Lab-Overviews
pdf
keyboard_arrow_up
School
University Of Arizona *
*We aren’t endorsed by this school
Course
515
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
2
Uploaded by DrFlower11387
Information Security in Public and Private Sectors
Security Labs: Lab Overviews
Preface
In the Art of War, by Sun Tzu, Chapter 3:18 it states:
“… If you know the enemy and
know yourself, you need not fear the result of a hundred battles.
If you
know yourself but not the enemy, for every victory gained you will also suffer a defeat.
If you know
neither the enemy nor yourself, you will succumb in every battle…”
Translated into cyber security this might read:
“… If you know what you have in place and you know what attackers use and see, you are at least a step
ahead of most. If you know what you have in place but you do not know what attackers use or see, your
chances of surviving an attack are 50/50.
If you know neither, you are certainly, at some point, going to
be taken down…”
Knowing what most cyber criminals use and see when they are looking for vulnerabilities is very important.
Without this knowledge, you are blind.
However, in order to increase your awareness you must familiarize
yourself with typical tools used by mischief makers so that you can see your systems and networks through their
eyes.
“Security against defeat implies defensive tactics; ability to defeat
the enemy means taking the
offensive.”
- Art of War, by Sun Tzu, Chapter 4:5
In our context, taking the offensive means increased awareness of tools and techniques which enable you to use
better judgment regarding the proper deployment of defenses.
Many of the labs you are exposed to in this
course are designed to give you a familiarity with how information is collected, or more importantly, what a
potential attacker might see.
This information or fact finding process is also referred to as
enumeration
.
Enumeration is the process of assessing all the potential risks and security flaws for a given infrastructure.
But
quite often, if will also involve a fair amount of information collection which pertaining to a company and its
infrastructure.
In fact, the most astute cyber criminals will spend 80% of their time collecting information
through social engineering, research, observation, and enumeration prior to any intrusion attempt.
Labs
Labs are designed to give you some hands-on exposure. The details of each lab and its deliverable are covered in
separate documents.
A brief description of each lab is provided on the next page.
Page 2 of 2
V713
Copyright © Arizona Board of Regents
Lab 1:
Current Events
Designed to give you a feel for the many events occurring in the area of cyber security, this lab asks you to
analyze events and explain them in terms of information assurance principles.
Lab 2:
General Fact Finding
In this Lab you will use standard Google tools and web sites to collect and analyze particular information for one
or more organizations.
The purpose of this lab is to show you how outsiders collect information and how they
potentially use that information to their advantage.
Lab 3: Encryption
In this lab you will be using steganography tools as well as other encryption tools or training simulations.
The
purpose of this lab is to familiarize you with various aspects of encryption.
Lab 4: Supply Chain (if required)
In this lab you will analyze a particular supply chain scenario and provide assessments of risk, mitigation, costs,
and effectiveness.
The purpose of this lab is to encourage thinking of supply chain issues.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help