Infrastructure as Code for Cybersecurity Training

An organization\u27s infrastructure rests upon the premise that cybersecurity professionals have specific knowledge in administrating and protecting it against outside threats. Without this expertise, sensitive information could be leaked to malicious actors and cause damage to critical systems. These attacks tend to become increasingly specialized, meaning cybersecurity professionals must ensure proficiency in specific areas. Naturally, recommendations include creating advanced practical training scenarios considering realistic situations to help trainees gain detailed knowledge. However, the caveats of high-cost infrastructure and difficulties in the deployment process of this kind of system, primarily due to the manual process of pre-configuring software needed for the training and relying on a set of static Virtual Machines, may take much work to circumvent. In order to facilitate this process, our work addresses the use of Infrastructure as Code (IaC) and DevOps to automate the deployment of cyber ranges. An approach closely related to virtualization and containerization as the code\u27s underlying infrastructure helps lay down this burden. Notably, placing emphasis on using IaC tools like Ansible eases the process of configuration management and provisioning of a network. Therefore, we start by focusing on understanding what the State of the Art perspectives lack and showcasing the benefits of this new working outlook. Lastly, we explore several up-to-date vulnerabilities that are constantly messing with the lives of individuals and organizations, most related to Privilege Escalation, Remote Code Execution attacks, and Incident Forensics, allowing the improvement of skills concerning Red team and Blue team scenarios. The analysis of the attacks and exploitation of such vulnerabilities are carried out safely due to a sandbox environment. The expected results revolve around using IaC to deploy a set of purposely-designed cyber ranges with specific challenges. The main objective is to guarantee a complexity of scenarios similar to what we can observe in enterprise-level networks. Thus, this entails having a set of playbooks that can be run in a machine or laboratory, assuring the final state of the network is consistent. We expect this deployment strategy to be cost-effective, allowing the trainee to get deep insight into a wide range of situations. Nowadays, DevOps solutions work as a silver bullet against the issues derived from old-case-driven approaches for setting up scenarios. In short, one of the key takeaways of this work is contributing to better prepare specialists in ensuring that the principles of the National Institute of Standards and Technology (NIST) Cybersecurity Framework hold, namely: prevent, detect, mitigate, and recover

Network Security: An Evaluation of Security Policies and Firewall Implementations

This paper begins focusing on network security issues. The areas of physical security, access security, and connection security are explored. Connection security provides the biggest need for improvement in the entire security field. This type of security is managed best with firewall implementations. Various firewall models are discussed. Software evaluations were performed on three different commercial Internet security tools. The software was compared on the basis of ease of installation, functionality, level of security provided, and output available. In summary, the value of the firewall is dependent on the need to implement a firewall in an organization. However, a security policy is necessary to provide direction for configuring the firewall. Further studies into the creation, publication, and enforcement of security policies were conducted. Security policies are currently being created reactively instead of preventatively to manage security breaches as they occur. To better understand how security policies need to be implemented, case studies were conducted in three educational departments and a local Internet service provider. While the case studies were being reviewed, security policies for the study participants came to fruition and the enforcing has finally begun. Conclusions from these case studies are that policies need to be better publicized and increasing manpower is necessary to enforce them. Further work on network security could include creating proactive security policies and how to successfully publicize and implement them. Continual monitoring of security faults and advertising weaknesses will increase interest in security abroad. This will improve the availability of security management systems and assist persuading employers to increase staffing to provide network security personnel positions

Can we talk? A discussion of gender politics in the late-night comedy career of Joan Rivers

Television has often been considered a safe haven for female performers, especially comedians. But in fact, women have often been marginalized – narratively and institutionally – within the medium of television. While there has been a promising increase in the number of creative and professional opportunities afforded to women in TV, there is one arena in which women have historically been, and continue to be, excluded: late-night comedy. As the first female late-night talk show host, Joan Rivers is central to the history of broadcast television and American comedy. While some (but not much) work has centered on Rivers’ impact as a comedian, little of this research has contextualized her career through the industrial frameworks of late-night broadcasting. From starting out as a standup comedian, to becoming Johnny Carson’s permanent guest host in the 1980s, to acrimoniously splitting with Carson and NBC for the opportunity to host her own late-night program, Rivers creatively performed her gender in order to differentiate herself as the singular female host in late night. From a feminist media studies perspective coupled with a historical analysis of Rivers’ professional trajectory in late-night comedy, this thesis will uncover the systemic, personal, and gender-specific factors that contributed to Rivers’ initial success, yet ultimate exile from late night

Xavier University Newswire

https://www.exhibit.xavier.edu/student_newspaper/1355/thumbnail.jp

A critical discourse analysis of the media coverage of the migration crisis in Poland: The Polish Catholic Church's perception of the 'migration crisis'

This paper discusses the Polish Catholic Church’s perception of the recent European migration crisis by examining its discursive practices through the lens of critical discourse analysis. We focus on two of the official communication channels of the Church: the website of the Polish Episcopate Conference (PEC) and the weekly magazine ekai.pl, published by the PEC-owned Catholic Information Agency (CIA). We demonstrate that despite the official appeal of the Polish Episcopate for Christian hospitality, views of bishops participating in the public debate on the migration crisis are not unanimous, but polarised. These internal divisions on the issue parallel the ambivalent stance of the Polish Church on Poland’s place in the European Union. The negative attitude of the majority of Poles to migrants, resulting in the refusal to participate in the European relocation programme, is sanctioned not only by the ruling political party but also by some representatives of religious authorities

Montana Kaimin, October 13, 1976

Student newspaper of the University of Montana, Missoula.https://scholarworks.umt.edu/studentnewspaper/7592/thumbnail.jp

The Cowl - v.79 - n.14 - Jan 22, 2015

The Cowl - student newspaper of Providence College. Vol 79 - No. 14 - January 22, 2015. 20 pages

CPA\u27s guide to information security

https://egrove.olemiss.edu/aicpa_guides/1963/thumbnail.jp