SlideShare a Scribd company logo

Part 1 Vulnerability AssessmentNambo FrancisN.docx

Download as DOCX, PDF
D
danhaley45372

Part 1: Vulnerability Assessment Nambo Francis Network Security October 3, 2016 Introduction Every computer network is a target for attack by virtue of being on. It is therefore necessary that every organization understand where it stands on matters of network security. A vulnerability assessment is done to provide an organization with the state of its network components. The assessment also identifies potential points of weakness within the network infrastructure and the extent to which those vulnerabilities could be exploited. While some attacks on an organization can be targeted specifically to it, others could be as a result of a vulnerability that was identified by attackers after scouring for vulnerable networks. Any exploitable vulnerability in a network no matter how small can cause significant damage to the network. This necessitates the vulnerability assessment that should be a regular activity. A vulnerability assessment will enable the organization to rank the gravity of the danger posed by all vulnerabilities and allocate the appropriate resources to its handling. Network Vulnerability Assessment • Network backdoors – a backdoor within a system is an access point whose existence is unknown by a network administrator and users of that system. A backdoor can be implemented on a software running in the network or even to hardware devices that are connected to the network. A hacker then uses that backdoor to access the network and collect data without the knowledge anyone involved with the network. A backdoor can grant the hacker administrator level access privileges and as such their activities within the network can go unnoticed [1]. • Security loopholes in software and hardware components – while the above backdoors are usually created by a hacker, security loopholes are as a result of the manufacturer delivering unpatched components. A piece of software or hardware equipment could have been developed and shipped to users without being checked for those loopholes. These unpatched loopholes can then be exploited by hackers to enter a network [1]. • Distributed denial of service attacks – networks are made to handle a certain amount of requests to function properly. A hacker the above attacks will exploit by presenting the network with a large number of illegitimate requests. In a bid to service these requests, the network resources will be overwhelmed to the point of the network shutting down after failing to do so. This attack will then lock out legitimate users and their requests. [1] • Mobile and non-firm devices – a lot more companies are implementing a program where employees get to bring their devices to work. The firms are also issuing their employees with mobile devices like tablets and smartphones for conducting their tasks. Bringing personal devices to do work on present a potential vulnerability. As these are personal devices, they are secured the same way as other company devices. They could be used .

Education
1 of 16
Part 1: Vulnerability Assessment Nambo Francis Network Security October 3, 2016 Introduction Every computer network is a target for attack by virtue of being on. It is therefore necessary that every organization understand where it stands on matters of network security. A vulnerability assessment is done to provide an organization with the state of its network components. The assessment also identifies potential points of weakness within the network infrastructure and the extent to which those vulnerabilities could be exploited. While some attacks on an organization can be targeted specifically to it, others could be as a result of a vulnerability that was identified by attackers after scouring for vulnerable networks. Any exploitable vulnerability in a network no matter how small can cause significant damage to the network. This necessitates the vulnerability assessment that should be a regular activity. A vulnerability assessment will enable the organization to rank the gravity of the danger posed by all vulnerabilities and allocate the appropriate resources to its handling. Network Vulnerability Assessment • Network backdoors – a backdoor within a system is an access point whose existence is unknown by a network administrator and users of that system. A backdoor can be
implemented on a software running in the network or even to hardware devices that are connected to the network. A hacker then uses that backdoor to access the network and collect data without the knowledge anyone involved with the network. A backdoor can grant the hacker administrator level access privileges and as such their activities within the network can go unnoticed [1]. • Security loopholes in software and hardware components – while the above backdoors are usually created by a hacker, security loopholes are as a result of the manufacturer delivering unpatched components. A piece of software or hardware equipment could have been developed and shipped to users without being checked for those loopholes. These unpatched loopholes can then be exploited by hackers to enter a network [1]. • Distributed denial of service attacks – networks are made to handle a certain amount of requests to function properly. A hacker the above attacks will exploit by presenting the network with a large number of illegitimate requests. In a bid to service these requests, the network resources will be overwhelmed to the point of the network shutting down after failing to do so. This attack will then lock out legitimate users and their requests. [1] • Mobile and non-firm devices – a lot more companies are implementing a program where employees get to bring their devices to work. The firms are also issuing their employees with mobile devices like tablets and smartphones for conducting their tasks. Bringing personal devices to do work on present a potential vulnerability. As these are personal devices, they are secured the same way as other company devices. They could be used to introduce viruses into the network and jeopardize the company’s information. As for company-issued mobile devices, they cannot be secured with the same capabilities as PCs. They have different form factors and also different underlying infrastructure [2]. Given that their use within the workplace is recent, then it means that there isn’t an acceptable method to
secure them. This makes them very vulnerable. • Removable media – just as employees are bringing their mobile devices to work, so are they also bringing removable USB media. This includes thumb drives and external hard disks. Most of these devices are usually used across many computers and this increases the chances of them getting infected with viruses. Allowing these devices with questionable history to be plugged into company computers creates the risk that viruses and other malware might get introduced into the network [2]. • Wireless networks – while wired networks can be physically secured by limiting access to ports, this can’t be said of wireless networks. All that is required is proximity. A hacker with a laptop would only have to be near the company premises to view their wireless network. Unsecured wireless networks can be viewed and access with any Wi-Fi connection. It is also possible that a user on a neighboring network could be able to access the network. This open wireless network then exposes the company’s entire network to not just unauthorized users but malicious ones as well [1]. • Operating system platform – between the Windows operating system from Microsoft and Mac operating system from Apple, it has been found that the latter has lesser chances of being a target for attacks than the former. Windows OS as the dominant and ubiquitous platform makes that hackers will lean more towards developing ways to access the systems. Mac OS devices on the other hand are also developed by Apple and the security implementation is usually far much superior to Windows OS. So, if the company has chosen to use Windows devices, then it has to contend with the fact that it has increased the chances of being a target [1]. • False sense of security in defense in depth – this company will have a firewall, intrusion detection system and anti-virus programs as part of its network security strategy. On the face of it, it is a recommended one as it provides multiple security layers. However, it is important to note that this
strategy is only effective if those different aspects of security are all operating at peak level. Even with all of them present, if they are poorly configured and maintained, they become liabilities instead of assets as they create multiple points of vulnerability for the network [1]. References [1] D. Jacobson and J. Idziorek, Computer security literacy: Staying safe in a digital world. CRC Press, 2016. [2] G. Held, G, Network design: Principles and applications. Boca Raton: Auerbach, 2014. Meg Whitman, former CEO of eBay: Transparency in Business Under Meg Whitman’s leadership, eBay has changed the way the world buys and sells secondhand goods. Before eBay, individual owners of antiques, family heirlooms, used equipment, collector’s curios, etc., would take their items for sale to antique dealers, pawn shops, etc., and hope to get a fair deal. They depended on the dealers to assess their item and tell them what a fair price would be. Unless you were an expert, you would have little idea how much that silver teapot you inherited from your grandmother might be
worth. Even the dealers might be uncertain – how much would someone pay for a picture of Elvis made with dried beans? As Meg Whitman pointed out in her book (with Joan Hamilton, 2010), The Power of Many: Values for Success in Business and Life, eBay added transparency to the buying and selling process. Potential buyers, including professional dealers as well as hobbyists and other nonprofessionals, would have to compete with each other to buy the products. Thus, sellers could be assured that their items would be sold at fair market price regardless of their own knowledge. At the same time, sellers had to be transparent and ethical as well: eBay set up chat rooms where hobbyists could comment on sellers who inaccurately described their products. Pierre Omidyar founded eBay and came up with the basic idea to sell used goods over the Internet. Pierre knew he needed someone with administrative experience to grow eBay from a small start-up with 30 employees to a major corporation. Meg Whitman had
experience as a consultant and as a business executive at major corporations like Disney and Hasbro. Meg left her secure, high-paying executive job to join eBay in part because she liked Pierre’s sense of ethics. Meg stated that it’s a myth that leaders have to be unethical to win and “that great success demands that we give up, or at least fudge, our relationship to what most of us recognize as decent, commonsense values. Honesty. Family. Community. Integrity. Generosity. Courage. Empathy” (Whitman & Hamilton, 2010, p. 5). Meg believed that if they had treated eBay community members (i.e., users) as a resource to be exploited, eBay would never have grown and prospered. Interestingly, Pierre and Meg assumed that “most people are basically good” (Whitman & Hamilton, 2010, p. 28). In other words, they believed that most eBay community members would describe their secondhand products in a fairly accurate and transparent manner and in general would treat each other
ethically. Notice that Pierre and Meg didn’t say that all people are always good. They realized that fraud and theft over the internet occurs, so they created eBay’s Trust & Safety division to monitor the transactions to prevent the selling of counterfeit goods, devious bidding tactics, or other inappropriate behavior. But Meg argued that eBay works because most of their customers are basically honest. She recommended that business leaders be realistic but not cynical. 1. How important is transparency to your interactions with your leaders? 2. Is transparency good for business? Why or why not? 3. Can leaders trust most of their employees and customers to be basically good? Why or why not? 4. How is trust related to leadership? Sources: Naguchi, S. (2011, October 26). Whitman gives $10 million to Teach For America. Retrieved from http://www.mercurynews.com/education/ci_19196351
Whitman, M. & Hamilton, J. (2010). The power of many: Values for success in business and in life [Kindle edition]. New York, NY: Crown Publishers. Part 2: Network System Security Recommendations Introduction For any organization that has embraced technology, data has become an invaluable asset that the organization cannot do without. As with the protection of other tangible assets, the protections provided to data assets should be commensurate with their importance to the organization. An effective information security strategy implements its safeguards after a careful analysis of potential threats and covering the bases as strongly as possible. The vulnerabilities that exist within the network will need to be identified and patched as soon as they are identified. A wide range of security measures will need to be implemented simultaneously within the system. These will include both hardware and software options as well as intensive security training for users of the system. Threat and risk assessment should not be a one-off activity at the installation of the system. Rather, it is continuous process that is cognizant of the evolving nature of information where newer threats are emerging every day. The most secure system then becomes one
whose security strategy is meant to be proactive rather reactive. Network System Security Recommendations An effective firewall is one that will ensure that the traffic that gets through it is one that is safe and only originating from legitimate sources. An intrusion prevention system (IPS) will be required to both detect and prevent any potential threats and stem off attacks. A secure and robust network must have its components well configured if it is to effectively identify and fend off threats. • Configuring the firewall – the firewall will be configured to identify all traffic that can be definitively traced to be within the company. It will have the capabilities to identify any traffic that does not come from within the company and effectively drop it. Hackers targeting a networking will usually attempt to do so by disguising inbound traffic to appear as if from a legitimate source. If data appears to be from a legitimate source, it has higher chances of gaining entry. But this is not always the case. With ingress filtering, a firewall is granted the capabilities of accurately determining whether that particular data is indeed from the source computer it claims to be from. Microsoft provides Windows Firewall for its operating and this will be the one in use for the firm. The firewall has a primary purpose of limiting communication between the network and the internet. However, this can limit functionality as there will be aspects of the network that will require accessing the internet. As such, there will be the need to configure exceptions. A notifications dialog will provide options for total blocking of a program, unblocking and a third option for when the administrator has not yet decided on whether to block or not. For the last option, the program will stay blocked. Under program exceptions, only a few of them will be granted that exception. This should include the web browser and the email client. Any other programs will be blocked from accessing the internet without the permission of the administrator. The scope of the excepted programs will then
be limited to the firm’s network for added protection. All ports should be closed when not in use. Whether under TCP or UDP protocols, the ports to be provided with the exceptions are to be directly specified. The scope for the ports will also be limited to the local network [1]. • Configuring the router – as the gateway for internet traffic to and from the network, it is important that the configurations of the router are as robust as they can be. The web server and the email server will need to be accessed from the internet. This will require that port forwarding be configured first. Router manufacturers deliver them with default IP addresses and login credentials. If this default credentials are not changed by the end users, there is always the chance they could be used by hackers to access the router. As such, they must be changed once the router has been acquired. The security mode of the NETGEAR MR814 router will need to be set to the 64-bit WEP Wi-Fi encryption protocol that should provide adequate security for this network. Also, it is advisable to disable the Universal Plug and Play (UPnp) feature to keep out rogue devices and software. This will ensure only authenticated devices and software access the network. The password to be used should be long and include an alphanumeric and special character combination. Remote management is unnecessary for single premise firm and should be disabled. Permissions and access control should next be implemented to restrict access to the router to only authorized users and control the flow of information. As with other components of the network all activities of the router will be logged and sent to the syslog server [2]. • Setting up Microsoft Server 2012 – a big improvement on the Microsoft Server 2008 version, Microsoft Server 2012 will provide the firm with opportunities for centralized management and deployment of services and functions. The Active Directory will be installed from the server manager console. Access control will be managed under organizational units that will correspond with the firm’s various
departments. Given that employees within the same departments will have close to similarly defined responsibilities, their access to company resources will then be governed under similar privileges. Server virtualization is to be implemented within the Windows Server 2012 environment. This will provide multiple virtual environments that can be used to run separate tasks and also for backing up company data. Virtualization should also do away with instances of application collisions and incompatibility issues within the system. Microsoft Server 2012 provides a system failover option that will ensure that the fail of one section of the system does not jeopardize the entire system. This is achieved by the virtualized systems that take over should any other break down [1]. • Configuring the intrusion prevention system (IPS) – the intrusion prevention should be configured under global settings that will have it that any rogue connections are dropped silently and in the background. Identifying potential threats will be set to spot protocol anomalies, server-side attacks, client- side attacks, operating system level attacks, and targeted malware attacks. By configuring flood protection in protocols like ICMP, and TCP SYN, anti-DOS attacks will be contained effectively. The intrusion prevention system is meant to operate automatically on its own for the most part. This should enable it to work at all times even outside normal business hours. However, it will important that the system regularly provide alerts to the network administrator who will then analyze the extent of the attacks. The alerts will consist of event logs that provide details on the nature of all the potential threats. The administrator will then be able to implement any measures to meet any emerging threats. Implemented on the perimeter of the system, the intrusion prevention system (IPS) will be able to monitor every communication in the system and identify the threats [3]. Addressing Identified Vulnerabilities • Network backdoors – regular scanning and a network
discovery tool will be needed to find any rogue access points within the network. Each and every device and software deployed within the network will require to be mapped and a baseline for their operations established. A network discovery tool should do this even without the input of the network administrator [3]. • Mobile and personal devices – should an employee wish to use their device for work responsibilities, they should be required to submit the device to the IT team who then go ahead and check its security features. Only after it is deemed secure will the user be allowed. As for company-issued mobile devices, an encryption program should be installed on all devices to secure not just the communication in and out of the device, but also the data stored within the device. There should be also for conditions placed by the firm on the use of the devices [3]. An example would be the requirement that employees only use the devices for company work only and not personal. They should also be regularly submitted to the IT team for inspections. • Removable media – there should be a company-wide rule that no personal devices should attached to company computers. This regulation should work for the most. However, just in case, an up-to-date anti-virus program should be installed within the network to prevent any malware from infecting the network [3]. • Distributed denial of service (DDoS) attacks - these attacks are meant to push a system to its breaking point. To prevent the adverse impact of such attacks, the firm should conduct regular stress tests on its system to gauge its resilience. These tests will provide answers on how far the system can go under stress without breaking down. Any improvements on the system can then be done on the basis of the results [4]. • Security loopholes – for software and hardware that has been delivered by their manufacturers with loopholes in them, they should be swiftly patched. These patches are usually provided by the manufacturer after the loopholes have been
identified. Also, the company should endeavor to only acquire software and hardware components from vendors that have secure track record [4]. References [1] D. Rountree, Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure. Newnes. 2013. [2] D. Jacobson and J. Idziorek, Computer security literacy: Staying safe in a digital world. CRC Press, 2016. [3] C.F. Endorf, E. Schultz, and J. Mellander, Intrusion detection & prevention. New York: McGraw-Hill/Osborne, 2014. [4] S.C. Huang, D. MacCallum and D. Du, Network security. New York: Springer, 2013. Part 3: Application/End-User Security Recommendations Introduction A robust network security strategy is one that actively involves the entire stakeholders of the system. The network administrator has the responsibility of ensuring that best practices in information security management are implemented throughout the entirety of the system they oversee. Threats to a system exist both within and outside an organization. This necessitates the need for a comprehensive security strategy that can cover all those potential threats. Information security threats are of a dynamic nature and the network administrator should take this consideration to ensure that they are always on top of any
emerging threats. System vulnerabilities should be sought and effectively sealed and this should be a regular task. End User Security Recommendations Best practice in network security will require that the users and the firm abide by the following: • Training and awareness – all employees of the company should have a firm grasp of matters pertaining network security. This will come through the training that should be offered by the company. The training should involve how to spot and identify threats, how to combat them, and how to handle them should they occur. As new threats emerge, the firm will need to create a continuous awareness program to inform its employees on them. • Effective monitoring program – even after training has been done, this is not reason enough to believe employees will adhere to the lessons learnt. As such, the IT personnel should be empowered to conduct random checks on the security behavior of the firm’s employees. This will help in identifying potential weak spots. • Unique user credentials – each and every employee that has been granted use of computer resources should do so with their own unique username and a password that should not be shared with any other user. The password should be complex enough that no one could possibly guess. The user should avoid using passwords from familiar objects or people. A strong password should have a mix of alphanumeric and special characters. For every activity a user does on any computer, they will be required to use their own unique credentials. This should leave an audit that can be followed should there be an incident. • Automatic logoff – it is possible that a user might leave a computer without logging out from their session. This opens the possibility that another user might access resources using the logged in credentials. This could be devastating should the unauthorized have malicious intent and the logged on credentials have advanced permissions. Automatic logoff should be set to happen after a given period of time. This should
especially happen after the end of prescribed business hours. • Regular event log audits – event logs are very important when it comes to monitoring the performance of a given system. They can also be used to spot any anomalies within the system. Event logs collected over a long period of time can establish a baseline of operations for a system. Any deviations from this baseline can then be checked further to identify if they are a threat to the system. (Huang, MacCallum, & Du, 2013). • Least privilege – the principle of least privilege has it that a user should only be granted permissions only to the extent of their job description and responsibilities. This will ensure that no single user has complete or unnecessary control over the system. The network administrator account with power over the entire system should be used sparingly and only when necessary to do so. • Incident reporting procedures – employees should now how they can report a security incident. This could a suspicion of an intruder or even another user’s activity. Whatever reason, users should be provided with a clear cut procedure to make sure these reports reach the right people who can handle them. (Pardoe, & Snyder, 2015). • Anti-malware programs – the entire system should be protected by a regularly updated anti-virus program that can identify and prevent any threats before they get into the system. • Up to date disaster recovery and business continuity plan – even with all the above security measures implemented, there still exists the chance that a security breach event might occur. It is important have a response ready for such an eventuality. A disaster recovery and business continuity plan can go a long way in mitigating the effects of a security breach.
References Huang, S. C.-H., MacCallum, D., & Du, D. (2013). Network security. New York: Springer. Pardoe, T. D., & Snyder, G. F. (2015). Network security. Clifton Park, NY: Thomson/Delmar Learning.

Recommended

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Module 1 Discussion QuestionSearch scholar.google.com for a .docx
Module 1 Discussion QuestionSearch scholar.google.com for a .docxModule 1 Discussion QuestionSearch scholar.google.com for a .docx
Module 1 Discussion QuestionSearch scholar.google.com for a .docxaudeleypearl
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)Elsayed Muhammad
 
VulnerabilityRewardsProgram
VulnerabilityRewardsProgramVulnerabilityRewardsProgram
VulnerabilityRewardsProgramTaha Kachwala
 

Recommended

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Module 1 Discussion QuestionSearch scholar.google.com for a .docx
Module 1 Discussion QuestionSearch scholar.google.com for a .docxModule 1 Discussion QuestionSearch scholar.google.com for a .docx
Module 1 Discussion QuestionSearch scholar.google.com for a .docxaudeleypearl
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)Elsayed Muhammad
 
VulnerabilityRewardsProgram
VulnerabilityRewardsProgramVulnerabilityRewardsProgram
VulnerabilityRewardsProgramTaha Kachwala
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDFBan Selvakumar
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Research Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxResearch Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxaudeleypearl
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)ijccsa
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...ijccsa
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Spyware
SpywareSpyware
SpywareFarheen Naaz
 
Your initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxYour initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxdanhaley45372
 
Your initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxYour initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxdanhaley45372
 
Your initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxYour initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxdanhaley45372
 
Your initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxYour initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxdanhaley45372
 

More Related Content

Similar to Part 1 Vulnerability AssessmentNambo FrancisN.docx

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Research Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxResearch Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxaudeleypearl
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)ijccsa
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...ijccsa
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 

Similar to Part 1 Vulnerability AssessmentNambo FrancisN.docx (18)

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Research Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxResearch Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docx
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.
 
Spyware
SpywareSpyware
Spyware
 

More from danhaley45372

Your initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxYour initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxdanhaley45372
 
Your initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxYour initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxdanhaley45372
 
Your initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxYour initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxdanhaley45372
 
Your initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxYour initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxdanhaley45372
 
Your initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docxYour initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docxdanhaley45372
 
Your essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docxYour essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docxdanhaley45372
 
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docxYour initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docxdanhaley45372
 
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docxYour individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docxdanhaley45372
 
Your HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docxYour HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docxdanhaley45372
 
Your Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docxYour Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docxdanhaley45372
 
Your country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docxYour country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docxdanhaley45372
 
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docxYour have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docxdanhaley45372
 
Your group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docxYour group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docxdanhaley45372
 
Your contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docxYour contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docxdanhaley45372
 
Your good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docxYour good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docxdanhaley45372
 
Your good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docxYour good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docxdanhaley45372
 
Your goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docxYour goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docxdanhaley45372
 
Your essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docxYour essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docxdanhaley45372
 
Your future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docxYour future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docxdanhaley45372
 
Your friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docxYour friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docxdanhaley45372
 

More from danhaley45372 (20)

Your initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxYour initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docx
 
Your initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxYour initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docx
 
Your initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxYour initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docx
 
Your initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxYour initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docx
 
Your initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docxYour initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docx
 
Your essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docxYour essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docx
 
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docxYour initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docx
 
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docxYour individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
 
Your HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docxYour HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docx
 
Your Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docxYour Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docx
 
Your country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docxYour country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docx
 
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docxYour have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docx
 
Your group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docxYour group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docx
 
Your contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docxYour contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docx
 
Your good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docxYour good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docx
 
Your good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docxYour good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docx
 
Your goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docxYour goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docx
 
Your essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docxYour essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docx
 
Your future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docxYour future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docx
 
Your friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docxYour friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docx
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 

Recently uploaded (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 

Part 1 Vulnerability AssessmentNambo FrancisN.docx

  • 1. Part 1: Vulnerability Assessment Nambo Francis Network Security October 3, 2016 Introduction Every computer network is a target for attack by virtue of being on. It is therefore necessary that every organization understand where it stands on matters of network security. A vulnerability assessment is done to provide an organization with the state of its network components. The assessment also identifies potential points of weakness within the network infrastructure and the extent to which those vulnerabilities could be exploited. While some attacks on an organization can be targeted specifically to it, others could be as a result of a vulnerability that was identified by attackers after scouring for vulnerable networks. Any exploitable vulnerability in a network no matter how small can cause significant damage to the network. This necessitates the vulnerability assessment that should be a regular activity. A vulnerability assessment will enable the organization to rank the gravity of the danger posed by all vulnerabilities and allocate the appropriate resources to its handling. Network Vulnerability Assessment • Network backdoors – a backdoor within a system is an access point whose existence is unknown by a network administrator and users of that system. A backdoor can be
  • 2. implemented on a software running in the network or even to hardware devices that are connected to the network. A hacker then uses that backdoor to access the network and collect data without the knowledge anyone involved with the network. A backdoor can grant the hacker administrator level access privileges and as such their activities within the network can go unnoticed [1]. • Security loopholes in software and hardware components – while the above backdoors are usually created by a hacker, security loopholes are as a result of the manufacturer delivering unpatched components. A piece of software or hardware equipment could have been developed and shipped to users without being checked for those loopholes. These unpatched loopholes can then be exploited by hackers to enter a network [1]. • Distributed denial of service attacks – networks are made to handle a certain amount of requests to function properly. A hacker the above attacks will exploit by presenting the network with a large number of illegitimate requests. In a bid to service these requests, the network resources will be overwhelmed to the point of the network shutting down after failing to do so. This attack will then lock out legitimate users and their requests. [1] • Mobile and non-firm devices – a lot more companies are implementing a program where employees get to bring their devices to work. The firms are also issuing their employees with mobile devices like tablets and smartphones for conducting their tasks. Bringing personal devices to do work on present a potential vulnerability. As these are personal devices, they are secured the same way as other company devices. They could be used to introduce viruses into the network and jeopardize the company’s information. As for company-issued mobile devices, they cannot be secured with the same capabilities as PCs. They have different form factors and also different underlying infrastructure [2]. Given that their use within the workplace is recent, then it means that there isn’t an acceptable method to
  • 3. secure them. This makes them very vulnerable. • Removable media – just as employees are bringing their mobile devices to work, so are they also bringing removable USB media. This includes thumb drives and external hard disks. Most of these devices are usually used across many computers and this increases the chances of them getting infected with viruses. Allowing these devices with questionable history to be plugged into company computers creates the risk that viruses and other malware might get introduced into the network [2]. • Wireless networks – while wired networks can be physically secured by limiting access to ports, this can’t be said of wireless networks. All that is required is proximity. A hacker with a laptop would only have to be near the company premises to view their wireless network. Unsecured wireless networks can be viewed and access with any Wi-Fi connection. It is also possible that a user on a neighboring network could be able to access the network. This open wireless network then exposes the company’s entire network to not just unauthorized users but malicious ones as well [1]. • Operating system platform – between the Windows operating system from Microsoft and Mac operating system from Apple, it has been found that the latter has lesser chances of being a target for attacks than the former. Windows OS as the dominant and ubiquitous platform makes that hackers will lean more towards developing ways to access the systems. Mac OS devices on the other hand are also developed by Apple and the security implementation is usually far much superior to Windows OS. So, if the company has chosen to use Windows devices, then it has to contend with the fact that it has increased the chances of being a target [1]. • False sense of security in defense in depth – this company will have a firewall, intrusion detection system and anti-virus programs as part of its network security strategy. On the face of it, it is a recommended one as it provides multiple security layers. However, it is important to note that this
  • 4. strategy is only effective if those different aspects of security are all operating at peak level. Even with all of them present, if they are poorly configured and maintained, they become liabilities instead of assets as they create multiple points of vulnerability for the network [1]. References [1] D. Jacobson and J. Idziorek, Computer security literacy: Staying safe in a digital world. CRC Press, 2016. [2] G. Held, G, Network design: Principles and applications. Boca Raton: Auerbach, 2014. Meg Whitman, former CEO of eBay: Transparency in Business Under Meg Whitman’s leadership, eBay has changed the way the world buys and sells secondhand goods. Before eBay, individual owners of antiques, family heirlooms, used equipment, collector’s curios, etc., would take their items for sale to antique dealers, pawn shops, etc., and hope to get a fair deal. They depended on the dealers to assess their item and tell them what a fair price would be. Unless you were an expert, you would have little idea how much that silver teapot you inherited from your grandmother might be
  • 5. worth. Even the dealers might be uncertain – how much would someone pay for a picture of Elvis made with dried beans? As Meg Whitman pointed out in her book (with Joan Hamilton, 2010), The Power of Many: Values for Success in Business and Life, eBay added transparency to the buying and selling process. Potential buyers, including professional dealers as well as hobbyists and other nonprofessionals, would have to compete with each other to buy the products. Thus, sellers could be assured that their items would be sold at fair market price regardless of their own knowledge. At the same time, sellers had to be transparent and ethical as well: eBay set up chat rooms where hobbyists could comment on sellers who inaccurately described their products. Pierre Omidyar founded eBay and came up with the basic idea to sell used goods over the Internet. Pierre knew he needed someone with administrative experience to grow eBay from a small start-up with 30 employees to a major corporation. Meg Whitman had
  • 6. experience as a consultant and as a business executive at major corporations like Disney and Hasbro. Meg left her secure, high-paying executive job to join eBay in part because she liked Pierre’s sense of ethics. Meg stated that it’s a myth that leaders have to be unethical to win and “that great success demands that we give up, or at least fudge, our relationship to what most of us recognize as decent, commonsense values. Honesty. Family. Community. Integrity. Generosity. Courage. Empathy” (Whitman & Hamilton, 2010, p. 5). Meg believed that if they had treated eBay community members (i.e., users) as a resource to be exploited, eBay would never have grown and prospered. Interestingly, Pierre and Meg assumed that “most people are basically good” (Whitman & Hamilton, 2010, p. 28). In other words, they believed that most eBay community members would describe their secondhand products in a fairly accurate and transparent manner and in general would treat each other
  • 7. ethically. Notice that Pierre and Meg didn’t say that all people are always good. They realized that fraud and theft over the internet occurs, so they created eBay’s Trust & Safety division to monitor the transactions to prevent the selling of counterfeit goods, devious bidding tactics, or other inappropriate behavior. But Meg argued that eBay works because most of their customers are basically honest. She recommended that business leaders be realistic but not cynical. 1. How important is transparency to your interactions with your leaders? 2. Is transparency good for business? Why or why not? 3. Can leaders trust most of their employees and customers to be basically good? Why or why not? 4. How is trust related to leadership? Sources: Naguchi, S. (2011, October 26). Whitman gives $10 million to Teach For America. Retrieved from http://www.mercurynews.com/education/ci_19196351
  • 8. Whitman, M. & Hamilton, J. (2010). The power of many: Values for success in business and in life [Kindle edition]. New York, NY: Crown Publishers. Part 2: Network System Security Recommendations Introduction For any organization that has embraced technology, data has become an invaluable asset that the organization cannot do without. As with the protection of other tangible assets, the protections provided to data assets should be commensurate with their importance to the organization. An effective information security strategy implements its safeguards after a careful analysis of potential threats and covering the bases as strongly as possible. The vulnerabilities that exist within the network will need to be identified and patched as soon as they are identified. A wide range of security measures will need to be implemented simultaneously within the system. These will include both hardware and software options as well as intensive security training for users of the system. Threat and risk assessment should not be a one-off activity at the installation of the system. Rather, it is continuous process that is cognizant of the evolving nature of information where newer threats are emerging every day. The most secure system then becomes one
  • 9. whose security strategy is meant to be proactive rather reactive. Network System Security Recommendations An effective firewall is one that will ensure that the traffic that gets through it is one that is safe and only originating from legitimate sources. An intrusion prevention system (IPS) will be required to both detect and prevent any potential threats and stem off attacks. A secure and robust network must have its components well configured if it is to effectively identify and fend off threats. • Configuring the firewall – the firewall will be configured to identify all traffic that can be definitively traced to be within the company. It will have the capabilities to identify any traffic that does not come from within the company and effectively drop it. Hackers targeting a networking will usually attempt to do so by disguising inbound traffic to appear as if from a legitimate source. If data appears to be from a legitimate source, it has higher chances of gaining entry. But this is not always the case. With ingress filtering, a firewall is granted the capabilities of accurately determining whether that particular data is indeed from the source computer it claims to be from. Microsoft provides Windows Firewall for its operating and this will be the one in use for the firm. The firewall has a primary purpose of limiting communication between the network and the internet. However, this can limit functionality as there will be aspects of the network that will require accessing the internet. As such, there will be the need to configure exceptions. A notifications dialog will provide options for total blocking of a program, unblocking and a third option for when the administrator has not yet decided on whether to block or not. For the last option, the program will stay blocked. Under program exceptions, only a few of them will be granted that exception. This should include the web browser and the email client. Any other programs will be blocked from accessing the internet without the permission of the administrator. The scope of the excepted programs will then
  • 10. be limited to the firm’s network for added protection. All ports should be closed when not in use. Whether under TCP or UDP protocols, the ports to be provided with the exceptions are to be directly specified. The scope for the ports will also be limited to the local network [1]. • Configuring the router – as the gateway for internet traffic to and from the network, it is important that the configurations of the router are as robust as they can be. The web server and the email server will need to be accessed from the internet. This will require that port forwarding be configured first. Router manufacturers deliver them with default IP addresses and login credentials. If this default credentials are not changed by the end users, there is always the chance they could be used by hackers to access the router. As such, they must be changed once the router has been acquired. The security mode of the NETGEAR MR814 router will need to be set to the 64-bit WEP Wi-Fi encryption protocol that should provide adequate security for this network. Also, it is advisable to disable the Universal Plug and Play (UPnp) feature to keep out rogue devices and software. This will ensure only authenticated devices and software access the network. The password to be used should be long and include an alphanumeric and special character combination. Remote management is unnecessary for single premise firm and should be disabled. Permissions and access control should next be implemented to restrict access to the router to only authorized users and control the flow of information. As with other components of the network all activities of the router will be logged and sent to the syslog server [2]. • Setting up Microsoft Server 2012 – a big improvement on the Microsoft Server 2008 version, Microsoft Server 2012 will provide the firm with opportunities for centralized management and deployment of services and functions. The Active Directory will be installed from the server manager console. Access control will be managed under organizational units that will correspond with the firm’s various
  • 11. departments. Given that employees within the same departments will have close to similarly defined responsibilities, their access to company resources will then be governed under similar privileges. Server virtualization is to be implemented within the Windows Server 2012 environment. This will provide multiple virtual environments that can be used to run separate tasks and also for backing up company data. Virtualization should also do away with instances of application collisions and incompatibility issues within the system. Microsoft Server 2012 provides a system failover option that will ensure that the fail of one section of the system does not jeopardize the entire system. This is achieved by the virtualized systems that take over should any other break down [1]. • Configuring the intrusion prevention system (IPS) – the intrusion prevention should be configured under global settings that will have it that any rogue connections are dropped silently and in the background. Identifying potential threats will be set to spot protocol anomalies, server-side attacks, client- side attacks, operating system level attacks, and targeted malware attacks. By configuring flood protection in protocols like ICMP, and TCP SYN, anti-DOS attacks will be contained effectively. The intrusion prevention system is meant to operate automatically on its own for the most part. This should enable it to work at all times even outside normal business hours. However, it will important that the system regularly provide alerts to the network administrator who will then analyze the extent of the attacks. The alerts will consist of event logs that provide details on the nature of all the potential threats. The administrator will then be able to implement any measures to meet any emerging threats. Implemented on the perimeter of the system, the intrusion prevention system (IPS) will be able to monitor every communication in the system and identify the threats [3]. Addressing Identified Vulnerabilities • Network backdoors – regular scanning and a network
  • 12. discovery tool will be needed to find any rogue access points within the network. Each and every device and software deployed within the network will require to be mapped and a baseline for their operations established. A network discovery tool should do this even without the input of the network administrator [3]. • Mobile and personal devices – should an employee wish to use their device for work responsibilities, they should be required to submit the device to the IT team who then go ahead and check its security features. Only after it is deemed secure will the user be allowed. As for company-issued mobile devices, an encryption program should be installed on all devices to secure not just the communication in and out of the device, but also the data stored within the device. There should be also for conditions placed by the firm on the use of the devices [3]. An example would be the requirement that employees only use the devices for company work only and not personal. They should also be regularly submitted to the IT team for inspections. • Removable media – there should be a company-wide rule that no personal devices should attached to company computers. This regulation should work for the most. However, just in case, an up-to-date anti-virus program should be installed within the network to prevent any malware from infecting the network [3]. • Distributed denial of service (DDoS) attacks - these attacks are meant to push a system to its breaking point. To prevent the adverse impact of such attacks, the firm should conduct regular stress tests on its system to gauge its resilience. These tests will provide answers on how far the system can go under stress without breaking down. Any improvements on the system can then be done on the basis of the results [4]. • Security loopholes – for software and hardware that has been delivered by their manufacturers with loopholes in them, they should be swiftly patched. These patches are usually provided by the manufacturer after the loopholes have been
  • 13. identified. Also, the company should endeavor to only acquire software and hardware components from vendors that have secure track record [4]. References [1] D. Rountree, Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure. Newnes. 2013. [2] D. Jacobson and J. Idziorek, Computer security literacy: Staying safe in a digital world. CRC Press, 2016. [3] C.F. Endorf, E. Schultz, and J. Mellander, Intrusion detection & prevention. New York: McGraw-Hill/Osborne, 2014. [4] S.C. Huang, D. MacCallum and D. Du, Network security. New York: Springer, 2013. Part 3: Application/End-User Security Recommendations Introduction A robust network security strategy is one that actively involves the entire stakeholders of the system. The network administrator has the responsibility of ensuring that best practices in information security management are implemented throughout the entirety of the system they oversee. Threats to a system exist both within and outside an organization. This necessitates the need for a comprehensive security strategy that can cover all those potential threats. Information security threats are of a dynamic nature and the network administrator should take this consideration to ensure that they are always on top of any
  • 14. emerging threats. System vulnerabilities should be sought and effectively sealed and this should be a regular task. End User Security Recommendations Best practice in network security will require that the users and the firm abide by the following: • Training and awareness – all employees of the company should have a firm grasp of matters pertaining network security. This will come through the training that should be offered by the company. The training should involve how to spot and identify threats, how to combat them, and how to handle them should they occur. As new threats emerge, the firm will need to create a continuous awareness program to inform its employees on them. • Effective monitoring program – even after training has been done, this is not reason enough to believe employees will adhere to the lessons learnt. As such, the IT personnel should be empowered to conduct random checks on the security behavior of the firm’s employees. This will help in identifying potential weak spots. • Unique user credentials – each and every employee that has been granted use of computer resources should do so with their own unique username and a password that should not be shared with any other user. The password should be complex enough that no one could possibly guess. The user should avoid using passwords from familiar objects or people. A strong password should have a mix of alphanumeric and special characters. For every activity a user does on any computer, they will be required to use their own unique credentials. This should leave an audit that can be followed should there be an incident. • Automatic logoff – it is possible that a user might leave a computer without logging out from their session. This opens the possibility that another user might access resources using the logged in credentials. This could be devastating should the unauthorized have malicious intent and the logged on credentials have advanced permissions. Automatic logoff should be set to happen after a given period of time. This should
  • 15. especially happen after the end of prescribed business hours. • Regular event log audits – event logs are very important when it comes to monitoring the performance of a given system. They can also be used to spot any anomalies within the system. Event logs collected over a long period of time can establish a baseline of operations for a system. Any deviations from this baseline can then be checked further to identify if they are a threat to the system. (Huang, MacCallum, & Du, 2013). • Least privilege – the principle of least privilege has it that a user should only be granted permissions only to the extent of their job description and responsibilities. This will ensure that no single user has complete or unnecessary control over the system. The network administrator account with power over the entire system should be used sparingly and only when necessary to do so. • Incident reporting procedures – employees should now how they can report a security incident. This could a suspicion of an intruder or even another user’s activity. Whatever reason, users should be provided with a clear cut procedure to make sure these reports reach the right people who can handle them. (Pardoe, & Snyder, 2015). • Anti-malware programs – the entire system should be protected by a regularly updated anti-virus program that can identify and prevent any threats before they get into the system. • Up to date disaster recovery and business continuity plan – even with all the above security measures implemented, there still exists the chance that a security breach event might occur. It is important have a response ready for such an eventuality. A disaster recovery and business continuity plan can go a long way in mitigating the effects of a security breach.
  • 16. References Huang, S. C.-H., MacCallum, D., & Du, D. (2013). Network security. New York: Springer. Pardoe, T. D., & Snyder, G. F. (2015). Network security. Clifton Park, NY: Thomson/Delmar Learning.