diff --git a/CW/Coursework.md b/CW/Coursework.md index 054bef2..5d04836 100644 --- a/CW/Coursework.md +++ b/CW/Coursework.md @@ -1,15 +1,17 @@ --- title: Introduction to Cyber Security -subtitle: Coursework 1 +subtitle: Coursework --- # Overview ## Assessment Brief -The assessment requires students to individually produce a security assessment of an organisation. The output will be in the form of a report of approximately 1500 words. +The assessment requires students to individually produce a security +assessment of an organisation. The output will be in the form of a +report of approximately 1500 words. -The submission deadline is 06/12/2019 +The submission deadline is 16/4/2020 ## Learning Outcomes @@ -26,19 +28,17 @@ The submission deadline is 06/12/2019 ## Scenario -The ShinRa Electric power company, is a large organisation -specialising in energy generation using alternative means. +The Cirrus Cybernetic Corporation is an organisation that develops +next generation robotics. -The organisation has several thousand employees, and includes departments for: +The organisation has several hundred employees, and includes departments for: - Management - HR - Accounting - Maintenance The organisation has a Website, showing company information, and -providing "Chat" and Forums for Customers to ask questions. The -website also allows users to upload images of their meter readings to -help with billing. +providing "Chat" and Forums for Customers to ask questions. There is also a staff Portal accessible VIA the web interface. The staff portal allows authenticated staff members to search and display @@ -46,10 +46,10 @@ customer account information. Access to the staff area is through a single sign on system (IE the staff member has the same Username and password for their Desktop PC and the Intranet) -The Organisation was recently the Victim of a security breach by the -environmental activist group Avalanche. The incident only resulted in -the defacement of the frontage, but the company would like to protect -against any future attacks. +Recently there was a web security incident, where an attacker was able +to access the organisation database. The initial analysis of the +attack suggests that it was launched from somewhere inside the company +network. ## Tasks @@ -59,7 +59,9 @@ organisation is given in the "Scenario" section, although you are expected to do some research on cyber security issues that might relate to the organisation. -This report should be written at a high level, suitable for a non-technical management audience. Your report should focus on two selected aspects of your choice, one each of: +This report should be written at a high level, suitable for a +non-technical management audience. Your report should focus on two +selected aspects of your choice, one each of: - A Technical aspect to security (such as how do we secure data, recommendations for security software) diff --git a/README.md b/README.md index 24c7900..53430aa 100644 --- a/README.md +++ b/README.md @@ -12,58 +12,58 @@ Phishing: ## Topics -| FL Step | Wk | Title | | Step title | Who | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 1 | What is security? | st1 | [Introduction](./Articles/st01_Introduction.md) | DG | -| | | | st2 | [OWASP Top 10](./Articles/st02_OWASP_Top10.md) | DG | -| | | | st3 | [State of threats](./Articles/st03_StateOfThreats.md) | DG | -| 1.2 | | | st4 | [Know your enemy](./Articles/st04_KnowYourEnemy.md) | DG | -| | | | st5 | [Cost of Threats](./Articles/st05_CostOfAttacks.md) | DG | -| | | | st6 | [What about U (VIDEO)](./media/scripts.md#what-about-you) | DG | -| | | Blended Lab session | st7 | [Is the threat real?](./labs/lab_index.md#is-the-threat-real?) | | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 2 | Are you naked online? | st8 | [Social Engineering (VIDEO)](./media/scripts.md#social-engineering) | JS | -| | | | st9 | [Open Source Intelligence](./Articles/st_9_OSINT.md) | DG | -| | | Blended Lab session | st10 | [What can you find out about yourself?](./labs/lab_index.md#what-can-you-find-out-about-yourself) | DG | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 3 | Going phishing | st11 | [Phishing Intro Video](./media/scripts.md#phishing) | JS | -| | | | st12 | [Phishing Intro](./Articles/st11_WhatIsPhishing.md) | DG | -| | | | st13 | [Avioding Phishing](./Articles/st13_AviodPhishing.md) | DG | -| | | Blended Lab session | st14 | [Attack EvilCorp](./labs/lab_index.md#attack-evil-corp) | | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 4 | Crypto | st15 | [Cryptography](./Articles/st15_Cryptography.md) | JS | -| | | | st16 | [Communications](./Articles/st16_communications.md) | JS | -| | | | st17 | [Passwords](./Articles/st17_passwords.md) | JS | -| | | Blended Lab session | st18 | Assess your passwords | JS | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 5 | GDPR'n'U | st19 | [What is GDPR? (VIDEO)](./media/scripts.md#gdpr) | JS | -| | | | st20 | [What this means for your data](./Articles/st20_gdpr_what_it_means.md) | JS | -| | | Bleneded Lab Session | st21 | Discussion on GDPR | JS | -| | | Discussion | | [Cryptographic Backoors](./Articles/st18a_CrypographicBackdoors.md) | DG | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 6 | Hackers and the Hacked | st22 | [Computer misuse](./Articles/st22_computer_misuse.md) | JS | -| | | | st23 | [The hackers](./Articles/st23_the_hackers.md) | JS | -| | | | st24 | [the hacked](./Articles/st24_the_hacked.md) | JS | -| | | | st25 | [The law](./Articles/st25_the_law.md) | JS | -| | | Blended Lab Session | st26 | Guilty or Innocent | JS | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 7 | H4ck th3 pl4n3t | st27 | [Introduction to exploit week](./Articles/st27_ExploitWeekIntro.md) | DG | -| | | | st28 | [XSS](./Articles/st28_XSS.md) | DG | -| | | | st29 | [SQLi](./Articles/st29_SQLi.md) | DG | -| | | | st30 | Privileges | DG | -| | | Blended Lab Session | st31 | Capture the Flag | DG | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 8 | Malware | st32 | [Worms and Viruses (VIDEO)](./media/scripts.md#worms-and-viruses) | JS | -| | | | st33 | [FireWalls](./Articles/st33_firewalls.md) | JS | -| | | | st34 | [AntiViruses](./Articles/st34_Antivirus.md) | JS | -| | | Blended Lab Session | st35 | Finding a back door | JS | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 9 | How did they do that? | st36 | [Case studies showing examples of hacking events](./Articles/st36_CaseStudyIntro.md) | DG | -| | | | st37 | [NOTW Phone Hacking](./Articles/st37_CaseStudyTwo.md) | DG | -| | | | st38 | [Password Stories](./Articles/st38_CaseStudy3.md) | | -| | | Blended Lab Session | st39 | Voter Game | | -|---------|----|------------------------|------|--------------------------------------------------------------------------------------|-----| -| | 10 | The business factor | st40 | [BusinessFactors](./Articles/st40_ProtectIndustry.md) | | -| | | | st41 | Protecting yourself | | -| | | | st42 | [Summary](./Articles/st42_Overview.md) | | -| | | Blended Lab Session | st43 | Final Discussion | | +| FL Step | Wk | Title | | Step title | Who | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 1 | What is security? | st1 | [Introduction](./Articles/st01_Introduction.md) | DG | +| | | | st2 | [OWASP Top 10](./Articles/st02_OWASP_Top10.md) | DG | +| | | | st3 | [State of threats](./Articles/st03_StateOfThreats.md) | DG | +| 1.2 | | | st4 | [Know your enemy](./Articles/st04_KnowYourEnemy.md) | DG | +| | | | st5 | [Cost of Threats](./Articles/st05_CostOfAttacks.md) | DG | +| | | | st6 | [What about U (VIDEO)](./media/scripts.md#what-about-you) | DG | +| | | Blended Lab session | st7 | [Is the threat real?](./labs/lab_index.md#is-the-threat-real?) | | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 2 | Are you naked online? | st8 | [Social Engineering (VIDEO)](./media/scripts.md#social-engineering) | JS | +| | | | st9 | [Open Source Intelligence](./Articles/st_9_OSINT.md) | DG | +| | | Blended Lab session | st10 | [What can you find out about yourself?](./labs/lab_index.md#what-can-you-find-out-about-yourself) | DG | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 3 | Going phishing | st11 | [Phishing Intro Video](./media/scripts.md#phishing) | JS | +| | | | st12 | [Phishing Intro](./Articles/st11_WhatIsPhishing.md) | DG | +| | | | st13 | [Avioding Phishing](./Articles/st13_AviodPhishing.md) | DG | +| | | Blended Lab session | st14 | [Attack EvilCorp](./labs/lab_index.md#attack-evil-corp) | | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 4 | Crypto | st15 | [Cryptography](./Articles/st15_Cryptography.md) | JS | +| | | | st16 | [Communications](./Articles/st16_communications.md) | JS | +| | | | st17 | [Passwords](./Articles/st17_passwords.md) | JS | +| | | Blended Lab session | st18 | Assess your passwords | JS | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 5 | GDPR'n'U | st19 | [What is GDPR? (VIDEO)](./media/scripts.md#gdpr) | JS | +| | | | st20 | [What this means for your data](./Articles/st20_gdpr_what_it_means.md) | JS | +| | | Bleneded Lab Session | st21 | Discussion on GDPR | JS | +| | | Discussion | | [Cryptographic Backoors](./Articles/st18a_CrypographicBackdoors.md) | DG | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 6 | Hackers and the Hacked | st22 | [Computer misuse](./Articles/st22_computer_misuse.md) | JS | +| | | | st23 | [The hackers](./Articles/st23_the_hackers.md) | JS | +| | | | st24 | [the hacked](./Articles/st24_the_hacked.md) | JS | +| | | | st25 | [The law](./Articles/st25_the_law.md) | JS | +| | | Blended Lab Session | st26 | Guilty or Innocent | JS | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 7 | H4ck th3 pl4n3t | st27 | [Introduction to exploit week](./Articles/st27_ExploitWeekIntro.md) | DG | +| | | | st28 | [XSS](./Articles/st28_XSS.md) | DG | +| | | | st29 | [SQLi](./Articles/st29_SQLi.md) | DG | +| | | | st30 | Privileges | DG | +| | | Blended Lab Session | st31 | Capture the Flag | DG | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 8 | Malware | st32 | [Worms and Viruses (VIDEO)](./media/scripts.md#worms-and-viruses) | JS | +| | | | st33 | [FireWalls](./Articles/st33_firewalls.md) | JS | +| | | | st34 | [AntiViruses](./Articles/st34_Antivirus.md) | JS | +| | | Blended Lab Session | st35 | Finding a back door | JS | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 9 | How did they do that? | st36 | [Case studies showing examples of hacking events](./Articles/st36_CaseStudyIntro.md) | DG | +| | | | st37 | [NOTW Phone Hacking](./Articles/st37_CaseStudyTwo.md) | DG | +| | | | st38 | [Password Stories](./Articles/st38_CaseStudy3.md) | | +| | | Blended Lab Session | st39 | Voter Game | | +|---------|----|------------------------|------|---------------------------------------------------------------------------------------------------|-----| +| | 10 | The business factor | st40 | [BusinessFactors](./Articles/st40_ProtectIndustry.md) | | +| | | | st41 | Protecting yourself | | +| | | | st42 | [Summary](./Articles/st42_Overview.md) | | +| | | Blended Lab Session | st43 | Final Discussion | |