1. Security and vulnerability assessment analysis tool - Microsoft Baseline Security Analyzer (MBSA) for Windows OS
Locate and launch MBSA CLI
Check computer for common security misconfigurations
MBSA will automatically select by default to scan WINDOWS VM WINATCK01
While scanning WINDOWS VM WINATCK01
Security Assessment Report
2 Security updates are missing ACTION **Requires immediate installation to protect computer
1 Update roll up is missing ACTION **Obtain and install latest service pack or update roll up by using download link
Administrative Vulnerabilities
More than 2 Administrators were found on the computer, ACTION **Keep number to a minimum because administrators have complete control of the computer.
User accounts have non-expiring passwords ACTION ***Password should be changed regularly to prevent password attacks
Windows firewall disabled and has exceptions configured
Great! Auto logon is disabled (Even if it is configured, provided password is encrypted; not stored as text)
GREAT! Guest account is disabled on the computer.
GREAT! Anonymous access is restricted from the computer
ADMINISTRATIVE SYSTEM INFORMATION DANGER! Logon success and logon failure auditing is not enabled. ACTION ** Enable and turn on auditing for specific events such as logon and logoff to watch for unauthorized access.
3 Shares are present ACTION ** Review list of shares and remove any shares that are not needed.
GREAT! Internet explorer has secure settings for all users.
Following to be included in the SAR
a. Windows administrative vulnerabilities present are that more than 2 Administrators were found on the computer. It is advised to keep minimum number because administrators have complete control of the computer.
b. Windows accounts were found to have non-expiring passwords while passwords should be changed regularly to prevent password attacks. One user account has blank or simple password or could not be analyzed
c. Windows OS has two security updates missing and so requires immediate installation to protect the computer. One update roll up is missing which requires that latest service pack should be obtained and installed or roll up updated using the download link.
2.Security and vulnerability assessment analysis tool – OpenVAS for Linux OS
Using the ifconfig command in Terminal to check the IP Address assigned to your VM Linux machine.
eth0: (device name for Linux Ethernet cards), with IP Address in this example is determined to be 172.21.20.185 The IP address, 127.0.0.1, is the loopback address that points to the localhost, or the computer that applications or commands are being run from. This address will be used to access the OpenVas application on the VM.
Using OpenVAS Web Interface which is running on port number 9392 and can be opened using the Mozilla Firefox browser.
After getting a security exception, on Adding Exception
Scan IP address by typing 127.0.0.1 next to the ‘Start Scan’ button, then click.
...
This document discusses securing Windows networks. It begins with discussing hacker personas and common security mistakes made. It then covers securing Windows networks by discussing system administrator personas, threats like password attacks and remote code execution vulnerabilities, and countermeasures. It also discusses the Microsoft Secure Windows Initiative and staying secure through awareness, vulnerability assessment, and responding to security events. The focus is on implementing security through practices like strong passwords, keeping systems patched, and using tools like the Microsoft Baseline Security Analyzer.
The document discusses security concerns related to hacking Novell Netware networks. It covers common default accounts and passwords in Netware that can be exploited, such as the supervisor account. It also describes various password cracking and hacking tools that can be used to attack Netware systems, such as password crackers, and tools to access password files, spoof logs, and conduct denial of service attacks. Finally, it discusses recommended practices for hardening Netware server settings to help prevent attacks.
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities in Windows systems. It also outlines vulnerabilities in various Microsoft services and protocols like SMB, IIS, and SQL Server. The document concludes with best practices for securing Microsoft systems like regular patching, antivirus software, logging and monitoring, and disabling unused services.
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities related to patches, passwords, and insecure configurations. It also discusses vulnerabilities in Microsoft operating systems, services like IIS and SQL Server, and protocols like SMB/CIFS. The document provides best practices for securing Microsoft systems such as regular patching, antivirus software, logging and monitoring, disabling unused services, and enforcing strong passwords.
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities related to patches, passwords, and insecure configurations. It also discusses vulnerabilities in Microsoft operating systems, services like IIS and SQL Server, and protocols like SMB/CIFS. The document provides best practices for securing Microsoft systems such as regular patching, antivirus software, logging and monitoring, disabling unused services, and enforcing strong passwords.
The document proposes a method called "login authentication multiplexing" to strengthen login authentication security by enforcing multiple authentications rather than a single authentication. It involves placing extra authentication programs after the initial login that must be passed before accessing protected resources. This approach reduces vulnerabilities, allows flexible policies, and prevents damage until all authentications are passed. Practical issues like restricting shell access and remote access programs are also discussed.
The document summarizes security advice for securing Windows networks. It discusses revealing hacker personas including automated attacks, targeted attacks, and the different skill levels of hackers from lame to sophisticated. It then discusses top security mistakes made and demonstrates how to secure Windows networks using features in Windows Server 2003 like group policy templates. Security improvements in Windows XP Service Pack 2 are also summarized, including network protection technologies like Windows Firewall and memory protection with Data Execution Prevention.
Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud.
This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.
This document discusses securing Windows networks. It begins with discussing hacker personas and common security mistakes made. It then covers securing Windows networks by discussing system administrator personas, threats like password attacks and remote code execution vulnerabilities, and countermeasures. It also discusses the Microsoft Secure Windows Initiative and staying secure through awareness, vulnerability assessment, and responding to security events. The focus is on implementing security through practices like strong passwords, keeping systems patched, and using tools like the Microsoft Baseline Security Analyzer.
The document discusses security concerns related to hacking Novell Netware networks. It covers common default accounts and passwords in Netware that can be exploited, such as the supervisor account. It also describes various password cracking and hacking tools that can be used to attack Netware systems, such as password crackers, and tools to access password files, spoof logs, and conduct denial of service attacks. Finally, it discusses recommended practices for hardening Netware server settings to help prevent attacks.
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities in Windows systems. It also outlines vulnerabilities in various Microsoft services and protocols like SMB, IIS, and SQL Server. The document concludes with best practices for securing Microsoft systems like regular patching, antivirus software, logging and monitoring, and disabling unused services.
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities related to patches, passwords, and insecure configurations. It also discusses vulnerabilities in Microsoft operating systems, services like IIS and SQL Server, and protocols like SMB/CIFS. The document provides best practices for securing Microsoft systems such as regular patching, antivirus software, logging and monitoring, disabling unused services, and enforcing strong passwords.
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities related to patches, passwords, and insecure configurations. It also discusses vulnerabilities in Microsoft operating systems, services like IIS and SQL Server, and protocols like SMB/CIFS. The document provides best practices for securing Microsoft systems such as regular patching, antivirus software, logging and monitoring, disabling unused services, and enforcing strong passwords.
The document proposes a method called "login authentication multiplexing" to strengthen login authentication security by enforcing multiple authentications rather than a single authentication. It involves placing extra authentication programs after the initial login that must be passed before accessing protected resources. This approach reduces vulnerabilities, allows flexible policies, and prevents damage until all authentications are passed. Practical issues like restricting shell access and remote access programs are also discussed.
The document summarizes security advice for securing Windows networks. It discusses revealing hacker personas including automated attacks, targeted attacks, and the different skill levels of hackers from lame to sophisticated. It then discusses top security mistakes made and demonstrates how to secure Windows networks using features in Windows Server 2003 like group policy templates. Security improvements in Windows XP Service Pack 2 are also summarized, including network protection technologies like Windows Firewall and memory protection with Data Execution Prevention.
Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud.
This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.
The document discusses the motivation, goals, background, architecture, evaluation plan, and plan of work for a system called the Rapid Recovery System that aims to provide strong protection of user data and rapid recovery from attacks through the use of virtual machine isolation and rollback capabilities. The system would isolate user data and applications into separate virtual machines with strict access controls to prevent malware from compromising data or taking control of the system, and allow quick restoration to previous known-good states. Evaluation of the system would assess its effectiveness against various attack scenarios, performance overhead, and ability to facilitate forensic analysis after attacks.
Neville Varnham discusses various cyber security threats related to PeopleSoft systems. He notes that ransomware schemes now allow technically illiterate criminals to conduct cyber attacks. Password cracking software can crack simple passwords in under a minute. The document also discusses a past university data breach involving PeopleSoft after a student was able to access a database with Social Security numbers. Varnham provides an overview of steps organizations can take to harden their PeopleSoft security, such as enabling encryption, implementing password policies, and ensuring proper logging and auditing.
This document provides a vulnerability assessment report for a network called the Grey Network. It analyzes vulnerabilities found on 3 machines with IP addresses 172.31.106.13, 172.31.106.90, and 172.31.106.196. The report found critical vulnerabilities on all machines from outdated operating systems and software. Specific issues included an unencrypted Telnet server, outdated Apache and OpenSSL versions, and Windows XP past its end of life. Scanning tools like Nmap, Nikto, and Nessus were used to detect these vulnerabilities. The report recommends patching all systems, updating to current versions, and disabling insecure services.
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and "Google hacking" to find sensitive information online.
Kunal - Introduction to backtrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and hacking web servers through techniques like Google hacking.
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Attackers can use these tools along with techniques like ARP poisoning to conduct remote exploits or hack passwords on Windows systems.
The document discusses web application security testing techniques. It covers topics like the difference between web sites and applications, security definitions, vulnerabilities like SQL injection and XSS, defense mechanisms, and tools for security testing like Burp Suite. The agenda includes discussing concepts, designing test cases, and practicing security testing techniques manually and using automated tools.
The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.
This document provides a high-level summary of a course on secure programming. It discusses whether secure programming is more of an art or a science, and describes different software engineering maturity levels. It also briefly outlines several topics that will be covered in the course, including secure design principles, security requirements, software development processes, and the role of cryptography.
This document discusses recommendations to improve defenses against rapid cyberattacks. It begins with a review of how rapid attacks work, then provides specific recommendations in four areas: attack surface reduction, lateral traversal/securing privileged access, business continuity/disaster recovery, and exploit mitigation. Potential blockers to implementing the recommendations are also identified relating to technology, processes, and stakeholder buy-in. Next steps include assigning action items identified in the meeting.
This document discusses vulnerabilities in antivirus software. It begins by noting that over 165 vulnerabilities have been reported in antivirus software in the past 4 years according to the US National Vulnerability Database. It then examines why antivirus software is a target for attackers, including that users have blind faith in it and its error-prone nature in processing many file formats. The document outlines techniques used to find vulnerabilities, including source code audits, reverse engineering, and fuzzing. It also looks at exploiting found vulnerabilities, such as through weak permissions. The overall aim is to raise awareness of security issues in antivirus products.
Will St. Clair: AWS San Francisco Startup Day, 9/7/17
Operations: Security Crash Course & Best Practices! All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
This document contains the answers to exam questions for IT Essentials (ITE v6.0 + v7.0) Chapter 13. It discusses topics related to computer security including asymmetric encryption, hashing algorithms, social engineering, DDoS attacks, Windows features for encrypting files and drives, firewall types, malware types, and security best practices. The answers provided explanations for each multiple choice question to help students learn about common computer security threats and mitigation techniques.
The document discusses conducting four tasks to gain experience with TCP/IP vulnerabilities and attacks. Task 1 involves a TCP SYN flood attack and the SYN cookie countermeasure. Task 2 is a TCP session hijacking attack. Tasks 3 and 4 involve TCP RST attacks against telnet/SSH connections and video streaming applications respectively. The tasks are designed to help understand network security challenges and why defenses are needed by studying past vulnerabilities.
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
Syed Ubaid Ali Jafri Informed Information Security Students how to conduct black box penetration testing if you do not have prior knowledge about the network environment, Few steps and consideration that should be in mind before conducting black box audit
Penetration testing involves assessing an organization's security processes and vulnerabilities by simulating real-world attacks. This is done through methodologies like OSSTMM and standards like CIS guides and ISO 2700x. The goals are to estimate security, gain unauthorized access to systems, and access certain information/data. Approaches include perimeter, wireless, and internal testing from user workstations or network segments. Real attacks aim to hack, while penetration testing is legal and aims to help organizations. Common tools used include Nmap, Metasploit, Cain & Abel, Aircrack, and browser/notepad. Examples demonstrated password cracking, SQL injection exploitation, and privilege escalation in Active Directory. Wireless, social engineering,
Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and
smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on
your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop
working.
Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely
backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of
recovery methods such as incremental backups, decremental backups, differential backups and remote backup.
Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show
that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup
and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster
recovery.
This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and
prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible
solutions as well as preventive mechanisms.
Some of the proposed security measures –
1. Secret login screen
2. Blocking bad boats
3. Changing db. prefixes
4. Protecting configuration files
5. 2 factor security
6. Flight mode in Web Servers
7. Protecting htaccess file itself
8. Detecting vulnerabilities
9. Unauthorized access made to the system checker
However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures
taken to secure web page should not affect the user‟s experience and recovery modules
This document discusses system security and password management. It describes how passwords authenticate users and determine their privileges. For example, in UNIX systems the password is encrypted using DES algorithm with a salt value to prevent duplicates. The document also discusses strategies for strong password selection, such as user education, computer-generated passwords, and reactive/proactive password checking. It provides guidelines for components of a good password. Additionally, it covers operating system hardening techniques like disabling unneeded services/accounts, updating software, and removing unneeded programs/utilities. Specific steps are outlined for securing Windows and UNIX systems.
YThis paper is due Monday, 30 November. You will need to use at leas.docxpaynetawnya
YThis paper is due Monday, 30 November. You will need to use at least ONE primary source, and TWO secondary sources. 12 font, double spaced, New times, 5 pages.
How did the Vikings construct their ships so that they were able to go such long distances? What impact did they have on the areas that they settled?
No plagiarism and No Paraphrasing. Put it on your own words, this is a major and final exam grade, please.
I will only accept on GOOD RATINGS PROFESSORS
.
You have spent a lot of time researching a company. Would you inve.docxpaynetawnya
You have spent a lot of time researching a company. Would you invest in that company? (assume you can afford it). Why or why not? Is another company covered by a classmate preferable?
The company is Lenovo.Co
at least 250 words.
othr company my classmates covered are Walmart, Apple.Inc, Ikea,etc
.
More Related Content
Similar to 1. Security and vulnerability assessment analysis tool - Microsoft.docx
The document discusses the motivation, goals, background, architecture, evaluation plan, and plan of work for a system called the Rapid Recovery System that aims to provide strong protection of user data and rapid recovery from attacks through the use of virtual machine isolation and rollback capabilities. The system would isolate user data and applications into separate virtual machines with strict access controls to prevent malware from compromising data or taking control of the system, and allow quick restoration to previous known-good states. Evaluation of the system would assess its effectiveness against various attack scenarios, performance overhead, and ability to facilitate forensic analysis after attacks.
Neville Varnham discusses various cyber security threats related to PeopleSoft systems. He notes that ransomware schemes now allow technically illiterate criminals to conduct cyber attacks. Password cracking software can crack simple passwords in under a minute. The document also discusses a past university data breach involving PeopleSoft after a student was able to access a database with Social Security numbers. Varnham provides an overview of steps organizations can take to harden their PeopleSoft security, such as enabling encryption, implementing password policies, and ensuring proper logging and auditing.
This document provides a vulnerability assessment report for a network called the Grey Network. It analyzes vulnerabilities found on 3 machines with IP addresses 172.31.106.13, 172.31.106.90, and 172.31.106.196. The report found critical vulnerabilities on all machines from outdated operating systems and software. Specific issues included an unencrypted Telnet server, outdated Apache and OpenSSL versions, and Windows XP past its end of life. Scanning tools like Nmap, Nikto, and Nessus were used to detect these vulnerabilities. The report recommends patching all systems, updating to current versions, and disabling insecure services.
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and "Google hacking" to find sensitive information online.
Kunal - Introduction to backtrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and hacking web servers through techniques like Google hacking.
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Attackers can use these tools along with techniques like ARP poisoning to conduct remote exploits or hack passwords on Windows systems.
The document discusses web application security testing techniques. It covers topics like the difference between web sites and applications, security definitions, vulnerabilities like SQL injection and XSS, defense mechanisms, and tools for security testing like Burp Suite. The agenda includes discussing concepts, designing test cases, and practicing security testing techniques manually and using automated tools.
The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.
This document provides a high-level summary of a course on secure programming. It discusses whether secure programming is more of an art or a science, and describes different software engineering maturity levels. It also briefly outlines several topics that will be covered in the course, including secure design principles, security requirements, software development processes, and the role of cryptography.
This document discusses recommendations to improve defenses against rapid cyberattacks. It begins with a review of how rapid attacks work, then provides specific recommendations in four areas: attack surface reduction, lateral traversal/securing privileged access, business continuity/disaster recovery, and exploit mitigation. Potential blockers to implementing the recommendations are also identified relating to technology, processes, and stakeholder buy-in. Next steps include assigning action items identified in the meeting.
This document discusses vulnerabilities in antivirus software. It begins by noting that over 165 vulnerabilities have been reported in antivirus software in the past 4 years according to the US National Vulnerability Database. It then examines why antivirus software is a target for attackers, including that users have blind faith in it and its error-prone nature in processing many file formats. The document outlines techniques used to find vulnerabilities, including source code audits, reverse engineering, and fuzzing. It also looks at exploiting found vulnerabilities, such as through weak permissions. The overall aim is to raise awareness of security issues in antivirus products.
Will St. Clair: AWS San Francisco Startup Day, 9/7/17
Operations: Security Crash Course & Best Practices! All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
This document contains the answers to exam questions for IT Essentials (ITE v6.0 + v7.0) Chapter 13. It discusses topics related to computer security including asymmetric encryption, hashing algorithms, social engineering, DDoS attacks, Windows features for encrypting files and drives, firewall types, malware types, and security best practices. The answers provided explanations for each multiple choice question to help students learn about common computer security threats and mitigation techniques.
The document discusses conducting four tasks to gain experience with TCP/IP vulnerabilities and attacks. Task 1 involves a TCP SYN flood attack and the SYN cookie countermeasure. Task 2 is a TCP session hijacking attack. Tasks 3 and 4 involve TCP RST attacks against telnet/SSH connections and video streaming applications respectively. The tasks are designed to help understand network security challenges and why defenses are needed by studying past vulnerabilities.
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
Syed Ubaid Ali Jafri Informed Information Security Students how to conduct black box penetration testing if you do not have prior knowledge about the network environment, Few steps and consideration that should be in mind before conducting black box audit
Penetration testing involves assessing an organization's security processes and vulnerabilities by simulating real-world attacks. This is done through methodologies like OSSTMM and standards like CIS guides and ISO 2700x. The goals are to estimate security, gain unauthorized access to systems, and access certain information/data. Approaches include perimeter, wireless, and internal testing from user workstations or network segments. Real attacks aim to hack, while penetration testing is legal and aims to help organizations. Common tools used include Nmap, Metasploit, Cain & Abel, Aircrack, and browser/notepad. Examples demonstrated password cracking, SQL injection exploitation, and privilege escalation in Active Directory. Wireless, social engineering,
Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and
smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on
your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop
working.
Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely
backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of
recovery methods such as incremental backups, decremental backups, differential backups and remote backup.
Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show
that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup
and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster
recovery.
This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and
prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible
solutions as well as preventive mechanisms.
Some of the proposed security measures –
1. Secret login screen
2. Blocking bad boats
3. Changing db. prefixes
4. Protecting configuration files
5. 2 factor security
6. Flight mode in Web Servers
7. Protecting htaccess file itself
8. Detecting vulnerabilities
9. Unauthorized access made to the system checker
However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures
taken to secure web page should not affect the user‟s experience and recovery modules
This document discusses system security and password management. It describes how passwords authenticate users and determine their privileges. For example, in UNIX systems the password is encrypted using DES algorithm with a salt value to prevent duplicates. The document also discusses strategies for strong password selection, such as user education, computer-generated passwords, and reactive/proactive password checking. It provides guidelines for components of a good password. Additionally, it covers operating system hardening techniques like disabling unneeded services/accounts, updating software, and removing unneeded programs/utilities. Specific steps are outlined for securing Windows and UNIX systems.
Similar to 1. Security and vulnerability assessment analysis tool - Microsoft.docx (20)
YThis paper is due Monday, 30 November. You will need to use at leas.docxpaynetawnya
YThis paper is due Monday, 30 November. You will need to use at least ONE primary source, and TWO secondary sources. 12 font, double spaced, New times, 5 pages.
How did the Vikings construct their ships so that they were able to go such long distances? What impact did they have on the areas that they settled?
No plagiarism and No Paraphrasing. Put it on your own words, this is a major and final exam grade, please.
I will only accept on GOOD RATINGS PROFESSORS
.
You have spent a lot of time researching a company. Would you inve.docxpaynetawnya
You have spent a lot of time researching a company. Would you invest in that company? (assume you can afford it). Why or why not? Is another company covered by a classmate preferable?
The company is Lenovo.Co
at least 250 words.
othr company my classmates covered are Walmart, Apple.Inc, Ikea,etc
.
ZXY Corporation has relocated to a new building that was wired and s.docxpaynetawnya
ZXY Corporation has relocated to a new building that was wired and set up for a local area network (LAN). The company implemented a client/server-based network in which all printers, folders, and other resources are shared but everyone has access to everything and there is no security outside of the defaults that were in place when the system was set up.
You have been hired to secure ZXY’s network and ensure that the company has the highest levels of security to protect against internal and external attacks. In an 8-10 page proposal, include the following items to provide a comprehensive secure environment:
A plan to provide secure access control methods for all user access
A viable password policy, which includes complexity, duration, and history requirements
A cryptography method to ensure vital data is encrypted
A remote access plan to ensure that users who access the network remotely do so in a secure and efficient manner
A thorough plan to protect the network from malware and various types of malicious attacks
Your proposal should include all of the elements noted above with support, detail, and elaboration for each section explicitly grounded in knowledge from the assigned readings and media along with any outside sources you may choose to bring into your writing.
Your paper should be 8-10 pages in length with document formatting and citations of sources in conformity with APA Guidelines
.
Zero Describe the system (briefly!). As in I’m going to talk ab.docxpaynetawnya
Zero:
Describe the system (briefly!). As in: I’m going to talk about the _____ system, which does this, that and the other thing.
First
: When we talk about confidentiality, we’re talking about
un
authorized access to information. That means there is (or at least probably is) authorized access to information. For your system, what roles or people are there with authorized access – and what information can they see or use. Is there anything special about their roles or their level of access? Are there exceptions?
Second
: What (briefly) is the worst possible scenario you can think of for a confidentiality failure/breach? What repercussions or impacts are there?
Third
: How – in technical or other terms – could (or can) you improve the security of the situation? What measures or technologies would make sense? Why?
.
Youre the JudgeThis week, you are a judge in a federal district c.docxpaynetawnya
You're the Judge
This week, you are a judge in a federal district court where a man has been charged with possessing and distributing cocaine. The police obtained the evidence of his drug possession and sale by searching his home. Police arrived at the defendant’s house without a warrant, and the defendant and his wife were at home. The officers knocked, and the wife answered the door and consented to the search. The defendant objected to the search. The defendant has filed a motion to have the evidence excluded from his trial. Decide if the evidence should be admitted, and provide the best arguments both the prosecutor and defendant can make to win the motion.
.
Your Week 2 collaborative discussion and the Ch. 2 of Introduction.docxpaynetawnya
Your Week 2 collaborative discussion and the Ch. 2 of
Introduction to Business
Research
the evolution of business with your assigned team members.
Locate
information on the following points:
Feudalism
Mercantilism
Capitalism
Commerce
Property rights
The Industrial Revolution
Individually,
create
a 10- to 15-slide Microsoft
®
PowerPoint
®
presentation describing the evolution of business.
BUS/211
.
Your thesis statement will explain the ambiguity of why Prince hal b.docxpaynetawnya
Your thesis statement will explain the ambiguity of why Prince hal behaves the way he does, and how he arrives at his final comittment for his future. The book is " Henry the IV part 1"
Will be three pages, double spaced, using MLA format. Research is optional but would help. Any quotations must be in the orginal Shakesperean language.
.
Your textbook states that body image—how a person believes heshe .docxpaynetawnya
Body image and the desire to be thin begins developing in early childhood, especially for girls, according to a psychology textbook. The media is thought to significantly contribute to perpetuating the desire to be thin. The document asks for thoughts on how to apply biblical principles in addressing this issue with children.
Your textbook discusses various cultural models in terms of immigrat.docxpaynetawnya
Your textbook discusses various cultural models in terms of immigration, such as assimilation, pluralism, and multiculturalism. What model is used today?
Use the library and your course materials to research these models. Your analysis should include a response to the following:
Discuss the assimilation, pluralism, and multiculturalism models, and include their historical timelines.
How is it that certain groups in the United States never given the opportunity to “assimilate”? Include the following groups in your analysis: Hispanics, African-Americans and others of African descent, Native-Americans, and Asian-Americans.
What model is used today?
Why is the current model significant in terms of access and privilege?
.
Your team has been given the land rights to an abandoned parcel of.docxpaynetawnya
Your team has been given the land rights to an abandoned parcel of land. The land has some unknown contamination; it has been stripped of natural vegetation, soil erosion has occurred, and a stream on the property is polluted. You have decided to turn this land into a sustainable agricultural food supply.
Resource:
University of Phoenix Material: Sustainable Agriculture Project Proposal Template
Design
solutions to develop the land. Provide a development plan to bring this land up to agricultural standards.
Write
a proposal to the city that describes the step-by-step plan your team intends to implement. Record your ideas on the University of Phoenix Material: Sustainable Agriculture Project Proposal Template.
Explain
the following in the proposal:
The importance—both locally and globally—of having a sustainable food supply
The major threats to this land’s sustainability
The characteristics that will enable your land to provide a long-term sustainable food supply
The steps your team will take to develop these characteristics
Ways this land will benefit the city economically and environmentally
The timeline of your plan
.
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docxpaynetawnya
Your supervisor, Ms. Harris, possesses a bachelor's of social work (B.S.W.) degree and is working on her master's degree in social work (M.S.W.) by going to school at night on a part-time basis. Prior to accepting the position at the pretrial diversion program, she worked in a community mental health clinic providing services to low-income families. You have your bachelor's degree in criminal justice behind you and your internship with the pretrial diversion program is halfway completed. You and Ms. Harris have had some intense discussions about human service practice in general and human service practice in the criminal justice field in particular.
You decide that you will chart the similarities and differences between the two and present a detailed outline to her comparing and contrasting the two. A detailed outline is in the traditional form of an outline; however, the text will contain sentences as opposed to single words or phrases. In your detailed outline, you should cover the following topics:
Identify 2 ways in which human service practice is different in the mental health setting versus the criminal justice setting (you may use any venue in the criminal justice setting for comparison, such as prison, jail, juvenile detention, pretrial diversion, parole, probation, etc.).Identify 2 ways in which human service practice is similar in the mental health setting versus the criminal justice setting (you may use any venue in the criminal justice setting for comparison, such as prison, jail, juvenile detention, pretrial diversion, parole, probation, etc.).What role does human service practice play in the pretrial diversion setting specifically?At what point, if any, does human service practice in the mental health setting converge on the pretrial diversion setting?
You should cite all sources using APA style format, and include a reference section at the end of your submission.
Up to 300 words times new Roman,12 font
.
Your RatingGroup DiscussionDelinquency Prevention Please .docxpaynetawnya
Your Rating:
Group Discussion
"Delinquency Prevention" Please respond to the following:
Describe the key differences between primary, secondary, and tertiary prevention programs. Discuss the overall effectiveness of these types of programs.
From the e-Activity, identify at least two (2) factors that contribute to a delinquency prevention program’s success. Specify the primary manner in which these types of programs have improved the lives of juveniles and their families.
.
Your report due in Week 6 requires you to look at tools of liquidity.docxpaynetawnya
Your report due in Week 6 requires you to look at tools of liquidity, profitability, and solvency. Discuss several of the financial analysis tools useful in assessing inventory issues and report the actual numbers for the company you selected for Assignment 1 in Week 6. Describe the impact of your numbers on reasons for investing or not investing in the company
Identify the inventory valuation method (LIFO, FIFO, Average, etc.) used by your company and discuss the impact of the method on the income statement and balance sheet. Include the pros and cons/ tradeoffs of the method on the reported numbers.
.
Your Project Sponsor pulls you aside and admits that he has no idea .docxpaynetawnya
Your Project Sponsor pulls you aside and admits that he has no idea what earned value management concepts (EVM), such as AC, BCWP, and EV mean; he is only concerned that you deliver the project ahead of schedule and under budget. Using the information covered from your readings and other activities, develop a project to educate him, including which EVM performance measures you would educate him on. Provide a rationale for your selection of topics.
.
Your progress on the project thus far. Have you already compiled i.docxpaynetawnya
Your progress on the project thus far. Have you already compiled it?
Anything interesting you learned about the organization you chose.
The most difficult component of this project. What made it challenging? How did you address this challenge?
Post a 2 to 4 paragraph discussion post (300 words minimum). Justify your explanations by including in-text citations and references in APA format as applicable.
.
Week 6 - Discussion 1Evaluate the characteristics of each mode o.docxpaynetawnya
Week 6 - Discussion 1
Evaluate the characteristics of each mode of transportation in terms of time and cost efficiencies. Give examples.
Week 6 - Discussion 2
The Bill of Lading is the single most important document in transportation. Describe at least two functions it performs in international logistics.
.
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docxpaynetawnya
WEEK 5 – EXERCISES
Enter your answers in the spaces provided. Save the file using your last name as the beginning of the file name (e.g., ruf_week5_exercises) and submit via “Assignments.” When appropriate,
show your work
. You can do the work by hand, scan/take a digital picture, and attach that file with your work.
For the following question(s): A school counselor tests the level of depression in fourth graders in a particular class of 20 students. The counselor wants to know whether the kind of students in this class differs from that of fourth graders in general at her school. On the test, a score of 10 indicates severe depression, while a score of 0 indicates no depression. From reports, she is able to find out about past testing. Fourth graders at her school usually score 5 on the scale, but the variation is not known. Her sample of 20 fifth graders has a mean depression score of 4.4. Use the .01 level of significance.
1.
The counselor calculates the unbiased estimate of the population’s variance to be 15. What is the variance of the distribution of means?
A)
15/20 = 0.75
B)
15/19 = 0.79
C)
15
2
/20 = 11.25
D)
15
2
/19 = 11.84
2.
Suppose the counselor tested the null hypothesis that fourth graders in this class were
less
depressed than those at the school generally. She figures her
t
score to be
-
.20. What decision should she make regarding the null hypothesis?
A)
Reject it
B)
Fail to reject it
C)
Postpone any decisions until a more conclusive study could be conducted
D)
There is not enough information given to make a decision
3.
Suppose the standard deviation she figures (the square root of the unbiased estimate of the population variance) is .85. What is the effect size?
A)
5/.85 = 5.88
B)
.85/5 = .17
C)
(5
-
4.4)/.85 = .71
D)
.85/(5
-
4.4) = 1.42
For the following question(s): Professor Juarez thinks the students in her statistics class this term are more creative than most students at this university. A previous study found that students at this university had a mean score of 35 on a standard creativity test. Professor Juarez finds that her class scores an average of 40 on this scale, with an estimated population standard deviation of 7. The standard deviation of the distribution of means comes out to 1.63.
4.
What is the
t
score?
A)
(40
-
35)/7 = .71
B)
(40
-
35)/1.63 = 3.07
C)
(40
-
35)/7
2
= 5/49 = .10
D)
(40
-
35)/1.63
2
= 5/2.66 = 1.88
5.
What effect size did Professor Juarez find?
A)
(40
-
35)/7 = .71
B)
(40
-
35)/1.63 = 3.07
C)
(40
-
35)/7
2
= 5/49 = .10
D)
(40
-
35)/1.63
2
= 5/2.66 = 1.88
6.
If Professor Juarez had 30 students in her class, and she wanted to test her hypothesis using the 5% level of significance, what cutoff
t
score would she use? (You should be able to figure this out without a table because only one answer is in the correct region.)
A)
304.11
B)
1.699.
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docxpaynetawnya
Week 5
Writing Assignment (Part 2): Outline and Preliminary List of References
Due Week 5 and worth 100 points
Complete the outline after you have done library / Internet research for evidence that bears on your hypothesis. Provide information about all of the following components of the final paper:
Subject:
Poverty.
What is your hypothesis?
1.
Specific Hypothesis
.
2.
Applicable Sociological Concepts
.
3.
Practical Implications
. Discuss the value of sociological research into your issue. Determine whether or not there are (or would be) practical implications of sociological inquiry into this issue.
Evidence
. This is the most important part of the paper. Analyze at least two (2) lines of evidence that pertain to the hypothesis that you are evaluating. Does the evidence support your hypothesis? For each type of evidence, consider possible biases and alternative interpretations.
Conclusions
. Draw conclusions based on the evidence that you have discovered. Does the evidence confirm or refute your hypothesis? Is the evidence sufficiently convincing to draw firm conclusions about your hypothesis?
For example, here is a generic example of what the headings of your possible outline might look like:
I.
Specific Hypothesis.
II.
Applicable Sociological Concepts.
a.
Theory A
b.
Concept 1
c.
Concept 2
III.
Practical Implications.
a.
Implications for public policy
i.
Education
ii.
Taxes
b.
Implications for employers
c.
Implications for spouses of workaholics
Evidence.
Line of evidence 1
i.
The evidence and what it means
ii.
Possible biases
iii.
Alternative explanations of what it means.
b.
Line of evidence 2
i.
The evidence and what it means
ii.
Possible biases
Conclusion(s): All available evidence refutes the hypothesis, but there are alternative explanations.
References
:
Baker, A. & Abel, E (2005) Villagers reject modern attitudes about car washing.
International Journal of Sociology
, 11, 12-57. Retrieved from EBSCO-Host.
Doe, J. (2010, April 1) Villagers retain traditional attitudes despite bombardment with western television.
The New York Times
. Retrieved from
www.nytimes.com/village_update
Steiner, H. (2012, January 4) Revolt against local ordinances in the village.
Time Magazine
. pp. 14-15.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA format.
The specific course learning outcomes associated with this assignment are:
Evaluate the various methodologies for sociological research.
Apply the sociological perspective to a variety of socioeconomic and political problems.
Critically examine how society shapes individuals and how individuals shape society.
Use technology and information resources to research issues in sociology.
Write clearly and concisely about sociology using proper writing mechanics.
.
Week 5 eActivityRead the Recommendation for Cryptographic Key.docxpaynetawnya
Week 5 eActivity
Read the "
Recommendation for Cryptographic Key Generation
" by NIST.
Read Chapter 19 of "
An Introduction to Computer Security: The NIST Handbook.
"
Please be prepared to discuss each of these items
Analyze the overall attributes of symmetric and asymmetric cryptography technologies. Discuss the advantages and disadvantages of each, and speculate upon the main reasons why organizations utilize both technologies today. Give an example of where you would consider using each of these forms of encryption within an organization to support your response.
From the e-Activity, give your opinion of whether cryptography should be a part of every email security strategy or if there are specific characteristics of organizations where such measures are not needed. Justify your answer.
.
This document discusses network security and contains two questions. The first question asks about predominant electronic and physical threats to communications networks, such as hacking, malware, and physical damage. The second question asks about the importance of explicit enterprise security policies and procedures to protect networks and data through guidelines for acceptable and safe practices.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. 1. Security and vulnerability assessment analysis tool -
Microsoft Baseline Security Analyzer (MBSA) for Windows OS
Locate and launch MBSA CLI
Check computer for common security misconfigurations
MBSA will automatically select by default to scan WINDOWS
VM WINATCK01
While scanning WINDOWS VM WINATCK01
Security Assessment Report
2 Security updates are missing ACTION **Requires immediate
installation to protect computer
1 Update roll up is missing ACTION **Obtain and install latest
service pack or update roll up by using download link
Administrative Vulnerabilities
More than 2 Administrators were found on the computer,
ACTION **Keep number to a minimum because administrators
have complete control of the computer.
User accounts have non-expiring passwords ACTION
***Password should be changed regularly to prevent password
attacks
2. Windows firewall disabled and has exceptions configured
Great! Auto logon is disabled (Even if it is configured, provided
password is encrypted; not stored as text)
GREAT! Guest account is disabled on the computer.
GREAT! Anonymous access is restricted from the computer
ADMINISTRATIVE SYSTEM INFORMATION DANGER!
Logon success and logon failure auditing is not enabled.
ACTION ** Enable and turn on auditing for specific events
such as logon and logoff to watch for unauthorized access.
3 Shares are present ACTION ** Review list of shares and
remove any shares that are not needed.
GREAT! Internet explorer has secure settings for all users.
Following to be included in the SAR
a. Windows administrative vulnerabilities present are that more
than 2 Administrators were found on the computer. It is advised
to keep minimum number because administrators have complete
control of the computer.
b. Windows accounts were found to have non-expiring
passwords while passwords should be changed regularly to
prevent password attacks. One user account has blank or simple
password or could not be analyzed
c. Windows OS has two security updates missing and so
requires immediate installation to protect the computer. One
3. update roll up is missing which requires that latest service pack
should be obtained and installed or roll up updated using the
download link.
2.Security and vulnerability assessment analysis tool –
OpenVAS for Linux OS
Using the ifconfig command in Terminal to check the IP
Address assigned to your VM Linux machine.
eth0: (device name for Linux Ethernet cards), with IP Address
in this example is determined to be 172.21.20.185 The IP
address, 127.0.0.1, is the loopback address that points to the
localhost, or the computer that applications or commands are
being run from. This address will be used to access the OpenVas
application on the VM.
Using OpenVAS Web Interface which is running on port number
9392 and can be opened using the Mozilla Firefox browser.
After getting a security exception, on Adding Exception
Scan IP address by typing 127.0.0.1 next to the ‘Start Scan’
button, then click.
Status says Requested
Status percent changes to 94%
4. Status percent changes to 98%
Scan completed with severity as 5.0 Medium
Vulnerabilities:
1) Remote server configured to allow weak encryption and Mac
algorithms
2) possible to detect deprecated protocols that will allow
attackers to eavesdrop connection between service and clients to
get access to sensitive data transferred across secured
connection.
3) Host is installed with open SSL prone to information
disclosure vulnerability which may allow man-in-the middle
attackers gain access to the plain text data stream. Application
layer is impacted. Weak ciphers offered by service.
Scan management results
All Security information by severity level
Assets Management – host
Host Details
Configuration Scanner details
5. Extras – My settings
Extras – Performance
Administration – User details
Administration – Roles
Administration – CERT feed management
Following to be included in the SAR
a. No Linux administrative vulnerability was present as there
was only one Administrator found on the computer. It is advised
to keep minimum number because administrators have complete
control of the computer.
Vulnerabilities present were as follows:
1) Remote server configured to allow weak encryption and Mac
algorithms
2) Possible to detect deprecated protocols that will allow
attackers to eavesdrop connection between service and clients to
get access to sensitive data transferred across secured
connection.
3) Host is installed with open SSL prone to information
disclosure vulnerability which may allow man-in-the middle
attackers gain access to the plain text data stream. Application
layer is impacted. Weak ciphers offered by service.
b. Admin was the only user on the computer. Admin password
should be restricted access to or changed regularly to prevent
6. password attacks. No user was found to have blank or simple
password or could not be analyzed.
c. No Linux security updates
For explanation:
Multiple sources exist for ideas for theory development and
research in which many problem areas are identified within the
domain of nursing to expand theory. In the recent times, nursing
theory has originated from:
· Role Proliferation: Conceptualization of nursing as a set of
functions became the focus of investigation, with theory
evolving on how to prepare nurses for various roles.
· Basic Sciences: PhD education of nurses in sociology,
psychology, anthropology, and physiology introduced ideas
from other disciplines and stimulated new ways of looking at
nursing phenomena.
· Nursing Process: Examination of processes in nurse-patient
relationships and patient care triggered ideas and questions
related to problem solving, priority setting, and decision
making.
· Nursing Diagnosis: Labels were given to and a universal
nomenclature was developed for problems that fall within the
domain of nursing. These are actually conceptual statements
about the health status of patients and, therefore, the first step
in theory development.
· Concept Identification: Theory development encouraged
identification of concepts central to nursing. Identification of
relationships between concepts (propositions) defined a new
nursing perspective.
CYB 610 PROJECT 1 – SCREENSHOTS OF PASSWORD
CRACKING EXERCISE
Results on experiment with the password cracking tools; please
7. find answers to the questions below while findings are equally
shared in the project report.
1. Which tool, on which operating system was able to recover
passwords the quickest? Provide examples of the timing by your
experimental observations.
Ophcrack tool was able to recover passwords the quickest on
Windows 7 Enterprise operating system
Cain and Abel tool using BRUTE FORCE attack with NTLM
Hashes loaded
User
NT
Password
Time left
Time taken
Time start
Time stop
1
Xavier
xmen
blank
< 1 min
12.01am
12.01am
2
Wolverine
Not cracked
3.1e+10 years
> 1 hr
3
Shield
Not cracked
2.9e+10 years
8. > 1 hr
4
EarthBase
Not cracked
2.9e +10 years
> 1 hr
5
dbmsAdmin
Not cracked
1.3e +17 years
> 1 hr
6
Kirk
Not cracked
1.3e+17 years
> 1 hr
7
Mouse
Not cracked
3.0e+10 years
> 1 hr
8
Rudolph
Not cracked
1.3e+17 years
> 1 hr
9. 9
Snoopy
Not cracked
3.0e+10 years
> 1 hr
10
Spock
Not cracked
3.0e+10 years
> 1 hr
11
Apollo
Not cracked
2.9e+10 years
> 1 hr
12
Chekov
Not cracked
2.9e+10 years
> 1 hr
13
Batman
Not cracked
2.9e+10 years
> 1 hr
10. Cain and Abel tool using Dictionary attack with NTLM Hashes
loaded
(common stop position 3456292)
User
NT
Password
Time spent
1
Xavier
Not cracked
2
Wolverine
Motorcycle (position 1747847)
< 1 min
3
Shield
Not cracked
< 1 min
4
EarthBase
Not cracked
< 1 min
5
dbmsAdmin
Not cracked
< 1 min
6
Kirk
Not cracked
< 1 min
7
Mouse
11. Not cracked
< 1 min
8
Rudolph
Not cracked
< 1 min
9
Snoopy
Not cracked
< 1 min
10
Spock
Not cracked
< 1 min
11
Apollo
Not cracked
< 1 min
12
Chekov
Not cracked
< 1 min
13
Batman
Not cracked
< 1 min
Ophcrack tool used for password cracking
User
LM
Password
1
Xavier
xmen
2
12. Wolverine
Not found
3
Shield
Not found
4
EarthBase
Not found
5
dbmsAdmin
Not found
6
Kirk
Not found
7
Mouse
Not found
8
Rudolph
Not found
9
Snoopy
Not found
10
Spock
Not found
11
Apollo
M00n
12
Chekov
Riza
13
Batman
Bats
Time elapsed was 17 secs
13. 2.Which tool(s) provided estimates of how long it might take to
crack the passwords?
Cain and Abel too using Brute force attack
Cain and Abel provided time left in number of years, days or
minutes depending on the specified password length.
What was the longest amount of time it reported? 3.1e+10 years
and for which username? Wolverine
3. Compare the amount of time it took for three passwords that
you were able to recover.
· Cain and Abel tool: Xavier user (xmen password cracked using
brute force attack) = <1 min
· Cain and Abel tool: Wolverine user (motorcycle password
cracked using dictionary attack) = <1 min
· Ophcrack tool : Batman user (bats password cracked under 17
secs)
4. Compare the complexity of the passwords for those
discussed in the last question. What can you say about recovery
time relevant to complexity of these specific accounts?
Xavier user password (xmen) was easier and quicker to crack
using brute force attack due to its short password length, while
it allocated a long time to crack Wolverine user password
(motorcycle). Dictionary attack found Wolverine user password
(motorcycle) simple to attack because it possibly exists in its
wordlists.
Dictionary attack of Cain and Abel tool keeps a record position
on the wordlist which allows you to continue from the word
where you left off before you halt the attack. Brute force attack
takes the specified password length (e.g minimum of 1,
maximum of 16 or more) into consideration to run through
every possible combination which makes it CPU intensive and
extremely slow.
Ophcrack tool has proved to be quicker and more powerful than
Cain and Abel to crack up to four passwords for users; Xavier,
Apollo, Chekov and Batman. One would have expected
14. Ophcrack tool to succeed in cracking Wolverine password
(motorcycle). It shows that the longer and/or more complex a
password is, the longer it will take to crack.
It is advisable to use passphrase (thkGodisfri), long words or
complex words with all four types of character sets as they are
pretty secure.
5. What are the 4 types of character sets generally discussed
when forming strong passwords?
Lower case letters, upper case letters, numbers (0 through 9)
and special characters ($,*, #, ! and so on)
How many of the 4 sets should you use, as a minimum?
Upper case letters, Lower case letters, and numbers depending
on the company password policy
What general rules are typically stated for minimum password
length?
Minimum of eight characters in length
6.How often should password policies require users to change
their passwords? 90 days
7. Discuss the pros and cons of using the same username
accounts and passwords on multiple machines.
Pros : You would only need to remember one set of username
and password for multiple machines
Cons : Hackers can have access to other machines using the
same account credentials that have been compromised.
8. What are the ethical issues of using password cracker and
recovery tools?
Systems Administrators can use it to recover lost passwords and
regain access to machines
Users that either lost their passwords or corporate entities that
need to look into any compromise or vulnerability they might
have exposed themselves to, should be made aware of when and
why such password cracker, recovery tools may be run
Recovered or cracked passwords should not be disclosed to
third parties and there shouldn’t be a way to link passwords
back to the users
9.Are there any limitations, policies or regulations in their use
15. on local machines?
Consent of the system owner should be acquired before usage of
password recovery tools as there might be damages and / or loss
of data using the password cracking software.
Home networks?
As an individual you can build your own labs and explore
password cracking
Small business local networks? Intranets? Internets? Where
might customer data be stored?
We need to coordinate with clients to clearly define the scope of
password recovery or cracking efforts and abide by the related
rules of engagement.
It is illegal to launch password cracking tools on individual’s or
organization’s web sites through the internet without adequate
notice and/or consent.
It does not really matter how long or strong your password may
be,what matters is how is your confidential or protected data
(password) is stored
10.If you were using these tools for approved penetration
testing, how might you get the sponsor to provide guidance and
limitations to your test team?
The test team will request guidance and limitation from the
sponsor by scheduling for a kickoff meeting where the timing
and duration of the testing will be discussed, so that normal
business and everyday operations of the organization will not be
disrupted. Information will be gathered as much as possible by
identifying the targeted machines, systems and network,
operational requirements and the staff involved.
11.Discuss any legal issues in using these tools on home
networks in States, which have anti-wiretap communications
regulations. Who has to know about the tools being used in your
household?
Using these tools on home networks in States, which have anti-
wiretap communications regulations would involve obtaining
the relevant legal documents protecting against any legal
actions, should anything go wrong during tests. If it is a rented
16. apartment, the leasing office management needs to be informed.
Please, find screenshots of step by step exercise on password
cracking:
References
Password storage and hashing
● http://lifehacker.com/5919918/how-your-passwords-are-
stored-on-the-internet-and-whenyour-password-strength-doesnt-
matter
● http://www.darkreading.com/safely-storing-user-passwords-
hashing-vs-encrypting/a/did/1269374
● http://www.slashroot.in/how-are-passwords-stored-linux-
understanding-hashing-shadowutils
Click on Lab broker to allocate resources
Signing into the workspace with StudentFirst/[email protected]
Right on the desktop of VM WINATK01, click Lab Resource
then folder - Applications, locate and launch Cain.
After launch of Cain
Maximize screen and click Cracker tab
20 user accounts on the local machine used to populate the right
window.
17. 1 hash cracked on Xavier user using brute force plus NTLM
hash
Brute force attack on Wolverine user
Results after using Cain and Abel application for both types
(brute force and dictionary) of attacks
Results after using Ophcrack application to crack all user
passwords
Click on Ophcrack -> click ‘crack’ then stop and take note of
time taken
Running Head: Risk Assessment Repot (RAR)
1
Risk Assessment Report (SAR)
5
18. Risk Assessment Report (RAR)
CHOICE OF ORGANIZATION IS UNIVERSITY OF
MARYLAND MEDICAL CENTER (UMMC) OR A
FICTITIUOS ORGANIZATION (BE CREATIVE)
· Define risk, remediation and security exploitation. (Cite )
· Read the attached documents on risk assessment resource for
the process in preparing the risk assessment
START TO READ:
Organizations perform risk assessments to ensure that they are
able to identify threats (including attackers, viruses, and
malware) to their information systems. According to the
National Institute of Standards and Technology (NIST),
Risk assessments address the potential adverse impacts to
organizational operations and assets, individuals, other
organizations, and the economic and national security interests
of the United States, arising from the operation and use of
information systems and the information processed, stored, and
transmitted by those systems (NIST, 2012).
19. When a risk assessment is completed, organizations rate risks at
different levels so that they can prioritize them and create
appropriate mitigation plans.
References
U.S. Department of Commerce, National Institute of Standards
and Technology (NIST). (2012). Information security: Guide for
conducting risk assessments (Special Publication 800-30).
Retrieved August 5, 2016, from
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicatio
n800-30r1.pdf
END OF READING:
· identify threats, vulnerabilities, risks, and likelihood of
exploitation and suggested remediation.
· Include the OPM OIG Final Audit Report findings and
recommendations as a possible source for methods to remediate
vulnerabilities.
· Research through the attached doc and cite
THREAT IDENTIFICATION
threat attacks on vulnerabilities
Potential hacking actors
types of remediation and mitigation techniques
IP address spoofing/cache poisoning attacks
denial of service attacks (DoS)
packet analysis/sniffing
session hijacking attacks
20. distributed denial of service attacks
· prepare a Risk Assessment Report (RAR) with information on
the threats, vulnerabilities, likelihood of exploitation of security
weaknesses, impact assessments for exploitation of security
weaknesses, remediation, and cost/benefit analyses of
remediation.
· Devise and include a high-level plan of action with interim
milestones (POAM), in a system methodology, to remedy your
findings.
· Summarize and include the results you obtained from the
vulnerability assessment tools (i.e., MBSA and OpenVas- proj 2
Lab) in RAR
21. Product I bought starts from herePURPOSE
The purpose of this risk assessment is to evaluate the adequacy
of the Amazon corporation’s security. This risk assessment
report provides a structured but qualitative assessment of the
operational environment for Amazon corporation’s . It
addresses issues of sensitivity, threats analysis ,
vulnerabilities analysis , risks analysis and safeguards applied
in Amazon corporation’s . The report and the assessment
recommends use of cost-effective safeguards in order to
mitigate threats as well as the associated exploitable
vulnerabilities in Amazon corporation’s.
THE ORGANISATION
The The Amazon corporation’s system environment is run as a
distributed client and server environment consisting of a
Microsoft Structured Query Language -SQL database built with
Powerful programming code. The Amazon corporation
contains SQL data files, Python application code, and
executable Java and Javascripts. The SQL production data
files, documented as consisting of SQL stored procedures and
SQL tables, reside on a CLOUD storage area network attached
to a HP server running on Windows XP and MS SQL 2000
operating systems. The Python application code resides on a
different IBM server running on KALI LINUX . Both servers
are housed in the main office Building 233 Data Center at the
CDC Clifton Road campus in Atlanta, GA.
The The Amazon corporation’s executables reside on a
fileserver running Windows 2000 and KALI LINUX or
occasaionally a local workstation is installed depending upon
the loads and jobs Requirements..
Users are physically distributed in multiple locations multiple
22. sales offices in Atlanta, Pittsburgh, Ft. Collins, Research
Triangle Park, Cincinnati, and San Juan. Their desktop
computers are physically connected to a wide area network -
WAN. Some users revealed that they usually connect via
secured dial-up and DSL connections using a powerful Citrix
server. Normally, a user should connect to an active
application server in their city that hosts the the Amazon
corporation’s application, and to the shared database server
located in Atlanta.
SCOPE
The scope of this risk assessment is to assess the system’s use
of resources and controls implemented and to report on plans
set to eliminate and manage vulnerabilities exploitable by
threats identified in this report whether internal and external to
Amazon. If not eliminated but exploited, these vulnerabilities
could possibly result in:
· Unauthorized disclosure of data as well as unauthorized
modification to the system, its data, or both and Denial of
service, denial of access to data, or both to authorized users.
This Risk Assessment Report project for Amazon corporation
evaluates the confidentiality which means protection from
unauthorized disclosure of system and data information,
integrity which means protection from improper modification
of information, and availability which means loss of system
access of the system.
Intrusion detection tools used in the methodology are MBSA
security analyzer in CLAB 699 Cyber Computing Lab,
OpenVAS security analyzer in CLAB 699 Cyber Computing
Lab, and Wire shark security analyzer. In conducting the
analysis the screenshots taken using each of the tools has been
looked at with a view to arriving at relevant conclusions.
Recommended security safeguards are meant to allow
management to make proper decisions about security-related
initiatives in Amazon .
METHODOLOGY
23. This risk assessment methodology for and approach Amazon
Corporation was conducted using the guidelines in NIST SP
800-30, Risk Management Guide for Information Technology
Systems and OPM OIG Final Audit Report findings and
recommendations. The assessment is very broad in its scope
and evaluates Amazon Corporation ‘s security vulnerabilities
affecting confidentiality, integrity, and availability. The
assessment also recommends a handful of appropriate security
safeguards, allowing the management to make knowledge-based
decisions on security-related initiative in Amazon Corporation
.
This initial risk assessment report provides an independent
review to help management at Amazon to determine what is
the appropriate level of security required for their system to
support the development of a stringent System Security Plan .
The accompanying review also provides the information
required by the Chief Information Security Officer (CISO) and
Designated Approving Authority DAA also known as the
Authorizing Official to assist in to making informed decision
about authorizing the system to operate. Intrusion detection
tools are used in the methodology and includes the MBSA
security analyzer, the OpenVAS security analyzer, and Wire
shark security analyzer.
DATA
The data collected using the MBSA and other tools reveals that
the following internal routines were done by MBSA and other
tools in the LAB 2 screenshots in CLAB 699 Cyber Computing
Lab and LAB 3 screenshots in CLAB 699 Cyber Computing Lab
given together with the question.
The MBSA security analyzer, the OpenVAS security analyzer
converted the raw scan data and particularly succeeded in
outputting the following vulnerabilities into risks based on the
following methodology in CLAB 699 Cyber Computing Lab:
· Categorizing vulnerabilities as evident the LAB 2 screenshots
· Compairing threat vectors the LAB 3 screenshots
· Assessing the probability of occurrence and possible impact
24. as evident in the LAB 2 screenshots
· Authentication assessment as evident the LAB 2 screenshots
· Determining authentication threat vectors as evident in the
LAB 3 screenshots
The MBSA security analyzer and the OpenVAS security also
had routines which communicated with green bone security
assessment centre especially to provide the automated
recommendation as evident in the LAB 2 in CLAB 699 Cyber
Computing Lab and LAB 3 screenshots in CLAB 699 Cyber
Computing Lab.
The green bone security assessment centre particularly
succeeded in doing the following as evident in output file.
Lists the risks and the associated recommended controls to
mitigate these risks. The management has the option of doing
the following in the corporation:
Accepting the risks and chosen recommended controls or
negotiating an alternative mitigation, while reserving the right
to override the green bone security assessment centre and
incorporate the proposed recommended control into the
Amazons Plan of Action and Milestones .
RESULTS
The following operational as well as managerial vulnerabilities
were identified in Amazon while using the project methodology:
Inadequate adherence and advocacy for existing security
controls. Inadequate adherence to management of changes to the
information systems infrastructure. Weak authentication
protocols; Inadequate adherence for life-cycle management of
the information systems; Inadequate adherence and advocacy
for configuration management and change management plan;
Inadequate adherence for and advocacy for implementing a
robust inventory of systems, for servers, for databases, and for
network devices; Inadequate adherence to and advocacy for
mature vulnerability scanning tools; Inadequate adherence to
and advocacy for valid authorizations for many systems,
Inadequate adherence to and advocacy for plans of action to
remedy the findings of previous audits.
25. Thefollowing attacks were identified in Amazon while using the
above project methodology.
IP address spoofing/cache poisoning attacks; denial of service
attacks (DoS) packet analysis/sniffing; session hijacking attacks
and distributed denial of service attacks
NIST SP 800-63 describes the classification of potential harm
and impact as follow as well as OPM OIG Final Audit Report
findings and recommendations:
Inconvenience, distress, or damage to standing or reputation;
Financial loss or agency liability; Harm to agency programs or
public interests; Unauthorized release of sensitive information ;
Personal safety and Civil or criminal violations
Potential Impact of Inconvenience, Distress, or Damage to
Standing or Reputation:
· Low— limited, short-term inconvenience, consisting of
distress or embarrassment to any party within Amazon.
· Moderate— serious short term or limited long-term
inconvenience, consisting distress or damage to the standing or
reputation of any party within Amazon.
High—severe or serious long-term inconvenience, consisting of
distress or damage to the standing or reputation of any party
within Amazon.
Potential Impact of Financial Loss
· Low— insignificant or inconsequential unrecoverable
financial loss to any party consisting of an insignificant or
inconsequential agency liability within Amazon.
· Moderate— a serious unrecoverable financial loss to any
party, consisting of a serious agency liability within Amazon.
· High—severe or catastrophic unrecoverable financial loss to
any party; consisting of catastrophic agency liability within
Amazon.
Potential Impact of Harm to Agency Programs or Public
Interests
26. · Low, a limited adverse effect on organizational operations or
assets, or public interests within Amazon.
· Moderate—a serious adverse effect on organizational
operations or assets, or public interests within Amazon..
High—a severe or catastrophic adverse effect on organizational
operations or assets, or public interests within Amazon.
Potential impact of Unauthorized Release of Sensitive
Information
· Low- a limited release of personal, U.S. government sensitive
or commercially sensitive information to unauthorized parties
resulting in a loss of confidentiality with a low impact
· Moderate— a release of personal, U.S. government sensitive
or commercially sensitive information to unauthorized parties
resulting in loss of confidentiality with a moderate impact.
High – a release of personal, U.S. government sensitive or
commercially sensitive information to unauthorized parties
resulting in loss of confidentiality with a high impact .
Potential impact to Personal Safety
Low— minor injury not requiring medical treatment within
Amazon.
Moderate— moderate risk of minor injury or limited risk of
injury requiring medical treatment within Amazon.
High—a risk of serious injury or death within Amazon.
Potential Impact of Civil or Criminal Violations
· Low— a risk of civil or criminal violations of a nature that
would not ordinarily be subject to enforcement efforts within
USA.
· Moderate— a risk of civil or criminal violations that may be
subject to enforcement efforts within USA.
· High—a risk of civil or criminal violations that are of special
importance to enforcement programs within USA.
CONCLUSIONS AND RECOMMENDATION
In the risk assessment, two issues came out that were striking
and which are resolved below. An employee was terminated and
27. his user ID was not removed from the system. This is
dependency failure kind of vulnerability and risk pair and has
an overall risk that is moderate.
The RECOMMENDED safeguard is to remove userID from the
system upon notification of termination
Secondly a VPN /Keyfob access does not meet certification and
accreditation level stipulated in NIST SP 800-63 .This is a kind
of vulnerability that touches on inconvenience, standing and
reputation and and has an overall risk that is moderate.
The RECOMMENDED safeguard is to migrate all remote
authentication roles to CDC or any other approved authority.
This Risk Assessment report for the organization identifies risks
of the operations especially in those domains which fails to
meet the minimum requirements and for which appropriate
countermeasures have yet to be implemented. The RAR also
determines the Probability of occurrence and issues
countermeasures aimed at mitigating the identified risks in an
endeavor to provide an appropriate level-of-protection and to
satisfy all the minimum requirements imposed on the
organization’s policy document.
The system security policy requirements are satisfied now with
the exception of those specific areas identified in this report.
The countermeasure recommended in this report adds to the
additional security controls needed to meet policies and to
effectively manage the security risk to the organization and its
operating environment. Finally, the Certification Official and
the Authorizing Officials must determine whether the totality of
the protection mechanisms approximate a sufficient level of
security, and/or are adequate for the protection of this system
and its resources and information. The Risk Assessment Results
supplies critical information and should be carefully reviewed
by the AO prior to making a final accreditation decision.
28. References
National Institute of Standards and Technology (NIST) (2014).
Assessing security and privacy
controls in federal information systems and organizations.
NIST Special Publication 800-53A Revision 4. Retrieved from
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-53Ar4.pdf
National Institute of Standards and Technology (NIST) (2010).
Guide for applying the risk
management framework to federal information systems. NIST
Special Publication 800-37 Revision 1. Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
.
Running Head: Security Assessment Repot (SAR)
1
Security Assessment Report (SAR)
27
29. Intentionally left blank
Security Assessment Report (SAR)
CHOICE OF ORGANIZATION IS UNIVERSITY OF
MARYLAND MEDICAL CENTER (UMMC) OR A
FICTITIUOS ORGANIZATION (BE CREATIVE)
Introduction
· Research into OPM security breach.
· What prompts this assessment exercise in our choice of
organization? “but we have a bit of an emergency. There's been
a security breach at the Office of Personnel Management. need
to make sure it doesn't happen again.
· What were the hackers able to do? OPM OIG report and found
that the hackers were able to gain access through compromised
30. credentials
· How could it have been averted? A) security breach could
have been prevented, if the Office of Personnel Management,
or OPM, had abided by previous
auditing reports and security findings.b) access to the
databases could have been prevented by implementing
various encryption schemas and c) could have been identified
after running regularly scheduled scans of the systems.
Organization
· Describe the background of your organization, including the
purpose, organizational structure,
· Diagram of the network system that includes LAN, WAN, and
systems (use the OPM systems model of LAN side networks),
the intra-network, and WAN side networks, the inter-net.
· Identify the boundaries that separate the inner networks from
the outside networks.
· include a description of how these platforms are implemented
in your organization: common computing platforms, cloud
computing, distributed computing, centralized computing,
secure programming fundamentals (cite references)
Threats Identification
Start Reading: Impact of Threats
The main threats to information system (IS) security are
physical events such as natural disasters, employees and
consultants, suppliers and vendors, e-mail attachments and
viruses, and intruders.
Physical events such as fires, earthquakes, and hurricanes can
cause damage to IT systems. The cost of this damage is not
restricted to the costs of repairs or new hardware and software.
Even a seemingly simple incident such as a short circuit can
have a ripple effect and cost thousands of dollars in lost
earnings.
Employees and consultants; In terms of severity of impact,
employees and consultants working within the organization can
cause the worst damage. Insiders have the most detailed
31. knowledge of how the information systems are being used. They
know what data is valuable and how to get it without creating
tracks.
Suppliers and vendors; Organizations cannot avoid exchanging
information with vendors, suppliers, business partners, and
customers. However, the granting of access rights to any IS or
network, if not done at the proper level—that is, at the least
level of privilege—can leave the IS or network open to attack.
Someone with an authorized connection to the network can
enter and probe further into the network to sniff proprietary or
confidential data. In this case, Fluffy Toys was obliged to give
one supplier better terms and is losing another supplier
altogether.
Email attachments and viruses; Viruses can corrupt an IS and
completely disrupt the normal functioning of a business. Most
virus infections spread through e-mail attachments and
downloads. E-mail attachments can also be used to implant
malware or malicious programs in order to steal data or even
money. Trojan horses, logic bombs, and trapdoors are types of
malicious code that can corrupt an IS and destroy or
compromise information.
Intruders; Corporate espionage agents are typically hired by
competitors to obtain confidential or proprietary information,
such as patents, intellectual property, and trademarks. Hackers
are usually out to get any information they can lay their hands
on. Regardless of the identity of the intruder, the damage to the
organization can be substantial if confidential information is
lost.
Equally read STEP 2 attachments
End reading:
· From above, identify insider threats that are a risk to your
organization.
· differentiate between the external threats to the system and the
insider threats. Identify where these threats can occur in the
previously created diagrams.
· Define threat intelligence, and explain what kind of threat
32. intelligence is known about the OPM breach.
· Relate the OPM threat intelligence to your organization. How
likely is it that a similar attack will occur at your organization?
· Mention security communication, message and protocols, or
security data transport methods used such as (TCP/IP), SSL, and
others in your organization.
· Describe the purpose and function of firewalls for
organization network systems, and how they address the threats
and vulnerabilities you have identified.
· Describe the value of using access control, database
transaction and firewall log files.
· Describe the purpose and function of encryption, as it relates
to files and databases and other information assets on the
organization's networks.
Scope
Methodology
Data
· Share and relate the data from evaluating the strength of
passwords used by employees (password cracking tools –
ophcrack and Cain/Abel -test data –project lab1), run scans
using security and vulnerability assessment analysis tools such
as MBSA, OpenVAS, (data from project lab2) Nmap, or
NESSUS (proj lab 3 attached), network traffic sampled and
scanned using Wireshark (proj lab 3 attached) on either the
Linux or Windows systems. Wireshark allows you to inspect all
OSI Layers of traffic information.
READ NOTES about other network security tools and relate
their use at your organization
· Network Mapper (Nmap) is a security scanner that is used to
discover hosts and services on a computer network. Based on
network conditions, it sends out packets with specific
information to the target host device and then evaluates the
responses. Thus, it creates a graphical network map illustration.
33. · Nessus is a UNIX vulnerability assessment tool. It was a free
and open-source vulnerability scanner until 2005. Nessus'
features include remote and local security checks, client/server
architecture with a GTK graphical interface, and an embedded
scripting language for plugins.
· Netcat is a feature-rich network debugging and exploration
tool. It is designed to be a reliable back-end tool for other
programs. It reads and writes data across TCP and UDP network
connections.
· GFI LanGuard is an all-in-one package. It is a network
security and vulnerability scanner that helps to scan for, detect,
assess, and correct problems on the network.
· Snort is a free and open-source responsive IDS. It performs
real-time traffic analysis and packet logging on IP networks.
The program can also be used to detect probes and attacks.
Snort can be configured in three main modes—sniffer, packet
logger, and network intrusion detector. In the sniffer mode, it
reads network packets. In the packet logger mode, it logs the
packets onto a disk; and in the network intrusion detector mode,
it logs traffic. In this mode, it also analyzes the traffic against a
set of rules and acts accordingly.
· Fport is a free tool that scans the system and maintains a
record of the ports that are being opened by various programs.
System administrators can examine the Fport record to find out
if there are any alien programs that could cause damage. Any
nonstandard port, typically opened up by a virus or Trojan,
serves as an indicator of system compromise.
· PortPeeker is a freeware security tool used for capturing
network traffic using TCP, UDP, or Internet Control Message
Protocol (ICMP).
· SuperScan is a tool used to evaluate a computer's security. It
can be used to test for unauthorized open ports on the network.
Hackers also use this tool to check for insecure ports in order to
gain access to a system. SuperScan helps to identify open ports
and the services running on them. It also runs queries such as
34. Whois and ping.
End of reading
Results
Network Security Issues:
· Provide an analysis of the strength of passwords used by the
employees in your organization, emphasizing weak and
vulnerable passwords as a security issue for your organization.
(from the use of password cracking tools to crack weak and
vulnerable passwords – proj lab 1)
·
Findings
Reflect any weaknesses found in the network and information
system diagrams previously created and the security issues the
following may cause:
· Some critical security practices, such as lack of diligence to
security controls and
· lack of management of changes to the information systems
infrastructure were cited as contributors to the massive data
breach in the OPM Office of the Inspector General's
(OIG) Final Audit Report, which can be found in open source
searches. (research and cite)
· weak authentication mechanisms;
· lack of a plan for life-cycle management of the information
systems;
· lack of a configuration management and change management
plan;
· lack of inventory of systems, servers, databases, and network
devices;
· lack of mature vulnerability scanning tools;
· lack of valid authorizations for many systems, and
· lack of plans of action to remedy the findings of previous
audits.(POAM)
· determine the role of firewalls and encryption, and auditing –
RDBMS that could assist in protecting information and
35. monitoring the confidentiality, integrity, and availability of the
information in the information systems.
· In the previously created Wireshark files,(see proj lab 3
attached) identify if any databases had been accessed. What are
the IP addresses associated with that activity?
· Provide analyses of the scans and any recommendation for
remediation, if needed.
· Identify any suspicious activity and formulate the steps in an
incidence response that could have been, or should be, enacted.
· Include the responsible parties that would provide that
incidence response and any follow-up activity. Include this in
the SAR. Please note that some scanning tools are designed to
be undetectable.
· While running the scan and observing network activity with
Wireshark, attempt to determine the detection of the scan in
progress. If you cannot identify the scan as it is occurring,
indicate this in your SAR.
Product I bought starts from here
36. INTRODUCTION
OPERATING SYSTEMS
This is an interface that sits between a user and hardware
resources. Basically it is a software that has among others the
following modules: File management modules, memory
management module, process management modules , input and
output and control module and peripheral device control
modules. This description applies to all operating systems.
ROLE OF USERS.
In order to appreciate the role of users it must be recognized
that an operating system provides users the services to execute
the programs in a convenient way .So the operating system
interacts by users when the users play the roles of asking the
operating system to do each of the following:
Role of direct program execution using threads and Parallel
programming routines.
Role of I/O operation request by writing to external devices and
reading from the same.
Role of File system manipulation by creating directories.
Role of requesting communication by stopping some running
processes or issuing interrupts and signals
Role of requesting program verification by getting error
detection and flagging of errors especially by parsers and
debuggers and compilers which are part of the operating
systems.
Role of protection especially by using locks for drives or
documents so that unauthorized personnel may not access the
the resources for malicious use.
Role of resource allocation where a programming uses system
calls to do some routines instead of programming his own and
these routines operate in critical regions to avoid deadlock and
starvation issues. Furthermore users get interactivity with
operating systems which is defined as the ability of users to
interact with a computer through each of the following:
Providing an interface to interact with the system. Secondly
37. managing input devices that takes from the user such as
keyboard and managing outputs to the user. Multitasking is also
another feature that allows users to interact with the system. In
Multitasking is enabled by threads and Symmetric
multiprocessing (SMP).The role of schedulers can’t be ignored
in multitasking and the Operating system Handles multitasking
in the way it can handle operations in a time slice.
KERNEL AND OPERATING SYSTEM APPLICATIONS
The kernel is the core of the operating system and executes such
privileged instructions over the management of the following
resources:
· Memory Management: Which algorithms avoids memory leak
and buffer overflow attacks and allow shadow paging and using
virtual pages and pointers efficiently?
· Processor Management: Which strategies when applied reduce
idle time and avoids starvation and deadlock over processor
time for competing resources?
· Device Management: Which techniques reduce disk access
times, disk seek times, disk write and disk read for internal
head disk drives and external storage. How do routines respond
to beeps, alarms, keypress,enter and other keyboard commands.
File Management: Which is the most efficient structures for file
system to minimize search times and also increase performance
even when in distributed environments?
Security regards and concerns: How can passwords and other
techniques be integrated to improve overall system vulnerability
to protect data, information and resources? .
Control towards the system performance: How do the OS
regulate delays between request for a service and response
from the requested entity.
Jobs and processes accounting: How do we know the times and
resources each user wanted so as to form models that can be
used for learning and estimating resources requirements.
Coordination among softwares as well as among users :How do
the communication take place between compilers .assemblers,
38. debuggers ,linkers, loaders and interpreters about which
component is using which resource and system users.
TYPES OF OPERATING SYSTEMS
· Batch operating system: There is lack of direct interaction
between the user and the computer so the user prepares his job
on punch cards and gives it to computer operator much like
calling customer care centre nowadays. To increase processing
batches of jobs are prepared meaning they have similar
processing cycle and runt at one time. It was the initial
generation of computing system.:
Time-sharing operating systems: This second generation OS
mostly in Unix/Linux allows many people located at various
terminals to use a particular computer at the same time.
Processor’s time is shared among multiple users simultaneously
so the use of the term timesharing is allowed. In such
distributed computing environments, Processors are connected
and they use message passing systems to communicate and
because of conditions such as global starvation and global
deadlocks, additional layer of software called middleware is
used and use of cohorts and elect ions algorithms justified.
A real-time system :
A real time system is defined as a data processing system in
which time intervals required to process and respond to in a
particular input is so small such that it controls the rest of the
environment. Theses systems are called real time because an
input is processed against the clock and response given within
restricted time. Systems such as temperature regulating systems
and air traffic control are real time as work goes as per the
clock.
VULNERABILITIES.
A vulnerability is a weaknesses in the design or operation of a
system that can be used by a threat or else a threat agent with
the consequences of causing undesirable impact especially in
the areas of computer information confidentiality ,data and
information integrity or service availability. This could also be
39. a phenomenon created by errors in configuration which makes
your current network or hosts on your computer network be
exposed to malicious attacks from either local or remote users.
Vulnerability attacks affect the following important subsystems
in a system:
Firewalls in a VLAN or WAN.See diagram for these in DMZ
diagram included .
Application servers in networked system architectures. See
diagram for these in DMZ diagram included.
Web servers in networked system architectures. See diagram for
these in DMZ diagram included.
Operating systems discussed in chapter one .
Fire suppression systems .In the diagram below which includes
the architecture I have discussed and investigated on .the
internet is supplied from ISP(Internet Service Provider)with the
icon of a cloud. This creates the WAN(Wide Area Network
)component mentioned previously .
The firewall separates the backend of the WAN architecture
from End and is the Orange Book –In-The-Shelf icon Depicting
library arrangement. Beneath the firewall is the switch
appearing as a box with slots for determining in which segment
of sub network a packet belongs to. Similar symbols will
indicate such switching and forwarding services.
The devices with the network addresses appended are the
routers for determining the shortest route a packet should be
placed on so as to reach destination. The DMZ is acronym for
demilitarized zone in a network.
The computers which individuals use are the bottom nodes of
the structures. This structure is a non-binary tree structure and
at each level we can identify the services being done like
securing connections and sessions as per TCP/IP protocols,
routing as per TCP/IP protocols, switching and forwarding as
per TCP/IP protocols and encapsulation as well as encoding and
decoding of packet data and packet formats as per TCP/IP
protocols.
Level I of the tree: Connections and connectionless services
40. integrated with Encoding and Encapsulation-Creating sessions
and connections by incorporated transaction monitors.
Level 2 of the tree: Routing services.-Use of routing algorithms
like OSPF.
Level 3 of the tree: Switching and forwarding services. Use of
address (MAC ) tables .
Level 4 of the tree: De-encapsulation and decoding services-
The presentation layer.
Physical layer and data link layer are covered in transport media
Cables in the diagram.
WINDOWS VULNERABILITY.
A threat is a force that is adversarial that directly can cause
harm to availability, integrity or confidentiality of a computer
information system including all the subsystems .A threat agent
is an element that provides delivery mechanisms for a threat
while an entity that initiates the launch of a threat is referred to
as a threat actor.
Threat actors are normally made more active through forces of
too much curiosity, or huge monetary gain without work or a
big political leverage or any form of social activism and lastly
by revenge. .
Windows vulnerabilities summarized:
Audit compromise: Reported in Windows 8, Internal procedures
were not followed in generating audited results so a compromise
was programmed at Bells Lab.
Logic bomb:Planted at the National institute for Carnegie
research on Windows 1998 and discovered by programmers, for
source see references
Communication failure: Occurred on a hacked distributed air
system for FAA (FEDERAL AVIATION AUTHORITIES) and
reported to Microsoft databases also happened with NASA, for
source see references.
Cyber brute force: Reported in windows 2000 in Stanford
Laboratories with brute force attack on encrypted message. This
is trying all possible combination of passwords, for source see
41. references.
Cyber disclosure: Reported in windows 8 in which Microsoft
databases reported complaints about Hacked Dept of State for
Immigration Services, for source see references.
INTRUSION METHODS IN WINDOWS:
Stealth port scans: This is an advanced technique in intrusion
when port scanning Can’t be detected by auditing tools.
Normally, by observing frequent attempts to connect, in which
no data is available , detecting intrusion is easy. In stealth port
scans, ports scan are done at a very low rate such that it is hard
for auditing tools to identify connections requests or malicious
attempt to intrude into computer systems. Occurred on a hacked
distributed Military control system for DOD and reported to
Microsoft databases also happened with NASA.
CGI attacks: Common gateway interface is an interface between
client side computing and server side computing. Cyber
criminals who are good programmers can break into computer
systems even without the usual login capabilities .They just
bypass this. : Reported in windows XP in which Microsoft
databases reported complaints about Hacked Department of
NSA for Security Services.
SMB probes: A server message block works as an application
layer protocol that functions by providing permissions to files,
ports, processes and so on. A probe into SMB can check for
shared entities that are available on the systems. If a
cybercriminal uses an SMB Probe ,he can detect which files or
ports are shared on the system. Cyber brute force: Reported in
windows 10 in Carnegie Research laboratories with brute force
attack on encrypted message. This is trying all possible
combination of passwords.
LINUX VULNERABILITY ATTACKS
A threat actor might purposefully launch a threat using an agent
.A threat actor could be for instance be a trusted employee who
42. commits an unintentional human error like a Trusted employee
who clicks on an email designed to be a phishing email then the
email downloads a malware.
Scavenging: Reported in Variant of UNIX in which company
databases reported complaints about Oracle security files, for
source see references.
Software Tampering: Reported in Ubuntu .Internal command
controls overtasked to work differently in a Publishing firm in
UK, for source see references.
Theft: Planned at the National institute for Carnegie research
and hard disks stolen by programmers, for source see references
Time and state: Occurred on a hacked distributed medical
dosage injection system in Maldives a race condition occurred,
for source see references
Transportation accidents: Reported in KALI Linux in MIT
when some computers in transportation were damaged for
source see references.
LINUX INTRUSION DETECTION:
OS fingerprinting attempts:In OS finger printing, the OS
details of a target computer are looked after and the attacker
goes for the same. Information looked after includes the vendor
name,underlying OS,OS generation device type and such.
Occurred on a hacked distributed Airport clearance system in
Panama , for source see references.
Buffer overflows: In buffer overflow attacks, the inputs
provided to a program overruns the buffer’s capacity and spills
over to overwrite data stored at neighbouring memory locations.
Reported in Ubuntu .Program routines overflowed buffer
memory by design in a Cargo clearance firm in France, for
source see references.
Covert port scans: This is an advanced technique in intrusion
when port scanning Can’t be detected by auditing tools.
Normally, by observing frequent attempts to connect, in which
no data is available, detecting intrusion is easy. In stealth port
scans, ports scan are done at a very low rate such that it is hard
for auditing tools to identify connections requests or malicious
43. attempt to intrude into computer systems. Occurred on a hacked
distributed Guests control system for US Embassy in Russia,
for source see references.
CGI attacks: Common gateway interface is an interface between
client side computing and server side computing. Cyber
criminals who are good programmers can break into computer
systems even without the usual login capabilities .They just
bypass this. : Reported in Variant of Ubuntu in which
databases reported complaints about Hacked Credit cards
systems for Payment Services, for source see references.
MAC VULNERABILITY ATTACKS
Equipment failure: Reported in MAC OS in which MAC ‘S
databases reported complaints about IPhone malfunctioning , for
source see references.
Hardware Tampering: Reported in MAC Tablets .Internal
design procedures were not followed in manufacturing the apple
devices, for source see references.
Malicious Softwares: Discovered at the Payroll system using
MAC system by programmers in department of labour, for
source see references
Phishing attacks: Occurred on a hacked distributed National
Data Services system and reported to company .Done by rogue
employees.
Resource exhaustion: Reported in apple IPHONE 7 in which
databases reported complaints about Hacked Dept of Taxation
Services, for source see references.
MOBILE DEVICES VULNERABILITY ATTACKS
Date Entry Error: Reported in windows 7 devices in which
Microsoft mobile databases reported complaints about illegal
login for Department of social welfare, for source see
references.
Denial of Service: Reported in Windows 8 phones .Internal
routines overloaded in MIT’S MOBILE Lab, for source see
references.
44. Earthquake: Hurricanes and earthquakes in China and Japan
destroy tablets at home and in office, for source see references.
Espionage: Occurred on a hacked facial recognition system for
FBI and reported to Android databases , for source see
references.
Floods: Reported in parts of South America and Central Asia
flooding homes and destroying mobile devices .Control
Analysis
The objective of risks control analysis is to assess the status of
the management ‘s operational ,managerial and technical
capabilities in the security system which may be either
preventive or detective in nature. Assessment of this form is
required in order to assess the likelihood that the identified
vulnerabilities could be exploited and the impact that such
exploitation could have on the organization security strength.
The impact of a threat event could be described in terms of
mission impact that occur because of loss of data or compromise
.Mission impact could be degraded if data integrity, data
availability and data confidentiality are compromised.Risk
Level Determination
The guidelines in NIST SP 800-30 stipulate the risk ratings as a
mathematical function of the likelihood and of impact. These
values are calculated in the table drawn below using probability
scale as decimal values.
RISK MITIGATION.
When the risks have all been identified and risk levels
determined, recommendations or countermeasures are drawn to
mitigate or eliminate the risks .The goal is to reduce the risk to
an acceptable level as considered by management just before
system accreditation can be granted. The countermeasures draw
their arguments from the following authoritative sources.
The effectiveness of the recommended options like system
compatibility.
Legislation and regulations in place
The strength of organization policy
45. Overall Operational impact
Safety and reliability of the system in consideration.
A sample table to be filled for the mitigation plan is outlined
below.
ACCEPTABLE RISKS.
According to the observations listed in the discussion section of
this research paper,11 vulnerabilities were regarded as having
low risk ratings,15 as having moderate risk rating and 7 as
having a high risk rating .This observations leads us to comment
that the overall level of risk for the organization is Moderate.
Among the 33 total number of vulnerabilities identified, 49 %
are considered unacceptable because serious harm could result
with the consequence of affecting the operations of the
organization. Therefore immediate mandatory countermeasures
needs to be implemented so as to mitigate the risk brought about
by these threats and resources should be made available so as to
reduce the risk level to acceptable level.
Of the identified vulnerabilities 51% are considered acceptable
to the system because only minor problems may result from
these risks and recommended countermeasures have also been
provided to be implemented so as to reduce or eliminate risks.
PURPOSE
The purpose of this security assessment report is to evaluate
the adequacy of the Amazon corporation’s security. This
security assessment report provides a structured but
qualitative assessment of the operational environment for
Amazon corporation’s . It addresses issues of
svulnerabilities, threats analysis , Firewalls aqnd encryption ,
risks remediation and safeguards applied in Amazon
corporation’s . The report and the assessment recommends use
of cost-effective safeguards in order to mitigate threats as well
as the associated exploitable vulnerabilities in Amazon
corporation’s.
ORGANISATION
46. The Amazon corporation’s system environment is run as a
distributed client and server environment consisting of a
Microsoft Structured Query Language -SQL database built with
Powerful programming code. The Amazon corporation
contains SQL data files, Python application code, and
executable Java and Javascripts. The SQL production data
files, documented as consisting of SQL stored procedures and
SQL tables, reside on a CLOUD storage area network attached
to a HP server running on Windows XP and MS SQL 2000
operating systems. The Python application code resides on a
different IBM server running on KALI LINUX . Both servers
are housed in the main office Building 233 Data Center at the
CDC Clifton Road campus in Atlanta, GA.
The The Amazon corporation’s executables reside on a
fileserver running Windows 2000 and KALI LINUX or
occasaionally a local workstation iis installed depending upon
the loads and jobs Requirements..
SCOPE
The scope of this project includes the carrying out of the nine
steps outlined in the project namely.
· Conducting independent research on organization structure
and identifying the boundaries that seperate the inner network
from outside network in Amazon Corporation.
· Describing threats to the Amazon Corporation whose
background is detailed above.
· A review of the information on TCP/IP especially identifying
security in communications and data transport in Amazon
Corporation.
· An analysis of the strength of passwords used in by
employees in Amazon corporation
· Determining the role of firewalls and encryption as well as
auditing that affects integrity, confidentiality and availability
in Amazon Corporation.
· Determining the various threats known to the Amazon’s
network architecture and IT assets.
47. · Providing an analysis of the scans and the recommendations
for remediation if needed in Amazon as well as designing and
formulating steps in an incidence response that should be in
place in Amazon Corporation.
METHODOLOGY
In order to successfully carry out the security assessment, I
used the resources provided in for CLAB 699 Cyber Computing
Lab workspace which is a collection of automated Security scan
tools and network analyzers. The use of automated methodology
proved efficient for the project since dialog boxes communicate
with the experimenter and navigation tools aid in browsing
various categories of services that can be automated.
These tools run various scans are designed to scan and report on
the appropriateness of the following security concerns
especially in Amazon. Security of Software and hardware
components, Security of firmware components, Security of
governance policies and and effectiveness and implementation
of security c Security of firmware components controls. The
automated monitoring and the automated assessment of the
computer infrastructure and its components, its policies, and its
processes should also account for changes made to security
system.
In using the automated tools in CLAB 699 Cyber Computing
Lab the following security vulnerabilities were looked for using
each of the MBSA tools, OpenVMS tools , Nmap tools , or
NESSUS tools in CLAB 699 Cyber Computing Lab.
SECURITY AREAS LEADING TO DISCOVERY OF
VULNERABILITIES BEING ADDRESSED WHILE
SCANNING WINDOWS USING MBSA AND LINUX USING
OpenVMS.
Whether the Amazon ever been compromised internally or
externally as in CLAB 699 Cyber Computing Lab screenshots 3
Listing of all IP address blocks and domain names registered to
48. Amazon as in CLAB 699 Cyber Computing Lab screen shots 3
Whether the Amazon uses a local firewall, a local intrusion
detection system and a local intrusion prevention system as in
CLAB 699 Cyber Computing Lab screen shots 2 and 3.
Whether Amazon uses a host based or network based IDS or a
combination of both as in in CLAB 699 Cyber Computing Lab
screen shots 2.
Whether the Amazon uses DMZ networks and whether it uses
remote access services and what type as in CLAB 699 Cyber
Computing Lab screen shots 3.
Whether Amazon uses site to site virtual private network
tunnels and modems for connections.
What antivirus application do you use and is it standalone or
managed client server architecture as in CLAB 699 Cyber
Computing Lab screen shots 2.
SECURITY AREAS LEADING TO DISCOVERY OF
VULNERABILITIES BEING ADDRESSED WHILE
SCANNING NETWORK USING WIRESHARK.
What services does Amazon expose to the internet like web
database FTP, SSH?
What type of authentication do you use for web services e.g.
pubcookies, windows integrated or http access.
DATA
The following are the results generated using wire shark as in
CLAB 699 Cyber Computing Lab .The above vulnerabilities are
investigated
And any suspicious activity in the network flagged accordingly
as highlighted in the screen shots 3.
The vulnerabilities being investigated in this project include the
following, remotely exploitable vulnerabilities; patch level
vulnerabilities; unnecessary services; weakness of encryption
and weakness of authentication.
The following are the results generated using wire shark as in
CLAB 699 Cyber Computing Lab .The above vulnerabilities are
investigated
49. From the screen shots obtained from screen shots 3 it enables
the analyst to answer the question of whether patching is up to
date; whether unnecessary services are running and whether
antivirus and malware are up to date.
A look at the data in Amazon clearly indicates that the
vulnerabilities include but not limited to the following
:Remotely exploitable vulnerabilities; patch level
vulnerabilities; unnecessary services; weakness of encryption
and weakness of authentication ;access right vulnerabilities and
vulnerabilities from failing to use best practices.
Consequently the following kind of threat was identified as
likely to have been carried in Amazon corporation’s network
infrastructure :
IP address spoofing/cache poisoning attacks related to patch
level vulnerabilities
Denial of service attacks (DoS) related to remotely exploitable
vulnerabilities
Packet analysis/sniffing related to vulnerabilities from
failing to use best practices.
Session hijacking attacks related to weakness of authentication
Distributed denial of service attacks related to weakness of
encryption
In using RDBMS Amazon corporation has had instances of
SQL Injection affecting database transactions mechanisms in
RDBMS.
· Cross Site Scripting affecting database transactions
mechanisms in RDBMS.
· Cross Site Request Forgery affecting access control
mechanisms in RDBMS.
· Improper data sanitization affecting access control
mechanisms in RDBMS
· Buffer overflows attacks affecting firewall log file
mechanisms.
RESULTS
When the results of the Amazons’ security assessment report
were provided to the Remediation committee, the committee’s
50. initial activity was to review and prioritize each weakness
identified for Amazon Corporation. The committee then
identified and disclosed vulnerabilities which did apply to
Amazon corporation as it is configured and hosted by the
CISCO Infrastructure. The justification for disclosing these
findings is documented in the system’s remediation spreadsheet.
With the support of the System stakeholders in Amazon, the
database and system administrators in Amazon, and application
support staff in Amazon, a Corrective Action Plan was
developed to identify findings that could otherwise be corrected
immediately and then to schedule the remaining findings with
an appropriate Plan of Action and Milestones
(POA&M)designed for Amazon corporation. There are three
stages of remediation.
Stage 1: Comprehensive analysis of the reported weaknesses
Stage 2: Generation of a comprehensive corrective Action Plan
to address each weakness
Stage 3: Disclosure of findings and creation of (POA&M) for
remaining items of risk
High risk findings were identified for immediate correction.
Immediate correction of moderate risk findings is preferred by
stakeholders, but near term scheduling was accepted for funding
or complex implementation issues. Because of the minimal
impact of Low vulnerabilities, the remediation team prioritized
each of these vulnerabilities in coordination with the
appropriate stakeholders and identified and scheduled
remediation activities as part of routine system maintenance.
For those findings in this Amazon report that required a more
complex corrective action, the stakeholders, and System
Administrators collaborated in the development of a CAP and
POA&M.
The Amazon system’s RAR and SSP were updated to reflect the
weaknesses that were remediated prior to the presentation of the
final Certification and Accreditation package to the
Accrediting authority. The remediation team continues to track
and report on the status of correction activities for the POA&M
51. items on a periodic basis after the presentation of the final C&A
package to the AO.
FINDINGS
The following is an action plan adopted by Amazon Corporation
.This is because non conforming Controls were identified during
the project in Amazon. AS technology continues to change the
specific non conforming controls in Amazon requires to be
reevaluated as detailed below in the conclusions section of this
report.
False positives must be identified within the SAR along with
the supporting clean scan report that does not have to be
identified in the (POA AND M).
Each item on the proposed POA &M should have a unique
identifier matched with a finding in SAR.
All high and critical risk findings must be remediated prior to
receiving a provisional authorization.
Moderate findings shall have a mitigation date within 90 days
of provisional authorization date
CONCLUSIONS AND RECOMEDATIONS
This Risk Assessment report for the organization identifies risks
of the operations especially in those domains which fails to
meet the minimum requirements and for which appropriate
countermeasures have yet to be implemented. The RAR also
determines the Probability of occurrence and issues
countermeasures aimed at mitigating the identified risks in an
endeavor to provide an appropriate level-of-protection and to
satisfy all the minimum requirements imposed on the
organization’s policy document.
The system security policy requirements are satisfied now with
the exception of those specific areas identified in this report.
The countermeasure recommended in this report adds to the
52. additional security controls needed to meet policies and to
effectively manage the security risk to the organization and its
operating environment. Finally, the Certification Official and
the Authorizing Officials must determine whether the totality of
the protection mechanisms approximate a sufficient level of
security, and/or are adequate for the protection of this system
and its resources and information. The Risk Assessment Results
supplies critical information and should be carefully reviewed
by the AO prior to making a final accreditation decision.
.
References
National Institute of Standards and Technology (NIST) (2014).
Assessing security and privacy
controls in federal information systems and organizations.
NIST Special Publication 800-53A Revision 4. Retrieved from
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-53Ar4.pdf
National Institute of Standards and Technology (NIST) (2010).
Guide for applying the risk
management framework to federal information systems. NIST
Special Publication 800-37 Revision 1. Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
53. .
Vetting the Security of Mobile Applications by Steve
Quirolgico, Jeffrey Voas, Tom Karygiannis,
Christoph Michael, and Karen Scarfone comprises public
domain material from the National Institute of
Standards and Technology, U.S. Department of Commerce.
Vetting the Security of
Mobile Applications
Steve Quirolgico
Jeffrey Voas
Tom Karygiannis
Christoph Michael
Karen Scarfone
This publication is available free of charge from:
http://dx.doi.org/10.6028/NIST.SP.800-163
C O M P U T E R S E C U R I T Y
54. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-163.pdf
Vetting the Security of Mobile Applications by Steve
Quirolgico, Jeffrey Voas, Tom Karygiannis,
Christoph Michael, and Karen Scarfone comprises public
domain material from the National Institute of
Standards and Technology, U.S. Department of Commerce.
Vetting the Security of
Mobile Applications
Steve Quirolgico, Jeffrey Voas, Tom Karygiannis
Computer Security Division
Information Technology Laboratory
55. Christoph Michael
Leidos
Reston, VA
Karen Scarfone
Scarfone Cybersecurity
Clifton, VA
This publication is available free of charge from:
http://dx.doi.org/10.6028/NIST.SP.800-163
January 2015
56. U.S. Department of Commerce
Penny Pritzker, Secretary
National Institute of Standards and Technology
Willie May, Acting Under Secretary of Commerce for Standards
and Technology and Acting Director
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-163.pdf
Authority
This publication has been developed by NIST in accordance
with its statutory responsibilities under the
Federal Information Security Management Act of 2002
(FISMA), 44 U.S.C. § 3541 et seq., Public Law
107-347. NIST is responsible for developing information
security standards and guidelines, including
minimum requirements for federal information systems, but
such standards and guidelines shall not apply
to national security systems without the express approval of
appropriate federal officials exercising policy
authority over such systems. This guideline is consistent
with the requirements of the Office of
Management and Budget (OMB) Circular A-130, Section 8b(3),
Securing Agency Information Systems, as
analyzed in Circular A-130, Appendix IV: Analysis of Key
Sections. Supplemental information is
57. provided in Circular A-130, Appendix III, Security of Federal
Automated Information Resources.
Nothing in this publication should be taken to contradict the
standards and guidelines made mandatory
and binding on federal agencies by the Secretary of Commerce
under statutory authority. Nor should
these guidelines be interpreted as altering or superseding the
existing authorities of the Secretary of
Commerce, Director of the OMB, or any other federal official.
This publication may be used by
nongovernmental organizations on a voluntary basis and is not
subject to copyright in the United States.
Attribution would, however, be appreciated by NIST.
National Institute of Standards and Technology Special
Publication 800-163
Natl. Inst. Stand. Technol. Spec. Publ. 800-163, 44 pages
(January 2015)
CODEN: NSPUE2
This publication is available free of charge from:
http://dx.doi.org/10.6028/NIST.SP.800-163
Certain commercial entities, equipment, or materials may be
identified in this document in order to describe an
experimental procedure or concept adequately. Such
identification is not intended to imply recommendation or
endorsement by NIST, nor is it intended to imply that the
58. entities, materials, or equipment are necessarily the best
available for the purpose.
There may be references in this publication to other
publications currently under development by NIST in
accordance with its assigned statutory responsibilities. The
information in this publication, including concepts and
methodologies, may be used by federal agencies even before the
completion of such companion publications. Thus,
until each publication is completed, current requirements,
guidelines, and procedures, where they exist, remain
operative. For planning and transition purposes, federal
agencies may wish to closely follow the development of
these new publications by NIST.
Organizations are encouraged to review all draft publications
during public comment periods and provide feedback
to NIST. All NIST Computer Security Division publications,
other than the ones noted above, are available at
http://csrc.nist.gov/publications.
Comments on this publication may be submitted to:
National Institute of Standards and Technology
Attn: Computer Security Division, Information Technology
Laboratory
100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-
8930
[email protected]
ii
59. Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National
Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by
providing technical leadership for the Nation’s
measurement and standards infrastructure. ITL develops tests,
test methods, reference data, proof of
concept implementations, and technical analyses to advance the
development and productive use of
information technology. ITL’s responsibilities include the
development of management, administrative,
technical, and physical standards and guidelines for the cost-
effective security and privacy of other than
national security-related information in federal information
systems. The Special Publication 800-series
reports on ITL’s research, guidelines, and outreach efforts in
information system security, and its
collaborative activities with industry, government, and
academic organizations.
Abstract
The purpose of this document is to help organizations (1)
understand the process for vetting the security
of mobile applications, (2) plan for the implementation of an
app vetting process, (3) develop app security
requirements, (4) understand the types of app vulnerabilities
and the testing methods used to detect those
vulnerabilities, and (5) determine if an app is acceptable for
deployment on the organization's mobile
devices.
60. Keywords
app vetting; apps; malware; mobile devices; security
requirements; security vetting; smartphones;
software assurance; software security; software testing;
software vetting
Acknowledgments
Special thanks to the National Security Agency’s Center for
Assured Software for providing Appendices
B and C which describe Android and iOS app vulnerabilities.
Also, thanks to all the organizations and
individuals who made contributions to the publication including
Robert Martin of The MITRE
Corporation, Paul Black and Irena Bojanova of NIST, the
Department of Homeland Security (DHS), and
the Department of Justice (DOJ). Finally, special thanks to the
Defense Advanced Research Projects
Agency (DARPA) Transformative Applications (TransApps)
program for funding NIST research in
mobile app security vetting.
Trademarks
All registered trademarks belong to their respective
organizations.
3
61. Table of Contents
1 Introduction
...............................................................................................
....................... 1
1.1 Traditional vs. Mobile Application Security Issues
.....................................................1
1.2 App Vetting Basics
...............................................................................................
.....2
1.3 Purpose and Scope
...............................................................................................
....3
1.4 Audience
...............................................................................................
....................3
1.5 Document Structure
...............................................................................................
...4
2 App Vetting Process
...............................................................................................
66. Appendix E— Acronyms and
Abbreviations.........................................................................
33
Appendix F—
References..............................................................................
.........................34
List of Figures and Tables
Figure 1. An app vetting process and its related actors.
...................................................... 6
Figure 2. Organizational app security requirements.
............................................................ 8
Table 1. Android Vulnerabilities, A Level
..............................................................................26
Table 2. Android Vulnerabilities by
Level..............................................................................27
Table 3. iOS Vulnerability Descriptions, A Level
67. ..................................................................29
Table 4. iOS Vulnerabilities by Level
.....................................................................................30
5
Executive Summary
Recently, organizations have begun to deploy mobile
applications (or apps) to facilitate their business
processes. Such apps have increased productivity by providing
an unprecedented level of connectivity
between employees, vendors, and customers, real-time
information sharing, unrestricted mobility, and
improved functionality. Despite the benefits of mobile apps,
however, the use of apps can potentially lead
to serious security issues. This is so because, like traditional
enterprise applications, apps may contain
software vulnerabilities that are susceptible to attack. Such
vulnerabilities may be exploited by an attacker
to gain unauthorized access to an organization’s information
technology resources or the user’s personal
data.
To help mitigate the risks associated with app vulnerabilities,
organizations should develop security
requirements that specify, for example, how data used by an app
should be secured, the environment in
which an app will be deployed, and the acceptable level of risk
68. for an app. To help ensure that an app
conforms to such requirements, a process for evaluating the
security of apps should be performed. We
refer to this process as an app vetting process. An app vetting
process is a sequence of activities that aims
to determine if an app conforms to an organization’s security
requirements. An app vetting process
comprises two main activities: app testing and app
approval/rejection. The app testing activity involves
the testing of an app for software vulnerabilities by services,
tools, and humans to derive vulnerability
reports and risk assessments. The app approval/rejection
activity involves the evaluation of these reports
and risk assessments, along with additional criteria, to
determine the app's conformance with
organizational security requirements and ultimately, the
approval or rejection of the app for deployment
on the organization's mobile devices.
Before using an app vetting process, an organization must first
plan for its implementation. To facilitate
the planning of an app vetting process implementation, this
document:
-sensitive requirements that
make up an organization's app security
requirements.
es a questionnaire for identifying the security needs
and expectations of an organization that
are necessary to develop the organization's app security
requirements.
69. With respect to the app testing activity of an app vetting
process, this document describes:
files during testing.
unauthorized functionality, protecting
sensitive data, and securing app code dependencies.
code vs. binary code, static vs. dynamic
analysis, and automated tools for testing apps.
of test
results.
With respect to the app approval/rejection activity of an app
vetting process, this document describes:
-specific vetting criteria that may be used to help
determine an app's conformance to
context-sensitive security requirements.
6
NIST SP 800-163 Vetting the Security of Mobile Applications
70. 1 Introduction
When deploying a new technology, an organization should be
aware of the potential security impact it
may have on the organization’s IT resources, data, and users.
While new technologies may offer the
promise of productivity gains and new capabilities, they may
also present new risks. Thus, it is important
for an organization’s IT professionals and users to be fully
aware of these risks and either develop plans
to mitigate them or accept their consequences.
Recently, there has been a paradigm shift where organizations
have begun to deploy new mobile
technologies to facilitate their business processes. Such
technologies have increased productivity by
providing (1) an unprecedented level of connectivity between
employees, vendors, and customers; (2)
real-time information sharing; (3) unrestricted mobility; and (4)
improved functionality. These mobile
technologies comprise mobile devices (e.g., smartphones and
tablets) and related mobile applications (or
apps) that provide mission-specific capabilities needed by users
to perform their duties within the
organization (e.g., sales, distribution, and marketing). Despite
the benefits of mobile apps, however, the
use of apps can potentially lead to serious security risks. This is
so because, like traditional enterprise
applications, apps may contain software vulnerabilities that are
susceptible to attack. Such vulnerabilities
may be exploited by an attacker to steal information or control a
user's device.
71. To help mitigate the risks associated with software
vulnerabilities, organizations should employ software
assurance processes. Software assurance refers to “the level of
confidence that software is free from
vulnerabilities, either intentionally designed into the software
or accidentally inserted at any time during
its life cycle, and that the software functions in the intended
manner” [1]. The software assurance process
includes “the planned and systematic set of activities that
ensures that software processes and products
conform to requirements, standards, and procedures” [2]. A
number of government and industry legacy
software assurance standards exist that are primarily directed at
the process for developing applications
that require a high level of assurance (e.g., space flight,
automotive systems, and critical defense
systems).1 Although considerable progress has been made in the
past decades in the area of software
assurance, and research and development efforts have resulted
in a growing market of software assurance
tools and services, the state of practice for many today still
includes manual activities that are time-
consuming, costly, and difficult to quantify and make
repeatable. The advent of mobile computing adds
new challenges because it does not necessarily support
traditional software assurance techniques.
1.1 Traditional vs. Mobile Application Security Issues
The economic model of the rapidly evolving app marketplace
challenges the traditional software
development process. App developers are attracted by the
opportunities to reach a market of millions of
72. users very quickly. However, such developers may have little
experience building quality software that is
secure and do not have the budgetary resources or motivation to
conduct extensive testing. Rather than
performing comprehensive software tests on their code
before making it available to the public,
developers often release apps that contain functionality flaws
and/or security-relevant weaknesses. That
can leave an app, the user’s device, and the user’s network
vulnerable to exploitation by attackers.
Developers and users of these apps often tolerate buggy,
unreliable, and insecure code in exchange for the
low cost. In addition, app developers typically update their apps
much more frequently than traditional
applications.
1 Examples of these software assurance standards include DO-
178B, Software Considerations in Airborne Systems and
Equipment Certification [3], IEC 61508 Functional Safety of
Electrical/Electronic/Programmable Electronic Safety-related
System [4], and ISO 26262 Road vehicles -- Functional safety
[5].
1
NIST SP 800-163 Vetting the Security of Mobile Applications
Organizations that once spent considerable resources to
develop in-house applications are taking
advantage of inexpensive third-party apps and web services to
improve their organization’s productivity.
Increasingly, business processes are conducted on mobile
73. devices. This contrasts with the traditional
information infrastructure where the average employee uses
only a handful of applications and web-based
enterprise databases. Mobile devices provide access to
potentially millions of apps for a user to choose
from. This trend challenges the traditional mechanisms of
enterprise IT security software where software
exists within a tightly controlled environment and is uniform
throughout the organization.
Another major difference between apps and enterprise
applications is that unlike a desktop computing
system, far more precise and continuous device location
information, physical sensor data, personal health
metrics, and pictures and audio about a user can be exposed
through apps. Apps can sense and store
information including user personally identifiable information
(PII). Although many apps are advertised
as being free to consumers, the hidden cost of these apps may
be selling the user’s profile to marketing
companies or online advertising agencies.
There are also differences between the network capabilities of
traditional computers that enterprise
applications run on and mobile devices that apps run on. Unlike
traditional computers that connect to the
network via Ethernet, mobile devices have access to a
wide variety of network services including
Wireless Fidelity (Wi-Fi), 2G/3G, and 4G/Long Term Evolution
(LTE). This is in addition to short-range
data connectivity provided by services such as Bluetooth and
Near Field Communications (NFC). All of
these mechanisms of data transmission are typically available to
apps that run on a mobile device and can
74. be vectors for remote exploits. Further, mobile devices are not
physically protected to the same extent as
desktop or laptop computers and can therefore allow an attacker
to more easily (physically) acquire a lost
or stolen device.
1.2 App Vetting Basics
To provide software assurance for apps, organizations should
develop security requirements that specify,
for example, how data used by an app should be secured, the
environment in which an app will be
deployed, and the acceptable level of risk for an app (see [6] for
more information). To help ensure that
an app conforms to such requirements, a process for evaluating
the security of apps should be performed.
We refer to this process as an app vetting process. An app
vetting process is a sequence of activities that
aims to determine if an app conforms to the organization’s
security requirements.2 This process is
performed on an app after the app has been developed and
released for distribution but prior to its
deployment on an organization's mobile device. Thus, an app
vetting process is distinguished from
software assurance processes that may occur during the software
development life cycle of an app. Note
that an app vetting process typically involves analysis of an
app’s compiled, binary representation but can
also involve analysis of the app’s source code if it is available.
The software distribution model that has arisen with mobile
computing presents a number of software
assurance challenges, but it also creates opportunities. An app
75. vetting process acknowledges the concept
that someone other than the software vendor is entitled to
evaluate the software’s behavior, allowing
organizations to evaluate software in the context of their own
security policies, planned use, and risk
tolerance. However, distancing a developer from an
organization’s app vetting process can also make
those activities less effective with respect to improving the
secure behavior of the app.
2 The app vetting process can also be used to assess other app
issues including reliability, performance, and accessibility but
is
primarily intended to assess security-related issues.
2
NIST SP 800-163 Vetting the Security of Mobile Applications
App stores may perform app vetting processes to verify
compliance with their own requirements.
However, because each app store has its own unique, and not
always transparent, requirements and
vetting processes, it is necessary to consult current agreements
and documentation for a particular app
store to assess its practices. Organizations should not assume
that an app has been fully vetted and
conforms to their security requirements simply because it is
available through an official app store. Third-
party assessments that carry a moniker of “approved by” or
“certified by” without providing details of
which tests are performed, what the findings were, or how apps
76. are scored or rated, do not provide a
reliable indication of software assurance. These assessments
are also unlikely to take organization-
specific requirements and recommendations into account, such
as federal-specific cryptography
requirements.
Although a “one size fits all” approach to app vetting is not
plausible, the basic findings from one app
vetting effort may be reusable by others. Leveraging another
organization’s findings for an app should be
contemplated to avoid duplicating work and wasting scarce app
vetting resources. With appropriate
standards for scoping, managing, licensing, and recording the
findings from software assurance activities
in consistent ways, app vetting results can be looked at
collectively, and common problems and solutions
may be applicable across the industry or with similar
organizations.
An app vetting process should be included as part of the
organization's overall security strategy. If the
organization has a formal process for establishing and
documenting security requirements, an app vetting
process should be able to import those requirements created by
the process. Bug and incident reports
created by the organization could also be imported by an app
vetting process, as could public advisories
concerning vulnerabilities in commercial and open source apps
and libraries, and conversely, results from
app vetting processes may get stored in the organization’s bug
tracking system.
77. 1.3 Purpose and Scope
The purpose of this document is to help organizations (1)
understand the app vetting process, (2) plan for
the implementation of an app vetting process, (3) develop app
security requirements, (4) understand the
types of app vulnerabilities and the testing methods used to
detect those vulnerabilities, and (5) determine
if an app is acceptable for deployment on the organization's
mobile devices. Ultimately, the acceptance of
an app depends on the organization’s security requirements
which, in turn, depend on the environment in
which the app is deployed, the context in which it will be used,
and the underlying mobile technologies
used to run the app. This document highlights those elements
that are particularly important to be
considered before apps are approved as “fit-for-use.”
Note that this document does not address the security of the
underlying mobile platform and operating
system, which are addressed in other publications [6, 7, 8].
While these are important characteristics for
organizations to understand and consider in selecting mobile
devices, this document is focused on how to
vet apps after the choice of platform has been made. Similarly,
discussion surrounding the security of web
services used to support back-end processing for apps is out of
scope for this document.
1.4 Audience
This document is intended for organizations that plan to
78. implement an app vetting process or leverage
existing app vetting results from other organizations. It is also
intended for developers that are interested
in understanding the types of software vulnerabilities that may
arise in their apps during the app’s
software development life cycle.
3
NIST SP 800-163 Vetting the Security of Mobile Applications
1.5 Document Structure
The remainder of this document is organized into the following
sections and appendices:
including recommendations for planning the
implementation of an app vetting process.
process. Organizations interested in
leveraging only existing security reports and risk assessments
from other organizations can skip this
section.
app vetting process.
79. app testing and app approval/rejection
activities of an app vetting process as well as the planning of an
app vetting process implementation.
-specific
vulnerabilities for apps running on the
Android and iOS operating systems, respectively.
efines selected terms used in this document.
in this document.
4
NIST SP 800-163 Vetting the Security of Mobile Applications
2 App Vetting Process
An app vetting process comprises a sequence of two main
activities: app testing and app
approval/rejection. In this section, we provide an overview of
these two activities as well as provide