Universidad Nacional Abierta y a Distancia

Vicerrectoría Académica y de Investigación

Course: Information Security
Code: 202016905

Learning Guide - Task 2 Attacking and defending

1. Information of the Task

Table 1. Description.

Aspect Description
1. Type of activity Collaborative
2. Evaluation moment Intermediate
3. Managing unit Escuela de Ciencias Básicas
Tecnología e Ingeniería ECBTI
4. Score of the Choose an 125 points
option
5. The activity starts on: Monday, February 17, 2025
6. The activity ends on: Sunday, March 9, 2025
7. Student independent work 27 Hours
hours

2. Detailed Description of the Learning Activity

Through this activity, the following learning outcome is expected to be

achieved:
Assess information security risks in software development processes in
accordance with standards and the organization's security policy to
ensure the quality of software products.
The activity consists of:

Make a review of the readings corresponding to learning outcome 1 found

in the learning environment.
Collaborative work:

This section aims to understand the topics required for the development
of the activity. The topics of the unit are:
• Pillars of Computer Security
• Risk Management and Security Controls
• Information security programs, processes and policies
• Continuity Plans

For this, the collaborative group is organized to consult, address and

debate the following questions:

1. What are the pillars of computer security and explain them?

2. What is risk management in computer security?
3. What are security controls?
4. Why is it important to implement an information security policy in
an organization?
5. What is the objective of carrying out continuity plans in an
organization?

Each student chooses one of the questions mentioned above, the question
and the reasoned answer are documented and published in the activity
forum, based on the readings made and their personal criteria.
Additionally, she must make a comment to at least one response from a
colleague, to express her support, complement or disagreement in a
respectful and reasoned way.

It is important to cite the sources that support the opinions in APA 7

format, so that colleagues can consult them for further information.

Based on the participations made in the forum, the group prepares an

online electronic presentation, presenting the relevant information on the
topics developed in the questions. This structure is the next one:

Slide 1: Cover.
Slide 2,3,4,5 and 6: Thematic development.

Slide 7: References.
Slide 8. Conclusions.
Individual work:
This activity consists of two parts:
• PART ONE – Defending: Are you aware of the information that anyone
can find out about us without restrictions on the Internet? The
objective is to learn to find what can be known about themselves on
the internet, using OSINT tools (Open Source INTelligence), translated
as Open Source Intelligence. It refers to the set of techniques and tools
to collect public information, analyze the data and correlate it, turning
it into useful knowledge.

In Google there are operators with combination capacity that provide

us with very extensive information: intitle, allintitle, inurl, allinurl,
filetype, link, inanchor, daterange, view / indexFrame.shtml, among
others. On the other hand, there are a multitude of metasearch
engines and other great sources of information within the Internet to
search for any fingerprint or digital trace.
For the development of this activity, you must document and search
for yourself, using the operators mentioned above. Search name, ID
in social networks, on web pages, photos, access cameras, search for
documents with password.

Examples:

• Intitle: "My webcamXP server!" inurl: ": 8080. (Access a camera).

• view / indexFrame.shtml
• Servers with files called password.txt: intitle "Index of" "Index of /"
password.txt (Search a directory structure for a Password file)
• Robots: site: unir.net inurl: robot.txt

Obtain information from the Metasearch engines mentioned below and

attach it to the individual work. In these search engines include your
name (Make the search in at least three of the mentioned search
engines):

o https://duckduckgo.com/
o http://es.kgbpeople.com
o https://www.peekyou.com/
o http://www.spokeo.com
o http://webmii.com

Search your Username in the following metasearch engines to see

whether or not it is available on the different social networks:
 o http://Checkusernames.com
o http://namechk.com
o http://knowem.com

Finally, it must conclude on what is the criminal capacity of the results

obtained in the exercise.

• SECOND PART Attacking: TOR (The Onion Router) is a network

superimposed on the Internet, which allows the exchange of
information between an origin and a destination without revealing the
identity of the users. It maintains the integrity and secrecy of the
information that travels through it thanks to asymmetric cryptography
and the concept of public and private keys. The guarantee of browsing
anonymously and accessing the Deep Web (Deep Network) is total,
accessing services that are often on the other side of legality.

Step 1: The student must install the TOR application.

Step 2: You must navigate in the TOR browser.

Step 3: Leave evidence.

Step 4: Conclude on the use in the TOR browser with reference to the
criminal part. Check if in Colombia there are restrictions for the use of the
TOR Browser and the legal consequences of its use.
Step 5: The student must deliver the document of the individual work with
the following structure:

1. Cover
2. Objectives
3. Part One: OSINT Tools
3.1. Evidence
3.2. To conclude on what is the criminal capacity of the results obtained
in the exercise
4. Part Two: TOR Browser
4.1. Evidence of installation
4.2. Evidence of navigation
4.3. To conclude on the use in the TOR browser from the criminal part
and its consequences
5. Bibliographic references
The following materials and resources are required for the development
of this activity:
In the initial information environment, you should:

• Please check the course agenda for the dates of the activity.

In the learning environment, you should:

• Read the suggested readings for learning outcome 1.
• Enter the activity forum to discuss the topics discussed with
classmates.
In the assessment environment, you must: Each student submits a digital
document (a Word or PDF document) containing the link to the online
electronic submission and evidence of their individual work.

3. Guidelines for Developing and Submitting Learning Evidence

Learning evidence refers to the actions, products, or observable processes

that are done or delivered to demonstrate acquired capabilities, skills,
aptitudes, and attitudes. These serve to allow the teacher to assess and
evaluate student performance effectively.

The evidence to be developed individually are:

• Participation in the activities forum.

• Digital document with evidence of individual work.

The evidence to be developed collaboratively are:

• Participation in the activities forum with contributions that contribute

to the consolidation of group work.
• Link to the online electronic submission.

For their development and submission, please consider the following

guidelines:
1. All group members must participate with their contributions in the
development of the activity.

2. Each group should designate one member to be responsible for

submitting the requested product in the environment specified by the
teacher.

3. Before submitting the requested product, the group should check that
it complies with all the requirements indicated in this activity guide.

4. Only group members who have actively contributed during the

allocated time for the activity should be included as authors of the
requested product.
Please note that all individual or group written products must comply with
“spelling and mechanics” standards and the submission conditions defined
in this activity guide.
Regarding the use of references, consider that the product of this activity
must comply with the standards of Choose an option.

In any case, comply with the referencing standards and avoid academic
plagiarism. To do so, you can support yourself by reviewing your written
products using the Turnitin tool available in the virtual campus.

4. Academic Situations
Consider that in Agreement 029 of December 13, 2013, Article 99, the
following actions are considered as offenses against academic order,
among others: item e) "Plagiarism, that is, presenting as one's own the
entirety or part of a work, paper, document, or invention created by
another person. It also includes the use of false citations or references,
or proposing citations where there is no match between the citation and
the reference," and item f) "Reproducing or copying, for profit,
educational materials or results of research products that have intellectual
property rights reserved for the University."
The academic sanctions that the student will face are as follows:
a) In cases of proven academic fraud in the respective academic work or
evaluation, the grade imposed will be zero points without prejudice to the
corresponding disciplinary sanction.
b) In cases related to proven plagiarism in academic work of any nature,
the grade imposed will be zero points, without prejudice to the
corresponding disciplinary sanction.