Mr Scott is considering partnering with a company. The transaction is not public yet and Mr. Scott has asked what we need to look at when we visit the company in terms of both their physical and cybersecurity… (Note: I am looking for things that we discussed in this course). This is a medium-sized company with about 400 employees, typical computers, servers, and office space. I recommend a supporting image of what their office space looks like.
One of your friends is familiar with the company and found out the following:
There are vending machines in the data center. The policy requires that an IT person be in the data center while the vendor restocks the machines but this does not always happen.
The account lockout threshold is set to 0.
Recently all the Event log files were deleted from several servers and IT has not explained what happened.
Part III: NICE Challenge Heartbleed Vulnerability.
Please follow the instructions below as I am not requiring you to do the entire challenge. No need to get the checkmark to turn green.
What part of the CIA Triad is compromised with this exploit/vulnerability?
PART IV. Complete the week 10 challenges and give a complete summary of how you did in the CTF for the entire course.
Part III: NICE Challenge Heartbleed Vulnerability
The Heartbleed vulnerability is a security flaw that affected the OpenSSL cryptographic library. It allowed attackers to steal data from TLS/SSL-encrypted servers, including private keys, passwords, and other sensitive information.
This vulnerability is a threat to the Confidentiality part of the CIA Triad. Confidentiality refers to the protection of data from unauthorized access. The Heartbleed vulnerability allowed attackers to steal sensitive data from servers without being detected.
Part IV: Week 10 Challenges and CTF Summary
I completed the following challenges in Week 10:
strings
command to identify the hidden message in the image file.exiftool
command to extract the metadata from the image file. The metadata contained information about the camera model, date and time the photo was taken, and GPS coordinates.I also participated in the CTF for this course. I was able to solve some of the challenges, but I wasn’t able to finish all of them. I learned a lot from the CTF, and I’m looking forward to participating in more CTFs in the future.
Overall, I had a great time in this course. I learned a lot about cybersecurity, and I’m excited to continue learning and improving my skills.
Physical Security Considerations
When visiting a medium-sized company with about 400 employees, typical computers, servers, and office space, here are some physical security considerations to look for:
Cybersecurity Considerations
Here are some cybersecurity considerations to look for when visiting a medium-sized company with about 400 employees, typical computers, servers, and office space:
Red Flags
Here are some red flags to watch for when visiting a medium-sized company with about 400 employees, typical computers, servers, and office space:
If you see any of these red flags, it is important to raise them with Mr. Scott. He should carefully consider these risks before deciding whether or not to partner with the company.
Here are some additional recommendations for Mr. Scott: