IDS 2018 Spring  finalExam1a_IDS3917

Final Exam at:
Start Time: April 20, 2018 1:30 pm
End Time:   April 20, 2018 4:30 pm

Location: Ocean Bank Convocation Center, Modesto A. Maidique Campus, 1180 SW
          113th Avenue, Miami, FL 33199


We will be presenting our FINAL EXAM as follows:

The College of Engineering and Computing is hosting its 
first Senior Design Project Showcase<http://capstone.cec.fiu.edu/> 
at the FIU Arena on Friday April 20th, 
from 1:30 to 4:30 PM. 

All of our graduating engineering seniors (+500) will be at the arena floor at
that time to showcase their final products to faculty, family, friends and 
industry affiliates. 

The event is open to our community and industry for networking with our students
and faculty. We are inviting anyone interested in meeting our seniors and watch
them demonstrate their entrepreneurial ideas and projects.


=========================================================


Dear REGISTERED IDS Students,

Today, Friday April 13, 2018 and tomorrow Saturday April 14,2018 we will be
working on you FINAL EXAM during class.

Your FINAL EXAM will be worth 40% of your grade and will contain following.

Each student will create a unique poster describing your favorite contribution
to our IDS class, such as:

- What is Cyber Security
- Hardware analysis with advice to upgrade equipment and cost analysis
- Installation of Intranet computers, including hardware and Cyber Security
  specialized Operating System
- Learning and using terminal mode commands 
- Services at the Cyber Lab at FIU's CIS Hardware Lab 
- Why Do We Need to Teach Cyber Security
- What is Needed to Teach Cyber Security
- Free Workshops Provided by our Cyber Lab
- Legal Implications
- White, Black and Gray Hat Hacking
- Types of Hackers:
  - Script Kiddies    Have very limited knowledge.
  - White-Hat Hackers Think like the attacker BUT work for the good guys. 
                      They have a code of ethics that promised NOT to cause harm. 
                      Also called Ethical Hackers or Pent Testers.
  - Gray-Hat Hackers  Work in the line between White and Black-Hat Hackers and 
                      can NOT BE TRUSTED
  - Black-Hat Hackers Operate in the opposite side of the law. 
                      Black-Hat Hackers and Criminal Activy Hackers are very close 
                      to each others.
  - Suicide Hackers   Try to DESTROY a target to prove a point. 
                      They are not worry about getting caught and go to jail
- Introduction to Ethical Hacking, questions page 36, answers page 526
- System Fundamentals, questions page 66, answers page 527
- Footprinting, questions page 123, answers 529
- Scanning
- Technologies at Risk of being Hacked

- PenTesting Rules
  - Always get written permision with detailed instructions and parameters, 
    before starting the pent test.
    Operating without a contract is STUPID and ILLEGAL, it will end your career
  - If you find private and confidential information make sure, in writting,
    to know WHOM you can TALK about it.
  
    According to the International Council of Electronic Commerce Consultants 
    (EC-Council) you as a CEH must keep all found information PRIVATE. 
    It can NOT be SOLD, TRANSFERED or GIVEN to ANYBODY.
    (user names, passwords, email name, tel, ss, etc)
           
  - Be Honest and Forthright. Provide service in your area of COMPETANCE ONLY.
    Acknoledge your limitations.
  - NEVER use private software
  - DO NOT engage in bribery, double billing or any dishonest practice
  - Use the owners property, ONLY when authorized
  - Disclose to owners all CONFLICT of interest
  - Ensure good management of the project. "Flow charts", time schedules, 
    full risk disclosure
  - Do not associate with bad hackers
  - Never compromise your clients systems
  - ADD to your knowledge with CONSTANT study. Share knowledge with othe CEH members

- PENTESTS Types
  - A Black-Box: When the Pentester does NOT have knowledge of the target, 
    simulating a Hacker attack
  - A Gray-Box:  Limited target knowledge such an ip address, OS type, 
    network enviroment, but that information is limited. 
    This type of information could be accessable to someone on the inside, 
    but not always all of it.
  - A White-Box: Pentester will have complete information about system. 
    This is usually done for audits of sysmtems.

- Introduction to Ethical Hacking, questions page 36, answers page 526
- System Fundamentals, questions page 66, answers page 527
- Footprinting, questions page 123, answers 529
- Scanning
- Legal Responsibilities
- Cyber Security Areas
- Jobs Available, Government and Private Opportunities
- Cyber Attacks:
  - Denial of Service (DOS)
  - Manipulation of Stock Prices, School Grades. etc (Games, HamShl and CoX)
  - Identity Theft (Bank of America)
  - Vandalism
  - Credit Card Theft
  - Piracy (eBooks, Music, Software)
  - Theft of Service (Cel, TV, Electricity, Water)
  - Control automobiles: start, stop, ac, microphones, gps etc
  - Email Phishing
  - Stealing usernames and password (1234, password)
  - Network Intrusion.Getting into a network without permission
  - Social Engineering. Exploiting a system by going after the weakest point:
    A HUMAN BEING, open cpu, 
  - Posting and/or trasmitting illegal material (pdf books)
  - Extracting information for financial gain or cause damage, 
    Social Securities, Credit Cards, Pin Numbers, etc
  - Software Piracy
  - Dumpster Diving, getting discarded or left insecure information         
  - Malware, such as viruces, adware, spyware, etc
  - Unauthorized destruction or alteration of information, without permission
  - Financial fraud, redirection of funds
  - Denial of Service (DoS) and Distibuted denial of Service (DDoS) attacks are
    ways to oveload a system's resources to prevent it to provide services to legtime users
  - Ramsonware. One a systems is accessed, data is encrypted and users can not use it and 
    user most paid an amount of money to get their dat back
- Implementing Correction Actions
  Using a combination of Technology, Administrative, Physical and many others actions:
  clients implement, or not, Correction Actions, as follows:
  - Technology 
    - VPN (Virtual Private Networks) One to One, Many to One, One to Many
    - Cryptographic protocols, (CIA Director 1200 times could not access in 2017)
      Encrypting data before transmiting
    - IDS (Intruction Detection Systems)
    - IPS (Intrusion Prevention Systems) 
    - ACL (Access Control Lists)
      A set of rules applied to inbound traffic that specifies whether the contents of a 
      given field should be allow or prevent access to a network
      
      ACLs: DACL (Discretionary Access Control) and  
            SACL (System Access Control)
      
    - ACE (Access Control Entries) Is a list of access control entries
      Each ACL in an ACE identifies a trustee and specifies the access rights allowed,
      denied, or audited for that trustee. 
     
  - Administrative 
    - Company Policies
    - Procedures
    - and many other rules like log-out when leaving work area

  - Physical        
    Cable Locks
    Device Locks
    Alarms etc

or any other topic covered in class



Instructions for Preparing and Submitting Posters:
--------------------------------------------------
   - You need to submit your poster in the moodle before deadline.
     At this time is Monday, April 16, 2018, 5 pm
     I requested an extension until Wednesday, but I have not received approval
     
   - Use Microsoft powerpoint
   
   - The poster size is 48x36 (Vertical poster). If you use template, 
     it's 48x36 (Vertical poster).
     
   - One ppt/pptx file per person, 
   
   - Name the file "firstname-lastname.pptx"
   
   - Please do NOT use black or dark background colors! You can design the
     template in your style.
     
   - Instead of <course name>, you need to add VIP in the first page
   
   - For the poster, focus on your contribution.
   
   - Instead of using a lot of texts, please use beautiful clear pictures.
     Each picture needs a number, a complete description and a reference to the
     paragraph related to the picture.
     
   - You can play it safe and closely follow the format in the template provided
     or do whatever you feel is right for your poster! 
     
   - The guideline for the free format is to use the same space for the
     poster, make sure to include
      your project name, 
      your name, 
      your mentor's name,
      your instructor's name 
      
     The problem is well explained and motivated, 
     and your contribution in the solution, 
     acknowledging others'work, is clearly explained.
     
   - Please double check your poster with me before final submission by
     sending me an email or stopping by my office.
     
   - Before meeting me please check the size, content, and diagrams with
     your team members and use the last semesters posters as exmpales.
     
   - If you design your poster with google slide, please double check your
     poster with Microsoft powerpoint too