Week 8 Deliverables Overview: This week, you have studied Web application vulnerabilities, password complexity, logs and analysis of logs, cryptographic algorithms, and installed a geolocation module allowing IP addresses to be aligned with a specific latitude and longitude. The Lab for this week demonstrates your knowledge of this additional knowledge applied using Python functionality. Be sure to develop and test your Python code in the AWS Cloud9 IDE provided for the class. You should continue to use the PEP Python Style guide mentioned in the book and found here: https://www.python.org/dev/peps/pep-0008/ Some examples of Python Coding Style best practices include:  Limit all lines to a maximum of 79 characters.  Imports are always put at the top of the file, just after any module comments and before module globals and constants.  Use 4 spaces for indentation. Submission requirements for this project include 2 files. (Zipping them into one file is acceptable and encouraged):  Python Application Tools Code  PDF or Word file showing your Cryptographic puzzle solving skills along with the tests and log analysis documentation resulting from using your Python application tools Python Applications for Lab8: (total 100 points): This exercise (50 points) uses the AWS Cloud9 environment develop and fully test a set of tools and Web Forms to perform the following functionality: a. Password Login form – This Python form allows a user to login to a simple web application with a username and password. A file can be used to store the username and password for validated users for this activity. No additional Web application functionality is needed after successful login other than a Greeting of your choice and the ability to update the password in a form. b. Password update Form – This Python form allows a user to update a user’s password after they have successfully logged in. c. Authentication functions – These Python functions that will check the following NIST SP 800-63B criteria are met upon login or upon password update:  SHALL be at least 8 characters in length  SHOULD be no more than 64 characters in length  SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised (Provided as CommonPasswords.txt)  If the chosen secret is found in the list, the application SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value 2  SHALL implement a time-based rate-limiting mechanism that effectively limits the number of failed authentication attempts that can be made on the subscriber’s account. For this exercise throttling should start after 15 attempts.  When the subscriber successfully authenticates, the verifier SHOULD disregard any previous failed attempts for that user from the same IP address d. Logger – Create a log to log all failed login attempts. The Log should include date, time and IP address. e. Log Analyzer – Create a Python log analyzer application that reads the log file created in part d to identify and geo-locate all IP addresses where more than 10 failed attempts in a period of less than 5 minutes. The geolocation should include the Lat/Long value provide from the IP Address location. A sample report might look like this: 100.16.4.23 had 12 failed login attempts in a 5 minute period on Jul 7, 2019. 100.16.4.23 has a Lat/Long of 41.2908816/-73.610759. Hints: 1. Start early. This will take you longer than you think. 2. Leverage the File I/O, Flask and Data structures work previously performed in the class. 3. Use functions to enhance code reuse and modularity. 4. Use the AWS Cloud9 IDE. 5. Use Python Lists or other data structures to store the Common Passwords and then appropriate search functions to expedite comparisons. 6. You can use “request.environ[‘REMOTE_ADDR’]” to obtain the client IP address. You will need to import the request package: “from flask import request”. 7. You will need to load the ip2geotools Python module to perform the GeoLocation (sudo python3 -m pip install ip2geotools). You will need to import the IpCity Package (from ip2geotools.databases.noncommercial import DbIpCity). See the ip2geotools for additional method and objects available. 8. Be sure to send me questions, if you need assistance. 2. Using the Decrypting Secret Messages sites found in this week’s readings, decrypt the following messages. (30 points) a. – …. .. … / … -.. . …- / …– —– —– / -.-. .-.. .- … … / …. .- … / … — — . / … – .-. .- -. –. . / .-. . –.- ..- . … – … .-.-.- b. U28gdGhpcyBpcyBiYXNlNjQuIE5vdyBJIGtub3cu c. — Psuwb Ysm —- W oa gc qzsjsf. Bc cbs qcizr dcggwpzm twuifs hvwg cih. — Sbr Ysm — 3 Provide the decoded message along with the Cipher and any other parameters you used to solve each puzzle. Hints: 1. Use the rumkin site 2. You will need to experiment some to narrow down the possible algorithms used. Some are more obvious than others. 3. You will know when you have selected the correct Cipher 3. Document your results of the application running from the AWS Cloud9 classroom environment. Provide your test results for each requirement in the Web application, associated functions and the log analyzer program. Describe the results of your NIST password complexity functions and how you tested each requirement. Include the Cipher tool results and write up in this document as well. (20 points) Any submissions that do not represent work originating from the student will be submitted to the Dean’s office and evaluated for possible academic integrity violations and sanctions. 

Each student, independently of the team will prepare a brief summary for the week’s simulation efforts. This report will include the following information: 

1. What was your one corporate generic strategy as reviewed from our text for the week?  Break this down by your target market and your competitive advantage.  Why?  Did your overall strategy change since week 1?  Why?
2. What was your strategic action plan going into the rounds detailed in Blackboard including the reasons for the moves and how it relates to your overall strategy?  What are your objective and measurable goals for the moves?  Did you have to make operationally reactive moves not related to your strategy?  Why?
3. What was the objective, fact-based results compared to your intended moves and the reasons of these moves generally? How did your moves advance your one Generic Strategy?  Be specific.  Did you get the objective results you expected?  Why/why not?  Share any objective measures from the simulation program that are pertinent to the strategic implementation results and note any purely operational moves.  How did your competition and the external environment impact your moves?  What is your analysis of this data results compared to your intended results?
4. What do you think the next set of objective and measurable moves you will have to consider, and what will you suggest to your partners regarding next week’s moves?
5. What have you learned and how does this relate to other lessons in this course and to your career?
6. Provide a log regarding the specific dates and times that you accessed the simulation system including specifically when and how you and your teammate reviewed and discussed the simulation system data and decided on your moves to make.  A sample is provided in week 1.

 Your report this week should cover periods 5 thru 6 inclusively with fact-based objective data that you analyze from both periods.  DO NOT copy from your first paper.  Each paper must be written in your own words with proper APA referencing.

Your grade for each of the simulation report papers will be based on your analysis and critical thinking around the selection and implementation of the corporate strategy for your company.  Your analysis must be increasingly more thorough with each paper as you become more familiar with the simulation program and with the concepts from our course. 

Your assignment will be between 1000 and 1500 words and follow APA Guidelines. Include a cover page and at least your course text as a reference. 

References: Thompson textbook 2021.

Feedback: Please use the documents I have attached and no google words copied. Every letter should be written on own.

 Your final research paper assignment is to write a research paper that explains how defense-in-depth (chapter 6) and awareness (chapter 10) are complimentary techniques to detect emerging threats and strengthen countermeasures. 

To complete this assignment, upload a Microsoft Word document (.doc or .docx) that contains your complete paper. You must also upload a pdf of EVERY reference that you cite in your paper. Remember that your list of sources must be in APA format, and you MUST cite your reference in the body of the paper using APA in-text citation format. A source is any paper or article that you will reference in your paper. If you need more information on APA format (for references list AND in-text citations), visit this reference: https://owl.english.purdue.edu/owl/resource/560/01/

Plagiarism detected in your work will result in a grade of zero for the entire paper. 

Here are a few details about the overall research paper Please look at the attached rubric for details on how the paper will be graded. 

You must reference two (4) peer-reviewed articles or papers that support your thesis statement. The final paper must be at least 1000 words in length. (DO NOT exceed 1000 words by a material amount. Excessive words or too many references will NOT impress me.) 

So in summary, here are the research paper requirements:

• 4 peer reviewed resources (articles or papers) 
• Paper MUST address:  How defense-in-depth (chapter 6) and awareness (chapter 10) are complimentary techniques to detect emerging threats and strengthen countermeasures
• Cited sources must directly support your paper (i.e. not incidental references)
• Provide (upload) a pdf of each paper you cite in your paper
• At least 1000 words in length (but NOT longer than 1500 words)

If you are not sure how to identify peer reviewed papers or articles, please visit the following resources:

http://diy.library.oregonstate.edu/using-google-scholar-find-peer-reviewed-articleshttp://libguides.gwu.edu/education/peer-reviewed-articles

Chapter 6 and 10 pdfs are attached below for your reference.

Please follow the instructions carefully and complete the assignment.

Professor is very strict and hard in grading appreciate your concern on this matter! 

http://libguides.gwu.edu/education/peer-reviewed-articlesa

Instructions

Submit a thread of at least 300 words that  completely answers the questions. In addition to the  thread, you must also reply to at least 2 other threads.  Each reply must be at least 100 words. Must use complete  paragraphs, proper APA formatting, and cite information that is not  his/her own.

Thread

The United States Government Configuration Baseline (USGCB) evolved from  the Federal Desktop Core Configuration mandate and is a government-wide  initiative to maintain and properly update security settings  (http://usgcb.nist.gov). Research and summarize at least 2 recent  security patches that relate to your current operating system. In a  separate paragraph, do you feel these security patches help secure your  computer? Why? Defend your response.

Replies

Reply to each thread. 100 words minimum each response.

Reply #1

“May there be peace within your walls and security within  your citadels!”(Psalm 122:7, NIV), God is our source of security, he has  a plan of attack, as well as watching over us to make sure nothing  happens that where we cant come back from. “The purpose of the United  States Government Configuration Baseline (USGCB) initiative is to create  security configuration baselines for Information Technology products  widely deployed across the federal agencies”(COMPUTER  SECURITY RESOURCE CENTER, & NIST, 2018).  By implementing this  tool, it has improved security configuration, as well as strength  security baselines as a whole. As good as these baselines are, patches  are extremely necessary to maintain the level of security needed with  the ever advancing technology. Windows, my current operating system  recently came out with new patches updating several features in their  security sections. two of which being Windows Defender ATP and  BitLocker. Windows Defender ATP, or advanced threat protection was  enhanced with threat analytics as well as custom detection. Threat  analytics send reports of possible threats which then is sent to a team  to determine the actions that need to be taken. Custom detection, in  which you can create a query you specifically want to monitor in order  to take necessary steps to improve prevention of attacks.  Next BitLocker, this is a program that can be used to encrypt your  device in hopes to prevent potential future attacks. 

With  these security patches recently added by windows, I feel as though more  steps have been taken to increase and improve the security on our  operating systems. It guarantees that improvements are being made, and  that these security professionals are always at work to better their  systems. With constant updates, windows operating system user can be  assured that their devices have systems that are up to date and ready to  defend possible threats. 

“You will be secure, because there is hope; you will look about you and take your rest in safety”(Job 11:18, NIV)

Reply #2

 The United States Government Baseline  was developed to supply federal agencies with direction in the best ways  to configure information security. As stated by Rouse, the goal of  USGCB is to standardize the configuration setting in IT, lower costs,  improve effectiveness and strengthen system procedures to find existing  security threats and those that have not been discovered yet. There are  several different MacOS High Sierra 10.13.6 security updates that have  happened recently. The first one I want to talk about is ATS. The  description says it addressed a corruption issue with improved input  validation. The impact before the security update was “A malicious  application may be able to elevate privileges” (Apple Support). The  second one is EFI. The description says an issue with configuration was  addressed and improvement was made with memory handling. The impact  before the security update was “an application may be able to execute  arbitrary code with system privileges” (Apple Support).

            Both of these security  patches have definitely helped secure my operating system. The ATS  security update helped secure my operating system because if I were to  click on an application or email and download a link that I did not know  was malicious, without this patch the application would be able to  hijack my system unknowing effectively locking me out of my computer and  potentially holding it for ransom. With this patch it prevents this  scenario. With EFI, this patch would also very much help me. In the  event an application obtained system privileges through arbitrary code  it could change my passwords and lock me out. With the EFI patch this  will now be prevented. Proverbs 24:3-4 tells us, “By wisdom a house is  built, and through understanding it is established” (NIV). We have to  look at our operating systems as a house. We must make sure we are  consistently updating our operating systems to keep out intruders and  understand what we need to do to make this happen.

Apple Support. Retrieved March 5, 2019 from: https://support.apple.com/en-us/HT209193

Rouse, Margaret. USGCB (United States Government Configuration Baseline): TechTarget.