has been contracted for a specific period of time. As moreresources are needed (such as additional storage space or computing power), the enterprise contacts the hostedservice, negotiates an additional fee, and signs a new contract for those new services.Today a new model is gaining widespread use. Known as a cloud platform, this is a pay-per-use computing modelin which customers pay only for the online computing resources they need. As computing needs increase or decrease,cloud computing resources can be scaled up or scaled back.However, cloud platforms have proven to have significant vulnerabilities. The vulnerabilities are most often basedon misconfigurations by the company personnel responsible for securing the cloud platform. Cloud resources are, bydefinition, accessible from virtually anywhere, putting cloud computing platforms constantly under attack from threatactors probing for vulnerabilities.ConfigurationsModern hardware and software platforms provide an array of features and security settings that must be properlyconfigured to repel attacks. However, the configuration settings are often not properly implemented, resulting in weakconfigurations. Table 1-3 lists several weak configurations that can result in vulnerabilities.Table 1-3 Weak configurationsConfigurationExplanationExampleDefault settingsDefault settings are predetermined by thevendor for usability and ease of use (notfor security) so the user can immediatelybegin using the product.A router comes with a default passwordthat is widely known.Open ports and servicesDevices and services are often configuredto allow the most access so that the usercan close ports that are specific to thatorganization.A firewall comes with FTP ports 20 and 21open.Unsecured root accountsA root account can give a user unfetteredaccess to all resources.A misconfigured cloud storage repositorycould give any user access to all data.(continues)Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Module 1Introduction to Security13Table 1-3 Weak configurations (continued)ConfigurationExplanationExampleOpen permissionsOpen permissions are user access overfiles that should be restricted.A user could be given Read, Write, andExecute privileges when she should haveonly Read privileges.Unsecure protocolsAlso called insecure protocols, thisconfiguration uses protocols fortelecommunications that do not provideadequate protections.An employee could use devices that runservices with unsecure protocols such asTelnet or SNMPv1.Weak encryptionUsers choosing a known vulnerableencryption mechanism.A user could select an encryption schemethat has a known weakness or a key valuethat is too short.ErrorsHuman mistakes in selecting one settingover another without considering thesecurity implications.An employee could use deprecatedsettings instead of current configurations.Third PartiesNote 7Almost all businesses use external entities known as third parties. Examples of thirdOne of the most alarmparties are marketing agencies, landscapers, shredding contractors, and attorneys.ing recent unsecured rootMany enterprises also use IT-related third parties due to their elevated level ofaccount vulnerabilities wasexpertise. For example, organizations often contract with third parties to assist themrevealed in 2017 on the Applein developing and writing a software program or app. This is called outsourced codemacOS High Sierra OS. A userdevelopment. Also, many organizations rely on third-party data storage facilitiescould enter the word root infor storing important data. This helps to reduce the capital expenditures associatedthe username field of a loginwith purchasing, installing, and managing new storage hardware and software butprompt, move the insertionalso can provide remote access to employees from almost any location.point to the password field,With the sheer number of third parties used, it can be difficult to coordinateand then press Enter. The usertheir diverse activities with the organization. Vendor management is the processwould then be logged in withorganizations use to monitor and manage the interactions with all of their externalroot privileges.third parties.Almost all third parties today require access to the organization’s computer network. Access gives external entities the ability to perform their IT-related functions(such as outsourced code development) and even do basic tasks such as submitting online invoices. Connectivitybetween the organization and the third party is known as system integration. However, the organization’s systemsare often not compatible with the third party’s systems, requiring “workarounds,” which can create vulnerabilities. Inaddition, not all organizations are equipped with the expertise to handle system integration (lack of vendor support).One of the major risks of third-party system integration involves the principle of the weakest link. That is, if thesecurity of the third party has any weaknesses, it can provide an opening for attackers to infiltrate the organization’scomputer network. This can be illustrated by a 2013 attack on the Target retail chain. A refrigeration, heating, and airconditioning third-party subcontractor that worked at a number of Target stores and other top retailers was providedaccess to Target’s corporate computer network. The access was intended to allow the subcontractor to monitor energyconsumption and temperatures in the stores to save on costs and to alert store managers if the temperatures fluctuated outside of an acceptable range. However, threat actors were able to gain accessto the third party’s computer network and then pivot into the Target network, whereNote 8they stole 40 million credit card numbers.PatchesEarly OSs were simply program loaders whose job was to launch applications. Asmore features and graphical user interfaces (GUIs) were added, OSs became morecomplex. The increased complexity introduced unintentional vulnerabilities thatMicrosoft’s first operatings ystem, MS-DOS v1.0, had­4,000 lines of code, while­Windows…Purchase answer to see fullattachment

Related

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Source link

a short memoir focused on your composing process 250 words


© Copyright 2010-2022 essayfurios.com


WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

English assignment 2507 – Homeworks Lab

1000+ word essay MLA style Topic: How do family traditions and cultural legacies contribute to and/or inhibit an individual’s self-identity? What do you know about your family history? How is this history shared, and how is it valued among individual family members? Beyond its literal meaning, what are the broader implications of the cliché’ “keeping the family name alive”? Or has this cliché outlived its validity? Number of readings in this chapter address an aspect of family tradition/cultural heritage and individual identity and fulfillment –for example, Walkers “Everyday use”; Rich’s “Delta”; Kelly’s “The People in me”. Drawing on evidence from several of these readings and your own experience and observations, write a claim of value argument about an aspect of family heritage and individual identity. Please use these strategy questions as the professor is looking for them to be addressed in the writing. Do you have a lead-in to “hook” your reader? (an example, anecdote, scenario, startling statistic, or provocative question.) How much background is required to properly acquaint readers with your issue? Will your claim be placed early (introduction) or delayed (conclusion) in your paper? What is your supporting evidence? Have you located authoritative (expert) sources that add credibility to your argument? Have you considered addressing opposing viewpoints? Are you willing to make some concessions (compromises) toward opposing sides? What type of tone (serious, comical, sarcastic, inquisitive) best relates your message to reach your audience? One written, have you maintained a third person voice? (no “I” or “you” statements) How will you conclude in a meaningful way? (call your readers to take action, explain why the topic has a global importance, or offer a common ground compromise that benefits all sides?)   I wanted to make the instructions clear so I am not penalized when it comes to grading. All paragraphs should have a topic sentence and supporting sentences explaining one idea and not multiple ideas. Things I got hit on, on past papers on here.   Intro Opposition Supporting argument Conclusion   Works cited page   QEP QUESTIONS ENG 122 – QEP Assignment   Read Alice Walker’s “Everyday Use” and answer the questions below that are geared toward helping you understand her narrative point of view and purpose. Offer specific support from the text. You are encouraged to complete a first draft of the assignment then revise your work.   Submit the assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (The Dropbox is linked to Turnitin.)     1.     What do you know about the mother of the story?     2.     When we have a first-person narrator, we have to decide if she is reliable or unreliable. Do you trust this narrator? Why or why not?     3.     What assumptions does the narrator have about her daughters? Do you agree? Why?     4.     How would the story be different if it were told from Dee/Wangero’s perspective?     5.     Mama and Dee/Wangero have different ideas about personal development. What are they? What are the consequences of their differences?     6.     Based on your answers to all of the above, offer your opinion of Mama’s decision to give the quilt to Maggie.     7.     How does Walker define heritage?     8.     What is Walker’s purpose? What is the central problem she is addressing?     9.     What is the theme of “Everyday Use?”        

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Reply separately to two of your classmates posts (See attached classmates posts, post#1 and post#2).  Instructions: 


REPLY POSTS:

Reply separately to two of your classmates posts (See attached classmates posts, post#1 and post#2).

Instructions:

– For post # 1 response, also consider commenting on the following: “Because frequent asthma attacks are common in children, respiratory infections are equally as common. Gern (2008) explains that viruses are almost always present in exacerbations of asthma in children.”

– For post # 2 response, also consider elaborating on —“Flu vaccinations are recommended for all individuals each season” — Why yearly? Explain.

Use at least two scholarly references per peer post. The expectation is not that you “agree” or “disagree” with your peers but that you develop a reply post with information that is validated via citations to encourage learning and to bring your own perspective to the conversation.

Please, send me the two documents separately, for example one is the reply to my peers Post #1, and the other one is the reply to my other peer Post #2.

– Minimun 350 Words per peer reply.

– TURNITIN ASSIGNMENT (FREE OF PLAGIARISM)

Note: My background for you to have as a reference: I am currently enrolled in the Psych Mental Health Practitioner Program, I am a Registered Nurse, I work at a Psychiatric Hospital, where I also work with this vulnerable population.

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Exploring Ancient Mysteries Homework Help





Exploring Ancient Mysteries Homework Help | Essayprobay




















Exploring Ancient Mysteries Homework Help
UNDERSTANDING THE ASSIGNMENT: ESSAY – EXPLORING ANCIENT MYSTERIES
Write a 3-4 paragraph essay (of at least 250-500 words) which adequately address the topic and requirements stated below.
Format your essay according to this formatting and writing standards document. This document includes examples of in-text citations and other great items!
STEP 1: TOPIC SELECTION
Select a topic from the list below and include this topic on your title page.
Pyramids at Giza
There have been many theories regarding how the pyramids at Giza were constructed. Most experts agree that they were constructed as burial monuments for pharaohs, but “how” these ancient people constructed monuments of such great size without modern machinery is a mystery which is still being debated.
Tutankamen
Tutankhamen died young, at approximately eighteen (18) years of age. However, his cause of death has been the subject of quite varied scholarly theories and conclusions. Did he die of an injury, of illness, of murder, or something else?.
Great Zimbabwe
Great Zimbabwe is an enormous complex of structures in East Africa. Since the builders and occupants left no written records, several theories have developed as to the identity of its builders and the functions of the structures. Which theory makes the most sense?
Tomb of Shihuangdi
The monumental size and complexity of the Tomb of Shihuangdi is astounding, yet its location and construction details were to be kept secret. What was the emperor’s purpose for such an elaborate, secret burial place?.
STEP 2: MYSTERY

How it works

Provide your
payment details

02

YOUR WRITER
IS WORKING
ON YOUR CUSTOM PAPERS

03

Get
your completed work!

04

Try our service with

15% OFF

your first order

Why us

US-BASED COMPANY

with certified writers

ALL SUBJECTS

and academic levels

Activity

94.2%

Satisfied customers

error: Content is protected !!

Order your essay today and save 30% with the discount code BAY

WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT