SlideShare a Scribd company logo

Lab 1 4-5

Ratzman III
Ratzman III
1 of 4
Download to read offline
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 4 Activity 1.4.5: Identifying Top Security Vulnerabilities Learning Objectives Upon completion of this activity, you will be able to: • Use the SANS site to quickly identify Internet security threats. • Explain how threats are organized. • List several recent security vulnerabilities. • Use the SANS links to access other security-related information. Background One of the most popular and trusted sites related to defending against computer and network security threats is SANS. SANS stands for SysAdmin, Audit, Network, Security. SANS contains several components, each a major contributor to information security. For additional information about the SANS site, go to http://www.sans.org/, and select items from the Resources menu. How can a corporate security administrator quickly identify security threats? SANS and the FBI have compiled their list of the top 20 Internet Security Attack Targets at http://www.sans.org/top20/. The list is regularly updated with information formatted by: • Operating Systems—Windows, Unix/Linux, MAC • Applications—Cross-platform, including web, database, Peer-to-Peer, instant messaging, media players, DNS servers, backup software, and management servers • Network Devices—Network infrastructure devices (routers, switches, etc.), VoIP devices • Human Elements—Security policies, human behavior, personnel issues • Special Section—Security issues not related to any of the above categories Scenario This lab will introduce students to computer security issues vulnerabilities. The SANS web site will be used as a tool for threat vulnerability identification, understanding, and defense. This lab must be completed outside of the Cisco lab from a computer with Internet access. Estimated completion time is one hour.
CCNA Exploration Network Fundamentals: Living in a Network-Centric World Activity 1.4.5 Identifying Top Security Vulnerabilities All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4 Task 1: Locate the SANS Resources. Step 1: Open the SANS Top 20 List. Using a web browser, go to URL http://www.sans.org. On the resources menu, choose top 20 list, shown in Figure 1. Figure 1. SANS Menu The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics: N1. VoIP Servers and Phones N2. Network and Other Devices Common Configuration Weaknesses Step 2: Click hyperlink N2. Network and Other Devices Common Configuration Weaknesses to jump to this topic. Task 2: Review the SANS Resources. Step 1: Review the contents of N2.2 Common Default Configuration Issues. For example, N.2.2.2 (in January 2007) contains information about threats associated with default accounts and values. A Google search on “wireless router passwords” returns links to multiple sites that publish a list of wireless router default administrator account names and passwords. Failure to change the default password on these devices can lead to compromise and vulnerability by attackers. Step 2: Note the CVE references. The last line under several topics references Common Vulnerability Exposure (CVE). The CVE name is linked to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), sponsored by the Department of Homeland Security (DHS) National Cyber Security Division and US-CERT, which contains information about the vulnerability.
CCNA Exploration Network Fundamentals: Living in a Network-Centric World Activity 1.4.5 Identifying Top Security Vulnerabilities All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 4 Task 3: Collect Data. The remainder of this lab walks you through a vulnerability investigation and solution. Step 1: Choose a topic to investigate, and click on an example CVE hyperlink. Note: Because the CVE list changes, the current list may not contain the same vulnerabilities as those in January 2007. The link should open a new web browser connected to http://nvd.nist.gov/ and the vulnerability summary page for the CVE. Step 2: Fill in information about the vulnerability: Original release date: ____________________________ Last revised: ___________________________________ Source: _______________________________________ Overview: ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Under Impact, there are several values. The Common Vulnerability Scoring System (CVSS) severity is displayed and contains a value between 1 and 10. Step 3: Fill in information about the vulnerability impact: CVSS Severity: ________________________ Range: _______________________________ Authentication: _________________________ Impact Type: __________________________ The next heading contains links with information about the vulnerability and possible solutions. Step 4: Using the hyperlinks, write a brief description of the solution as found on those pages. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
CCNA Exploration Network Fundamentals: Living in a Network-Centric World Activity 1.4.5 Identifying Top Security Vulnerabilities All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 4 Task 4: Reflection The number of vulnerabilities to computers, networks, and data continues to increase. The governments have dedicated significant resources to coordinating and disseminating information about the vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Think about user habits that create security risks. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Task 5: Challenge Try to identify an organization that will meet with us to explain how vulnerabilities are tracked and solutions applied. Finding an organization willing to do this may be difficult, for security reasons, but will benefits students, who will learn how vulnerability mitigation is accomplished in the world. It will also give representatives of the organization an opportunity to meet the class and conduct informal intern interviews.

Recommended

Survey on Computer Worms
Survey on Computer WormsSurvey on Computer Worms
Survey on Computer Wormsrahulmonikasharma
 
Computer virus
Computer virusComputer virus
Computer virusJoydipGhosh12
 
Computer Virus and Spyware
Computer Virus and SpywareComputer Virus and Spyware
Computer Virus and SpywareMahamudul Hassan Niaz
 
A Heartbleed By Any Other Name - Data Driven Vulnerability Management
A Heartbleed By Any Other Name - Data Driven Vulnerability ManagementA Heartbleed By Any Other Name - Data Driven Vulnerability Management
A Heartbleed By Any Other Name - Data Driven Vulnerability ManagementMichael Roytman
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virussharing notes123
 
What types of viruses can affect your computer
What types of viruses can affect your computerWhat types of viruses can affect your computer
What types of viruses can affect your computerAGR Technologies
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry VirusEast West University
 
presentation on Virus
presentation on Viruspresentation on Virus
presentation on VirusAbdullah-Al- Mahmud
 

Recommended

Survey on Computer Worms
Survey on Computer WormsSurvey on Computer Worms
Survey on Computer Wormsrahulmonikasharma
 
Computer virus
Computer virusComputer virus
Computer virusJoydipGhosh12
 
Computer Virus and Spyware
Computer Virus and SpywareComputer Virus and Spyware
Computer Virus and SpywareMahamudul Hassan Niaz
 
A Heartbleed By Any Other Name - Data Driven Vulnerability Management
A Heartbleed By Any Other Name - Data Driven Vulnerability ManagementA Heartbleed By Any Other Name - Data Driven Vulnerability Management
A Heartbleed By Any Other Name - Data Driven Vulnerability ManagementMichael Roytman
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virussharing notes123
 
What types of viruses can affect your computer
What types of viruses can affect your computerWhat types of viruses can affect your computer
What types of viruses can affect your computerAGR Technologies
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry VirusEast West University
 
presentation on Virus
presentation on Viruspresentation on Virus
presentation on VirusAbdullah-Al- Mahmud
 
Avoiding email viruses
Avoiding email virusesAvoiding email viruses
Avoiding email virusesSan Diego Continuing Education
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!pratikpandya18
 
computer virus and related legal issues
computer virus and related legal issuescomputer virus and related legal issues
computer virus and related legal issuesShweta Ghate
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
Computer Virus 2017
Computer Virus 2017Computer Virus 2017
Computer Virus 2017abdullah shahzad
 
10 Worst Computer Viruses of all time
10 Worst Computer Viruses of all time10 Worst Computer Viruses of all time
10 Worst Computer Viruses of all timeAlefyaM
 
Computer virus
Computer virusComputer virus
Computer virusSammer Khizer
 
As computer virus
As computer virusAs computer virus
As computer virusachal bisht
 
Computer Viruses and Protections
Computer Viruses and ProtectionsComputer Viruses and Protections
Computer Viruses and Protectionscasyrichard
 
Internet security issues
Internet security issuesInternet security issues
Internet security issuesirfan shaikh
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentationNeetu Jain
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threatsAzri Abdin
 
Virus
Virus Virus
Virus safi Ullah
 
Assignment of virus
Assignment of virusAssignment of virus
Assignment of virusHuma Tariq
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virussameer1993
 
Computer viruses
Computer virusesComputer viruses
Computer virusesaagmansaini
 
Computer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarComputer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarsasikumr sagabala
 
Computer virus
Computer virusComputer virus
Computer virusMark Anthony Maranga
 
Wanna cry
Wanna cryWanna cry
Wanna cryAditya Pal
 
Modul my sql tutorial part 5
Modul my sql tutorial part 5Modul my sql tutorial part 5
Modul my sql tutorial part 5Ratzman III
 
108 318-1-sm
108 318-1-sm108 318-1-sm
108 318-1-smRatzman III
 

More Related Content

What's hot

computer virus and related legal issues
computer virus and related legal issuescomputer virus and related legal issues
computer virus and related legal issuesShweta Ghate
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
10 Worst Computer Viruses of all time
10 Worst Computer Viruses of all time10 Worst Computer Viruses of all time
10 Worst Computer Viruses of all timeAlefyaM
 
As computer virus
As computer virusAs computer virus
As computer virusachal bisht
 
Computer Viruses and Protections
Computer Viruses and ProtectionsComputer Viruses and Protections
Computer Viruses and Protectionscasyrichard
 
Internet security issues
Internet security issuesInternet security issues
Internet security issuesirfan shaikh
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentationNeetu Jain
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threatsAzri Abdin
 
Assignment of virus
Assignment of virusAssignment of virus
Assignment of virusHuma Tariq
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virussameer1993
 
Computer viruses
Computer virusesComputer viruses
Computer virusesaagmansaini
 
Computer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarComputer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarsasikumr sagabala
 

What's hot (20)

Avoiding email viruses
Avoiding email virusesAvoiding email viruses
Avoiding email viruses
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!
 
computer virus and related legal issues
computer virus and related legal issuescomputer virus and related legal issues
computer virus and related legal issues
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer Virus 2017
Computer Virus 2017Computer Virus 2017
Computer Virus 2017
 
10 Worst Computer Viruses of all time
10 Worst Computer Viruses of all time10 Worst Computer Viruses of all time
10 Worst Computer Viruses of all time
 
Computer virus
Computer virusComputer virus
Computer virus
 
As computer virus
As computer virusAs computer virus
As computer virus
 
Computer Viruses and Protections
Computer Viruses and ProtectionsComputer Viruses and Protections
Computer Viruses and Protections
 
Internet security issues
Internet security issuesInternet security issues
Internet security issues
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentation
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
 
Virus
Virus Virus
Virus
 
Assignment of virus
Assignment of virusAssignment of virus
Assignment of virus
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarComputer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumar
 
Computer virus
Computer virusComputer virus
Computer virus
 
Wanna cry
Wanna cryWanna cry
Wanna cry
 

Viewers also liked

Modul my sql tutorial part 5
Modul my sql tutorial part 5Modul my sql tutorial part 5
Modul my sql tutorial part 5Ratzman III
 
Dani w ( 100210007 ) tm transformer rev
Dani w ( 100210007 ) tm transformer revDani w ( 100210007 ) tm transformer rev
Dani w ( 100210007 ) tm transformer revRatzman III
 
Akuntansi fahmi2
Akuntansi fahmi2Akuntansi fahmi2
Akuntansi fahmi2Ratzman III
 
Espa4123 statistika modul 3.1
Espa4123 statistika modul 3.1Espa4123 statistika modul 3.1
Espa4123 statistika modul 3.1Ratzman III
 
Modul my sql tutorial part 6
Modul my sql tutorial part 6Modul my sql tutorial part 6
Modul my sql tutorial part 6Ratzman III
 
Format Pengabdian Masyarakat
Format Pengabdian MasyarakatFormat Pengabdian Masyarakat
Format Pengabdian MasyarakatRatzman III
 
Riset akuntansi multidisiplin
Riset akuntansi multidisiplinRiset akuntansi multidisiplin
Riset akuntansi multidisiplinRatzman III
 
Ekma4116 manajemen modul 2
Ekma4116 manajemen modul 2Ekma4116 manajemen modul 2
Ekma4116 manajemen modul 2Ratzman III
 
Jurnal data warehouse inisiatif di universitas sumatera utara
Jurnal data warehouse inisiatif di universitas sumatera utaraJurnal data warehouse inisiatif di universitas sumatera utara
Jurnal data warehouse inisiatif di universitas sumatera utaraRatzman III
 
Ekma4116 manajemen modul 6
Ekma4116 manajemen modul 6Ekma4116 manajemen modul 6
Ekma4116 manajemen modul 6Ratzman III
 
Ekma4116 manajemen modul 5
Ekma4116 manajemen modul 5 Ekma4116 manajemen modul 5
Ekma4116 manajemen modul 5Ratzman III
 
Modul my sql tutorial part 4
Modul my sql tutorial part 4Modul my sql tutorial part 4
Modul my sql tutorial part 4Ratzman III
 
Modul my sql tutorial part 1
Modul my sql tutorial part 1Modul my sql tutorial part 1
Modul my sql tutorial part 1Ratzman III
 
Format makalah knsi 2013
Format makalah knsi 2013Format makalah knsi 2013
Format makalah knsi 2013Ratzman III
 

Viewers also liked (20)

Modul my sql tutorial part 5
Modul my sql tutorial part 5Modul my sql tutorial part 5
Modul my sql tutorial part 5
 
108 318-1-sm
108 318-1-sm108 318-1-sm
108 318-1-sm
 
1577 8517-v11 2
1577 8517-v11 21577 8517-v11 2
1577 8517-v11 2
 
1577 8517-v11 2
1577 8517-v11 21577 8517-v11 2
1577 8517-v11 2
 
Dani w ( 100210007 ) tm transformer rev
Dani w ( 100210007 ) tm transformer revDani w ( 100210007 ) tm transformer rev
Dani w ( 100210007 ) tm transformer rev
 
Akuntansi fahmi2
Akuntansi fahmi2Akuntansi fahmi2
Akuntansi fahmi2
 
Espa4123 statistika modul 3.1
Espa4123 statistika modul 3.1Espa4123 statistika modul 3.1
Espa4123 statistika modul 3.1
 
Modul my sql tutorial part 6
Modul my sql tutorial part 6Modul my sql tutorial part 6
Modul my sql tutorial part 6
 
Format Pengabdian Masyarakat
Format Pengabdian MasyarakatFormat Pengabdian Masyarakat
Format Pengabdian Masyarakat
 
Riset akuntansi multidisiplin
Riset akuntansi multidisiplinRiset akuntansi multidisiplin
Riset akuntansi multidisiplin
 
Ekma4116 manajemen modul 2
Ekma4116 manajemen modul 2Ekma4116 manajemen modul 2
Ekma4116 manajemen modul 2
 
Lab 1 1-1
Lab 1 1-1Lab 1 1-1
Lab 1 1-1
 
Jurnal data warehouse inisiatif di universitas sumatera utara
Jurnal data warehouse inisiatif di universitas sumatera utaraJurnal data warehouse inisiatif di universitas sumatera utara
Jurnal data warehouse inisiatif di universitas sumatera utara
 
Ekma4116 manajemen modul 6
Ekma4116 manajemen modul 6Ekma4116 manajemen modul 6
Ekma4116 manajemen modul 6
 
Ekma4116 manajemen modul 5
Ekma4116 manajemen modul 5 Ekma4116 manajemen modul 5
Ekma4116 manajemen modul 5
 
Nilai lab 01pt3
Nilai lab 01pt3Nilai lab 01pt3
Nilai lab 01pt3
 
Modul my sql tutorial part 4
Modul my sql tutorial part 4Modul my sql tutorial part 4
Modul my sql tutorial part 4
 
Modul my sql tutorial part 1
Modul my sql tutorial part 1Modul my sql tutorial part 1
Modul my sql tutorial part 1
 
Aku06080101
Aku06080101Aku06080101
Aku06080101
 
Format makalah knsi 2013
Format makalah knsi 2013Format makalah knsi 2013
Format makalah knsi 2013
 

Similar to Lab 1 4-5

Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comBartholomew99
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comBromleyz38
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEWshyamuopiv
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comBaileyabl
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comBaileya109
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comrobertlesew79
 
Sec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.comSec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.comHarrisGeorg69
 
2.Public Vulnerability Databases
2.Public Vulnerability Databases2.Public Vulnerability Databases
2.Public Vulnerability Databasesphanleson
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploitFreddy Buenaño
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
Deliverables Step-12 SLA 3-5 pages
Deliverables Step-12 SLA 3-5 pages Deliverables Step-12 SLA 3-5 pages
Deliverables Step-12 SLA 3-5 pages LinaCovington707
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 
W5 Technologies for Decision MakingGraded Discussion  Technolo.docx
W5 Technologies for Decision MakingGraded Discussion  Technolo.docxW5 Technologies for Decision MakingGraded Discussion  Technolo.docx
W5 Technologies for Decision MakingGraded Discussion  Technolo.docxjessiehampson
 
Analysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability ScannersAnalysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability ScannersPROBOTEK
 
HRMN300INSTRUCTIONS· Respond to all four questions below on.docx
HRMN300INSTRUCTIONS· Respond to all four questions below on.docxHRMN300INSTRUCTIONS· Respond to all four questions below on.docx
HRMN300INSTRUCTIONS· Respond to all four questions below on.docxpooleavelina
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareNicole Gaehle, MSIST
 

Similar to Lab 1 4-5 (20)

Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.com
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
 
Sec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.comSec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.com
 
2.Public Vulnerability Databases
2.Public Vulnerability Databases2.Public Vulnerability Databases
2.Public Vulnerability Databases
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application Environment
 
Deliverables Step-12 SLA 3-5 pages
Deliverables Step-12 SLA 3-5 pages Deliverables Step-12 SLA 3-5 pages
Deliverables Step-12 SLA 3-5 pages
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
W5 Technologies for Decision MakingGraded Discussion  Technolo.docx
W5 Technologies for Decision MakingGraded Discussion  Technolo.docxW5 Technologies for Decision MakingGraded Discussion  Technolo.docx
W5 Technologies for Decision MakingGraded Discussion  Technolo.docx
 
Analysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability ScannersAnalysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability Scanners
 
HRMN300INSTRUCTIONS· Respond to all four questions below on.docx
HRMN300INSTRUCTIONS· Respond to all four questions below on.docxHRMN300INSTRUCTIONS· Respond to all four questions below on.docx
HRMN300INSTRUCTIONS· Respond to all four questions below on.docx
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in Software
 

More from Ratzman III

Tugas Tutorial EKSI4202 Hukum Pajak
Tugas Tutorial EKSI4202 Hukum PajakTugas Tutorial EKSI4202 Hukum Pajak
Tugas Tutorial EKSI4202 Hukum PajakRatzman III
 
Tugas Wajib Tutorial I - EKSI4202 - Hukum Pajak
Tugas Wajib Tutorial I - EKSI4202 - Hukum PajakTugas Wajib Tutorial I - EKSI4202 - Hukum Pajak
Tugas Wajib Tutorial I - EKSI4202 - Hukum PajakRatzman III
 
Review Artikel Tinjauan Pustaka
Review Artikel Tinjauan PustakaReview Artikel Tinjauan Pustaka
Review Artikel Tinjauan PustakaRatzman III
 
MICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya Ilmiah
MICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya IlmiahMICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya Ilmiah
MICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya IlmiahRatzman III
 
Format laporan Tutor Universitas Terbuka 2014
Format laporan Tutor Universitas Terbuka 2014Format laporan Tutor Universitas Terbuka 2014
Format laporan Tutor Universitas Terbuka 2014Ratzman III
 
Arduino Ch3 : Tilt Sensing Servo Motor Controller
Arduino Ch3 : Tilt Sensing Servo Motor Controller Arduino Ch3 : Tilt Sensing Servo Motor Controller
Arduino Ch3 : Tilt Sensing Servo Motor Controller Ratzman III
 
Arduino - Ch 2: Sunrise-Sunset Light Switch
Arduino - Ch 2: Sunrise-Sunset Light SwitchArduino - Ch 2: Sunrise-Sunset Light Switch
Arduino - Ch 2: Sunrise-Sunset Light SwitchRatzman III
 
Arduino - CH 1: The Trick Switch
Arduino - CH 1: The Trick SwitchArduino - CH 1: The Trick Switch
Arduino - CH 1: The Trick SwitchRatzman III
 
Bab 3 - Kalkulus Relasional
Bab 3 - Kalkulus RelasionalBab 3 - Kalkulus Relasional
Bab 3 - Kalkulus RelasionalRatzman III
 
Bab 2 Aljabar Relasional
Bab 2 Aljabar RelasionalBab 2 Aljabar Relasional
Bab 2 Aljabar RelasionalRatzman III
 
Bab 1 RDBMS Review
Bab 1 RDBMS ReviewBab 1 RDBMS Review
Bab 1 RDBMS ReviewRatzman III
 
Kisi kisi basis data uts
Kisi kisi basis data utsKisi kisi basis data uts
Kisi kisi basis data utsRatzman III
 
Kisi kisi basis data uts
Kisi kisi basis data utsKisi kisi basis data uts
Kisi kisi basis data utsRatzman III
 
Basis Data, Ch 4 - Relasonal Aljabar & Calculus
Basis Data, Ch 4 - Relasonal Aljabar & CalculusBasis Data, Ch 4 - Relasonal Aljabar & Calculus
Basis Data, Ch 4 - Relasonal Aljabar & CalculusRatzman III
 
Basis Data, Ch. 3 - Relational Model
Basis Data, Ch. 3 - Relational ModelBasis Data, Ch. 3 - Relational Model
Basis Data, Ch. 3 - Relational ModelRatzman III
 

More from Ratzman III (20)

Tugas Tutorial EKSI4202 Hukum Pajak
Tugas Tutorial EKSI4202 Hukum PajakTugas Tutorial EKSI4202 Hukum Pajak
Tugas Tutorial EKSI4202 Hukum Pajak
 
Tugas Wajib Tutorial I - EKSI4202 - Hukum Pajak
Tugas Wajib Tutorial I - EKSI4202 - Hukum PajakTugas Wajib Tutorial I - EKSI4202 - Hukum Pajak
Tugas Wajib Tutorial I - EKSI4202 - Hukum Pajak
 
Review Artikel Tinjauan Pustaka
Review Artikel Tinjauan PustakaReview Artikel Tinjauan Pustaka
Review Artikel Tinjauan Pustaka
 
MICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya Ilmiah
MICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya IlmiahMICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya Ilmiah
MICRO TEACHING IDIK4013-Memanfaatkan Pustaka dalam Penulisan Karya Ilmiah
 
Format laporan Tutor Universitas Terbuka 2014
Format laporan Tutor Universitas Terbuka 2014Format laporan Tutor Universitas Terbuka 2014
Format laporan Tutor Universitas Terbuka 2014
 
Arduino Ch3 : Tilt Sensing Servo Motor Controller
Arduino Ch3 : Tilt Sensing Servo Motor Controller Arduino Ch3 : Tilt Sensing Servo Motor Controller
Arduino Ch3 : Tilt Sensing Servo Motor Controller
 
Arduino - Ch 2: Sunrise-Sunset Light Switch
Arduino - Ch 2: Sunrise-Sunset Light SwitchArduino - Ch 2: Sunrise-Sunset Light Switch
Arduino - Ch 2: Sunrise-Sunset Light Switch
 
Arduino - CH 1: The Trick Switch
Arduino - CH 1: The Trick SwitchArduino - CH 1: The Trick Switch
Arduino - CH 1: The Trick Switch
 
Bab 3 - Kalkulus Relasional
Bab 3 - Kalkulus RelasionalBab 3 - Kalkulus Relasional
Bab 3 - Kalkulus Relasional
 
Bab 2 Aljabar Relasional
Bab 2 Aljabar RelasionalBab 2 Aljabar Relasional
Bab 2 Aljabar Relasional
 
Bab 1 RDBMS Review
Bab 1 RDBMS ReviewBab 1 RDBMS Review
Bab 1 RDBMS Review
 
Kisi kisi basis data uts
Kisi kisi basis data utsKisi kisi basis data uts
Kisi kisi basis data uts
 
Kisi kisi basis data uts
Kisi kisi basis data utsKisi kisi basis data uts
Kisi kisi basis data uts
 
Format sap
Format sapFormat sap
Format sap
 
Tugas i
Tugas iTugas i
Tugas i
 
1088
10881088
1088
 
1152
11521152
1152
 
Pengabdian 2
Pengabdian 2Pengabdian 2
Pengabdian 2
 
Basis Data, Ch 4 - Relasonal Aljabar & Calculus
Basis Data, Ch 4 - Relasonal Aljabar & CalculusBasis Data, Ch 4 - Relasonal Aljabar & Calculus
Basis Data, Ch 4 - Relasonal Aljabar & Calculus
 
Basis Data, Ch. 3 - Relational Model
Basis Data, Ch. 3 - Relational ModelBasis Data, Ch. 3 - Relational Model
Basis Data, Ch. 3 - Relational Model
 

Lab 1 4-5

  • 1. All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 4 Activity 1.4.5: Identifying Top Security Vulnerabilities Learning Objectives Upon completion of this activity, you will be able to: • Use the SANS site to quickly identify Internet security threats. • Explain how threats are organized. • List several recent security vulnerabilities. • Use the SANS links to access other security-related information. Background One of the most popular and trusted sites related to defending against computer and network security threats is SANS. SANS stands for SysAdmin, Audit, Network, Security. SANS contains several components, each a major contributor to information security. For additional information about the SANS site, go to http://www.sans.org/, and select items from the Resources menu. How can a corporate security administrator quickly identify security threats? SANS and the FBI have compiled their list of the top 20 Internet Security Attack Targets at http://www.sans.org/top20/. The list is regularly updated with information formatted by: • Operating Systems—Windows, Unix/Linux, MAC • Applications—Cross-platform, including web, database, Peer-to-Peer, instant messaging, media players, DNS servers, backup software, and management servers • Network Devices—Network infrastructure devices (routers, switches, etc.), VoIP devices • Human Elements—Security policies, human behavior, personnel issues • Special Section—Security issues not related to any of the above categories Scenario This lab will introduce students to computer security issues vulnerabilities. The SANS web site will be used as a tool for threat vulnerability identification, understanding, and defense. This lab must be completed outside of the Cisco lab from a computer with Internet access. Estimated completion time is one hour.
  • 2. CCNA Exploration Network Fundamentals: Living in a Network-Centric World Activity 1.4.5 Identifying Top Security Vulnerabilities All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4 Task 1: Locate the SANS Resources. Step 1: Open the SANS Top 20 List. Using a web browser, go to URL http://www.sans.org. On the resources menu, choose top 20 list, shown in Figure 1. Figure 1. SANS Menu The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics: N1. VoIP Servers and Phones N2. Network and Other Devices Common Configuration Weaknesses Step 2: Click hyperlink N2. Network and Other Devices Common Configuration Weaknesses to jump to this topic. Task 2: Review the SANS Resources. Step 1: Review the contents of N2.2 Common Default Configuration Issues. For example, N.2.2.2 (in January 2007) contains information about threats associated with default accounts and values. A Google search on “wireless router passwords” returns links to multiple sites that publish a list of wireless router default administrator account names and passwords. Failure to change the default password on these devices can lead to compromise and vulnerability by attackers. Step 2: Note the CVE references. The last line under several topics references Common Vulnerability Exposure (CVE). The CVE name is linked to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), sponsored by the Department of Homeland Security (DHS) National Cyber Security Division and US-CERT, which contains information about the vulnerability.
  • 3. CCNA Exploration Network Fundamentals: Living in a Network-Centric World Activity 1.4.5 Identifying Top Security Vulnerabilities All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 4 Task 3: Collect Data. The remainder of this lab walks you through a vulnerability investigation and solution. Step 1: Choose a topic to investigate, and click on an example CVE hyperlink. Note: Because the CVE list changes, the current list may not contain the same vulnerabilities as those in January 2007. The link should open a new web browser connected to http://nvd.nist.gov/ and the vulnerability summary page for the CVE. Step 2: Fill in information about the vulnerability: Original release date: ____________________________ Last revised: ___________________________________ Source: _______________________________________ Overview: ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Under Impact, there are several values. The Common Vulnerability Scoring System (CVSS) severity is displayed and contains a value between 1 and 10. Step 3: Fill in information about the vulnerability impact: CVSS Severity: ________________________ Range: _______________________________ Authentication: _________________________ Impact Type: __________________________ The next heading contains links with information about the vulnerability and possible solutions. Step 4: Using the hyperlinks, write a brief description of the solution as found on those pages. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
  • 4. CCNA Exploration Network Fundamentals: Living in a Network-Centric World Activity 1.4.5 Identifying Top Security Vulnerabilities All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 4 Task 4: Reflection The number of vulnerabilities to computers, networks, and data continues to increase. The governments have dedicated significant resources to coordinating and disseminating information about the vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Think about user habits that create security risks. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Task 5: Challenge Try to identify an organization that will meet with us to explain how vulnerabilities are tracked and solutions applied. Finding an organization willing to do this may be difficult, for security reasons, but will benefits students, who will learn how vulnerability mitigation is accomplished in the world. It will also give representatives of the organization an opportunity to meet the class and conduct informal intern interviews.