Objectives
The UAT Boards is a pass/no pass set of objectives that we as UAT students must meet in order to obtain our desired degree. Every major requires a student to achieve six objectives, these can be proven via projects (personal or academic). My major is network security, as a network security major my six objectives are as displayed below along with their associated description and project.
You may download a copy of any project or corresponding work for your own review via the download buttons to the left of each project description, downloading my work and naming it as your own is not permitted.
Objective 01
Network Infrastructure Designing
Create a network infrastructure design communications document that includes identified hardware components, connections to the outside world, identified physical layer connectivity (media) and addressing, including operational and security components in the design.
Corresponding work: 2023 Semester 1, System Administration Final Project.
Includes two completed network diagrams with a call center and sales department in two different physical locations. The two locations were reflected within Microsoft Server 2022 with the creation of Phoenix and San Diego OU’s and their respective users.
Corresponding work: 2024 Semester 3, Analyzing Organizational Requirements for Network Design.
A presentation designed to fill the requirements as specifically listed on a job posting (Verizon's network engineering internship requirements). This presentation includes implementation benefits and strategies for network scripting & automation, Wireshark network monitoring, data management, network design & processes, system tools & administration, documentation, and a visual draw up of a Verizon office network designed for testing and network monitoring.
Objective 02
Security Hardware and Software Tool Handling
Install, configure and test security hardware and software tools with supporting documentation such as port scanners, vulnerability detection systems, intrusion detection systems, firewalls, system hardening, anti-virus tools, patch management, auditing and assessment.
Corresponding work: 2024 Semester 2, IoT Device Security Analysis Report. (Baumgartner & Rios UAT student collaboration)
A full security analysis report of an IoT device. The purpose of the report is to document the level of security that the camera may have. The report includes a full breakdown of the device itself and its hardware components along with a security analysis of its firmware and associated mobile application. More importantly, the use of security tools such as BugProve and QARK. BugProve is a security software capable of providing a thorough analysis on firmware (this was proven during the IoT GOAT project). QARK is a CLI secuirty software capable of outputting a security vulnerability report of APK and IoS application files.
Corresponding work: 2024 Semester 2, Production Studio.
Production studio is a program dedicated to an entire semester of obtaining real-world industry experience by joining a team (could be a company or student made group) relevant to my major and collaborating in developing and deploying an application using real development flows and methods. The team I joined was Grab the Axe, me and several other network security majors worked together in producing and deploying a network monitoring application capable of scanning a networks ports/hosts, host details, and a general overview of the network including vulnerabilities and traceroute. Additionally the scanner application is also capable of completing OS scans.
Objective 03
Security Automation
Construct, implement and document a script or a program to automate a security related process or other tasks such as installation, administration, management, mapping
resources, logon scripts, patch management, updates, auditing, analysis and assessment.
Corresponding work: 2024 Semester 2, Cloud Security Final Exam.
This project demonstrated the automation features of Ansible via the CLI application. In this project I managed to launch multiple EC2 instances within my AWS (Amazon Web Services) cloud environment. Ansible is capable of offering automation for other administrative and security features in AWS. To use Ansible features, an administrator must produce scripts which are made to provide instructions and ultimately functions for the AWS environment.
Corresponding work: 2024 Semester 1, Building a Docker Container.
Documentation involving the actions of building a docker container in order to automatically allow a select list of users (based on roles, user accounts, etc.) to access the network. a Microsoft Server 2022 virtual machine was used to complete this project. In this project, the following was completed: Installing the routing and remote access role, enabling router and remote access, configuring the VPN server settings, allow routing and remote access inbound traffic through Windows firewall, select VPN users, configure the VPN server for allowing network access, and lastly, setting up PPTP connections on clients.
Corresponding work: 2024 Semester 2, Implementing Auto Scaling and Load Balancing AWS.
This project included the demonstration of AWS Auto Scaling. The documentation also includes statements relating to the ability to automatically scale and monitor cloud resources. As an example, if an EC2 instance is experiencing higher than usual load, Auto Scaling will automatically scale up its resources (based on admin configurations) in order to compensate for the increase load. This project displayed the functionality of Auto Scaling by configuring and applying an Auto Scale rule, manually creating one EC2 instance, logging into the instance, stressing the resources of the instance, and visually confirmed the automatic creation of multiple EC2 instances in order to spread out the load of the original EC2 instance.
Objective 04
Plans, Policies, & Procedures
Create a policy or procedure that addresses events such as: a disaster recovery plan, a business continuity plan, an incident response policy, an acceptable usage document, an information security policy, a physical security policy, assessments or troubleshooting procedures.
Corresponding work: 2023 Semester 1, Incident Response Final Project.
Full documentation of an incident response plan regarding the hypothetical situation involving a ransomware attack. The document outlines the possible outcomes that may result from a successful ransomware attack before providing the structure and instructions of how to properly respond to ransomware attack in order to minimize damage or prevent loss. The incident response plan covers a wide range of possibilities that could result from a ransomware attack such as data loss or legal liability.
Corresponding work: 2024 Semester 3, Future-Proofing a Network Design.
A policy aimed at expressing the actions and strategies that an organization can take in order to implement a future-proofed network design. A large part of this document emphasized the need to think ahead and remove any possible future obstacles, even if it requires spending a little more now instead of spending much more later when the network requires an expensive overhaul in order to keep up with time. Since this document was written in my third semester of 2024, a large amount of emphasis went towards prepping the network for high-intensive AI workloads.
Objective 05
Implementation Planning
Develop a research report or implementation plan concerning legal and ethical best practices and mandated requirements that pertain to information security.
Corresponding work: 2024 Semester 1, System Administration I Final Project.
AWS infrastructure design implementation highlighting computing, storage, database, networking, security, disaster recovery, monitoring and management, cost optimization, and compliance. In this particular project, I were to roleplay as the lead cloud solutions architect at a medium-sized enterprise. My responsibility was to develop a full report on the steps of which the company should take in order to migrate many of its on-site networking resources onto the cloud (Amazon Web Services). The 17-page document contains an overall AWS infrastructure design such as computing, storage, database, and other AWS resources to be used, along with the explanation of these choices. The entire document generally consist of the following: cost considerations, a transition plan, downtime mitigations, assessment & planning, proof of concept, migration preparation, data migration, application migration, testing and validation, cutover and go-live, optimization and management, challenges and mitigations, best practices, performance tuning, and management practices.
Corresponding work: 2023 Semester 1, Implementing Group Policy Objects - GPOs.
Complete documentation, a step-by-step implementation plan for Group Policy Objects within an Active Directory. This document involved setting up MLGPO and an entire guide for creating, managing, and configuring group policy objects, these objects included items such as processing, settings, and preferences.
Objective 06
Threat Hunting
Research, document, test and evaluate several current industry information security based threats, risks, malicious activities, covert methodology, encryption technologies,
mitigation techniques or unconventional tactics to prevent loss of sensitive information and data confidentiality, integrity and availability.
Corresponding work: 2023 Semester 3, Personal Risk Assessment Presentation.
A presentation targeted at an employer's business and its other employees, this presentation features potential risk, mitigations, and recommendations for current physical and online security threats. Additionally, there are also risk recommendations regarding laws and compliances.
Corresponding work: 2023 Semester 2, 2023 T-Mobile Exploited Presentation.
A presentation highlighting a breach that had recently (at the time of making the presentation) occurred in T-Mobile. The presentation featured an explanation of the incident, how it happened, and how the company responded to the incident. I then applied a specific topic relating to the response of the incident and how it would be applied, this was done in order to prepare for the possibility of such an incident occurring. The topic applied involved detecting and responding.