BSIT380-T302

We are already passing week 7, over halfway complete. Within Chapter 11 a topic that jumped out to me was the use of Digital Signatures, they are created using private and public cryptographic keys. With the implementation of Digital Signatures it ensures that non-wet signatures can be verified based on a key or token that only the individual should have access to. In the US Department of Defense they issue all military members CAC or common access cards, they have a certificate that is references via a programmable chip on a card. This card is used to gain access to military bases and restricted areas, they are also configured with Active Directory. In AD the user would plug in the card (something that you have) and enter a pin (something that you know) covering two bases of security ensuring multifactor authentication. 

 Disasters are bound to happen given enough time, and the best way to prepare is to create a plan and inform those whose skill sets will be needed during and after the disaster. A Disaster recovery plan or DRP for short is exactly that! A DRP should include being created with the following information in the following order, Title and last revised date, and members of the committee with primary and secondary contact info. The members of the committee should include at least one c level executive, multiple members from the IT software and hardware team, and the communications and public affairs team. The first chapter will discuss a delegated meeting location if the primary facility is ruined or unable to be met. The next few chapters should include a list of all assets and employee contact info, where to locate insurance information, and what order of communications should be created first. Lastly, the ending should include anything else that pertains to the type of industry such a...

 Withing chapter nine there is many items that stood out to me, most interesting to me was reverse engineering. Reverse engineering is a method that is used to "undo" a completed software, program, or virus to see what is under the hood. The goal is to reverse the steps taken during the creation of the original program. Many security engineers are required to know the basics of programs and how it relates to the OSI model. The first hurle is to replicate the software in a safe environment  if the software is unrepariable the environment can be reverted to the previous compiled state. When I was working at a former employer we were a target for a phishing scam, after downloading the email and disconnecting the device from the primary network we were able to put on a private network and Wireshark. The traffic was pinpointed and an attack was blocked based on the return address and port. 

SIEM is a system whose goal is to collect and centralize information from multiple systems to give a “heart beat” or the overall status of the network and security posture. When a security information and event management system or SIEM is setup the data should always be one-way traffic in UDP format, if each SIEM had direct access to each system this could cause a whole new security vulnerability from a system designed to protect a network. SIEM uses multiple input sources and types of data depending on the centralized system, some of the protocols that are used are as follows: SysLog, SNMP, NetFlow, Windows Event Log and Common Event Format(CEF) . Any company that uses multiple systems that are hard to keep track of or hard to keep eyes on a SIEM should be implemented, from basic network load to servers that are pegged due to a DDoS attack, SIEMs can help administrators see more info in a domain.