User Account

All Pages

Explain windows vulnerabilities and linux vulnerabilities

Assignment Help Operating System
Reference no: EM131358069

Assignment

The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.

Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.

There are seven steps that will lead you through this project. Each step is designed to take no more than two hours to complete, and the project as a whole should take no more than one week to complete. You should complete Project 2 during Week 2. After beginning with the workplace scenario, continue to Step 1: Defining the OS.

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
• 2.3: Evaluate the information in logical manner to determine value and relevance.
• 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
• 6.2: Create a roadmap for organizations to use in development of an IMA program (to address gaps in their current offerings).

Step 1: Defining the OS

The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.

Read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation:

• operating systems fundamentals
• the applications of the OS
• The Embedded OS
• information system architecture
• cloud computing
• web architecture

After reviewing the resources, begin drafting the OS overview to incorporate the following:

1. Explain the user's role in an OS.

2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.

3. Describe the embedded OS.

4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, modern web architecture.

Include a brief definition of operating systems and information systems in your SAR.

Step 2: OS Vulnerabilities

You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying "So what?" They are not well versed in web security issues; so in your SAR you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.

Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:

• Windows vulnerabilities
• Linux vulnerabilities
• Mac OS vulnerabilities
• SQL PL/SQL, XML and other injections

Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:

1. Explain Windows vulnerabilities and Linux vulnerabilities.
2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.
3. Explain the motives and methods for intrusion of the MS and Linux operating systems;
4. Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.
5. Describe how and why different corporate and government systems are targets.
6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections

You will provide leadership with a brief overview of vulnerabilities in your SAR.

Step 3: Preparing for the Vulnerability Scan

You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of your organization's operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the why's and how's of vulnerability assessments and security updates:

• Vulnerability assessments
• Patches

Then provide the leadership with the following:

1. Include a description of the methodology you used to assess the vulnerabilities of the incorporate operating systems.
2. Include a description of the applicable tools used, and the limitations of the tools and analyses, if any.
3. Include the projected findings from using these vulnerability assessment tools.

In your report, discuss the strength of passwords, any IIS administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches.

Step 4: Vulnerability Assessment Tools for OS and Applications

Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you.

Explore the tutorials and user guides to learn more about the tools you will use.

You've prepared for your assessment; now it's time to perform.

Security and vulnerability assessment analysis tools, such as Microsoft Baseline Security Analyzer (MBSA) for Windows OS and OpenVAS for Linux OS, are standalone tools designed to provide you with a streamlined method for identifying common security misconfigurations and missing security updates for the operating systems and applications. These tools work on layers 5-7 of the Open System Interconnection (OSI) model.

Enter Workspace and complete the lab activities related to operating system vulnerabilities. Utilize the tools' built-in checks to complete the following for Windows OS (e.g., using MBSA):

1. Determine if Windows administrative vulnerabilities are present.
2. Determine if weak passwords are being used on Windows accounts.
3. Learn which security updates are required on each individual system.

You will also complete a similar exercise for Linux OS (e.g., using the OpenVAS tool). Select the following links to learn more about OpenVAS and computer networks:

• OpenVAS
• Computer networks

Utilize the OpenVAS tool to complete the following:

1. Determine if Linux vulnerabilities are present.
2. Determine if weak passwords are being used on Linux systems.
3. Learn which security updates are required for the Linux systems.

Knowledge acquired from this Workspace exercise and capability of this tool will help your company's client organizations secure the computer networks' resources and protect corporate data from being stolen.

Validate and record the benefits of using these types of tools. You will include this in the SAR.

Step 5: Compile Your Findings

Note: You will utilize the tools in Workspace for this step.

You have just finished working with vulnerability assessment tools for the OS and applications. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. Next, you will use the same tool to scan one or more computers by domain, IP address range, or other grouping.

Once complete, this tool provides a detailed report and instructions on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.

You will compile your findings using both tools. Consider the unique findings of each tool, the common findings, and the differences in their capabilities. You should provide a brief discussion of this in your report.

Step 6: The Security Assessment Report (SAR)

By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system's security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR).

In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.

Remember to include these analyses and conclusions in the SAR deliverable:

1. After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.

2. You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.

Include your SAR in your final deliverable to leadership.

Step 7: The Presentation

Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company's leadership.

Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these non¬technical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation:

1. How do you present your technical findings succinctly to a non¬technical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.

2. How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.

3. How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.

4. Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings.

Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.

The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

2. Nontechnical presentation: This is a 8-10 slide Powerpoint presentation to upper management that summarizes your thoughts regarding the findings in your SAR.

3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab

Submit your deliverables to the assignment folder.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

• 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
• 2.3: Evaluate the information in logical manner to determine value and relevance.
• 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
• 6.2: Create a roadmap for organizations to use in development of an IMA program (to address gaps in their current offerings).

Reference no: EM131358069

Questions Cloud

Write code to display name in largest-size heading element : Write the code to display your name in the largest-size heading element. Write the markup language code for an unordered list to display the days of the week.
How has the two-way conversation changed the roles : How has the "two-way" conversation changed the roles and responsibilities of the news media - How does the consumers' ability to generate news media content impact the roles and responsibilities of mainstream news media?
What do you already know about this topic : HE 351:What problem is the author(s) identifying? Who does the problem relate to?What do you already know about this topic?What new ideas are contained within the article for you to consider?What experiences have you had in your teaching, or in othe..
Current debates in mobile technology : Mobile technology, like other tranformational innovations, has sparked much debate. In the past, for example, people have questioned the safety of text messaging while driving and cell phone radiation. In this Discussion, you will summarize a curr..
Explain windows vulnerabilities and linux vulnerabilities : Explain Windows vulnerabilities and Linux vulnerabilities. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. Explain the motives and methods for intrusion of the MS and Linux operating systems;
Construct a 3-sigma p-chart using this information : The results of an inspection of DNA samples taken over the past 10 days are given below. Sample size is 100. Construct a 3-sigma p-chart using this information
Optimize the cylindrical tank of given example : Optimize the cylindrical tank of given Example for minimum weight by changing the laminate configuration but not the material.
Quantitative assessment and qualitative assessment : In this week's readings, you learned about two methods of risk analysis: quantitative assessment and qualitative assessment. Explain the steps taken to assess a risk from a quantitative perspective where monetary and numeric values are assigned an..
The secret power of things we hold dear : Write a one-paragraph (five to seven sentences) physical description of this person and his or her surroundings using specific sensory details so the reader can visualize this person.

Reviews

Write a Review

Operating System Questions & Answers

  Tests the user''s ability to memorize a sequence of colors

Proper coding conventions required the first letter of the class start with a capital letter and the first letter of each additional word start with a capital letter.

  Question about network design

Sterling Corporation wishes you to create a network infrastructure for them. They have 5-divisions with many hundred users at each division across the US.

  Provide reasons for a slow lan

Provide possible reasons for a slow LAN, fill in why each reason causes a slow LAN and provide your solution. Each reason will take a minimum of 150 words to address thoroughly.

  What is the maximum consecutive period

What is the maximum consecutive period of time any process remains in the ready queue (the max waiting time) expressed in terms of N,S,Q?

  Implement a multiprocess downloader application

Appreciate the performance and fault-tolerance bene_ts of multi-process applications - implement a multiprocess downloader application.

  Identify computer operating systems and networking system

Identify the computer operating systems and networking systems used in the company. Explain the pros and cons of IPv6 over the use of IPv4. Compare and contrast the two technologies

  Degree of scope creep

There is a school of thought that discusses that, far from being undesirable, few degree of scope creep may in fact be beneficial for certain types of assignments.

  Write and manually assemble the following programs

Make every odd bit in memory addresses C000h and D000h a 0. Do not change any other bit at each address.

  Managing files and folders in a windows environment

Take a position on whether or not standardization and naming conventions are critical for properly managing files and folders in a Windows environment. Include at least one(1) example or scenario to support your response.

  How can you use the printf() statement

There are many ways to debug a program, perhaps the most elementary is using a printf() statement to show important pieces of information regarding the program execution point, variable value, and loop and branch operation.

  Discuss the different features of the operating system

Write a paper on the history of the UNIX operating system and discuss how it evolved based on industry needs and requirements.

  Explain the interactions among end user, data & information

How and why did database management systems become the organizational data management standard? Discuss some advantages of the database approach over the file-system approach.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd