For the purpose of explaining all 12 objectives, the Network Engineering objectives will be referred to as E1-E6, Network Security objectives will be S1-S6.
E1: Translate physical and organizational needs into network design(s) that encompass logic and infrastructure.
E1: Translate physical and organizational needs into network design(s) that encompass logic and infrastructure.
- My network security proposal encompassed creating a network diagram complete with VPN's, Firewalls, IDPS, VLANs, subnetting and more. In addition, a written document was required explaining the network, all of the physical real world devices needed, and the building cost of the network.
network_security_proposal.docx | |
File Size: | 643 kb |
File Type: | docx |
- For the assignment Network Upgrades, I was given a list of network items needed to update the infrastructure of a fake company, and a total number of users I had to accommodate in each department. I had to build the diagram and assign IP addresses to all machines based on the organizational needs of the network.
E2: Implement, support, and evaluate routed and switched IP wired and wireless network infrastructure that reflects networking concepts and industry best practices.
|
|
E3: Implement, support, and evaluate network systems and services such as active directory, email, DNS, servers, clients and data storage that are consistent with information systems concepts and industry best practices.
- One of the more complex projects was configuring Active Directory, Domain Services, and DNS on a Microsoft Azure virtual machine.
install_active_directory_lab.docx | |
File Size: | 2846 kb |
File Type: | docx |
- After AD, DS and DNS were all configured, I then created Organizational Units under Active Directory, where I created a group called "HR" and a user in the HR department. Between HR and the Administration groups I created a shared folder called "Workplace Reports", so if any user is a part of either the HR group or the Admin group, they have read and write access to anything in that folder.
create_ous_lab.docx | |
File Size: | 54 kb |
File Type: | docx |
E4: Produce visualizations and documentation related to network services.
- In order to understand risks to a wireless network, I simulated what I believed a library wireless network would look like with three wireless access points, documenting steps needed in order to minimize the risk, and protect the wireless network and its services.
wireless_security.docx | |
File Size: | 56 kb |
File Type: | docx |
- Wireshark was another tool I aimed to leverage in my understanding of network services. I captured some of my live network traffic and investigated what was going on underneath the hood. On top of that I also downloaded a PCAP file (simulates network traffic infected with malware), in order to learn how to analysis network logs and services to detect malicious operations.
network_sniffing.docx | |
File Size: | 209 kb |
File Type: | docx |
E5: Select and architect the most appropriate network, information systems, and technologies to meet the requirements of specific projects and communicate these decisions clearly in written and oral forms.
- For the "Wireless Security" project where I simulated a libraries network traffic, in addition to the written proposal, we also spent the lecture hour simulating a similar network and communicating our decisions live in-class
wireless_security.docx | |
File Size: | 56 kb |
File Type: | docx |
- The other project was a final for a class that tasked me with creating a Security Program Implementation Plan where I had to develop, present, and defend a security plan for a fake business.
security_plan_final.pptx | |
File Size: | 770 kb |
File Type: | pptx |
E6: Implement, support and evaluate contemporary IP network-based communications, collaboration, virtualization and mobile systems services.
|
S1: Create a network infrastructure design communications document that includes identified hardware components, connections to outside world, identified physical layer connectivity (media) and addressing, including operational and security components in the design.
- My network security proposal encompassed creating a network diagram complete with VPN's, Firewalls, IDPS, VLANs, subnetting and more. In addition, a written document was required explaining the network, all of the physical real world devices needed, and the building cost of the network.
network_security_proposal.docx | |
File Size: | 643 kb |
File Type: | docx |
S2: Install, configure and test security hardware and software tools with supporting documentation such as port scanners, vulnerability detection systems, intrusion detection systems, firewalls, system hardening, anti-virus tools, patch management, auditing and assessment.
- Window's Defender Firewall is a looked over tool, especially for home network defense, but inside of Window's Defender is a plethora of options to better defend the computer, and the network. For this project I created two inbound traffic rules, as well as configured Advanced Security Logging. The steps are provided in the below document.
windows_firewall_steps.docx | |
File Size: | 18 kb |
File Type: | docx |
- I also undertook a small personal project to outline steps I could take to further protect my devices. Going from home to a dorm with hundreds of people on an open network is cause for concern, so I highlighted personal steps I took to better protect myself and my network traffic.
system_hardening_lab.docx | |
File Size: | 1944 kb |
File Type: | docx |
S3: Construct, implement and document a script or a program to automate a security-related process or other tasks such as installation, administration, management, mapping resources, logon scripts, patch management, updates, auditing, analysis and assessment.
- In the engineering field, fresh computer installs and setups become an almost daily occurrence. To prepare for that I created a PowerShell script that would install a program called Chocolatey, which in turn would then download and install programs of my choosing, saving me the trouble of downloading each program's .exe file from their respective website. gist.github.com/TotallyNotEmilio/e59e80886115ae065d249aa458b1ea04
- The next script created was a simple one, but the implementation was complex. I created a Bash script on a dummy Ubuntu VM, which updated and upgraded everything on the machine upon login. Scouring the internet finding how to implement the script upon boot was difficult, even if the script is only a single line.
S4: Create a policy or procedure that addresses events such as: a disaster recovery plan, a business continuity plan, an incident response policy, an acceptable usage document, an information security policy, a physical security policy, assessments or troubleshooting procedures.
- A security plan for a fake business was created. It contained aspects of physical security, password policies, server securities, and security access controls.
security_plan_final.pptx | |
File Size: | 770 kb |
File Type: | pptx |
- A plan implementing security controls was also developed, talking about password management, and the importance of user division by role (giving HR access to ONLY HR files etc.) and the importance of whitelisting AND blacklisting, as opposed to only one or the other.
data_center_security_controls.docx | |
File Size: | 237 kb |
File Type: | docx |
S5: Develop a research report or implementation plan concerning legal and ethical best practices and mandated requirements that pertain to information security.
- 12 Principals of Information Security and practical examples of implementation of each principal inside of a business network.
principles_of_is.docx | |
File Size: | 191 kb |
File Type: | docx |
- Ticketmaster was accused of accessing competitor's systems without authorization and was forced to pay $10 million in compensation. I researched the case, gave thoughts to the ethical dilemma presented by the case, and created a code of ethics of 5 rules based on my interpretation of the case.
cyber_crime_report.docx | |
File Size: | 207 kb |
File Type: | docx |
S6: Research, document, test and evaluate several current industry information security based threats, risks, malicious activities, covert methodology, encryption technologies, mitigation techniques or unconventional tactics to prevent loss of sensitive information and data confidentiality, integrity and availability.
- Analyzing 3 different viruses using Hybrid Analysis, I documented any and all malicious results of the virus being installed on a system, taking note of the installation processes and evasion methods the virus used.
project__malware.docx | |
File Size: | 47 kb |
File Type: | docx |
- Incident Response and Information Security are two sides of the same coin, and researching the hardware and software needs of either is a great insight into the field itself. Composing a list of items needed by an IR team, suppliers, and price points, led to a greater understanding of everything it takes to prevent the loss of sensitive information, as well as how to recover information once it is lost.
schedule.xlsx | |
File Size: | 8 kb |
File Type: | xlsx |