Security Lab - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Summary:

Doc Link

Run the Cyberceige Simulation (it's an app on the workstation) Also downloadable hereLinks to an external site. at least to through through the tutorials.

You may work in groups, however you are to keep track of your decisions made, the outcomes, and then Snip your final progress towards the end of session.

Then summarize the main items your scenario encountered, and write 2 paragraphs (~ 3-5 sentences each) on how this 2009 application captured items still (sadly!) are relevant today. We covered a number of topics & terms, so connect them throughout the alerts, decisions & outcomes.

Only have to do 1-2 scenarios with 20 min trial time limit.

Campaign: Training

Scenario: Stop Worms

Objective: Prevent Joe, a new employee, from spreading viruses and worms. There is one specific procedural security choice that can greatly effect wheater Joe will spread worms and Viruses.

Choice made: beware of email attachments

image

Campaign: Training

Scenarios: Life with Marcos

Objective: You are responsible for IT at Bortsoft. Terry’s job requires her to receive many “.doc” and “.xls” documents from outside the company. What can she do to reduce her risk of getting a macro virus?

Choices made: Automatic Antivirus updates

image

I got both correct

Campaign: Training

Scenarios: Identity Theft

Objective: Meet Sydney Chase. Your mission is to help her keep her identity safe while online. To do this you must instruct her on identity theft prevention techniques and help her secure up her new computer.

Choices made: Protect with ACL, Lock Or Logoff if Unattended, Beware of Email Attachments, Holds User Asset, Automatic Antivirus Updates

image

Campaign: Training

Scenarios: Passwords

Objective: You have been put in charge of Information Management for Ringle Mingle’s Singles, an online dating service. Establish procedural and/or configuration policies that contribute to good password management.

Choices made: I made the User/Group Zone Access private so that Henrick could no longer access Lucy’s work.

image

image

image

I made this the password settings for the entire office. I chose to do moderate complexity because I required the passwords to be longer.

Campaign: Training

Scenarios: Passwords

Objective: Its your first day as CIO at BortSoft. Your first two employees have just arrived, and its up to you to make sure they can work safely and effectively. Your first job is to purchase and configure computers for them.

Choices made: I first bought computers for my employees Moe and Curley. Then I connected their computers to the LAN network. They both started opening email attachments and got viruses right away. I then had to teach them not to open email attachments. Then they were getting viruses from external software they were downloading, and I had to train them not to do that. I was supposed to buy training for them, but when I clicked on the training I wanted to buy the program wouldn’t process I bought the training and instead decided that I needed to buy it again. So I lost because I ran out of money trying to buy training for my employees.

With the time I had, I decided to do all tutorial scenarios and one starting scenario. The scenarios included: Stop worms, Life with Macos, Identity Theft, Passwords, and Introduction Scenario. Though I was able to pretty easily get through the tutorials, there were still a lot of topics they covered that are exactly the same as we have discussed in class. In the first scenario(Stop worms) I had to train the new employee Joe on how to limit the chance of getting viruses/worms on the workstation. To do this I told him that he should beware of email attachments. This is a simple yet effective way for anyone, not just professionals to avoid getting viruses. Sometimes the emails can be very convincing which is why you might have to think about it a little more, especially if it's someone trying to spear phish you. In the tutorial Life with Macros, I had to help an employee who opens a lot of .xls and .doc files try not to get hacked. Since a lot of the files she worked with were external it's more likely they had viruses. To combat this, I had her download anti-virus software that could catch if a file has malicious content. This is still true today and is a very good way to check files that you are downloading externally. In the third scenario, identity theft, I had to help keep an employee's identity safe online. The employee was going to buy some yarn on a webstire that was HTTP instead of HTTPS. I blocked her from doing this, as this is a good way to get your financial/personal information stolen. She also got an email from her bank saying that she needed to click a link and sign in, which I blocked her from doing since emails are easily spoofed and it was most likely not her bank accounts since banks never ask you to sign in through a link in your email. In the next scenario, I had to set password standards for the employees. This is similar to a lab we did in class in which we had to change password settings, which would be changing complexity requirements, changing how often the password must be changed, changing how long the password must be, etc. This is a foundational part of cybersecurity. Good/strong passwords are a very good step at securing your information and accounts. The last scenario was just chaos, the employees were getting viruses right and left, and the application glitched on me so I ended up losing.