SlideShare a Scribd company logo

Running Head WINDOWS AND LINUX 1WINDOWS AND LINUX12.docx

Download as DOCX, PDF
J
jeffsrosalyn

Running Head: WINDOWS AND LINUX 1 WINDOWS AND LINUX 12 Project 2: Operating Systems Vulnerabilities Aisha Tate UMUC August 8, 2019 Hi Aisha I know you submitted this report before the detailed self analysis you did last week. Please go through this checklist. First, work through the lab results, perform the necessary research and complete the SAR report. The PowerPoint presentation is the last item to be completed. Review this checklist and let me know if you have any questions before you start your work. Thanks for your continued efforts. Dr K Student Name: Aisha Tate Date:6-Sep-2019 This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission Project 2: Requires the Following THREE Pieces Areas to Improve 1. Security Assessment Report (including relevant findings from Lab)  Revise 2. Non-Technical Presentation Slides (Narration Not Needed)  Revise 3. Lab Experience Report with Screenshots  Revise 1. Security Assessment Report Defining the OS Brief explanation of operating systems (OS) fundamentals and information systems architectures.  Meets expectations 1. Explain the user's role in an OS.  ???? 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.  Does not meet expectation 3. Describe the embedded OS.  More details needed 4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture.  More details needed Include a brief definition of operating systems and information systems in your SAR. Other outstanding information  Need to find better references/ more details – use tables or graphs OS Vulnerabilities 1. Explain Windows vulnerabilities and Linux vulnerabilities.  ??? 2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.  Research needed 3. Explain the motives and methods for intrusion of MS and Linux operating systems.  ???? 4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems. 5. Describe how and why different corporate and government systems are targets.  Does not meet requirements 6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections Preparing for the Vulnerability Scan 1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems.  Please review project instructionss 2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. 3. Include a description of the applicable tools to be used, limitations, and analysis. 4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS.

Education
1 of 23
Running Head: WINDOWS AND LINUX 1 WINDOWS AND LINUX 12 Project 2: Operating Systems Vulnerabilities Aisha Tate UMUC August 8, 2019 Hi Aisha I know you submitted this report before the detailed self analysis you did last week. Please go through this checklist. First, work through the lab results, perform the necessary research and complete the SAR report. The PowerPoint presentation is the last item to be completed. Review this checklist and let me know if you have any questions before you start your work. Thanks for your continued efforts. Dr K Student Name: Aisha Tate Date:6-Sep-2019 This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission Project 2: Requires the Following THREE Pieces
Areas to Improve 1. Security Assessment Report (including relevant findings from Lab) Revise 2. Non-Technical Presentation Slides (Narration Not Needed) Revise 3. Lab Experience Report with Screenshots Revise 1. Security Assessment Report Defining the OS Brief explanation of operating systems (OS) fundamentals and information systems architectures. Meets expectations 1. Explain the user's role in an OS. ???? 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. Does not meet expectation 3. Describe the embedded OS. More details needed 4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture. More details needed
Include a brief definition of operating systems and information systems in your SAR. Other outstanding information Need to find better references/ more details – use tables or graphs OS Vulnerabilities 1. Explain Windows vulnerabilities and Linux vulnerabilities. ??? 2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. Research needed 3. Explain the motives and methods for intrusion of MS and Linux operating systems. ???? 4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems. 5. Describe how and why different corporate and government systems are targets. Does not meet requirements 6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections Preparing for the Vulnerability Scan
1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Please review project instructionss 2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. 3. Include a description of the applicable tools to be used, limitations, and analysis. 4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS. 5. In your report, discuss the strength of passwords 5a. any Internet Information Services' 5b. administrative vulnerabilities, 5c. SQL server administrative vulnerabilities, 5d. Other security updates and 5e. Management of patches, as they relate to OS vulnerabilities.
Vulnerability Assessment Tools for OS and Applications (Lab) Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA): 1. Determine if Windows administrative vulnerabilities are present. 2. Determine if weak passwords are being used on Windows accounts. 3. Report which security updates are required on each individual system. 4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. Please review and share observations in Lab report – Results
and recommendations in SAR Utilize the OpenVAS tool to complete the following: See note above 1. Determine if Linux vulnerabilities are present. 2. Determine if weak passwords are being used on Linux systems. 3. Determine which security updates are required for the Linux systems. 4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. 5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment 3. Presentation Slides Title Slide Use of Readable Fonts and Color Meets requirements
Summarizes Findings and Recommendations at High Level Update based on your revised SAR report Summarizes Findings and Recommendations at High Level Update based on your revised SAR report Presentation Slides Feedback 4. Lab Experience Report Summarizes the Lab Experience and Findings Use a table to summarize key findings Responds to the Questions Does not meet requirements Provides Screenshots of Key Results Meets requirements Lab Experience Report Feedback Operating Systems An operating system is a collection of software that manages
computer hardware resources and provides standard services for computer programs. Operating systems are the essential software that runs on computers. They manage the computer's memory and processes as well as all the software and hardware activities. It is the OS that allows communication with the network without knowing how to speak the computer language. An operating system must be able to manage system resources, and these include CPU scheduling, Process management, Memory management, Input/output device management, Storage device management (hard disks, CD/DVD drives, etc.), File System Management (Silberschatz, Gagne & Galvin, 2018). Examples of operating systems include Windows OS, which is the most widely used over 90% of the world's computer systems. Another category of the operating system is the Mac OS X, an operating system used for Macintosh computers such as the Mac Book Pro laptop series. Although IBM PCs, which are Windows and Mac Computers, are not directly compatible, it’s possible to use virtualization t run one operating system on an incompatible computer. UNIX is a command-line interface OS developed for large machines and networks. Notably, Linux, last generation of UNIX, is a free, open-source operating system that most computers support (Silberschatz, Gagne & Galvin, 2018). Lastly, most electronic devices use an operating system to manage their physical components and enhance the development of applications for use in such instruments. An embedded (particular purpose) operating system is one that is correctly configured for a specific operating system. Implicitly, the operating systems are designed for specific tasks, and they perform them efficiently. Embedded operating systems are also called real-time operating system (RTOS). Examples of the specific-purpose operating system include Apple iOS, Google Android, Symbian, Blackberry, Palm, and Windows Mobile operating systems used for personal digital assistants (PDAs) and mobile phones. Applications are types of software's that help a computer user to
perform specific tasks. Applications designed for desktops or laptops are called desktop applications, while those designed for mobile devices are called mobile apps (Silberschatz, Gagne & Galvin, 2018). When a user opens an app, it runs inside the operating system until it is closed. Often, a user runs more than a single app, which is commonly known as multitasking. Kernel refers to the core part in the operating system which manages system resources. Notably, kernel acts as the bridge between the application and hardware of the computer. Therefore, kernel applications of the OS are applications that relate to the management of the system resources and computer hardware. On the other hand, user applications are applications that the user (either organizations or individual) installs for specific purposes (Silberschatz, Gagne & Galvin, 2018). For instance, user applications include word processors, database programs, web browsers, and communications platforms. Lastly, information system refers to the software that helps organize and analyze data. The fundamental purpose of the information system is to convert raw data into useful information for enhanced decision making in the organization. The four major types of information systems are transaction processing system (TPS), decision support system (DSS), management information system (MIS), and executive support system (ESS) (Silberschatz, Gagne & Galvin, 2018). Cloud computing has changed how the MIS services providers and their employees conduct business activities. Cloud computing refers to the practice of using networks of remote servers hosted on the internet to store, manage, and process data into useful information for optimal decision making. Notably, a cloud operating system manages the operation, execution, and processes of virtual machines, servers, and infrastructures as well as backend software and hardware resources. Implicitly, a cloud operating system is used to enhance information systems agility in an organization and eradicate the need for local servers and personal computers.
Vulnerabilities and intrusions Windows Vulnerabilities Blue Keep is a vulnerability that exists in various versions of Windows Operating system, including both the 32-bit and 64-bit versions and service packs. The versions include Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 (Jajodia, 2010). Blue Keep exists within the Remote Desktop Protocol (RDP) in the above versions of Ms. Windows's operating systems. Attackers can exploit BlueKeep to perform remote code execution on any system that is not protected. This can happen when the attacker sends specially crafted packets to one of the Operating System that has RDP enabled within it. Some of the activities that attacker may perform are adding accounts with full user rights; viewing, changing, and deleting data, and installing programs. The Cybersecurity and Infrastructure Security Agency encourage users and administrators to review security guidelines and install available measures as soon as possible (Jajodia, 2010).????? Additional research/Information? Linux Vulnerabilities One of the most common vulnerability is CVE-2017-18017, Linux Kernel Netfilter: xt_TCPMSS,which sits on the Linux kernel and helps filter network communication by defining the maximum segment size that permits TCP headers. When an attacker exploits this vulnerability, they send communications floods and throw the system offline in denial of service attack. Another vulnerability is CVE-2017-18202, which lies in the mm/oom_kill.c file. This file is useful in killing a process when memory is low. Vulnerability versions of the file can lead to mishandling of operations as well as opening doors for denial of service (DoS) attacks. (Just two vulnerabilities? Please research this topic) Mac OS and Mobile Device Vulnerabilities First, Denial of Service (DoS) vulnerability exists within the
Apple or Android operating systems. The underlying purpose of this attack is to make software resources unavailable for the tasks it has been designed. DoS vulnerabilities are highest in iOS than in Android operating systems. (Jajodia, 2010) Secondly, a bypass something vulnerability makes a given mobile device vulnerable to a third party evading protection layer established by the user or the administrator. Both Apple and Android are focused on limiting the vulnerabilities that allow hackers to bypass the security process (breach security protocol) (Jajodia, 2010).???? Furthermore, code execution is a type of security flaw which allows hackers to bypass authentication and run any code. It can be triggered remotely and can be used in various scenarios. Consequently, the attack can happen without the knowledge of the user. Data theft is another vulnerability of Mac OS and Mobile devices. Recently, the security firm. F-Secure unveiled dangerous firmware exploit that affected almost all Mac and Windows devices. This vulnerability could lead to data theft, and even left Macs with FileVault turned on susceptible (Jajodia, 2010). Lastly, memory corruption vulnerability is a programming error in the operating system, which makes the memory of the device susceptible to hacker's exploitation. The weakness lies in the memory location of the invention. An attack occurs when the code is modified, violating the safety of the information stored in the memory (Jajodia, 2010). Microsoft and Linus OS intrusion Intrusion, by definition, is to comprise an operating system by breaching the security of such system. The act of intruding or slightly gaining unauthorized access to the OS leaves traces that can be detected by the intrusion detection system. Intruders use various methods to gain access to operating systems by breaching security. One of them is physically breaking through and robbing away the operating systems from the owner. Physical intrusion is frequent when the OS is installed in a
device that can easily be stolen (Munson & Elbaum, 2004).???? Asymmetric routing is another method of intruding the operating system. The attackers utilize more than a single route to the target device consisting of the desired OS. The idea of this method is to have an overall attack evade detection by bypassing specific security codes. Any OS devices that are not set up for asymmetric routing are impervious to this kind of intrusion. Additionally, buffer overflow attack is an approach which overwrites specific sections of memory and replaces standard data with commands which, when executed attacks the operating system. In other words, it's "a popular class of attacks strategically overburdens that buffer, so the data "overflows" into other parts of the memory" (Newman, 2019). Often, the goal for this intrusion is to initiate a denial of service (DoS) situation. Although, averting an overflow may sound simple, the practice itself has proven to be a daunting task to achieve, hence the continuous appearance of the buffer overflow attacks. This problem recurs due to there being no generic mechanism in use across languages in use what can perfectly specify such capacity (Piromsopa & Enbody, 2011)???? Security awareness technologies and system attack targets???? What does this graphic mean? The intrusion detection system ranges from antivirus to hierarchical models which checks the traffic of the network. This can be best described as a network intrusion detection systems and host-based detection systems. The system is critical as it helps in the analysis of the traffic that enters the market. The IDS is classified as signature-based and anomaly-based detection. A section of the intrusion detection system can detect intrusions (Wilson & Hash, 2003). The intrusion prevention system is a network to prevention technology that determines the traffic, detects and prevents vulnerability issues. The exploits come in the form of uncertain applications that are objective to attackers and use it to
punctuate or acquire control of a device. When the exploit has been successful, the attacker can disable the target application or can obtain potential access to the rights of the target applications (Munson & Elbaum, 2004). Corporate and government systems are the one that faces significant threats (Baccass et al., 2011). This can be attributed to their notable high level of information that is of interest to several people, notably politicians, rival companies, countries, and groups. Additionally, this information is of high value, and when they are sold to interested parties, they can fetch high levels of income. Types of Intrusions An SQL injection is an explosion where the attacker can include the SQL code to the Webform input to acquire access to the resources. It is linked to an attack where the end-user enters a system and places special characters and used to corrupt data. XML injection is an attack that is applied to control or harm the logic XML application. The infusion can undertake alteration of logic. It can lead to the placing of harmful content. The SMTP injection attacks the mail server in a way that would be made possible without the use of the internet (Munson & Elbaum, 2004). Vulnerability Results The following vulnerabilities were identified during the lab: · There are several Windows administrative vulnerabilities on the host scanned. · The following administrative vulnerabilities were found: · Developer tools, runtimes, and redistributables are missing security updates · There were multiple Linux vulnerabilities detected · Weak encryption and ciphers · Accounts have passwords with no expiration · Accounts have blank or weak passwords · Multiple administrators on a computer Vulnerability Scanning and Security Assessment Report Considering the organization utilizes several advanced
technological systems, the majority of the security processes and strategies can't guarantee that the system is protected from attack. However, the routers help secure the gateway to the internet while firewalls secure the network. This is dependent on the abilities of the staff, the ability to patch as well as keeping vigilance on the web. Notable from the company systems, the networks are not well protected from risks that may arise????. This can be attributed to poor security and inadequate data protection from the third party. The passwords used are weak and irregular system updates. The Linux OS was not found to comprise of any dangers when it came to the virus. However, there is a need to consider reliable password protection against the third party. The Microsoft Baseline Security Analyzer can scan several computer software. This is effective because it saves time. Those that have a green check are stated to be secure. It is also a useful security feature in that it makes sure that the IE and IIS server is set in the best way. The system is easy to run and offers stable security features. It is the best way to keep Microsoft windows features updated. Its essential asset is the capacity to go above the OS to ferret gaps in several applications. The OpenVas is the mode of analysis of several services and tools by giving information on the level of vulnerability (Baccass et al., 2011). Similar to the MBSA, it is a system that is easy and reliable for the users. MBSA is the best tool for system analysis and threat detection (Wilson & Hash, 2003). The system, though with notable challenges, has proved to be effective. It allows frequent security updates as well as focusing on several machines at a go hence saving time. Notably, risks, as noted from the paper, arise from inferior password protection methods, unlimited access to sensitive data in the company, and failing to update system security mechanisms. This can be resolved by keeping the systems up to date, restricting access to sensitive data, and use of strong passwords as well as the use of antivirus. Eventually, it will help in managing the threats in the company.
Operating systems are the center and nerve system of which businesses and applications process run off. The role that operating systems take on is to control hardware resources within a computer system and are vulnerable to attacks in which there is missing improper security controls and user account controls. Due to the popularity of the Windows operating system, it is the most susceptible to attacks in business and home users. The vulnerability scans are only one way of reducing attacks on a system, and vulnerability assessments require discovery, planning an attack, and reporting to mitigate risk. By utilizing free tools such as Microsoft Baseline Security Analyzer and Open VAS, such vulnerabilities can be identified early on, and remediation can take place. (Table of key observations, analysis and recommendations?) References Baccass, P. et al. (2011). OS X Exploits and Defense: Own it...Just like Windows or Linux! New York: Syngress. Jajodia, S., (2010). Cyber Situational Awareness Issues and Research (pp. 139-154). Springer, Boston, MA. Munson, J. C., & Elbaum, S. G. (2004). U.S. Patent No. 6,681,331. Washington, DC: U.S. Patent and Trademark Office. Newman, L. H. (2019, May 14). How Hackers Broke WhatsApp With Just a Phone Call. Retrieved from https://www.wired.com/story/whatsapp-hack-phone-call-voip- buffer-overflow/ Piromsopa, K., & Enbody, R. J. (2011). Survey of Protections from Buffer-Overflow Attacks. Engineering Journal, 15(2), 31– 52. doi: 10.4186/ej.2011.15.2.31 Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating system concepts. Wiley. Wilson, M., & Hash, J. (2003). Building an information
technology security awareness and training program. NIST Special publication, 800(50), 1-39. PSYC 354 Discussion Board Forum Instructions You are required to create a thread in response to the provided prompt for each forum. Each thread must be at least 300 words and demonstrate course-related knowledge. In addition to the thread, you must reply to 2 other classmates’ threads. Each reply must be at least 150 words. The Post First feature has been activated in the Discussion Board Forums for this course. You will need to post your thread before you will be able to view and reply to other students’ threads. Submit each thread by 11:59 p.m. (ET) on Friday of the assigned module/week. Submit your replies by 11:59 p.m. (ET) on Monday of the same module/week. Criteria Levels of Achievement Content 70% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Thread: Content 16 to 18 points
The initial thread meets or exceeds content requirements: The thread is in the form of a professional letter, and all key components of the Discussion Board Forum prompt are answered in the thread. Major points are supported by all of the following: · Thread communicates refusal to participate in data manipulation · Pertinent examples (conceptual and/or personal), including possible consequences of data manipulation; · Thoughtful analysis (considering assumptions, analyzing implications); · References both APA and ASA ethical guidelines in current APA format; and · Integration of at least 1 Biblical scripture and its application in context. The thread is at least 300 words. 13 to 15 points The initial thread meets most of the content requirements: The thread is in the form of a professional letter, and all key components of the Discussion Board Forum prompt are answered in the thread. Major points are supported by all of the following: · Thread communicates refusal to participate in data manipulation · Pertinent examples (conceptual and/or personal), including possible consequences of data manipulation; · Thoughtful analysis (considering assumptions, analyzing implications); · References both APA and ASA ethical guidelines in current APA format; and · Integration of at least 1 Biblical scripture and its application in context. The thread is at least 300 words. 1 to 12 points
The initial thread meets some of the content requirements: The thread is in the form of a professional letter, and all key components of the Discussion Board Forum prompt are answered in the thread. Major points are supported by all of the following: · Thread communicates refusal to participate in data manipulation · Pertinent examples (conceptual and/or personal), including possible consequences of data manipulation; · Thoughtful analysis (considering assumptions, analyzing implications); · References both APA and ASA ethical guidelines in current APA format; and · Integration of at least 1 Biblical scripture and its application in context. The thread is at least 300 words. 0 points Not present Structure 30% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Thread: Grammar and Spelling, APA formatting (30%) 8 points The initial thread meets or exceeds structure requirements: Proper spelling and grammar are used. 6 to 7 points The initial meets most of the requirements: Proper spelling and grammar are used. 1 to 5 points The initial thread meets some of the structure requirements: Proper spelling and grammar are used. 0 points Not present
Criteria Levels of Achievement Content 70% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 1: Content 4 points First reply meets or exceeds content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 3 points First reply meets most of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 1 to 2 points First reply meets some of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback.
Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 0 points Not present Structure 30% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 1: Grammar and Spelling, APA formatting (30%) 3 points First reply meets or exceeds structure requirements: Proper spelling and grammar are used. 2 points First reply meets most of the requirements: Proper spelling and grammar are used. 1 point First reply meets some of the structure requirements: Proper spelling and grammar are used. 0 points Not present Criteria Levels of Achievement Content 70% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 2: Content 4 points
Second reply meets or exceeds content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 3 points Second reply meets most of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 1 to 2 points Second reply meets some of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 0 points Not present Structure 30% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 2: Grammar and Spelling, APA formatting (30%) 3 points
Second reply meets or exceeds structure requirements: Proper spelling and grammar are used. 2 points Second reply most of the requirements: Proper spelling and grammar are used. 1 point Second reply meets some of the structure requirements: Proper spelling and grammar are used. 0 points Not present Project 2: OPERATING SYSTEM VULNERABILITY LAB Microsoft (MS), Baseline Security Analyzer (MBSA), and the Open Vulnerability Assessment System (OpenVAS) operating system (OS) vulnerability (OSV) scanning tools were required to conduct Lab 2. This Lab required the security manager (Sec Mgr) and system administrator (Sys Admin) to use the MBSA and OpenVAS tools to scan for OS vulnerabilities across the company’s network for Windows (Microsoft Office) and LINUX. Screenshots provided displays the process of using both of these tools. While using the tools during this lab, the Security Manager and the System Administrator noted that the MBSA tools were more simplified to use and provided a more detailed list of findings and remediation steps for all types of Microsoft Office (MO) vulnerabilities. It also concluded, that the OpenVAS tool was much more difficult to use due to it requiring the user to have a decent knowledge or understanding of the Linux operating system and commands. Although, the operation was more challenging, the OpenVAS tool provided a more comprehensive list of common vulnerabilities and exposure findings that encompassed all vulnerabilities. This detailed list also includes hyperlinks that explained remediation instructions for the system administrator to use. The Microsoft
Baseline Security Analyzer (MBSA) scan of the network granted the Security Manager and the System Administrator with a list of vulnerabilities. In addition to the notation that the Windows Firewall was disabled without proper authorization. This led to incorrect auditing configurations, Sequel (SQL) Server and Microsoft Server Desktop Engine (MSDE) not being installed, the Internet Information System (IIS) not running on the system, and none of the Microsoft Office products on the system were supported. The OpenVAS scan of the network allowed for the System Administrator and the Security Manager to find numerous encryption vulnerabilities, program errors, and other vulnerabilities. A security scan of the network also determined that more than half of all of the system vulnerabilities were classified as High or Medium. This would mean that these were serious threats to be monitored. The System Administrator and the Security Manager will need to work harmoniously in order to correct the vulnerabilities identified during the OpenVAS and MBSA scans. Both the System Administrator and the Security Manager will need to complete of all scans in order to discuss the different vulnerabilities and discuss remediation procedures. Once this has taken place, both will require the discussion of and provide a list of the vulnerabilities by priority (High to Low) in regards to threat level.

Recommended

Custom Software Development Checklist by Michael Cordova
Custom Software Development Checklist by Michael CordovaCustom Software Development Checklist by Michael Cordova
Custom Software Development Checklist by Michael Cordovahoolikar77
 
Chapter 5.0
Chapter 5.0Chapter 5.0
Chapter 5.0Adebisi Tolulope
 
Fulltext01
Fulltext01Fulltext01
Fulltext01navjeet11
 
Ems
EmsEms
EmsSiva Ram
 
Operating system done_by_ashok
Operating system done_by_ashokOperating system done_by_ashok
Operating system done_by_ashokKinshook Chaturvedi
 
Using Computer-Aided Tools in Information Systems Development
Using Computer-Aided Tools in Information Systems DevelopmentUsing Computer-Aided Tools in Information Systems Development
Using Computer-Aided Tools in Information Systems DevelopmentIJEID :: International Journal of Excellence Innovation and Development
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc csPooja Bhojwani
 
software development and programming languages
software development and programming languages software development and programming languages
software development and programming languages PraShant Kumar
 

Recommended

Custom Software Development Checklist by Michael Cordova
Custom Software Development Checklist by Michael CordovaCustom Software Development Checklist by Michael Cordova
Custom Software Development Checklist by Michael Cordovahoolikar77
 
Chapter 5.0
Chapter 5.0Chapter 5.0
Chapter 5.0Adebisi Tolulope
 
Fulltext01
Fulltext01Fulltext01
Fulltext01navjeet11
 
Ems
EmsEms
EmsSiva Ram
 
Operating system done_by_ashok
Operating system done_by_ashokOperating system done_by_ashok
Operating system done_by_ashokKinshook Chaturvedi
 
Using Computer-Aided Tools in Information Systems Development
Using Computer-Aided Tools in Information Systems DevelopmentUsing Computer-Aided Tools in Information Systems Development
Using Computer-Aided Tools in Information Systems DevelopmentIJEID :: International Journal of Excellence Innovation and Development
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc csPooja Bhojwani
 
software development and programming languages
software development and programming languages software development and programming languages
software development and programming languages PraShant Kumar
 
Operating System Structure Of A Single Large Executable...
Operating System Structure Of A Single Large Executable...Operating System Structure Of A Single Large Executable...
Operating System Structure Of A Single Large Executable...Jennifer Lopez
 
Documentation
DocumentationDocumentation
DocumentationRajesh Seendripu
 
ops300 Project(3)
ops300 Project(3)ops300 Project(3)
ops300 Project(3)trayyoo
 
ops300 Project(4)
ops300 Project(4)ops300 Project(4)
ops300 Project(4)trayyoo
 
System structure
System structureSystem structure
System structureKalyani Patil
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
Office automation system report
Office automation system reportOffice automation system report
Office automation system reportAmit Kulkarni
 
Office automation system report
Office automation system reportOffice automation system report
Office automation system reportAmit Kulkarni
 
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docxPrepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docxharrisonhoward80223
 
Information systems
Information systemsInformation systems
Information systemsProf. Othman Alsalloum
 
Computer system soft ware
Computer system soft wareComputer system soft ware
Computer system soft wareSamuel Igbanogu
 
ISTQB Agile Tester - Agile Test Tools
ISTQB Agile Tester - Agile Test ToolsISTQB Agile Tester - Agile Test Tools
ISTQB Agile Tester - Agile Test ToolsMoataz Nabil
 
Article 1Discussion point Topic Computerized Operating Syst.docx
Article 1Discussion point Topic Computerized Operating Syst.docxArticle 1Discussion point Topic Computerized Operating Syst.docx
Article 1Discussion point Topic Computerized Operating Syst.docxrossskuddershamus
 
Week 10
Week 10Week 10
Week 10adrenal
 
Week 10
Week 10Week 10
Week 10adrenal
 
Computers in management
Computers in managementComputers in management
Computers in managementKinshook Chaturvedi
 
Database project
Database projectDatabase project
Database projectRey Jefferson
 
Lec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptxLec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptxShabanaShafi3
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsMuhammadTalha436
 
Module9-1-Final-Project-ErikWHouse
Module9-1-Final-Project-ErikWHouseModule9-1-Final-Project-ErikWHouse
Module9-1-Final-Project-ErikWHouseErik House
 
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docxProblem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docxjeffsrosalyn
 
Problem 8-2B(a) Journalize the transactions, including explanation.docx
Problem 8-2B(a) Journalize the transactions, including explanation.docxProblem 8-2B(a) Journalize the transactions, including explanation.docx
Problem 8-2B(a) Journalize the transactions, including explanation.docxjeffsrosalyn
 

More Related Content

Similar to Running Head WINDOWS AND LINUX 1WINDOWS AND LINUX12.docx

Operating System Structure Of A Single Large Executable...
Operating System Structure Of A Single Large Executable...Operating System Structure Of A Single Large Executable...
Operating System Structure Of A Single Large Executable...Jennifer Lopez
 
ops300 Project(3)
ops300 Project(3)ops300 Project(3)
ops300 Project(3)trayyoo
 
ops300 Project(4)
ops300 Project(4)ops300 Project(4)
ops300 Project(4)trayyoo
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
Office automation system report
Office automation system reportOffice automation system report
Office automation system reportAmit Kulkarni
 
Office automation system report
Office automation system reportOffice automation system report
Office automation system reportAmit Kulkarni
 
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docxPrepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docxharrisonhoward80223
 
Computer system soft ware
Computer system soft wareComputer system soft ware
Computer system soft wareSamuel Igbanogu
 
ISTQB Agile Tester - Agile Test Tools
ISTQB Agile Tester - Agile Test ToolsISTQB Agile Tester - Agile Test Tools
ISTQB Agile Tester - Agile Test ToolsMoataz Nabil
 
Article 1Discussion point Topic Computerized Operating Syst.docx
Article 1Discussion point Topic Computerized Operating Syst.docxArticle 1Discussion point Topic Computerized Operating Syst.docx
Article 1Discussion point Topic Computerized Operating Syst.docxrossskuddershamus
 
Lec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptxLec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptxShabanaShafi3
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsMuhammadTalha436
 
Module9-1-Final-Project-ErikWHouse
Module9-1-Final-Project-ErikWHouseModule9-1-Final-Project-ErikWHouse
Module9-1-Final-Project-ErikWHouseErik House
 

Similar to Running Head WINDOWS AND LINUX 1WINDOWS AND LINUX12.docx (20)

Operating System Structure Of A Single Large Executable...
Operating System Structure Of A Single Large Executable...Operating System Structure Of A Single Large Executable...
Operating System Structure Of A Single Large Executable...
 
Documentation
DocumentationDocumentation
Documentation
 
ops300 Project(3)
ops300 Project(3)ops300 Project(3)
ops300 Project(3)
 
ops300 Project(4)
ops300 Project(4)ops300 Project(4)
ops300 Project(4)
 
System structure
System structureSystem structure
System structure
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
Office automation system report
Office automation system reportOffice automation system report
Office automation system report
 
Office automation system report
Office automation system reportOffice automation system report
Office automation system report
 
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docxPrepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
Prepared by Dr Jahan Hassan Moderated by Dr Fariza Sabrin.docx
 
Information systems
Information systemsInformation systems
Information systems
 
Computer system soft ware
Computer system soft wareComputer system soft ware
Computer system soft ware
 
ISTQB Agile Tester - Agile Test Tools
ISTQB Agile Tester - Agile Test ToolsISTQB Agile Tester - Agile Test Tools
ISTQB Agile Tester - Agile Test Tools
 
Article 1Discussion point Topic Computerized Operating Syst.docx
Article 1Discussion point Topic Computerized Operating Syst.docxArticle 1Discussion point Topic Computerized Operating Syst.docx
Article 1Discussion point Topic Computerized Operating Syst.docx
 
Week 10
Week 10Week 10
Week 10
 
Week 10
Week 10Week 10
Week 10
 
Computers in management
Computers in managementComputers in management
Computers in management
 
Database project
Database projectDatabase project
Database project
 
Lec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptxLec 01_Linux System Administration (1).pptx
Lec 01_Linux System Administration (1).pptx
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for Exams
 
Module9-1-Final-Project-ErikWHouse
Module9-1-Final-Project-ErikWHouseModule9-1-Final-Project-ErikWHouse
Module9-1-Final-Project-ErikWHouse
 

More from jeffsrosalyn

Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docxProblem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docxjeffsrosalyn
 
Problem 8-2B(a) Journalize the transactions, including explanation.docx
Problem 8-2B(a) Journalize the transactions, including explanation.docxProblem 8-2B(a) Journalize the transactions, including explanation.docx
Problem 8-2B(a) Journalize the transactions, including explanation.docxjeffsrosalyn
 
Problem 14-4AFinancial information for Ernie Bishop Company is pre.docx
Problem 14-4AFinancial information for Ernie Bishop Company is pre.docxProblem 14-4AFinancial information for Ernie Bishop Company is pre.docx
Problem 14-4AFinancial information for Ernie Bishop Company is pre.docxjeffsrosalyn
 
Problem and solution essay  about the difficulties of speaking Engli.docx
Problem and solution essay  about the difficulties of speaking Engli.docxProblem and solution essay  about the difficulties of speaking Engli.docx
Problem and solution essay  about the difficulties of speaking Engli.docxjeffsrosalyn
 
problem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docx
problem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docxproblem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docx
problem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docxjeffsrosalyn
 
Problem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docx
Problem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docxProblem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docx
Problem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docxjeffsrosalyn
 
Problem 1-4A (Part Level Submission)Matt Stiner started a delivery.docx
Problem 1-4A (Part Level Submission)Matt Stiner started a delivery.docxProblem 1-4A (Part Level Submission)Matt Stiner started a delivery.docx
Problem 1-4A (Part Level Submission)Matt Stiner started a delivery.docxjeffsrosalyn
 
PROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docx
PROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docxPROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docx
PROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docxjeffsrosalyn
 
Problem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docx
Problem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docxProblem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docx
Problem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docxjeffsrosalyn
 
Problem 13-6AIrwin Corporation has been authorized to issue 20,80.docx
Problem 13-6AIrwin Corporation has been authorized to issue 20,80.docxProblem 13-6AIrwin Corporation has been authorized to issue 20,80.docx
Problem 13-6AIrwin Corporation has been authorized to issue 20,80.docxjeffsrosalyn
 
Problem 1-2A (Part Level Submission)On August 31, the balance sh.docx
Problem 1-2A (Part Level Submission)On August 31, the balance sh.docxProblem 1-2A (Part Level Submission)On August 31, the balance sh.docx
Problem 1-2A (Part Level Submission)On August 31, the balance sh.docxjeffsrosalyn
 
Problem 1-2A (Part Level Submission)On August 31, the balance shee.docx
Problem 1-2A (Part Level Submission)On August 31, the balance shee.docxProblem 1-2A (Part Level Submission)On August 31, the balance shee.docx
Problem 1-2A (Part Level Submission)On August 31, the balance shee.docxjeffsrosalyn
 
Prior to posting in this discussion, completeThe Parking Garage.docx
Prior to posting in this discussion, completeThe Parking Garage.docxPrior to posting in this discussion, completeThe Parking Garage.docx
Prior to posting in this discussion, completeThe Parking Garage.docxjeffsrosalyn
 
Prior to engaging in this discussion, read Chapters 10 and 11 in y.docx
Prior to engaging in this discussion, read Chapters 10 and 11 in y.docxPrior to engaging in this discussion, read Chapters 10 and 11 in y.docx
Prior to engaging in this discussion, read Chapters 10 and 11 in y.docxjeffsrosalyn
 
Privacy in a Technological AgePrivacy protection is a hot top.docx
Privacy in a Technological AgePrivacy protection is a hot top.docxPrivacy in a Technological AgePrivacy protection is a hot top.docx
Privacy in a Technological AgePrivacy protection is a hot top.docxjeffsrosalyn
 
Privacy Introduction Does the technology today Pene.docx
Privacy Introduction Does the technology today Pene.docxPrivacy Introduction Does the technology today Pene.docx
Privacy Introduction Does the technology today Pene.docxjeffsrosalyn
 
Prisoner rights in America are based largely on the provisions of th.docx
Prisoner rights in America are based largely on the provisions of th.docxPrisoner rights in America are based largely on the provisions of th.docx
Prisoner rights in America are based largely on the provisions of th.docxjeffsrosalyn
 
Principles of Supply and Demanda brief example of supply and deman.docx
Principles of Supply and Demanda brief example of supply and deman.docxPrinciples of Supply and Demanda brief example of supply and deman.docx
Principles of Supply and Demanda brief example of supply and deman.docxjeffsrosalyn
 
Primary Task Response Within the Discussion Board area, write 300.docx
Primary Task Response Within the Discussion Board area, write 300.docxPrimary Task Response Within the Discussion Board area, write 300.docx
Primary Task Response Within the Discussion Board area, write 300.docxjeffsrosalyn
 
Pretend you are a British government official during the time leadin.docx
Pretend you are a British government official during the time leadin.docxPretend you are a British government official during the time leadin.docx
Pretend you are a British government official during the time leadin.docxjeffsrosalyn
 

More from jeffsrosalyn (20)

Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docxProblem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
Problem 7.  Dollars for WaitingJeffrey Swift has been a messenger.docx
 
Problem 8-2B(a) Journalize the transactions, including explanation.docx
Problem 8-2B(a) Journalize the transactions, including explanation.docxProblem 8-2B(a) Journalize the transactions, including explanation.docx
Problem 8-2B(a) Journalize the transactions, including explanation.docx
 
Problem 14-4AFinancial information for Ernie Bishop Company is pre.docx
Problem 14-4AFinancial information for Ernie Bishop Company is pre.docxProblem 14-4AFinancial information for Ernie Bishop Company is pre.docx
Problem 14-4AFinancial information for Ernie Bishop Company is pre.docx
 
Problem and solution essay  about the difficulties of speaking Engli.docx
Problem and solution essay  about the difficulties of speaking Engli.docxProblem and solution essay  about the difficulties of speaking Engli.docx
Problem and solution essay  about the difficulties of speaking Engli.docx
 
problem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docx
problem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docxproblem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docx
problem 8-6 (LO 4) Worksheet, direct and indirect holding, interco.docx
 
Problem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docx
Problem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docxProblem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docx
Problem 4-5ADevine Brown opened Devine’s Carpet Cleaners on March .docx
 
Problem 1-4A (Part Level Submission)Matt Stiner started a delivery.docx
Problem 1-4A (Part Level Submission)Matt Stiner started a delivery.docxProblem 1-4A (Part Level Submission)Matt Stiner started a delivery.docx
Problem 1-4A (Part Level Submission)Matt Stiner started a delivery.docx
 
PROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docx
PROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docxPROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docx
PROBLEM 5-5BPrepare a correct detailed multiple-step income stat.docx
 
Problem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docx
Problem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docxProblem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docx
Problem 12-9ACondensed financial data of Odgers Inc. follow.ODGE.docx
 
Problem 13-6AIrwin Corporation has been authorized to issue 20,80.docx
Problem 13-6AIrwin Corporation has been authorized to issue 20,80.docxProblem 13-6AIrwin Corporation has been authorized to issue 20,80.docx
Problem 13-6AIrwin Corporation has been authorized to issue 20,80.docx
 
Problem 1-2A (Part Level Submission)On August 31, the balance sh.docx
Problem 1-2A (Part Level Submission)On August 31, the balance sh.docxProblem 1-2A (Part Level Submission)On August 31, the balance sh.docx
Problem 1-2A (Part Level Submission)On August 31, the balance sh.docx
 
Problem 1-2A (Part Level Submission)On August 31, the balance shee.docx
Problem 1-2A (Part Level Submission)On August 31, the balance shee.docxProblem 1-2A (Part Level Submission)On August 31, the balance shee.docx
Problem 1-2A (Part Level Submission)On August 31, the balance shee.docx
 
Prior to posting in this discussion, completeThe Parking Garage.docx
Prior to posting in this discussion, completeThe Parking Garage.docxPrior to posting in this discussion, completeThe Parking Garage.docx
Prior to posting in this discussion, completeThe Parking Garage.docx
 
Prior to engaging in this discussion, read Chapters 10 and 11 in y.docx
Prior to engaging in this discussion, read Chapters 10 and 11 in y.docxPrior to engaging in this discussion, read Chapters 10 and 11 in y.docx
Prior to engaging in this discussion, read Chapters 10 and 11 in y.docx
 
Privacy in a Technological AgePrivacy protection is a hot top.docx
Privacy in a Technological AgePrivacy protection is a hot top.docxPrivacy in a Technological AgePrivacy protection is a hot top.docx
Privacy in a Technological AgePrivacy protection is a hot top.docx
 
Privacy Introduction Does the technology today Pene.docx
Privacy Introduction Does the technology today Pene.docxPrivacy Introduction Does the technology today Pene.docx
Privacy Introduction Does the technology today Pene.docx
 
Prisoner rights in America are based largely on the provisions of th.docx
Prisoner rights in America are based largely on the provisions of th.docxPrisoner rights in America are based largely on the provisions of th.docx
Prisoner rights in America are based largely on the provisions of th.docx
 
Principles of Supply and Demanda brief example of supply and deman.docx
Principles of Supply and Demanda brief example of supply and deman.docxPrinciples of Supply and Demanda brief example of supply and deman.docx
Principles of Supply and Demanda brief example of supply and deman.docx
 
Primary Task Response Within the Discussion Board area, write 300.docx
Primary Task Response Within the Discussion Board area, write 300.docxPrimary Task Response Within the Discussion Board area, write 300.docx
Primary Task Response Within the Discussion Board area, write 300.docx
 
Pretend you are a British government official during the time leadin.docx
Pretend you are a British government official during the time leadin.docxPretend you are a British government official during the time leadin.docx
Pretend you are a British government official during the time leadin.docx
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 

Recently uploaded (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 

Running Head WINDOWS AND LINUX 1WINDOWS AND LINUX12.docx

  • 1. Running Head: WINDOWS AND LINUX 1 WINDOWS AND LINUX 12 Project 2: Operating Systems Vulnerabilities Aisha Tate UMUC August 8, 2019 Hi Aisha I know you submitted this report before the detailed self analysis you did last week. Please go through this checklist. First, work through the lab results, perform the necessary research and complete the SAR report. The PowerPoint presentation is the last item to be completed. Review this checklist and let me know if you have any questions before you start your work. Thanks for your continued efforts. Dr K Student Name: Aisha Tate Date:6-Sep-2019 This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission Project 2: Requires the Following THREE Pieces
  • 2. Areas to Improve 1. Security Assessment Report (including relevant findings from Lab) Revise 2. Non-Technical Presentation Slides (Narration Not Needed) Revise 3. Lab Experience Report with Screenshots Revise 1. Security Assessment Report Defining the OS Brief explanation of operating systems (OS) fundamentals and information systems architectures. Meets expectations 1. Explain the user's role in an OS. ???? 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. Does not meet expectation 3. Describe the embedded OS. More details needed 4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture. More details needed
  • 3. Include a brief definition of operating systems and information systems in your SAR. Other outstanding information Need to find better references/ more details – use tables or graphs OS Vulnerabilities 1. Explain Windows vulnerabilities and Linux vulnerabilities. ??? 2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. Research needed 3. Explain the motives and methods for intrusion of MS and Linux operating systems. ???? 4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems. 5. Describe how and why different corporate and government systems are targets. Does not meet requirements 6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections Preparing for the Vulnerability Scan
  • 4. 1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Please review project instructionss 2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. 3. Include a description of the applicable tools to be used, limitations, and analysis. 4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS. 5. In your report, discuss the strength of passwords 5a. any Internet Information Services' 5b. administrative vulnerabilities, 5c. SQL server administrative vulnerabilities, 5d. Other security updates and 5e. Management of patches, as they relate to OS vulnerabilities.
  • 5. Vulnerability Assessment Tools for OS and Applications (Lab) Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA): 1. Determine if Windows administrative vulnerabilities are present. 2. Determine if weak passwords are being used on Windows accounts. 3. Report which security updates are required on each individual system. 4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. Please review and share observations in Lab report – Results
  • 6. and recommendations in SAR Utilize the OpenVAS tool to complete the following: See note above 1. Determine if Linux vulnerabilities are present. 2. Determine if weak passwords are being used on Linux systems. 3. Determine which security updates are required for the Linux systems. 4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. 5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment 3. Presentation Slides Title Slide Use of Readable Fonts and Color Meets requirements
  • 7. Summarizes Findings and Recommendations at High Level Update based on your revised SAR report Summarizes Findings and Recommendations at High Level Update based on your revised SAR report Presentation Slides Feedback 4. Lab Experience Report Summarizes the Lab Experience and Findings Use a table to summarize key findings Responds to the Questions Does not meet requirements Provides Screenshots of Key Results Meets requirements Lab Experience Report Feedback Operating Systems An operating system is a collection of software that manages
  • 8. computer hardware resources and provides standard services for computer programs. Operating systems are the essential software that runs on computers. They manage the computer's memory and processes as well as all the software and hardware activities. It is the OS that allows communication with the network without knowing how to speak the computer language. An operating system must be able to manage system resources, and these include CPU scheduling, Process management, Memory management, Input/output device management, Storage device management (hard disks, CD/DVD drives, etc.), File System Management (Silberschatz, Gagne & Galvin, 2018). Examples of operating systems include Windows OS, which is the most widely used over 90% of the world's computer systems. Another category of the operating system is the Mac OS X, an operating system used for Macintosh computers such as the Mac Book Pro laptop series. Although IBM PCs, which are Windows and Mac Computers, are not directly compatible, it’s possible to use virtualization t run one operating system on an incompatible computer. UNIX is a command-line interface OS developed for large machines and networks. Notably, Linux, last generation of UNIX, is a free, open-source operating system that most computers support (Silberschatz, Gagne & Galvin, 2018). Lastly, most electronic devices use an operating system to manage their physical components and enhance the development of applications for use in such instruments. An embedded (particular purpose) operating system is one that is correctly configured for a specific operating system. Implicitly, the operating systems are designed for specific tasks, and they perform them efficiently. Embedded operating systems are also called real-time operating system (RTOS). Examples of the specific-purpose operating system include Apple iOS, Google Android, Symbian, Blackberry, Palm, and Windows Mobile operating systems used for personal digital assistants (PDAs) and mobile phones. Applications are types of software's that help a computer user to
  • 9. perform specific tasks. Applications designed for desktops or laptops are called desktop applications, while those designed for mobile devices are called mobile apps (Silberschatz, Gagne & Galvin, 2018). When a user opens an app, it runs inside the operating system until it is closed. Often, a user runs more than a single app, which is commonly known as multitasking. Kernel refers to the core part in the operating system which manages system resources. Notably, kernel acts as the bridge between the application and hardware of the computer. Therefore, kernel applications of the OS are applications that relate to the management of the system resources and computer hardware. On the other hand, user applications are applications that the user (either organizations or individual) installs for specific purposes (Silberschatz, Gagne & Galvin, 2018). For instance, user applications include word processors, database programs, web browsers, and communications platforms. Lastly, information system refers to the software that helps organize and analyze data. The fundamental purpose of the information system is to convert raw data into useful information for enhanced decision making in the organization. The four major types of information systems are transaction processing system (TPS), decision support system (DSS), management information system (MIS), and executive support system (ESS) (Silberschatz, Gagne & Galvin, 2018). Cloud computing has changed how the MIS services providers and their employees conduct business activities. Cloud computing refers to the practice of using networks of remote servers hosted on the internet to store, manage, and process data into useful information for optimal decision making. Notably, a cloud operating system manages the operation, execution, and processes of virtual machines, servers, and infrastructures as well as backend software and hardware resources. Implicitly, a cloud operating system is used to enhance information systems agility in an organization and eradicate the need for local servers and personal computers.
  • 10. Vulnerabilities and intrusions Windows Vulnerabilities Blue Keep is a vulnerability that exists in various versions of Windows Operating system, including both the 32-bit and 64-bit versions and service packs. The versions include Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 (Jajodia, 2010). Blue Keep exists within the Remote Desktop Protocol (RDP) in the above versions of Ms. Windows's operating systems. Attackers can exploit BlueKeep to perform remote code execution on any system that is not protected. This can happen when the attacker sends specially crafted packets to one of the Operating System that has RDP enabled within it. Some of the activities that attacker may perform are adding accounts with full user rights; viewing, changing, and deleting data, and installing programs. The Cybersecurity and Infrastructure Security Agency encourage users and administrators to review security guidelines and install available measures as soon as possible (Jajodia, 2010).????? Additional research/Information? Linux Vulnerabilities One of the most common vulnerability is CVE-2017-18017, Linux Kernel Netfilter: xt_TCPMSS,which sits on the Linux kernel and helps filter network communication by defining the maximum segment size that permits TCP headers. When an attacker exploits this vulnerability, they send communications floods and throw the system offline in denial of service attack. Another vulnerability is CVE-2017-18202, which lies in the mm/oom_kill.c file. This file is useful in killing a process when memory is low. Vulnerability versions of the file can lead to mishandling of operations as well as opening doors for denial of service (DoS) attacks. (Just two vulnerabilities? Please research this topic) Mac OS and Mobile Device Vulnerabilities First, Denial of Service (DoS) vulnerability exists within the
  • 11. Apple or Android operating systems. The underlying purpose of this attack is to make software resources unavailable for the tasks it has been designed. DoS vulnerabilities are highest in iOS than in Android operating systems. (Jajodia, 2010) Secondly, a bypass something vulnerability makes a given mobile device vulnerable to a third party evading protection layer established by the user or the administrator. Both Apple and Android are focused on limiting the vulnerabilities that allow hackers to bypass the security process (breach security protocol) (Jajodia, 2010).???? Furthermore, code execution is a type of security flaw which allows hackers to bypass authentication and run any code. It can be triggered remotely and can be used in various scenarios. Consequently, the attack can happen without the knowledge of the user. Data theft is another vulnerability of Mac OS and Mobile devices. Recently, the security firm. F-Secure unveiled dangerous firmware exploit that affected almost all Mac and Windows devices. This vulnerability could lead to data theft, and even left Macs with FileVault turned on susceptible (Jajodia, 2010). Lastly, memory corruption vulnerability is a programming error in the operating system, which makes the memory of the device susceptible to hacker's exploitation. The weakness lies in the memory location of the invention. An attack occurs when the code is modified, violating the safety of the information stored in the memory (Jajodia, 2010). Microsoft and Linus OS intrusion Intrusion, by definition, is to comprise an operating system by breaching the security of such system. The act of intruding or slightly gaining unauthorized access to the OS leaves traces that can be detected by the intrusion detection system. Intruders use various methods to gain access to operating systems by breaching security. One of them is physically breaking through and robbing away the operating systems from the owner. Physical intrusion is frequent when the OS is installed in a
  • 12. device that can easily be stolen (Munson & Elbaum, 2004).???? Asymmetric routing is another method of intruding the operating system. The attackers utilize more than a single route to the target device consisting of the desired OS. The idea of this method is to have an overall attack evade detection by bypassing specific security codes. Any OS devices that are not set up for asymmetric routing are impervious to this kind of intrusion. Additionally, buffer overflow attack is an approach which overwrites specific sections of memory and replaces standard data with commands which, when executed attacks the operating system. In other words, it's "a popular class of attacks strategically overburdens that buffer, so the data "overflows" into other parts of the memory" (Newman, 2019). Often, the goal for this intrusion is to initiate a denial of service (DoS) situation. Although, averting an overflow may sound simple, the practice itself has proven to be a daunting task to achieve, hence the continuous appearance of the buffer overflow attacks. This problem recurs due to there being no generic mechanism in use across languages in use what can perfectly specify such capacity (Piromsopa & Enbody, 2011)???? Security awareness technologies and system attack targets???? What does this graphic mean? The intrusion detection system ranges from antivirus to hierarchical models which checks the traffic of the network. This can be best described as a network intrusion detection systems and host-based detection systems. The system is critical as it helps in the analysis of the traffic that enters the market. The IDS is classified as signature-based and anomaly-based detection. A section of the intrusion detection system can detect intrusions (Wilson & Hash, 2003). The intrusion prevention system is a network to prevention technology that determines the traffic, detects and prevents vulnerability issues. The exploits come in the form of uncertain applications that are objective to attackers and use it to
  • 13. punctuate or acquire control of a device. When the exploit has been successful, the attacker can disable the target application or can obtain potential access to the rights of the target applications (Munson & Elbaum, 2004). Corporate and government systems are the one that faces significant threats (Baccass et al., 2011). This can be attributed to their notable high level of information that is of interest to several people, notably politicians, rival companies, countries, and groups. Additionally, this information is of high value, and when they are sold to interested parties, they can fetch high levels of income. Types of Intrusions An SQL injection is an explosion where the attacker can include the SQL code to the Webform input to acquire access to the resources. It is linked to an attack where the end-user enters a system and places special characters and used to corrupt data. XML injection is an attack that is applied to control or harm the logic XML application. The infusion can undertake alteration of logic. It can lead to the placing of harmful content. The SMTP injection attacks the mail server in a way that would be made possible without the use of the internet (Munson & Elbaum, 2004). Vulnerability Results The following vulnerabilities were identified during the lab: · There are several Windows administrative vulnerabilities on the host scanned. · The following administrative vulnerabilities were found: · Developer tools, runtimes, and redistributables are missing security updates · There were multiple Linux vulnerabilities detected · Weak encryption and ciphers · Accounts have passwords with no expiration · Accounts have blank or weak passwords · Multiple administrators on a computer Vulnerability Scanning and Security Assessment Report Considering the organization utilizes several advanced
  • 14. technological systems, the majority of the security processes and strategies can't guarantee that the system is protected from attack. However, the routers help secure the gateway to the internet while firewalls secure the network. This is dependent on the abilities of the staff, the ability to patch as well as keeping vigilance on the web. Notable from the company systems, the networks are not well protected from risks that may arise????. This can be attributed to poor security and inadequate data protection from the third party. The passwords used are weak and irregular system updates. The Linux OS was not found to comprise of any dangers when it came to the virus. However, there is a need to consider reliable password protection against the third party. The Microsoft Baseline Security Analyzer can scan several computer software. This is effective because it saves time. Those that have a green check are stated to be secure. It is also a useful security feature in that it makes sure that the IE and IIS server is set in the best way. The system is easy to run and offers stable security features. It is the best way to keep Microsoft windows features updated. Its essential asset is the capacity to go above the OS to ferret gaps in several applications. The OpenVas is the mode of analysis of several services and tools by giving information on the level of vulnerability (Baccass et al., 2011). Similar to the MBSA, it is a system that is easy and reliable for the users. MBSA is the best tool for system analysis and threat detection (Wilson & Hash, 2003). The system, though with notable challenges, has proved to be effective. It allows frequent security updates as well as focusing on several machines at a go hence saving time. Notably, risks, as noted from the paper, arise from inferior password protection methods, unlimited access to sensitive data in the company, and failing to update system security mechanisms. This can be resolved by keeping the systems up to date, restricting access to sensitive data, and use of strong passwords as well as the use of antivirus. Eventually, it will help in managing the threats in the company.
  • 15. Operating systems are the center and nerve system of which businesses and applications process run off. The role that operating systems take on is to control hardware resources within a computer system and are vulnerable to attacks in which there is missing improper security controls and user account controls. Due to the popularity of the Windows operating system, it is the most susceptible to attacks in business and home users. The vulnerability scans are only one way of reducing attacks on a system, and vulnerability assessments require discovery, planning an attack, and reporting to mitigate risk. By utilizing free tools such as Microsoft Baseline Security Analyzer and Open VAS, such vulnerabilities can be identified early on, and remediation can take place. (Table of key observations, analysis and recommendations?) References Baccass, P. et al. (2011). OS X Exploits and Defense: Own it...Just like Windows or Linux! New York: Syngress. Jajodia, S., (2010). Cyber Situational Awareness Issues and Research (pp. 139-154). Springer, Boston, MA. Munson, J. C., & Elbaum, S. G. (2004). U.S. Patent No. 6,681,331. Washington, DC: U.S. Patent and Trademark Office. Newman, L. H. (2019, May 14). How Hackers Broke WhatsApp With Just a Phone Call. Retrieved from https://www.wired.com/story/whatsapp-hack-phone-call-voip- buffer-overflow/ Piromsopa, K., & Enbody, R. J. (2011). Survey of Protections from Buffer-Overflow Attacks. Engineering Journal, 15(2), 31– 52. doi: 10.4186/ej.2011.15.2.31 Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating system concepts. Wiley. Wilson, M., & Hash, J. (2003). Building an information
  • 16. technology security awareness and training program. NIST Special publication, 800(50), 1-39. PSYC 354 Discussion Board Forum Instructions You are required to create a thread in response to the provided prompt for each forum. Each thread must be at least 300 words and demonstrate course-related knowledge. In addition to the thread, you must reply to 2 other classmates’ threads. Each reply must be at least 150 words. The Post First feature has been activated in the Discussion Board Forums for this course. You will need to post your thread before you will be able to view and reply to other students’ threads. Submit each thread by 11:59 p.m. (ET) on Friday of the assigned module/week. Submit your replies by 11:59 p.m. (ET) on Monday of the same module/week. Criteria Levels of Achievement Content 70% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Thread: Content 16 to 18 points
  • 17. The initial thread meets or exceeds content requirements: The thread is in the form of a professional letter, and all key components of the Discussion Board Forum prompt are answered in the thread. Major points are supported by all of the following: · Thread communicates refusal to participate in data manipulation · Pertinent examples (conceptual and/or personal), including possible consequences of data manipulation; · Thoughtful analysis (considering assumptions, analyzing implications); · References both APA and ASA ethical guidelines in current APA format; and · Integration of at least 1 Biblical scripture and its application in context. The thread is at least 300 words. 13 to 15 points The initial thread meets most of the content requirements: The thread is in the form of a professional letter, and all key components of the Discussion Board Forum prompt are answered in the thread. Major points are supported by all of the following: · Thread communicates refusal to participate in data manipulation · Pertinent examples (conceptual and/or personal), including possible consequences of data manipulation; · Thoughtful analysis (considering assumptions, analyzing implications); · References both APA and ASA ethical guidelines in current APA format; and · Integration of at least 1 Biblical scripture and its application in context. The thread is at least 300 words. 1 to 12 points
  • 18. The initial thread meets some of the content requirements: The thread is in the form of a professional letter, and all key components of the Discussion Board Forum prompt are answered in the thread. Major points are supported by all of the following: · Thread communicates refusal to participate in data manipulation · Pertinent examples (conceptual and/or personal), including possible consequences of data manipulation; · Thoughtful analysis (considering assumptions, analyzing implications); · References both APA and ASA ethical guidelines in current APA format; and · Integration of at least 1 Biblical scripture and its application in context. The thread is at least 300 words. 0 points Not present Structure 30% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Thread: Grammar and Spelling, APA formatting (30%) 8 points The initial thread meets or exceeds structure requirements: Proper spelling and grammar are used. 6 to 7 points The initial meets most of the requirements: Proper spelling and grammar are used. 1 to 5 points The initial thread meets some of the structure requirements: Proper spelling and grammar are used. 0 points Not present
  • 19. Criteria Levels of Achievement Content 70% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 1: Content 4 points First reply meets or exceeds content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 3 points First reply meets most of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 1 to 2 points First reply meets some of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback.
  • 20. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 0 points Not present Structure 30% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 1: Grammar and Spelling, APA formatting (30%) 3 points First reply meets or exceeds structure requirements: Proper spelling and grammar are used. 2 points First reply meets most of the requirements: Proper spelling and grammar are used. 1 point First reply meets some of the structure requirements: Proper spelling and grammar are used. 0 points Not present Criteria Levels of Achievement Content 70% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 2: Content 4 points
  • 21. Second reply meets or exceeds content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 3 points Second reply meets most of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 1 to 2 points Second reply meets some of the content requirements: Contribution made to discussion with each reply (2) expounding on the thread; and replies are in the form of supervisor feedback. Includes two or more suggestions for improvement on the original thread (letter), AND includes two or more instances of positive feedback related to the topic. Reply is at least 150 words. 0 points Not present Structure 30% Advanced 90-100% Proficient 70-89% Developing 1-69% Not present Reply 2: Grammar and Spelling, APA formatting (30%) 3 points
  • 22. Second reply meets or exceeds structure requirements: Proper spelling and grammar are used. 2 points Second reply most of the requirements: Proper spelling and grammar are used. 1 point Second reply meets some of the structure requirements: Proper spelling and grammar are used. 0 points Not present Project 2: OPERATING SYSTEM VULNERABILITY LAB Microsoft (MS), Baseline Security Analyzer (MBSA), and the Open Vulnerability Assessment System (OpenVAS) operating system (OS) vulnerability (OSV) scanning tools were required to conduct Lab 2. This Lab required the security manager (Sec Mgr) and system administrator (Sys Admin) to use the MBSA and OpenVAS tools to scan for OS vulnerabilities across the company’s network for Windows (Microsoft Office) and LINUX. Screenshots provided displays the process of using both of these tools. While using the tools during this lab, the Security Manager and the System Administrator noted that the MBSA tools were more simplified to use and provided a more detailed list of findings and remediation steps for all types of Microsoft Office (MO) vulnerabilities. It also concluded, that the OpenVAS tool was much more difficult to use due to it requiring the user to have a decent knowledge or understanding of the Linux operating system and commands. Although, the operation was more challenging, the OpenVAS tool provided a more comprehensive list of common vulnerabilities and exposure findings that encompassed all vulnerabilities. This detailed list also includes hyperlinks that explained remediation instructions for the system administrator to use. The Microsoft
  • 23. Baseline Security Analyzer (MBSA) scan of the network granted the Security Manager and the System Administrator with a list of vulnerabilities. In addition to the notation that the Windows Firewall was disabled without proper authorization. This led to incorrect auditing configurations, Sequel (SQL) Server and Microsoft Server Desktop Engine (MSDE) not being installed, the Internet Information System (IIS) not running on the system, and none of the Microsoft Office products on the system were supported. The OpenVAS scan of the network allowed for the System Administrator and the Security Manager to find numerous encryption vulnerabilities, program errors, and other vulnerabilities. A security scan of the network also determined that more than half of all of the system vulnerabilities were classified as High or Medium. This would mean that these were serious threats to be monitored. The System Administrator and the Security Manager will need to work harmoniously in order to correct the vulnerabilities identified during the OpenVAS and MBSA scans. Both the System Administrator and the Security Manager will need to complete of all scans in order to discuss the different vulnerabilities and discuss remediation procedures. Once this has taken place, both will require the discussion of and provide a list of the vulnerabilities by priority (High to Low) in regards to threat level.