diff --git a/CIS258/F25IEC_HW2_Greene_Isaac.tex b/CIS258/F25IEC_HW2_Greene_Isaac.tex new file mode 100644 index 0000000..4fac820 --- /dev/null +++ b/CIS258/F25IEC_HW2_Greene_Isaac.tex @@ -0,0 +1,222 @@ +\documentclass[12pt]{scrartcl} +\usepackage[T1]{fontenc} +\usepackage{tgpagella} +\usepackage{xcolor} +\usepackage{ulem} +\usepackage[head=24pt]{geometry} +\usepackage{scrlayer-scrpage} +\usepackage{setspace} +\usepackage{array} +\usepackage{graphicx} +\usepackage{hyperref} + +\geometry{letterpaper} + +\hypersetup{ + colorlinks=true, + linkcolor=blue, + filecolor=magenta, + urlcolor=isaac-red, + pdftitle={F25IEC\_HW2\_Greene\_Isaac}, + pdfauthor={Isaac Greene}, + pdfpagemode=FullScreen +} +\urlstyle{same} + + +\definecolor{isaac-red}{HTML}{C52947} +\definecolor{isaac-blue}{HTML}{0E4385} + +\newcommand\sectionuline{% + \bgroup\markoverwith{\textcolor{isaac-red}{\rule[-0.5ex]{2pt}{1.7pt}}}% + \ULon% +} +\newcommand\subsectionuline{% + \bgroup\markoverwith{\textcolor{isaac-blue}{\rule[-0.5ex]{2pt}{1.7pt}}}% + \ULon% +} + +\clearpairofpagestyles + +\setkomafont{subsubsection}{\usefont{T1}{qpl}{b}{n}} +\setkomafont{subsection}{\usefont{T1}{qpl}{m}{n}\large} +\setkomafont{section}{\usefont{T1}{qpl}{b}{n}\Large} +\setkomafont{part}{\usefont{T1}{qpl}{b}{n}\LARGE} +\addtokomafont{part}{\subsectionuline} +\addtokomafont{section}{\sectionuline} +\addtokomafont{subsection}{\subsectionuline} +\addtokomafont{subsubsection}{\sectionuline} + +\setlength{\parindent}{12pt} +\setlength{\parskip}{0pt} +\doublespacing + +\title{\Large Isaacal Media Risk Assessment} +\author{\normalsize Isaac Greene} +\date{\normalsize October 5, 2025} + +\lohead{F25IEC\_HW2\_Greene\_Isaac} +\lofoot{\begin{spacing}{1}No AI used <\href{http://ig7.us/ai}{ig7.us/ai}>. Built with \LaTeX.\\Work available under the Esoteric Common License <\href{http://ig7.us/license}{ig7.us/license}>.\end{spacing}} +\ohead*{\pagemark} + +\begin{document} +\part*{Isaacal Media Risk Assessment} +Isaac Greene\\ +October 5, 2025 +\begin{spacing}{1} +\tableofcontents +\end{spacing} +\section{Organization Background} +Isaacal Media is the trade name I use, registered in Calhoun County, for the web design and technical services I provide to my clients. This risk assessment details what actions I am taking and should take in the future to secure my services and public access to them. This report focuses on the services used, the connections between and underpinning those services, and what security measures are in place to prevent breaches by the public. Front services are primarily operated under *.isaac.run, with the backend (such as email) operating from *.xtzws.com. To perform this assessment, I have compiled all software I use, how and where it has been deployed, and what levels of access known or unknown users have to it. + +All software that is installed is Free and Open Source software due to its low cost, simple licensing, support, and security.\footnote{\url{https://youtu.be/HcV4u-nemNk} Is Open Source More Secure? - Jeff Crume / IBM, April 2024} To conduct this assessment, I have logged into each of my systems and read documentation for applicable software. Individual assessments include supporting services, such as certificate management, cron jobs, etc., but does not include factors outside of my control such as data center reliability or peering.\footnote{I have SLAs with most of my hosting partners, and they make available the security and backup protocols of their sites.} +\renewcommand{\arraystretch}{1.5} +\subsection{List of services in scope} +\begin{center} +\begin{table}[h] +\centering +\begin{tabular}{ |l|l|l| } +\hline +\textbf{Service} & \textbf{Domain} & \textbf{Location}\\ +\hline +Main site & www.isaac.run & Cloudflare\\ +Forgejo & git.isaac.run & Germany\\ +Email & mail.xtzws.com & Germany\\ +Assignments & edu.isaac.run & Germany\\ +Bank & bank.isaac.run & Lansing 1\\ +MySQL & N/A & Germany/Lansing 2\\ +CDN & cdn.isaac.run \& cdn.10161997.xyz & Boston\\ +Analytics & plausible.isaac.run & Lansing 1\\ +Docs & ig7.us & Germany\\ +Servers & N/A & Lansing/Germany\\ +\hline +\end{tabular} +\caption{Summary of all services used and considered in scope of this assessment.} +\end{table} +\end{center} + +\begin{center} +\begin{table}[h!] +\centering +\begin{tabular}{ |l|l|m{16em}| } +\hline +\textbf{Service} & \textbf{Domain} & \textbf{Description}\\ +\hline +SSO & \{login|auth|id|sso\}.isaac.run & Increase security and usability of Isaacal Media services\\ +Payments & pay.isaac.run & Accept card payments, processed by Square\\ +CRM & mem.ig7.us & Keep track of personal relationships\\ +\hline +\end{tabular} +\caption{Services potentially coming online soon.} +\end{table} +\end{center} + +\subsection{Personal information processing} +\begin{center} +\begin{table}[h!] +\centering +\begin{tabular}{ |l|m{16em}| } +\hline +\textbf{Information} & \textbf{Used by}\\ +\hline +PII & Services with an account\\ +Email & Forgejo (for attributing commits), Assignments (for login), Email (to login)\\ +Finances & Bank of Isaac to show transaction statements\\ +User-submitted content & Forgejo, Assignments, Email, CDN\\ +Non-PII & Plausible (record website visits)\\ +Payment information & Cards are processed and stored by Square, offline payments like checks and cash are not stored online\\ +\hline +\end{tabular} +\caption{Processing of data by the services.} +\end{table} +\end{center} + +\newpage +\section{Potential Threats} +There are myriad reasons a system could go down, the most common of which are relatively harmless (except for potential frustration), but there are more serious threats to consider. +\begin{spacing}{1} +\subsection{Natural threats} +\begin{list}{-}{} +\item Earthquakes +\item Tornadoes +\item Floods +\item Heavy storms +\item Hurricanes +\item Power grid failure +\item Network cable failures +\end{list} +\subsection{Routine threats} +\begin{list}{-}{} +\item Certificate expiration +\item Maintenance +\item Overloaded systems +\item Misconfigured services +\end{list} +\subsection{Irregular threats} +\begin{list}{-}{} +\item Network attacks +\item Denial of service and distributed denial of service +\item Data center failure +\item Unprivileged access +\item Insecure account +\end{list} +\end{spacing} +\newpage +\section{Vulnerabilities} +\subsection{Techniques} +Threats in the above list and deemed mission critical\footnote{Main site, Forgejo, SSO, Assignments, and CDN are mission critical} were analyzed against proprietary documents detailing security measures in place at my hosting partners' data centers, and against the OWASP Top 10,\footnote{\url{https://owasp.org/www-project-top-ten/} Top 10 Web Application Security Risks, OWASP, September 2021} the MDN HTTP Observatory,\footnote{\url{https://developer.mozilla.org/en-US/observatory/analyze?host=isaac.run} HTTP Observatory Report, Mozilla, September 2025 (substitute isaac.run for other domains)} and Internet.nl,\footnote{\url{https://internet.nl/site/www.isaac.run/3362441/} Website test: www.isaac.run, Dutch government, July 2025} with some monitoring available from my hosts and continued monitoring with OSSEC. + +\subsection{Remedies} +\subsubsection{Overloaded systems} +\textit{Affects Forgejo, Email, Bank, Assignments.} +All systems have multiple levels of DDoS protection built in. These services also allow user-submitted content so to prevent harmful content, self-registration is disabled and all accounts must be manually created. However, while it is difficult for any single account to cause issues, if more people or more services were added to the server, the chance of a DoS is likely. Currently, as the services are mostly single-tenant, there is no need for scalability. If there ever comes a point where more than one server is needed, scalability will be addressed then. +\subsubsection{SQL injection} +\textit{Affects Forgejo, Assignments, Plausible.} +Few services use SQL, and these ones are enterprise-ready, so it is assumed that they are resistant to SQL injection attacks. +\subsubsection{Data center failure} +\textit{Affects All.} +There is a long list of what steps my hosting partners take to keep servers online. They include redundant fire systems, biometric locks, generators, multiple network links, and 24 hour monitoring and staffing. +\subsubsection{Insecure accounts} +\textit{Affects Plausible, certain Admin panels, Forgejo, Bank, Assignments}. +Due to the increased security of disabling self-registration, accounts that are created can be forced and verified to meet stringent requirements. For example, Forgejo is configured to require at least a 24 character password, and Bank of Isaac accounts are set up in a way that the password is sent\footnote{Password files are uploaded to \href{https://wormhole.app}{Wormhole}, then the share link is sent to the recipient which expires after one download or one day.} to the user that not even I learn their password. +\subsubsection{Certificate expiration} +\textit{Affects All (-ig7.us).} +Most, if not all, SSL certificates are managed by Certbot so renewal happens automatically. On the Lansing servers, certain certificates need to be renewed manually so it is possible that these certificates could expire. +\subsubsection{Denial of service} +\textit{Affects All.} Every system is at risk of a denial of service issue, either intentional or not. All systems have backups at the data center, operating system, and web server level, with some having additional protection at the application level. Most of my servers have several applications installed so keeping system usage low is crucial and can be maintained. My analytics show that I am often the only visitor on most of my sites. +\section{Impact} +The failure or breach of any system is unlikely to cause physical harm to any person. However, there are reputation costs not only to myself, but also to my clients. Their customers may wonder why an issue has occured, whether their information is at risk, or lose confidence in the ability to conduct business. + +A server failure would be the most destructive of these options. For example, nearly all requests for any webpage make a subsequent request to the CDN for a font file, image file, or stylesheet. Failure to reach the site could break usability or accessibility for some users, and this has the added risk of noncompliance with accessibility statutes. + +Extended downtime does not have much direct financial cost. Stopgap solutions could be quickly spun up on alternate hardware or providers, and my providers are low-cost to begin with. My clients, while they do process online payments, have fairly low traffic so if part of their site was down, even for a few hours, there is a low chance anyone would be affected. + +\section{Risks} +\subsection{Risk Matrix} +\begin{center} +\begin{table}[h!] +\centering +\begin{tabular}{ |l|m{30em}| } +\hline +\textbf{Score} & \textbf{Description}\\ +\hline +Very high & Complete and total degradation of a mission critical service, or loss of confidentiality or security. Examples: kernel panic, password breach, DDoS, SSO failure, unauthorized access to restricted files\\ +High & Severe, but not critical failure of a critical service. Expected to cause errors, but not total collapse. Examples: Payments fail, Forgejo fails to retrieve git information, leaked secrets\\ +Moderate & Important but not severe degradation, or prolonged disruption to, a service. Examples: Slow return speeds on a website, certificate expiration, backend down for maintenance\\ +Low & Should-fix issues but not major cause for concern. Examples: minor stylesheet fails to load, email takes a long time to deliver, Content-Security-Policy violation, site does not redirect to HTTPS\\ +Very low & Minor annoyances that have no real impact. Examples: visual glitch on a webpage, children attempting to login to a server\\ +\hline +\end{tabular} +\caption{Risk matrix and scores. Adapted from Table I-2 of NIST SP 800-30.} +\end{table} +\end{center} + +\subsection{Risk Mitigations} +OWASP places broken access control as the highest vulnerability. \footnote{\url{https://owasp.org/Top10/A01_2021-Broken_Access_Control/} A01:2021 – Broken Access Control, OWASP, September 2021} Securing access to the servers remains the high priority. Currently, measures in place include login only over SSH, strong password for users, and default SSH port was changed. To further tighten access, SSH could be denied for root, login only with a user with no sudo access, and denying access over IPv4. Some sites also place files at publicly accessible URL but not hyperlinked from any other page, but this should change to place those documents out of the web root. + +\section{Conclusion} +Overall, the likelihood of a threat becoming a reality is low. There are redundant systems in place to mitigate attacks, other resources I can draw on to help in the event of a current attack, and systems are continually monitored for performance and reliability. Due to the scale of my operations, the limited personal information stored anyway, and the low criticality of my services, and use of current software, I find there is no immediate risk to Isaacal Media. + +Low risk threats to mitigate include strengthening SSH access, removing potentially sensitive documents from the web root, and configuring proper intrusion detection systems. All software, including services, cipher suites, encryption methods, operating systems, etc. is kept as up-to-date as is feasible. All secure information, such as passwords, are already stored in a hashed form and pose low risk if taken. + +\end{document} diff --git a/CIS258/F25IEC_Project1_Greene_Isaac.tex b/CIS258/F25IEC_Project1_Greene_Isaac.tex new file mode 100644 index 0000000..6b9186a --- /dev/null +++ b/CIS258/F25IEC_Project1_Greene_Isaac.tex @@ -0,0 +1,17 @@ +\documentclass{beamer} +\usepackage{palatino} +\title{Sample title} +\author{Anonymous} +\institute{Overleaf} +\date{2021} + +\begin{document} + +\frame{\titlepage} + +\begin{frame} +\frametitle{Sample frame title} +This is some text in the first frame. This is some text in the first frame. This is some text in the first frame. +\end{frame} + +\end{document} \ No newline at end of file diff --git a/FIT108/F25HBs_Midterm_Greene_Isaac.tex b/FIT108/F25HBs_Midterm_Greene_Isaac.tex new file mode 100644 index 0000000..893f473 --- /dev/null +++ b/FIT108/F25HBs_Midterm_Greene_Isaac.tex @@ -0,0 +1,70 @@ +\documentclass[12pt]{scrartcl} +\usepackage[T1]{fontenc} +\usepackage{tgpagella} +\usepackage{xcolor} +\usepackage{ulem} +\usepackage{geometry} +\usepackage{scrlayer-scrpage} +\geometry{letterpaper} +\usepackage{hyperref} + +\hypersetup{ + colorlinks=true, + linkcolor=blue, + filecolor=magenta, + urlcolor=isaac-red, + pdftitle={F25HBs\_Midterm\_Greene\_Isaac}, + pdfauthor={Isaac Greene}, + pdfpagemode=FullScreen +} +\urlstyle{same} + +\definecolor{isaac-red}{HTML}{C52947} +\definecolor{isaac-blue}{HTML}{0E4385} + +\newcommand\sectionuline{% + \bgroup\markoverwith{\textcolor{isaac-red}{\rule[-0.5ex]{2pt}{1.7pt}}}% + \ULon% +} +\newcommand\subsectionuline{% + \bgroup\markoverwith{\textcolor{isaac-blue}{\rule[-0.5ex]{2pt}{1.7pt}}}% + \ULon% +} + +\clearpairofpagestyles + +\setkomafont{subsubsection}{\usefont{T1}{qpl}{b}{n}} +\setkomafont{subsection}{\usefont{T1}{qpl}{m}{n}\large} +\setkomafont{section}{\usefont{T1}{qpl}{b}{n}\Large} +\setkomafont{part}{\usefont{T1}{qpl}{b}{n}\LARGE} +\addtokomafont{part}{\subsectionuline} +\addtokomafont{section}{\sectionuline} +\addtokomafont{subsection}{\subsectionuline} +\addtokomafont{subsubsection}{\sectionuline} + +\setlength{\parindent}{0pt} +\setlength{\parskip}{12pt} + +\lohead{F25HBs\_Midterm\_Greene\_Isaac} +\lofoot{No AI used <\href{http://ig7.us/ai}{ig7.us/ai}>. Built with \LaTeX.\\Work available under the Esoteric Common License <\href{http://ig7.us/license}{ig7.us/license}>.} +\ohead*{\pagemark} + +\begin{document} +\part*{FIT108 Midterm} + +\section{Connecting body and breath} +I think I am able to do this well because not only do I have several years of experience with exercise, and in running controlling breath and body together is crucial in maximizing performance. I have also done yoga several times, and was privileged to be able to take a yoga and Pilates class this spring at my community college. Compared to traditional exercise, I certainly have to think about breath more, but it also wasn't something I never thought about before. I really enjoy the focus and concentration spent on each movement, but I do wish we went a little slower. + +\section{Favorite exercise we've done in class} +I really like the warriors, but my favorite has to be chaturanga with downward dog being a close second. Something we were taught this spring is that while both might seem hard at first, you realize that they're actually recovery positions and when my instructor said that, it helped me enjoy it more. I think even just shifting how you think about them, not even because you're getting stronger, can help make the asanas easier. + +\section{Using breath, core activation, and control} +I find it pretty easy to incorporate all three. I have never done a core workout that was easy, but to me, the breath is pretty intuitive. Certain motions just have a specific breath associated with them so you don't even really have to think about it. While I certainly am not an expert, and really hope I don't come across as a holier-than-thou guy, I was a varsity runner in high school, varsity runner in college, and currently work with a coach out of Kalamazoo every week. So I have spent a lot of time focusing on how my body works and targeting specific areas. + +\section{Physical and mental state} +After my 80 minute commute and before the rest of my day, I really like being able to take an hour to disconnect and focus on me. I'll probably keep bringing it up, but in the spring we were told that the class was our allotted selfish time that we don't have to worry about other people. I really can't speak to my fitness level. While I'm currently "training" for a race in two and a half weeks, with another race three weeks after, I don't exercise enough currently to see a marked improvement. Not that I think yoga isn't exercise, but I can't compound the effects with another sport. + +\section{Decluttering physical energy and the mind} +This goes well. Again, from my experience with racing, I know how to channel my thoughts and focus only on what I need to focus on. The same goes with class, I'm able to ground myself during relaxation and completely unclench my muscles. Sometimes it feels like I'm still holding something, but then try and specifically untense a muscle only to realize I already did because I just do it automatically. + +\end{document} \ No newline at end of file diff --git a/MTH122/F25MB6_Notes_Greene_Isaac.tex b/MTH122/F25MB6_Notes_Greene_Isaac.tex new file mode 100644 index 0000000..88812e5 --- /dev/null +++ b/MTH122/F25MB6_Notes_Greene_Isaac.tex @@ -0,0 +1,100 @@ +\documentclass[12pt]{scrartcl} +\usepackage[T1]{fontenc} +\usepackage{tgpagella} +\usepackage{xcolor} +\usepackage{ulem} +\usepackage{geometry} +\usepackage{scrlayer-scrpage} +\geometry{letterpaper} +\usepackage{hyperref} + +\hypersetup{ + colorlinks=true, + linkcolor=blue, + filecolor=magenta, + urlcolor=isaac-red, + pdftitle={F25IEC\_HW2\_Greene\_Isaac}, + pdfauthor={Isaac Greene}, + pdfpagemode=FullScreen +} +\urlstyle{same} + +\definecolor{isaac-red}{HTML}{C52947} +\definecolor{isaac-blue}{HTML}{0E4385} + +\newcommand\sectionuline{% + \bgroup\markoverwith{\textcolor{isaac-red}{\rule[-0.5ex]{2pt}{1.7pt}}}% + \ULon% +} +\newcommand\subsectionuline{% + \bgroup\markoverwith{\textcolor{isaac-blue}{\rule[-0.5ex]{2pt}{1.7pt}}}% + \ULon% +} + +\clearpairofpagestyles + +\setkomafont{subsubsection}{\usefont{T1}{qpl}{b}{n}} +\setkomafont{subsection}{\usefont{T1}{qpl}{m}{n}\large} +\setkomafont{section}{\usefont{T1}{qpl}{b}{n}\Large} +\setkomafont{part}{\usefont{T1}{qpl}{b}{n}\LARGE} +\addtokomafont{part}{\subsectionuline} +\addtokomafont{section}{\sectionuline} +\addtokomafont{subsection}{\subsectionuline} +\addtokomafont{subsubsection}{\sectionuline} + +\setlength{\parindent}{0pt} +\setlength{\parskip}{12pt} + +\lohead{F25MB6\_Notes\_Greene\_Isaac} +\lofoot{No AI used <\href{http://ig7.us/ai}{ig7.us/ai}>. Built with \LaTeX.\\Work available under the Esoteric Common License <\href{http://ig7.us/license}{ig7.us/license}>.} +\ohead*{\pagemark} + +\begin{document} +\part*{MTH122:13 Notes} +These notes have been digitally typeset and reassembled from scratch notes. +\tableofcontents + +\section{2025-09-03} +Notes on domain and range\footnote{Dr. Filiz Dogru was our sub on Friday (Sep 5) because Mrs. Brott was out. She has been a math professor at GV for over 23 years.} +Find domain and range. Domain is x-axis, and range is y-axis. +y-intercept = $f(0)$ or $(0, c)$ +x-intercept = $\frac{-b\pm\sqrt{b^{2}-4ac}}{2a}=0$ + +Direction (end behavior) = if a > 0, as $x \longrightarrow \infty$, graph goes up. + +Axis of symmetry and $x_{vertex} = \frac{-b}{2a}$ in standard form but simply "h" in vertex form. +$y_{vertex} = f(x)$ where $x = \frac{-b}{2a}$ + +\begin{equation} +f(x) = 2x^{2}-x-1 +\end{equation} +\begin{equation} +f(x) = \frac{1}{2*2} = \frac{1}{4} = 0.25 +\end{equation} +\begin{equation} +Vertex = (0.25, -1.125) +\end{equation} +\begin{equation} +\frac{+1\pm\sqrt{-1^{2}-4(2)(-1)}}{2(2)} +\end{equation} +\begin{equation} +\frac{1\pm\sqrt{1+8}}{4} +\end{equation} +\begin{equation} +\frac{1\pm\sqrt{9}}{4} = \frac{1\pm3}{4} = \frac{-2}{4} and \frac{4}{4}\ so\ x=\{-0.5, 1\} +\end{equation} + +\section{2025-09-10} +\begin{equation}(x+2)(x+3)=0\end{equation} $\\6x^{2}+x-1=0\\ +x^{2}+5x+6x=0$ +\hrule +$5x^{2}-7x+2=0$ +\begin{enumerate} +\item When $a \neq 1$, multiply first and last term, ($5x^{2}\cdot2=10x$) +\item Find two numbers that multiply to (first * last) and add to the middle term +\item Replace middle term with the found numbers +\item Split the polynomial in half, like $5x^{2}-5x-2x+2$ becomes $(5x^{2}-5x) | (-2x+2)$ +\item Factor each group +\end{enumerate} +$\frac{(5x^{2}}{5x}-\frac{5x)}{5x}$ +\end{document} diff --git a/README.md b/README.md index 4079591..cb4630c 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,17 @@ -# TeX source files for WRT350 +# TeX source files for class -This repo contains the source files for all TeX documents. Because I'm new and don't know LaTeX, these files depend on the following packages (which should come preinstalled with your TeX installation): +This repo contains the source files for all TeX documents. Because I'm new and don't know LaTeX, these files depend on the following packages (which should come prepackaged with your TeX installation): * tgpagella * xcolor * ulem * scrartcl * fontenc * scrlayer-scrpage +* hyperref +* setspace +* geometry +* array +* graphicx These documents largely conform to Isaacal Media print guidelines, with future documents getting closer to the standard. If you have improvements for the way I write these, please let me know! diff --git a/F25LFe_Adpating_Greene_Isaac.tex b/WRT350/F25LFe_Adpating_Greene_Isaac.tex similarity index 100% rename from F25LFe_Adpating_Greene_Isaac.tex rename to WRT350/F25LFe_Adpating_Greene_Isaac.tex