Skip to main content
sudoRunner
sudoRunner

SRA 221: Information Security Foundations Lab Collection

Information Security Foundations Case Study

This portfolio-safe case study summarizes selected SRA 221 Overview of Information Security lab work focused on foundational security operations, web application security analysis, reconnaissance, protocol analysis, service discovery, automated security analysis, VPN configuration, firewall configuration, Active Directory user management, file system forensics, and Splunk log analytics.

Course SRA 221
Project Type Information Security Foundations Lab Collection
Focus Security Tools · Networking · Access · Logs · Forensics
Tools / Platforms OWASP ZAP · Wireshark · SPARTA · OpenVPN · pfSense · Active Directory · Splunk
Professional Angle Foundational Security Operations and Analyst Readiness
Publishing Level Portfolio-Safe / No Raw Lab Screenshots Published

Overview
#

SRA 221 provided an early overview of information security through a sequence of hands-on labs.

The available coursework supports a broad foundational security narrative covering:

  • lab environment setup
  • web application security testing with OWASP ZAP
  • website reconnaissance
  • protocol analysis with Wireshark
  • live machine and service discovery
  • automated security analysis with SPARTA
  • VPN server configuration with OpenVPN
  • firewall configuration with pfSense
  • Active Directory domain user account management
  • introductory file system forensics
  • log analytics with Splunk
  • cyber incident writing and breach analysis

This page is intentionally written as a portfolio-safe summary. It does not publish raw screenshots, full lab submissions, private lab credentials, complete answers, or detailed step-by-step procedures.

The strongest portfolio angle is security foundations. This course helped establish practical awareness of the tools and concepts that later appear in more advanced cybersecurity work, including CYBER 262, CYBER 366, CYBER 440, IST 454, IST 456, and ServiceNow SecOps workflow thinking.

Why This Project Matters
#

SRA 221 matters because it represents the early hands-on layer of my cybersecurity education.

Before advanced malware analysis, incident response, forensics, or ServiceNow SecOps work, a security analyst needs a base understanding of:

  • how web application testing tools identify issues
  • how reconnaissance supports assessment
  • how packets reveal communication behavior
  • how to identify live systems and services
  • how automated scanning can support analysis
  • how VPNs support secure remote access
  • how firewalls enforce traffic control
  • how directory services manage users
  • how file systems can contain forensic evidence
  • how SIEM/log analytics tools support detection

This course helped build that practical foundation.

Portfolio-Safe Publishing Approach
#

Security and academic integrity note: This case study summarizes foundational information security lab work without publishing raw screenshots, credentials, private lab details, full submissions, complete answers, or copy-paste-ready procedures.

This page excludes:

  • raw lab screenshots
  • complete academic submissions
  • private lab credentials
  • private course instructions
  • raw scan results
  • exact lab environment details
  • full answer sheets
  • copy-paste-ready procedures
  • private student identifiers

Instead, it presents:

  • lab topics
  • security concepts
  • tools used
  • portfolio-safe summaries
  • professional lessons learned
  • connection to later cybersecurity work

Lab Collection Summary
#

Lab
Portfolio-Safe Summary
Focus
Lab 01: Cyrin Labs and Account Setup
Set up and accessed the lab environment used for later hands-on security exercises.
Lab Setup
Lab 02: Web Application Security Analysis Using OWASP ZAP
Introduced web application security testing concepts using OWASP ZAP to analyze web application behavior and identify potential issues.
Web App Security
Lab 03: Web Site Reconnaissance
Practiced reconnaissance concepts used to collect information about a website or target environment before deeper analysis.
Reconnaissance
Lab 04: Protocol Analysis I - Wireshark Basics
Used Wireshark concepts to review network protocol behavior and understand packet-level communication.
Protocol Analysis
Lab 05: Identifying Live Machines and Services on an Unknown Network
Practiced host and service discovery concepts to identify live machines and exposed services in a networked environment.
Service Discovery
Lab 06: Automating Security Analysis with SPARTA
Introduced automated security analysis concepts using SPARTA-style reconnaissance and enumeration workflows.
Automated Analysis
Lab 07: VPN Server Configuration with OpenVPN
Worked with VPN server configuration concepts related to secure remote access and encrypted connectivity.
VPN
Lab 08: Firewall Configuration with pfSense
Practiced firewall configuration concepts using pfSense, including traffic control and perimeter security thinking.
Firewall
Lab 09: Active Directory Domain User Accounts
Worked with Active Directory concepts related to domain user account management and centralized identity administration.
Identity
Lab 10: Introductory File System Forensics
Introduced file system forensics concepts, supporting later work in digital forensics and incident investigation.
Forensics
Lab 11: Log Analytics with Splunk
Introduced log analytics concepts using Splunk, supporting later SIEM, detection, investigation, and security operations work.
Splunk

Major Security Domains Covered
#

Web Application Security
#

OWASP ZAP and web security analysis introduced how web applications can be tested for potential security issues.

OWASP ZAP

Reconnaissance and Enumeration
#

Website reconnaissance, live machine identification, and service discovery introduced early assessment methodology.

Recon

Network Protocol Analysis
#

Wireshark helped connect security analysis to packet-level communication and protocol behavior.

Wireshark

Secure Remote Access
#

OpenVPN lab work introduced VPN server configuration and encrypted remote access concepts.

OpenVPN

Firewall Configuration
#

pfSense firewall configuration introduced traffic control, access restriction, and defensive network boundary concepts.

pfSense

Identity and Access
#

Active Directory lab work introduced centralized identity and domain user account management.

Active Directory

File System Forensics
#

Introductory forensics work connected file system evidence to investigation and incident response concepts.

Forensics

Log Analytics
#

Splunk introduced SIEM-style thinking around log search, event review, and security investigation.

Splunk

Technical Learning Path
#

1

Establish the Lab Environment
#

Started with account setup and lab access so later security exercises could be performed in a controlled environment.

Lab Setup

2

Analyze Web and Network Surfaces
#

Moved into web application security, website reconnaissance, and protocol analysis.

Web / Network

3

Discover Hosts and Services
#

Practiced identifying live machines, exposed services, and network visibility.

Discovery

4

Automate Reconnaissance and Assessment
#

Used SPARTA-style automated analysis concepts to support enumeration and security review.

Automation

5

Configure Defensive Infrastructure
#

Worked with OpenVPN and pfSense concepts to understand remote access and firewall control.

Defense

6

Connect Identity, Forensics, and Logs
#

Finished with Active Directory, file system forensics, and Splunk log analytics, linking identity and evidence to investigation workflows.

Investigation

Web Application Security Evidence
#

The OWASP ZAP lab introduced web application security analysis.

Portfolio-safe concepts included:

  • web application testing workflow
  • proxy-based security analysis
  • identifying potential application issues
  • understanding how automated tools support review
  • recognizing that tool results still require analyst interpretation
  • connecting web testing to broader application security awareness

This supports later vulnerability management and ServiceNow SecOps work because web application findings need triage, ownership, remediation, validation, and documentation.

Reconnaissance and Service Discovery Evidence
#

The reconnaissance and unknown-network labs introduced early assessment concepts.

Portfolio-safe concepts included:

  • information gathering
  • identifying visible services
  • understanding target exposure
  • recognizing live systems
  • documenting findings
  • using reconnaissance as an early phase of security assessment

This is relevant to vulnerability management because you cannot secure what you cannot identify.

Protocol Analysis Evidence
#

The Wireshark lab introduced packet-level analysis.

Portfolio-safe concepts included:

  • reviewing network traffic
  • understanding protocols
  • observing communication behavior
  • interpreting packet-level data
  • using network evidence to support technical analysis

This supports later work in CYBER 362 network traffic analysis, CYBER 440 incident response, and general security operations.

VPN and Firewall Evidence
#

The OpenVPN and pfSense labs introduced defensive infrastructure concepts.

Portfolio-safe concepts included:

  • secure remote access
  • encrypted VPN connectivity
  • firewall configuration
  • traffic filtering
  • access control
  • network boundary protection
  • defensive network architecture

These concepts matter because security operations depends on understanding the controls that protect network access and traffic flow.

Active Directory Evidence
#

The Active Directory lab introduced centralized identity concepts.

Portfolio-safe concepts included:

  • domain user account management
  • identity administration
  • centralized account control
  • access management foundations
  • relationship between identity and security operations

This is relevant because identity is central to modern cybersecurity. Many incidents involve account compromise, privilege misuse, weak credentials, or poor access governance.

File System Forensics Evidence
#

The introductory forensics lab connected information security to evidence handling.

Portfolio-safe concepts included:

  • file system evidence
  • forensic thinking
  • investigation workflow
  • artifact review
  • relationship between file evidence and incident investigation

This supports later forensic work in IST 454 and CYBER 440.

Splunk Log Analytics Evidence
#

The Splunk lab introduced log analytics and SIEM-style analysis.

Portfolio-safe concepts included:

  • searching log data
  • reviewing events
  • interpreting security-relevant records
  • using logs to support investigation
  • connecting system activity to analyst conclusions

This supports later work in SIEM, detection, incident response, ServiceNow SecOps, and cybersecurity analysis.

Breach Writing and Security Awareness
#

The extra writing assignment reviewed a recurring payment-system breach involving compromised payment records across multiple cities.

The useful portfolio angle is not the specific breach itself, but the reasoning it supported:

  • recurring incidents suggest failed remediation
  • patching and recovery processes must be validated
  • repeated compromise can create accountability concerns
  • smaller breaches still matter when prior incidents were not fully resolved
  • security writing must explain impact clearly

The “Do Something Good” assignment is not a cybersecurity lab, so it is not central to this page. It can be treated as a minor civic/community note, but not a main portfolio artifact.

Capability-to-Evidence Map
#

Capability
Evidence from SRA 221
Status
Web Application Security Awareness
Worked with OWASP ZAP concepts for web application security analysis and vulnerability-oriented review.
Completed
Reconnaissance and Enumeration
Practiced website reconnaissance, identifying live machines, and identifying services on an unknown network.
Completed
Protocol Analysis
Used Wireshark basics to review protocol behavior and network communication.
Completed
Defensive Infrastructure
Worked with OpenVPN and pfSense concepts for VPN access, firewall configuration, and traffic control.
Completed
Identity Foundations
Worked with Active Directory concepts for centralized domain user account management.
Completed
Forensics Foundations
Completed introductory file system forensics work supporting later digital forensics and incident investigation coursework.
Completed
Log Analytics
Worked with Splunk log analytics concepts supporting SIEM, detection, and security investigation foundations.
Completed

Relationship to Later Coursework
#

SRA 221 is best understood as an early foundation for later cybersecurity coursework.

Later Course / Project
How SRA 221 Supports It
Connection
CYBER 262
SRA 221 introduced core lab and security tool familiarity before deeper security foundations, Linux/Python, HIDS/NIDS, Splunk, and buffer overflow work.
Security Foundations
CYBER 362
Wireshark and protocol analysis foundations support later network traffic analysis and ML-based anomaly detection work.
Traffic Analysis
IST 454
Introductory file system forensics supports later forensic imaging, registry analysis, data carving, and evidence handling work.
Forensics
CYBER 440
Splunk, logs, network analysis, and forensics foundations support later capstone incident response and forensic investigation work.
IR Capstone
IST 456
SIEM-style thinking, identity, firewall, and risk concepts support later security risk management and Enigma Glass lab work.
Risk Management
ServiceNow SecOps
Web findings, service discovery, identity issues, firewall controls, forensic evidence, and logs all map to triage and remediation workflows.
SecOps Workflow

What I Learned
#

This course reinforced several foundational lessons:

  • security tools require analyst interpretation
  • reconnaissance is a normal part of security assessment
  • network traffic can reveal important technical context
  • exposed services expand attack surface
  • automated scanning can assist but not replace analysis
  • VPNs and firewalls support secure access and traffic control
  • identity management is central to security operations
  • file systems can contain investigative evidence
  • logs are essential for detection and response
  • early security foundations support more advanced malware, forensics, SIEM, and incident response work

Professional Relevance
#

This project supports roles and tasks involving:

  • cybersecurity analysis
  • security operations
  • vulnerability management
  • ServiceNow SecOps consulting
  • web application security awareness
  • network investigation
  • firewall and VPN awareness
  • Active Directory basics
  • digital forensics foundations
  • Splunk/log analytics foundations
  • incident response preparation

It is especially relevant to ServiceNow SecOps because findings from web testing, reconnaissance, identity review, firewall controls, forensic evidence, and logs often need to become tracked work: triage, ownership, remediation, validation, exception handling, and closure.

Difference from CYBER 262
#

SRA 221 and CYBER 262 both support security foundations, but they play different roles.

Course
Main Portfolio Angle
Best Evidence Type
SRA 221
Introductory information security tool exposure across web security, recon, Wireshark, OpenVPN, pfSense, Active Directory, forensics, and Splunk.
Foundations
CYBER 262
Deeper cybersecurity foundations involving Linux, Python parsing, endpoint security, Wazuh HIDS, Snort NIDS, Splunk, 2FA, and buffer overflow concepts.
Hands-On Labs

SRA 221 is best treated as the earlier overview course that prepared the ground for later technical cybersecurity lab work.

Portfolio-Safe Redaction Notes
#

This case study intentionally excludes:

  • raw lab screenshots
  • full lab submissions
  • private lab credentials
  • complete answer sheets
  • exact lab environment details
  • private course instructions
  • full scan outputs
  • copy-paste-ready procedures

The goal is to show information security foundation and tool exposure without publishing raw academic work.

Related Portfolio Areas#

Security Operations
#

This work supports early SOC-style foundations through logs, protocol analysis, identity, firewall, and forensic awareness.

SOC-Relevant

Vulnerability Management
#

OWASP ZAP, reconnaissance, and service discovery support understanding of exposure and remediation workflows.

Vulnerability-Relevant

Digital Forensics
#

Introductory file system forensics supports later IST 454 and CYBER 440 evidence-handling work.

Forensics Foundation

ServiceNow SecOps
#

Foundational security findings become meaningful when they are tracked, assigned, remediated, validated, and closed.

SecOps-Relevant

Next Steps
#

This project can later be connected to:

  • the cybersecurity foundations capability section
  • the CYBER 262 page
  • the IST 454 forensics page
  • the CYBER 440 capstone page
  • a security operations review path
  • a web application security foundations note
  • a log analytics / Splunk foundations note

For now, this page serves as the main portfolio-safe summary of my SRA 221 Overview of Information Security work.