Week 12 Posting - Write about my choice of topics.

 I never had a set goal on what I wanted to blog about until the end, after finishing all of the week's assignments. I wanted to leave myself open every time to find something new and interesting so that I could do more research on it and report about it on the blog. An example would be when I ran into a hacking contest that is held yearly. I had no idea something like that even existed, and it was fun to read about how people get paid to find vulnerabilities on the spot for whatever program or application is the main event for the hack-off. Finding the unusual is the best part about researching the week's topics for me since they may lead me down a path that shows me something new and unexpected. I would never blog myself if it weren't for this course, making it a requirement, but I would be lying if I said I didn't enjoy it. I hope you have a great day!

Week 11 Posting - Even the Big Boys Get Hacked

 I learned that even people working for the US State Department fell victim to hacks in 2021, which led to hackers gaining access to government emails. It's wild that even people who work in such an essential position in the government can still fall victim to attacks like the ones there. It shows that people will always be people and serve as the weakest link in any security system. They didn't even know they were already compromised for months before the attack. When the hackers decided to activate the spyware, which did not require further input from the state employees, it was already too late to prevent anything. This must have been an embarrassing lesson learned. The separation of personal devices from work devices must be followed, and there must be restrictions on using personal devices to access any work-related material. Separating the work from the personnel could have saved many from this situation. 

Week 10 Posting - Monopoly

 Today, I learned that Google filed an antitrust complaint against Microsoft, claiming that their licensing practices are anti-competitive. I find it fascinating that even heavy taxes are applied to overseas competitors that sell their products in the West. If it weren't for these taxes, certain TV brands would be selling their products at a fraction of the cost of significant TV bands. To combat this, there are heavy taxes on their imported products, so they would need to sell their products at a higher price to recoup their losses from the tax, which brings them back up in line with all the other TV vendors. I used to think Monopoly was just the name of a board game, but then when learning about how the consumer market operates around specific products and how companies are not allowed to undercut one another to try and kill the other one so that they would be the only company left providing the service, only for them to raise the price right after was fascinating. That was a long way of saying that I find it crazy that this greed has even found its way into cloud services. Fun stuff.

Week 09 Posting - Fun with Social Engineering

 This was such an interesting topic to research, and there are things I noticed that were related to the topic but had no place in being part of the written discussion, so I am choosing to expand further upon it here in the blog. I noticed when watching videos about people blending into the environment that almost all of the actions and roles that people do by either doing surveillance, pretending to be someone else that requires entry like a repair man or a delivery driver, all the way to acting as if you're someone significant that was scheduled to have a meeting with the boss of the company, and my time is very valuable, so you better make sure I am on that list, and I am not, then someone messed up on your end. 

I hope that long-winded sentence made sense. Either way, it reminds me of everything that gets done in the Ocean 11 franchise. Social engineering and manipulating your way up to the "treasure" room is all the stuff covered and pulled off in the films. I just found it fascinating, making learning about this even more enjoyable. I love this reality of the world, which was beautifully played off in the movie.

Week 08 Posting - Insight for my Milestone Assignment.

 This week's chapter was exactly what I needed to help me find more information about my chosen topic for my milestone research paper. Many of the resources I found and have been using have been discussing individual settings for user account controls and maintaining security on a personal level. A ton of information has been going in-depth down into individual settings to increase security, but I found nothing about network-wide settings for managing user accounts on the group scale and allowing specified groups of employees to access parts of the network that others shouldn't. This can be done in groups, as opposed to managing each employee one at a time. So much goes into even making sure an upstanding employee won't be able to gain access or accidentally delete crucial system data by entering parts of the network they have no reason to be in. Forgetting that network security means more than trying to prevent malicious hackers, externally or internally, can be fatal. Sometimes, a wrong click on the wrong folder can lead an employee down a rabbit hole of files they have no reason to access, which can lead to devastating consequences depending on the data's sensitivity.

Week 07 Posting - CDP is still confusing.

From what I can understand, the book shows you the commands, how to bring up the CDP information, and the different information you can bring up. The only thing I get confused about is the depth of everything explained in chapter 12. There is so much information regarding how the router, switch, and hosts connect and how to look those up, but I have never set up a network before, and seeing the graphs doesn't explain anything to me. I've also been watching videos explaining the topic, but I keep running into the same problem. I understand it is Cisco, and they assume you have a base level of knowledge coming into this, but I am an absolute beginner learning as I go. So I can understand how the network is laid out, but I don't understand the interface and what they see after entering the sh cdp command. All it does is explain how to bring it up, but I still have trouble reading it as if I wanted to use that information to troubleshoot something. More time and exposure will help me, but going straight into the chapter was rough, unlike the previous chapters. This one is something I'll need to watch many YouTube videos to understand.

Week 06 Posting - HSMs

 Since this degree is my first introduction to the security measures, methods, hardware, and software used for hardening networks, I never heard of Hardware Security Modules before. I had no idea there was a security method where you could store the cryptographic keys on a device totally separated from the network itself. That way, in case the network gets hacked, the hackers would still not be able to get the keys required to decrypt the stolen data. Even if they had scoured the entire network from top to bottom for the keys, they would have had no luck since the keys are stored on a device that is removed and isolated from the network. I wonder if using an HSM and getting hacked means you can change the keys for the entire network again, making the network's security much harder to get into since a new key is now required. Do cryptocurrency wallets work similarly since you can buy a separate currency storage device? HSMs enamor me, and I would love to see them in use in person.