When the assessment was made a long while ago, I immediately downloaded it as soon as it was available. The reason I do this, or try to anyway, is because I like to obtain a "problem", or a task to overcome early and let it linger in the mind for a while.
Forward until delivery day, I submit my finalized .pdf.
I noticed one link at the very bottom, beyond the seminars and assessment pages, a Zoom link. A separate stream where the lecturer spoke about the assessment. Most of what he said there turned out to be, or at least as I understand it to be, the same conclusions I had drawn. Not to panic, being introductionary and all that.
But... Somehow, I had misinterpretet or misread the max word count. It seems to be a big deal for him. Which is an unfortunate human mistake, I suppose. I've been borderline beating myself up about it, but ultimately it's my fault for overlooking it. My best reflective guess looking back is that I just didn't expect files to be located after the final assessment in the Moodle directory. So it never occurred to me to check.
I'm fine with it now though, after some rest and coffee. Whilst obvious to some extent, now I know not to get too comfortable with one lecturer's setup for the month, as it evidently can vary. Hopefully, it's a learning curve and I can bring this with me in the future and be more diligent on the look out for overlooked links.
The move I've been sitting here, smashing my head in, I can't get my head around this assessment task. Much similar to the previous month, the assessment strikes me as being somewhat backwards. We are to write a report about the techniques we would use in penetration testing for a fictional scenario. I assume this to be expecting a rather introductionary, assuming sort of "what I believe I would do based upon tip-of-the-iceberg research on the field. Surely, the focus must be expected to circle around more general terms of techniques, rather than the specific step-by-step actions to perform each technique.
I'm going to have to talk to someone to get a fresh mind on the matter. Right now I'm trying to write down what I believe are basic steps during a penetration test process. Then I can tackle the ethical discussion separately.
Update - I spoke with my father, who is working in the IT security field and he shared some stories which helped relieve my issue a bit. I was having trouble imagining you could actually accidentally stumble across a different server than the specified targets during a pen-test, though this is partially due to it being a hypothetical scenario and we don't actually know exactly what the contract contains nor the exact context of the supposed job. Or what information we have from the get-go to work with. But apparently you can stumble across servers during a pen-test, but that's supposedly never an issue for the employer and they usually want you to include that in the test too if found. Or they could want it to be terminated in case of being for example a forgotten NAS-HDD that was supposed to be taken down but had been forgotten. Either way, it happens.
Today's subject about Physical Security had me thinking about a few stories my dad told once. This was told a while back, so the details are a bit fuzzy but the principles and ideologies remain the same.
They were hired by a local hospital to upgrade some of their computer systems and providing them with satisfactory security measures, so that they could conveniently store patient credentials and information accessible for the hospital staff. A fairly straight forward and basic job, you would think. Though, no matter what porposal they brought forward or suggestions that were made, the hospital was not happy. The disagreements were so severe, they ended up cancelling the job as either proposal was either too complicated, or too expensive. The hospital ended up with deciding to have a billboard on the wall by the receptionist, with post-it notes for current patients, including full names, the room they were in and immediate notes about their situation.
Another job was setting up a server room. The company had bought pretty big, fancy server "boxes", I'm not sure what they're called. Racks to keep servers in with a lockable door. Though the company decided to have the keys hanging on a knob nearby.
ObjectiveTrying to define the expressionsinformation security and computer crimeSo...What is information in information security?What is security in information security?What is computer crime?
At NUC, we write something called a Reflective Journal in attempts of sharing our thoughts and ideas among our peers, both for personal reflection and potential feedback from other students.
While I will not exclusively use this blog for that purpose, it still seems most reasonable to keep all of my thoughts under the same roof. So if you're particularly interested in these thought nuggets, I'll make sure to sort content through specific categories and tags for easy sorting.