You are an enterprise security architect for a company in a semiconductor manufacturing industry where maintaining competitive advantage and protecting intellectual property is vital. Yo

Network Security and Vulnerability Threats Template

You will identify the IT system assets of the system architecture of your organization. These can be fictitious or modeled after existing architectures. Be sure to cite using APA format. You will identify threats and vulnerabilities to IT system assets and the security mechanisms used to address them.

IT System Assets	Threats and Vulnerabilities	Security Mechanisms to Address Threats and Vulnerabilities

,

Project 4 Resources

The deliverables for this project are as follows:

1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following:

· network security and threat table

· Common Access Card deployment strategy

· email security strategy

You are an enterprise security architect for a company in a semiconductor manufacturing industry where maintaining competitive advantage and protecting intellectual property is vital. You're in charge of security operations and strategic security planning. Your responsibilities include devising the security protocols for identification, access, and authorization management.

You recently implemented cryptography algorithms to protect the information organization. Leadership is pleased with your efforts and would like you to take protection methods even further. They've asked you to study cyberattacks against different cryptography mechanisms and deploy access control programs to prevent those types of attacks.

"We'd like you to create plans for future security technology deployments," says one senior manager, "and provide documentation so that others can carry out the deployments." A director chimes in: "But you should also devise a method for ensuring the identification, integrity, and nonrepudiation of information in transit at rest and in use within the organization."

As the enterprise security architect, you are responsible for providing the following deliverables:

Create a network security vulnerability and threat table in which you outline the security architecture of the organization, the cryptographic means of protecting the assets of the organizations, the types of known attacks against those protections, and means to ward off the attacks. This document will help you manage the current configuration of the security architecture.

Create a Common Access Card, CAC deployment strategy, in which you describe the CAC implementation and deployment and encryption methodology for information security professionals.

Create an email security strategy in which you provide the public key/private key hashing methodology to determine the best key management system for your organization. These documents will provide a security overview for the leadership in your company.

Cryptography

Encryption uses cryptographic algorithms to obfuscate data. These complex algorithms transform data from human-readable plaintext into encrypted cipher text. Encryption uses the principles of substitution and permutation to ensure that data is transformed in a nondeterministic manner by allowing the user to select the password or a key to encrypt a message. The recipient must know the key in order to decrypt the message, translating it back into the human-readable plaintext.

There are six steps that will lead you through this project. After beginning with the workplace scenario, continue to Step 1: IT Systems Architecture.

The deliverables for this project are as follows:

1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following:

· network security and threat table

· Common Access Card deployment strategy

· email security strategy

2. In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab ( I will provide the lab document).

Step 1. IT Systems Architecture

You are a senior-level employee, and you must tailor your deliverables to suit your audience: the leadership of the organization. You may choose to use a fictitious organization, or model your organization on an existing organization. Remember that your deliverables should include proper citations.

Leadership is not familiar with the architecture of the IT systems, nor are they familiar with the types of threats that are likely or the security mechanisms in place to ward off those threats. You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table. Refer to this  threat table template for guidance on creating this document.

Before you begin, select the links below to review some material on information security. These resources will help you complete the network security and vulnerability threat table.

LAN Security

Local area networks (LANs) consist of a number of devices that are connected to each other and can share resources. According to the National Institute of Standards and Technology, LANs can encounter several cyberthreats, including unauthorized access, disclosure of data, disruption of functions, spoofing, etc. (NIST, 1994). Therefore, security measures must be undertaken to ensure that the confidentiality, integrity, and availability of shared data is maintained. These measures may include identification and authentication, access control, nonrepudiation, and logging and monitoring.

Another guideline document from NIST focuses on wireless LANs (WLANs), describing them as "groups of wireless networking devices within a limited geographic area, such as an office building, that are capable of exchanging data through radio communications" (Souppaya & Scarfone, 2012).

WLANs are popular because they allow better access and enhanced mobility, compared with wired LANs, but they also encounter attacks. These attacks can be broadly classified as passive attacks, such as unauthorized access to data, and active attacks, such as denial of service. Regular security scans, firewall installation, and use of threat monitoring and cleaning software can be beneficial in securing the sensitive data, network architecture, and physical components of WLANs.

References

National Institute of Standards and Technology, US Department of Commerce. (1994).  Guideline for the analysis local area network security: Federal Information Processing Standards Publication 191. http://www.nist.gov/itl/upload/fips191.pdf

Souppaya, M., & Scarfone, K. (2012).  Computer security: Guidelines for securing wireless local area networks (WLANs): Recommendations of the National Institute of Standards and Technology: Special Publication 800-153. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf

Availability

The confidentiality, integrity, and availability (CIA) triad is a popular security model for systems and data. While confidentiality refers to ensuring that there is no unauthorized access, integrity is the assurance that data is accurate and unaltered. The third element, availability, refers to data accessibility for authorized users at all times.

Information is useful only when it is available at the right time. The availability of information depends on the functioning of the systems that store, protect, and allow or deny access to information. Availability of data, information, servers, and sites can be affected by security attacks and intrusions, so appropriate measures should be undertaken to prevent and mitigate losses. These include performing regular backups, creating disaster recovery plans, updating software and hardware, ensuring access to adequate bandwidth, and installing security systems and firewalls. 

References 

National Institute of Standards and Technology. (2004).  Standards for security categorization of federal information and information systems. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Now you’re ready to create your table. Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:

· LAN security

· identity management

· physical security

· personal security

· availability

· privacy

Next, review the different types of cyberattacks described in the following resource:  cyberattacks. As you’re reading take note of which attacks are most likely to affect your organization. Then list the security defenses you employ in your organization to mitigate these types of attacks. Include this information in your Network Security and Vulnerability Threat Table.

Step 2. Plan of Protection.

I will Provide the lab document.

This hands-on lab will introduce you to Microsoft BitLocker drive encryption as a full-featured drive encryption tool to protect user computers from data exfiltration and other attacks. Given the alarming rate of high-profile breaches, using BitLocker to protect sensitive data is something to which you, the government agencies, and the commercial and private organizations should give serious consideration.  

You will develop a disk encryption report, in addition to the project-specific requirements such as common access card deployment and email security strategy. Then incorporate your findings into the project deliverables and compile your project report for submission. Additionally, you will have to provide the leadership of your organization with your plan for data protection.

Step 3. Data Hiding Technologies

You will describe to your organization the various cryptographic means of protecting its assets. Select the links below to review encryption techniques and encryption technologies, then provide your organization with a brief overview of each.

Encryption Technologies

Encryption technologies are the methods used to encrypt and decrypt messages to ensure that they are only accessible to authorized users. They are widely used in businesses and organizations to securely transmit and store data.

Encryption technologies are implemented using algorithms that apply keys to convert simple messages into ciphertexts before sending them. The ciphertexts are then decrypted (i.e., converted back into original messages) by the receivers.

While there are several encryption algorithms available, they can be broadly classified into two categories, symmetric and asymmetric. Symmetric encryption technologies use the same key for both encryption and decryption, whereas asymmetric (or public-key) encryption technologies use two separate keys, public and private, for encryption and decryption.

Shift/Caesar Cipher

The Caesar cipher is a monoalphabetic (single alphabet) cipher that uses the same substitution across the entire message. This cipher was first used by Julius Caesar around 58 BCE to keep his enemies from being able to comprehend his military commands should the commands have fallen into their hands (Khan Academy, 2016).

The Caesar cipher is a substitution cipher; parts of the plaintext message are substituted for something else based on the cipher rules. Inverse substitution results in the deciphering of the hidden message (Practical Cryptography, n.d.). 

Each letter in the message is mapped directly to another letter. Because of the simplicity of this cipher, frequency analysis (looking at the frequency with which a letter occurs in the encrypted text) can be used to crack the cipher (Braingle, 2014).

The Caesar cipher is also referred to as a shift cipher because messages are encrypted as a result of the shifting of the letters an identified number of spaces to the right and the starting of the alphabet from there, with the letters wrapping to the beginning of the alphabet until the letter Z is reached. 

The position in which the shifted alphabet corresponds to the unshifted alphabet defines the cipher (Department of Mathematics, Cornell University, 2008). The number of positions by which the alphabet is shifted is referred to as the key; the key is a number between 1 and 26. Because of the simplicity of this encryption/decryption process, this cipher is considered to be very easy to crack, as there are fairly few combinations that need to be tried for an individual to determine how to decipher the message. 

References

Braingle. (2014). Codes and ciphers: Frequency analysis. http://www.braingle.com/brainteasers/codes/frequencyanalysis.php 

Department of Mathematics, Cornell University. (2008, summer). Lecture 1: Shift ciphers. http://www.math.cornell.edu/~mec/Summer2008/lundell/lecture1.html

Khan Academy. (2016). The Caesar cipher. https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/caesar-cipher 

Practical Cryptography. (n.d.). Caesar cipher. http://practicalcryptography.com/ciphers/caesar-cipher/

Polyalphabetic Cipher

Polyalphabetic ciphers are ciphers that are based on more than one alphabet and that switch between the alphabets in a systematic way, as opposed to using fixed substitution or the same alphabet for every occurrence of the letter (known as monoalphabetic cipher) (Math Explorers' Club, 2004). Two common examples of polyalphabetic ciphers are  Playfair and  Vigenère.

Under the Playfair  method, pairs of letters are encrypted; a letter may be encrypted using different alphabets because encryption depends on its paired letter. 

The Vigenère  method uses a separate text string that is converted to numeric values that determine the number of shifts for each letter. This form of cipher was created by Giovan Battista Bellaso in 1553, but was misattributed to Blaise de Vigenère in 1586. It is similar to the Trithemius cipher but uses a keyword in its encryption strategy. This keyword (or key phrase) is repeated until it is the same length as the plaintext message, and is referred to as the keystream  and used to determine the ciphertext (Rodriguez-Clark, 2013).

In 1585, Vigenère created what is known as the autokey system, where a key starts the choice of alphabet, but it is the message that determines the alphabets to use for later parts of the message (Savard, 2012).

Although both these methods are more secure than  Caesar cipher (a monoalphabetic cipher method), the Vigenère method is more secure than Playfair and is used for encrypting sensitive information.

Leon Battista Alberti invented the first known polyalphabetic cipher, known as the  Alberti cipher, around 1467. He started by using a mixed alphabet to encrypt plaintext but changed to a different mixed alphabet at random points, indicated by capital letters in the ciphertext.

Another example of a polyalphabetic cipher is the  Trithemius cipher created by Johannes Trithemius in the fifteenth century. This cipher requires the sender to change the ciphertext alphabet after each letter is encrypted. This type of cipher is referred to as a  progressive key cipher.

References

Khan Academy. (2016). Polyalphabetic cipher. https://www.khanacademy.org/computing/computer- science/cryptography/crypt/v/polyalphabetic-cipher

Math Explorers' Club. (2014). Polyalphabetic substitution ciphers. Cornell Department of Mathematics. https://www.math.cornell.edu/~mec/2003- 2004/cryptography/polyalpha/polyalpha.html

Rodriguez-Clark, D. (2013). Polyalphabetic substitution ciphers. Crypto Corner. http://crypto.interactive-maths.com/polyalphabetic-substitution-ciphers.html

Savard, J. (2012). Polyalphabetic substitution. http://www.quadibloc.com/crypto/pp010303.htm

One-Time Pad Cipher/Vernam Cipher/Perfect Cipher

The one-time pad (OTP), or Vernam cipher, created near the end of the nineteenth century, was the strongest form of encryption at the time and was shown to be unbreakable. This is why it became known as the perfect cipher. It uses keys with randomly generated letters to replace letters in messages. Each letter can be replaced with 26 possible options (alphabet), and the length of the encrypted message remains the same as the original message. 

OTP is used for highly secure applications but requires extensive resources for the generation of random keys to ensure no repetition. Since the length of the message exponentially affects the number of randomly generated key possibilities for the OTP cipher, it is computationally impossible to decrypt OTP messages using brute force (Khan Academy, 2016).

For the code to be deciphered, a copy of the one-time pad is required to reverse the encryption. As its name implies, the one-time pad is used only once and then destroyed (Braingle, 2014). The following rules must be followed to ensure that the one-time pad encryption is unbreakable (Rijmenants, 2004):

· The key must be as long as the message or data encrypted.

· The key must be randomly generated.

· Both the key and plaintext must be digits, letters, or binary.

· The key must be used only once and then destroyed by the sender and receiver.

· Only two copies of the key must exist—one for the sender and one for the receiver.

The key used in this cipher is often referred to as a secret key due to the importance of the contents of the key being protected and not revealed. The invention of public-key cryptology resulted from the inability of individuals to securely control secret keys on the internet (Rouse, 2016).

References

Braingle. (2014). Codes and ciphers: One-time pad. http://www.braingle.com/brainteasers/codes/onetimepad.php

Khan Academy. (2016). The one-time pad. https://www.khanacademy.org/computing/computer- science/cryptography/crypt/v/one-time-pad

Rijmenants, D. (2004). One-time pad. http://users.telenet.be/d.rijmenants/en/onetimepad.htm

Rouse, M. (2016). One-time pad. TechTarget. http://searchsecurity.techtarget.com/definition/one-time-pad

Block Ciphers

The block cipher encryption method breaks messages into blocks (groups of bits) and then encrypts the blocks using symmetric keys. The resulting encrypted blocks have the same length (number of bits) as the corresponding original blocks. According to Morris Dworkin of the National Institute of Standards and Technology (NIST), block ciphers are a "family of functions and their inverse functions that is parameterized by cryptographic keys; the functions map bit strings of a fixed length to bit strings of the same length" (Dworkin, 2001).

The size of the block (or length of bit strings) can vary, but it is common to choose a multiple of 8, such as 64 or 128 bits. If the original message is not a multiple of the block size, padding is done through the addition of extra information to achieve the desired length. Implementation models of block cipher include the Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES).

References

Dworkin, M. (2001).  Computer security: Recommendation for block cipher modes of operation: Special Publication 800-38A. National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

Triple DES

Triple Data Encryption Standard (Triple DES) is a block cipher implementation that organizes data into 64-bit blocks using the DES keys (of 56 bits each) three times.

According to Elaine Barker (2016) of the National Institute of Standards and Technology (NIST):

TDEA encrypts and decrypts data in 64-bit blocks, using three 56-bit keys. Two variations of TDEA have been defined: two-key TDEA (2TDEA), in which the first and third keys are identical, and three-key TDEA, in which the three keys are all different (i.e., distinct). (p. 24)

Triple DES is based on the older Data Encryption Standard (DES), which was created in the 1970s. However, the increased computational power available in modern systems resulted in brute-force attacks on DES encryption, which applied a 56-bit key only once. So, DES was modified into Triple DES encryption, which provided greater security. 

References

Barker, E. (2016).  Computer Security: Recommendation for key management (Special Publication 800-57, Part 1, Revision 4). National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

Rivest–Shamir–Adleman (RSA) Encryption

RSA is an asymmetric or public-key encryption algorithm that is named after its authors, Ron Rivest, Adi Shamir, and Leonard Adleman.

The algorithm uses two keys, a public key and a private key. The public key can be distributed and is used to encrypt the message. The message can only be decrypted by using the private key, which is not shared with anyone.

The RSA algorithm has been approved by the National Institute of Standards and Technology (NIST) "in [FIPS186] for digital signatures and in [SP800-56B] for key establishment" (Barker, 2016).

RSA is implemented by starting with two prime numbers and finding their product (called modulus) and the exponents for public and private keys. Further details about RSA key pairs and generation have been documented by NIST in Barker, Chen, and Moody (2014).

References

Barker, E. (2016).  Computer Security: Recommendation for key management, Part 1: General (Special Publication 800-57, Part 1, Revision 4).  National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

Barker, E., Chen, L., & Moody, D. (2014).  Recommendation for pair-wise key establishment schemes using integer factorization cryptography (NIST Special Publication 800-56B, Revision 1) . National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is a widely adopted block cipher method that breaks the messages into 128-bit blocks and applies keys of different lengths for encryption. AES was established by the National Institute of Standards and Technology (NIST) in 2001 to overcome the problems with Data Encryption Standard (DES). According to Elaine Barker of NIST (2016):

AES encrypts and decrypts data in 128-bit blocks, using 128-, 192- or 256-bit keys. The nomenclature for AES for the different key sizes is AES-x, where x is the key size (e.g., AES-256). (p. 23)

Detailed specifications of AES algorithm have been specified in Federal Information Processing Standards Publications (FIPS PUB) 197 (NIST, 2001).

References

Barker, E. (2016).  Computer Security: Recommendation for key management (NIST Special Publication 800-57, Part 1, Revision 4). National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

National Institute of Standards and Technology, US Department of Commerce. (2001).  Announcing the advanced encryption standard (AES) (Federal Information Processing Standards Publication 197). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Symmetric Encryption

Symmetric encryption algorithms use the same key for encrypting and decrypting a message; the sender and receiver both have access to the key. According to the National Institute of Standards and Technology (NIST), "symmetric-key algorithms (sometimes known as secret-key algorithms) transform data in a way that is fundamentally difficult to undo without knowledge of a secret key. The key is 'symmetric' because the same key is used for a cryptographic operation and its inverse (e.g., encryption and decryption)" (Barker, 2016).

Key distribution in symmetric encryption poses some security threats. It is important to ensure that the key is not "disclosed to entities that are not authorized access to the data protected by that algorithm and key" (Barker, 2016). 

Secret key cryptography algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), Global System for Mobile Communications (GSM), and General Packet Radio Service (GPRS) (Kessler, 2016).

References 

Texture Block Coding

Texture block coding is an information-hiding technique that uses a low bit-rate spatial

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.