Project Two Stepping Stone Guidelines

Exploring IDS Best Practices

Overview

For this stepping stone, you will explore intrusion detection system (IDS) best practices. You can discover best practices through trial and error, hands-on experience, or staying abreast of emerging trends and research. This assignment and Project Two will focus on the theoretical aspect of IDS best practices. 

After reviewing the module resources, you will identify IDS components you can use to analyze network traffic patterns. IDS components can encompass mitigation strategies and practices. Each organization has different monitoring needs. Therefore, IDS technology must be customized to an organization. Setting up an IDS draws on your adversarial mindset because vulnerabilities vary by organization. You can set up alerts using IDS and determine if an alert warrants further investigation. As a cybersecurity analyst, you must determine alert validity. You must actively use your knowledge of security fundamentals and the confidentiality, integrity, and availability (CIA) triad to make informed decisions. The best recommendations come from a deep understanding of an environment and a systems-thinking approach.

Prompt

Using the CYB 310 Project Two Stepping Stone Template, you must address the following rubric criteria:

1. IDS Best Practices Table
   1. Identify 5 components of an IDS.
   2. Explain what each component detects.
   3. Using your adversarial mindset, identify what a threat actor could accomplish if you were not monitoring each component.
   4. Explain which tenet of the security (CIA) triad is most affected by each component.
2. Application Question
   1. A small business start-up in the finance sector with one office location has identified a need for better network protection. It has identified IDS as a great low-cost solution. What IDS components would you recommend the company implement? Justify your response with at least two recommended components.

What to Submit

Submit your completed Project Two Stepping Stone Template. Your submission should be 1 to 2 pages in length. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

 Project Two Stepping Stone Template Word Document

Module Four Lab Worksheet Guidelines

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet template and complete the subsequent labs:

• Identifying and Analyzing Network Host Intrusion Detection System Alerts
• Intrusion Detection Using Snort
• Detecting Malware and Unauthorized Devices

Prompt

Complete the Module Four Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Four of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

Module Four Lab Worksheet Word Document

Lab: Identifying & Analyzing Network Host Intrusion Detection System Alerts

Lab: Intrusion Detection Using Snort

Detecting Malware and Unauthorized Devices

IDS technology is designed to protect your system in a reactionary way by monitoring the internal network for discrepancies or anomalies. The purpose of the IDS is to alert the security specialist that there is an issue with the system. The security specialist will then begin the incident response procedures.

For your initial post, select a host intrusion detection system (HIDS) or a network intrusion detection system (NIDS) and use your adversarial mindset to explain the attack you would execute to circumvent the system if you were an attacker. Justify your selection.

In your response posts, assuming your peer's attack was successful, what changes would you make to the IDS settings to detect their attack?

Sample Post

Hello everyone,

Intrusion Detection Systems (IDS) are critical in a cybersecurity strategy, identifying and alerting administrators to potential threats. In particular, Network Intrusion Detection Systems (NIDS) monitor network traffic to detect anomalies. However, no system is foolproof, and attackers often exploit weaknesses in NIDS to infiltrate systems undetected. This discussion explores a common technique used to circumvent an NIDS, focusing on evasion through packet fragmentation while drawing on real-world examples to highlight the practical implications. 

Packet fragmentation is a widely known evasion technique targeting NIDS. In this approach, attackers divide malicious payloads into smaller packets that conform to standard traffic patterns. The fragmented packets can bypass inspection thresholds or confuse detection algorithms, especially if the NIDS is configured with insufficient reassembly capabilities. For example, the 2010 attack against the South Korean defense network utilized fragmented packets to bypass perimeter NIDS, demonstrating the efficacy of this technique (Kim et al., 2012). Tools like FragRoute enable attackers to automate fragmentation, emphasizing the need for robust NIDS configurations. 

Another notable case involved the infamous Stuxnet malware. By leveraging fragmented packets and obfuscating payloads, Stuxnet circumvented monitoring systems to infiltrate critical infrastructure (Langner, 2013). These examples underscore the importance of advanced NIDS solutions capable of reconstructing fragmented packets accurately and analyzing their content in real time. 

In conclusion, while NIDS provides significant protection against unauthorized access, adversaries can exploit configuration weaknesses and limitations in detection mechanisms. Packet fragmentation exemplifies the sophistication of evasion techniques, as demonstrated in high-profile cases like Stuxnet and the South Korean defense breach. Organizations must invest in updated NIDS solutions and proactive monitoring to mitigate these threats effectively. Cybersecurity professionals can better secure their networks against such vulnerabilities by understanding adversarial methods. 

References: 

Kim, J., Park, S., & Lee, H. (2012). Advanced evasion techniques for intrusion detection systems. Journal of Computer Security, 20(1), 25-36. 

Langner, R. (2013). To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve. Langner Group. 

Scarfone, K., & Mell, P. (2012). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94. 

Sample Reponse

Hi [peer's name],

Thank you for the post and examples provided of a successful attack using packet fragmentation to evade an IDS. It is especially fascinating to hear about an attack that was even able to evade government-level detection systems. 

Packet fragmentation seems to be an ongoing issue for even modern IDS systems to handle. From what I can tell, one of the defenses to this kind of attack is to use application-level monitoring with deep packet inspection to look into packets and determine if their contents could be reconstructed as malicious code (EcyberTekTrooper, 2024). Another defense for packet fragmentation techniques is to incorporate anomaly-based detections. Even though fragmented packets may not be flagged as matching malicious code signatures, they are still an anomaly on the network (EcyberTekTrooper, 2024). 

Lastly, it is important to remember that even if an attack technique is able to evade existing detection methods, such as in the case of a zero-day vulnerability, following recommended guidelines and security frameworks will likely lesson the damage of successful attacks. Things like segmented networks, routine network audits, and cultivating a security aware culture are all effective methods for reducing the impact of attacks that evade network detection methods (EcyberTekTrooper, 2024).

Thanks for the great post!

Reference

EcyberTekTrooper. (2024, March 20). Evading Detection with Nmap’s Advanced Packet Fragmentation. Medium. https://medium.com/@flyparamotorguillermo/evading-detection-with-nmaps-advanced-packet-fragmentation-6bf1aec9833b

CJ 4440 Quiz #2: Week #6: November 18 - November 24, 2024

Score for this attempt: 10 out of 10

Submitted Nov 22 at 10:51pm

This attempt took 7 minutes.

Question 1                                                                             1 / 1 pts
1. Sinn Fein, left-wing Irish republican party political objective is to end the British control in Northern Ireland.

• True
• False

 
Question 2                                                          1 / 1 pts
2. Which U.S. President ignored Russian action in the south Caucasus region because Vladimir Putin support the U.S. role in combating terrorism?

1) Bill Clinton

2) George Bush

3) Barrack Obama

4) Donald Trump

 
Question 3                                                     1 / 1 pts
3. Which data is incorrect about The Patrice Lumumba University, known as "Killer College"?

A) Located in Russia, near Moscow

B) Established as an educational asset to the Third World countries of Africa and Asia

C) Established in 1960

D) Carlos the Jackal once attended as a student

 
Question 4                                                          1 / 1 pts
4. France is known as a center for international terrorism in Europe.

• True
• False

 
Question 5                                                          1 / 1 pts
5. The population of Yugoslavia were split along ethnic lines into how many republics?

A) Three

B) Four

C) Five

D) Six

 
Question 6                                                               1 / 1 pts
6. Former PLO leader Sheikh Ahmed Yassin stated, "Peace for us means the destruction of Israel. We are preparing for an all out war which will last for generations."

• True
• False

 
Question 7                                                        1 / 1 pts
7. How many of the 9-11 terrorists were born in Saudi Arabia?

A) 20

B) 19

C) 18

D) 17
 
Question 8                                                   1 / 1 pts
8. Who created the Islamic State in Iraq and the Levant?

A) Anwar al-Awlaki

B) Abu Bakr al-Baghdad

C) Abu Musab al-Zarqawi

D) Sayed Mahdi al-Hakim

Question 9                                                          1 / 1 pts
9. The Arab Spring was an antigovernment protest, uprisings, and armed rebellions that spread across the Middle East in early 2010.

• True
• False

 
Question 10                                                        1 / 1 pts
10. Hezbollah is a Shia Muslim militant group based in Gaza.

• True
• False

CJ 4440 Midterm: Week #5: November 11 - November 17, 2024

Score for this quiz: 23 out of 25 *

Submitted Nov 15 at 5:51pm

This attempt took 45 minutes.

Question 1                                                             1 / 1 pts
1. Which data is incorrect about the Patrice Lumumba University, known as "Killer College?"

• A) Located in Russia, near Moscow
• B) Established as an educational asset to the Third World countries of Africa and Asia
• C) Established in 1960
• D) Carlos the Jackal once attended as a student

 
Question 2                                                                           1 / 1 pts
2. According to the United Nation, the United States failed and allowed the genocide in Rwanda in 1994.

•   True 
•   False 

 
Question 3                                                                            1 / 1 pts
3. Former PLO leader Sheikh Ahmed Yassin stated, "Peace for us means the destruction of Israel. We are preparing for an all our war which will last for generations."

•   True 
•   False 

 
Question 4                                                                1 / 1 pts
4. Frances is known as a center for international terrorism in Europe.

• True 
• False 

 
Question 5                                                                    1 / 1 pts
5. The population of Yugoslavia were split along ethnic lines into how many republics?

• A) Three
• B) Four
• C) Five
• D) Six

 
Question 6                                                                    1 / 1 pts
6. Based on your reading which of the government agency listed define terrorism as "is intended to produce fear in someone other than the victim"?

• A) Federal Bureau of Investigation (FBI)
• B) U.S. Department of Defense (DOD)
• C) U.S. Department of State
• D) U.S. Department of Homeland Security (DHS)

 
Question 7                                                                    1 / 1 pts
7. Law enforcement and intelligence agencies are experiences most problems in the twenty-first century with detection, infiltration, and prevention of what type of terrorist?

• A) Jihadist
• B) State-sponsor
• C) Lone Wolf
• D) Islamic Jihad

 
Question 8                                                                   1 / 1 pts
8. Based on required reading, which violent acts are defined as terrorist incidents?

• A) 1941 Attack on Pearl Harbor, 1995 Oklahoma City Bombing, and 2000 Bombing of the USS Cole
• B) 1995 Oklahoma City Bombing & 2000 Bombing of the USS Cole
• C) 1941 Attack on Pearl Harbor & 2000 Bombing of the USS Cole
• D) 1941 Attack on Pearl Harbor & 1995 Oklahoma City Bombing

 
Question 9                                                                          1 / 1 pts
9. Identify the reasons for RCMP and CSIS joint investigation failures that span over twenty years regarding the bombing of Air India Flight 182, the worst act of terrorism in Canadian history (Spindlove & Simensen, 2018).

• A) Lack of intelligence and investigative tools
• B) Interference and mismanagement of the investigation
• C) Lack of investigative tools
• D) Lack of intelligence tools

 
Question 10                                                                        1 / 1 pts
10. Under Homeland Security Presidential Directive 6, the Department of Homeland Security Secretary established Terrorist Screening Centers (TSCs) in September 2003 to consolidate the watch list for the lawful use of terrorist information in screening processes.

• True 
• False 

 
Question 11                                                           13 / 15 pts
11. Based on your reading about the lack of intelligence gathering authority that allowed 9-11 and the United States' response by enacting the Patriot Act in 2001 and the creation of the Department of Homeland Security in 2003, should there be more or less authority given to law enforcement to detect and prevent future attacks by potential radicalized immigrants and American citizens within the United States? To receive full credit, a well-written essay will have between 400 and 500 words, with at least three (3) in-text citations and three (3) different references listed below the essay. Your well-written essay response must be relevant and provide an analysis of the justification for the position with data on the implementation or lack of significant results from the use of the Patriot Act since 2001. While this question is similar to a discussion board, it requires an essay response, not a discussion board posting.
Excellent grammar with references and in-text citations is required, with attention to the accurate use of quotations.

Students are reminded to use only their work production for this assignment with strict attention to the following plagiarism policy:

Plagiarism

Don’t plagiarize (and that includes use of text spinning tools, paraphrasing tools, and AI tools that generate papers). Plagiarism will lead to a “zero” on the assignment and/or an “F” in the class, at my discretion, and in some cases, a recommendation to the Dean of Student Services for your suspension from the University.  Bottom line:  if you use someone else’s ideas, cite.  If you use someone else’s words, QUOTE.  Here’s a short interactive plagiarism tutorial  Links to an external site.from Acadia University. 

Graded Answer:

Sept 2001 terrorist attacks identified significant challenges in the US intelligence and law enforcement systems, bringing about policy changes like the USA PATRIOT Act of 2001 and the creation of the DHS in 2003. The provisions of the act involved roving wiretaps, National Security Letters (NSLs) to get records without the court’s approval, and the so-called “lone wolf clause” that permits spying of unrelated individuals from terror suspected. These tools were integrated into the counterterrorism framework to enhance national security through the virtue of preventive investigations. The authors point out that the Act has prevented certain terror attacks, including Najibullah Zazi’s projected bombing of the New York City subway ...

CYB 310 Project One Stepping Stone 

Network Troubleshooting Practice

Overview

Troubleshooting practice will help you develop the adversarial mindset that is essential for a cybersecurity analyst to have. Troubleshooting any situation helps prepare you to handle similar situations when they arise. The faster you can fix an issue, the less likely it is to cause harm throughout the event. In a sandbox environment, it is easy to experiment with causing and solving problems to test your peers or other members of an organization. You can also use a sandbox to challenge your skills and test your network defense competence. The GNS3 environment provides a virtual network that also incorporates host operating systems. The environment gives you the ability to interface with the operating systems of devices.

For this stepping stone, you will practice network troubleshooting in a sandbox environment. The sandbox is a safe place to practice your skills, as you won’t have to worry about damaging a production environment. You will use the same sandbox environment for Project One.

Scenario

You are interviewing for a cybersecurity analyst position. As part of the interview process, the company tests all candidates’ troubleshooting capabilities. The company provides you with a GNS3 virtual network in a sandbox environment and asks you to demonstrate your troubleshooting skills. Open the CYB 310 Sandbox and click on the GNS3 icon. Open the Project One Stepping Stone file to troubleshoot and resolve the following issues:

1. Only users in the Sales and Customer Service departments need access to the Customer Data folder on the CS FTP server. The Human Resources department users should not have access. 
2. Three of the four workstations in the Human Resources department cannot ping the Cloud IP address due to an IP address or switch misconfiguration. Find and correct the misconfigurations.

Prompt

You must address the following rubric criteria:

1. Network Deficiencies
   1. Issue One 
      1. Identify the configuration error causing the issue by providing appropriate screenshot(s).
      2. Troubleshoot the issue and provide screenshots of a resolution.
      3. Explain your approach to troubleshooting the issue and justify your resolution.
   2. Issue Two
      1. Identify the configuration error causing the issue by providing appropriate screenshot(s).
      2. Troubleshoot the issue and provide screenshots of a resolution.
      3. Explain your approach to troubleshooting the issue and justify your resolution.

What to Submit

Your submission should be 2 to 3 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

CYB 310 : 3-2 Lab Worksheet Assignment

Module Three Lab Worksheet 

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet and complete the subsequent labs:

• Performing a Denial-of-Service Attack from the WAN
• Implementing NAT and Allowing Remote Access

CYB 310 Module Three Lab Worksheet

Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information.

Lab: Performing a Denial-of-Service Attack From the WAN

Lab: Implementing NAT and Allowing Remote Access

CYB 310 : 3-1 Discussion: Denying DoS Attacks

One of the biggest assets of an organization is information. Stopping the flow of that information can be detrimental to a business. If your organization experiences a denial-of-service (DoS) attack, it may be at risk to lose customers, revenue, and reputation. It is challenging for organizations to report a cyber incident and, even when they do, what they publish can be missing key facts to understanding the full attack picture.

For your initial post:

• Find a resource outside of your assigned reading that describes a recent DoS attack. Post the link and summarize the attack for your peers.
• Identify possible missing information from the resource that would help you prevent similar attacks in your organization.
• Explain why there is no incentive for organizations to report these types of attacks.

In your response posts, is there any other missing information you can identify? Alternatively, what other steps could you take to protect an organization's data from a DoS attack?

Sample Post

Hello everyone!

One attack I was able to find some information is the DDoS attack on South Korea's Joint Chiefs of Staff (JCS) website on November 5, 2024, at approximately 5:30pm. 

Massive DDoS Attack Cripples South Korea’s Defense Site—North Korea or Russia?

Though it was affected initially, prompting an investigation from the Cyber Operations Command, the DDoS countermeasures were activated and allowed the site to remain operational for the public, though there were slower loading times and connectivity issues. The IP address was blocked, says a military spokesperson, and the department is focusing their efforts on finding the culprit responsible for the attacks. This attack is following a warning from the Korea Internet & Security Agency on October 1, which previously had alerted organization to increase cyber defenses in anticipation of an uptick of cyber threats, possibly due to the deployment of North Korean troops to Russia. People are speculating that the attacks maybe have originated from, or at least been linked to, North Korea or Russia. 

The article is unfortunately quite lacking on information, such as the countermeasures that were deployed to circumvent the attacks or if the website had protocols in place for responding to such cyber threats. It was incredibly difficult to find an article reporting recent DDoS attacks in the first place, let alone one with a lot of information. There are, however, many best practices to put in place to protect against DDoS attacks, such as prioritizing security over performance, bolstering your protection tactics, and embracing threat intelligence to stay ahead of potential attackers. 

There are quite a few reasons why organizations may not want to report on DDoS attacks. For instance, it could give a public perception of weakness for the organization, which could lead to an escalation of attacks. DDoS attacks are generally used as part of "stress" testing for servers, and if they report that the attack was successful in disrupting services, attackers could use that information to mark that organization as a viable target for future attacks. Additionally, there are no legal requirements to report such attacks, meaning most organization may opt to handle the problems internally to avoid the consequences that could result from disclosure. 

Thank you!

Sample Reponse

Hello,

Thank you for sharing such an insightful example! The DDoS attack on South Korea's Joint Chiefs of Staff is a strong reminder of the need for robust cybersecurity measures, especially amidst heightened geopolitical tensions involving North Korea and Russia. Another key piece of missing information is whether the organization performed a post-incident analysis to identify and address vulnerabilities exposed during the attack. Additionally, it would be valuable to know the scale of the attack, such as the traffic volume or duration, as this could provide insight into the attackers’ capabilities and intentions. Sharing more details about the countermeasures—such as traffic filtering or reliance on cloud-based mitigation—could also help other organizations enhance their defenses.

To prevent or mitigate DoS attacks, organizations can take several proactive steps. Implementing redundancy by distributing server resources across multiple locations can reduce the risk of single points of failure. Real-time traffic monitoring tools can detect and neutralize unusual patterns before they escalate. Rate limiting helps control excessive requests from individual users, while partnering with ISPs can block malicious traffic closer to its origin. Moreover, having a robust incident response plan, regularly tested through drills, ensures organizations can act swiftly and effectively. These measures, combined with international collaboration and information sharing, could significantly strengthen collective defenses against such threats. What are your thoughts on the potential benefits of increased transparency and cooperation between organizations in mitigating attacks like these?

Thanks.

CYB 310 Module Two Lab Worksheet

Overview

These labs represent skills and tasks that a network administrator will routinely perform. It is extremely important for a practitioner to have skills in these areas to inform security policy and procedures.

Review your worksheet and complete the subsequent labs:

• The OSI Model
• Network Troubleshooting
• TCP/IP Protocols – The Core Protocols

Prompt

Complete the Module Two Lab Worksheet, which is linked in the Lab Worksheet assignment in Module Two of your course.

What to Submit

Submit your completed worksheet. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

Module Two Lab Worksheet Word Document 

Discussion #1: Problem-Based Learning Scenario:

Assume you are the incoming Secretary of the Department of Homeland Security, sworn into office on January 21, 2025. Based on your reading and knowledge about the lack of intelligence-related authority among federal agencies before the 9/11 terrorist incidents, which resulted in the enactment of the US Patriot Act and the creation of the Department of Homeland Security in 2003. Does your agency currently have the authority and essential tools available under the Patriot Act to investigate and monitor potentially radicalized American citizens on social media within the United States? The initial posting should outline the authority and investigative tools under the Patriot Act and other recent legislation to determine whether successful monitoring of individuals under the overall current national security strategy is effective within the United States.  A well-written initial persuasive argument will include at least three (3) different in-text citations and at least three (3) different references. Both replies to classmates or the Professor must have at least one (1) in-text citation and at least one (1) reference listed below the arguments.

Sample Post

Hello Eveyone,

The USA Patriot Act, enacted shortly after the September 11, 2001 attacks, granted federal agencies—including the Department of Homeland Security—expanded authority to investigate potential threats, including those arising within the U.S. The Act facilitates several key investigative tools, including the ability to conduct surveillance on individuals suspected of being involved in terrorism-related activities (U.S. Department of Justice, 2001).

Within the Patriot Act is the expansion of the Foreign Intelligence Surveillance Act (FISA), which allows surveillance of individuals believed to be engaged in espionage or terrorism-related activities. Under FISA, DHS can monitor communications and social media posts, particularly those involving foreign contacts or affiliations that could pose a national security threat (American Civil Liberties Union [ACLU], 2006). While FISA traditionally focused on foreign nationals, the broad interpretation of what constitutes "foreign intelligence" has allowed agencies to monitor U.S. citizens in certain contexts, especially if they are suspected of involvement in international terrorist organizations.

Despite these expanded tools, monitoring American citizens on social media raises significant concerns about privacy and civil liberties. The challenge for DHS is to balance its mission of protecting national security with the constitutional rights of individuals. The 2021 amendments to the Patriot Act and various judicial rulings have placed limits on certain surveillance activities, such as restricting warrantless monitoring of U.S. citizens (American Civil Liberties Union, 2021). Moreover, social media platforms like Twitter and Facebook now have policies in place to monitor extremist content, but these platforms often push back against government requests for data, citing privacy and free speech issues (Smith, 2020).

While the DHS possesses a robust toolkit for monitoring and investigating potential domestic radicalization through the Patriot Act and recent legislation, its ability to fully monitor radicalized individuals on social media must be carefully navigated.

References:

- American Civil Liberties Union (ACLU). (2006). *Surveillance under the USA PATRIOT Act*. Retrieved from https://www.aclu.org

- American Civil Liberties Union (ACLU). (2021). *Privacy and the surveillance state*. Retrieved from https://www.aclu.orgLinks to an external site.

- U.S. Department of Justice. (2001). *The USA PATRIOT Act: Text of the law*. Retrieved from https://www.justice.govLinks to an external site.

- Smith, S. (2020). *Social media platforms' role in combating radicalization*. *Journal of Cybersecurity Policy*, 13(2), 45-62.

Sample Reply

Hello [Classmate's Name],

You’ve provided a thorough overview of the USA Patriot Act's impact on surveillance authority. One area that stands out is the tension between security and privacy, especially regarding monitoring U.S. citizens on social media. The expanded surveillance powers under FISA indeed broaden the scope of DHS's reach, enabling them to track communications with foreign ties as potential risks to national security (U.S. Department of Justice, 2001). This increased oversight is crucial for preventing threats, yet, as you mentioned, it can raise civil liberties concerns, especially when it comes to warrantless surveillance. Social media platforms also have a role in this balance. While companies like Twitter and Facebook aim to prevent extremist content, they often prioritize user privacy, pushing back against requests for data without court orders (Smith, 2020). Striking the right balance is key for maintaining public trust in national security measures.

References

Smith, A. (2020). Social media and privacy policies: The pushback on government surveillance. Journal of Digital Rights, 15(3), 202-218.

U.S. Department of Justice. (2001). The USA PATRIOT Act: Preserving life and liberty.