...Joy Davis (15538292) Prof. Redd IT 255 Intro to ISS October 20, 2013 Unit 2 Assignment 1: Calculating the Window of Vulnerability WOV or Window of Vulnerability is the time it takes the attack to start all the way to when the attack is found and removed or fixed. As problems arise in IT infrastructure of an organization, providing a fix to the problem can disrupt daily operations and the time it takes between discovering the problem and patching it will leave a window open for an intruder to attack. Once that happens, it is officially a breach of security and any confidential information can be accessed and tampered with. In this particular case, the security breach has been identified and an unauthorized user accessed the SMB server due to an open window of time. The day before the attack, the server software manager detected a hole in security. On the day the hole was detected, it started the timeline of calculating the window of vulnerability. Day 0 is when the vulnerability was discovered. The software company will be releasing a patch however it will take three days to be available, thus adding to the timeline. We are now at day 4 when the LAN administrator communicates that we will need an additional week to download, test and install the patch when it arrives. The final timeframe from the point of discovery to the point that the patch is installed is roughly 11 days. Going further, the patch may need to be deployed companywide to all machines that access the network...
Words: 315 - Pages: 2
...UNIT 2 CALCULATING THE WINDOW OF VULNERABILITY The window of vulnerability is the amount of time the systems defense measures are compromised, minimized, or eliminated. This is when the system is most likely to be at risk, and can be affected by malicious attacks. It is not stated as what day the server software detected the attack on the SMB server. It only states that it was detected the day before. So from day one, these are the steps we will need to take to get the SMB server back up and running properly and safely, as well as the amount of time it will take for us to solve the issue: Day 1 - The software company will release a patch for this attack in three days. Day 4 – We will receive the patch, and we need to install and test the patch, this will take at least five days. Day 9 – After installation and testing is completed; we will send the update to the entire company’s network devices. As soon as all the updates are sent out to all the devices, they will need to be rebooted in order for the patch to take effect. We can send out a message to all devices to insure this happens. This could take a day or two to complete. This could all be completed as early as 10 days if there are no issues during the process, however problems may arise and it could possibly take a day or two more. I hope that this is helpful and we will start immediately on the problem. It is of upmost importance that you have team members monitoring the server at all times during the Window of Vulnerability...
Words: 310 - Pages: 2
...Unit 2 Assignment 1 Calculate the Window of Vulnerability There are four parts to be considered when calculating the WoV. These four parts are the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated as a part of calculating the amount of time that the server will be vulnerable for. Discovery Time is the earliest date that vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability. Exploit Time is the earliest date an exploit for vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of vulnerability as an exploit. Disclosure Time is the first date vulnerability is described on a channel where the disclosed information on the vulnerability is freely available to the public, or is published by trusted and independent channel and has undergone analysis by experts such that risk rating information is included. Patch Time is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention...
Words: 828 - Pages: 4
...When calculating the Window of Vulnerability (WoV), time is probable the most crucial aspect. Whenever you are dealing with the WoV there are four time periods that help any IT support personnel: Discovery Time, Disclosure Time, Exploit Time and Patch Time. The Exploit Time is the earliest that a malicious event of vulnerability takes place. Discovery Time is the earliest time that a vulnerability is found and/ or known to cause a security risk; while the disclosure time is the period that makes security information available to the general public. The difference between these two time periods is what is called the Black Risk. The black risk is defined that during the discovery time the vulnerability is kept within a small group of people. These people could be the IT staff, the hackers that cause this to occur. On the other hand the disclosure time is when this close nit of people bring the vulnerability to light and inform the public. Also with in the disclosure time, when making the information public it must be of free access, must be from a creditable and acceptable source. The Patch time is the last period that is when a fix or patch is released to correct the vulnerability. During the time between the disclosure and patch time is referred to as the Gray Risk. At this time the vulnerability is known to the public but, is waiting to hear and receive that a correct is available to correct the issue. Prior to a fix or patch a workaround could be available so that the day...
Words: 317 - Pages: 2
...sending the message to an unknown origin after a redirect or some other means of the target window's origin changing. The receiving page should always: o Check the origin attribute of the sender to verify the data is originating from the expected location. o Perform input validation on the data attribute of the event to ensure that it's in the desired format. Don't assume you have control over the data attribute. A single Cross Site Scripting flaw in the sending page allows an attacker to send messages of any given format. Both pages should only interpret the exchanged messages as data. Never evaluate passed messages as code (e.g. via eval()) or insert it to a page DOM (e.g. via innerHTML), as that would create a DOM-based XSS vulnerability. For more information see DOM based XSS Prevention Cheat Sheet. To assign the data value to an element, instead of using a insecure method like element.innerHTML = data;, use the safer option: element.textContent = data; Check the origin properly exactly to match the FQDN(s) you expect. Note that the following code: if(message.orgin.indexOf(".owasp.org")!=-1) { /* ... */ } is very...
Words: 2088 - Pages: 9
...QUALYSGUARD® ROLLOUT GUIDE July 12, 2012 Copyright 2011-2012 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. Qualys, Inc. 1600 Bridge Parkway Redwood Shores, CA 94065 1 (650) 801 6100 Preface Chapter 1 Introduction Operationalizing Security and Policy Compliance..................................................... 10 QualysGuard Best Practices ........................................................................................... 11 Chapter 2 Rollout First Steps First Login......................................................................................................................... Complete the User Registration.......................................................................... Your Home Page................................................................................................... View Host Assets .................................................................................................. Add Hosts .............................................................................................................. Remove IPs from the Subscription..................................................................... Add Virtual Hosts ................................................................................................ Check Network Access to Scanners .....................................
Words: 38236 - Pages: 153
...Build Your Report | Symantec http://www.symantec.com/threatreport/print.jsp?id=highlights... BOOKMARK THIS PAGE | PRINT THIS PAGE | CLOSE Internet Security Threat Report Volume 17 Custom Report SHARE THIS PAGE Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. Web based attacks increased by 36% with over 4,500 new attacks each day. 403 million new variants of malware were created in 2011, a 41% increase of 2010. SPAM volumes dropped by 34% in 2011 over rates in 2010. 39% of malware attacks via email used a link to a web page. Mobile vulnerabilities continued to rise, with 315 discovered in 2011. Only 8 zero-day vulnerabilities were discovered in 2011 compared with 14 in 2010. 50% of targeted attacks were aimed at companies with less than 2500 employees. Overall the number of vulnerabilities discovered in 2011 dropped 20%. Only 42% of targeted attacks are aimed at CEOs, Senior Managers and Knowledge Workers. In 2011 232 million identities were exposed. An average of 82 targeted attacks take place each day. Mobile threats are collecting data, tracking users and sending premium text messages. You are more likely to be infected by malware placed on a legitimate web site than one created by a hacker. Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors and...
Words: 44470 - Pages: 178
...Penetration testing Penetration testing A Hands-On Introduction to Hacking by Georgia Weidman San Francisco Penetration testing. Copyright © 2014 by Georgia Weidman. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14 123456789 ISBN-10: 1-59327-564-1 ISBN-13: 978-1-59327-564-8 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066...
Words: 117203 - Pages: 469
...HC: Human-Computer Interaction Human–computer interaction (HCI) is concerned with designing the interaction between people and computers and the construction of interfaces to afford this. Interaction between users and computational artefacts occurs at an interface which includes both software and hardware. Interface design impacts the software life-cycle in that it should occur early; the design and implementation of core functionality can influence the user interface – for better or worse. Because it deals with people as well as computers, as a knowledge area HCI draws on a variety of disciplinary traditions including psychology, computer science, product design, anthropology and engineering. HC: Human Computer Interaction (4 Core-Tier1 hours, 4 Core-Tier2 hours) Core-Tier1 hours HCI: Foundations HCI: Designing Interaction HCI: Programming Interactive Systems HCI: User-cantered design & testing HCI: Design for non-Mouse interfaces HCI: Collaboration & communication HCI: Statistical Methods for HCI HCI: Human factors & security HCI: Design-oriented HCI HCI: Mixed, Augmented and Virtual Reality 4 4 Core-Tier2 hours Includes Electives N N HC/Foundations [4 Core-Tier1 hours, 0 Core-Tier2 hours] Motivation: For end-users, the interface is the system. So design in this domain must be interaction-focussed and human-centred. Students need a different repertoire of techniques to address this than is provided elsewhere in the curriculum. Topics: • • • Contexts for HCI (anything...
Words: 1936 - Pages: 8
...Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions 8. Chapter 6: Enumeration of Services 3 1. A Quick Review 2. What Is Enumeration? 3. Windows Basics 4. Enumeration with SNMP 5. Unix and Linux Enumeration 6. LDAP and Directory Service Enumeration 7. Enumeration Using NTP 8. SMTP Enumeration 9. Using EXPN 10. Using RCPT TO 11. SMTP Relay 12. Summary 13. Exam Essentials 14. Review Questions 9. Chapter 7: Gaining Access to a System 1. Up to...
Words: 71242 - Pages: 285
...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...
Words: 125224 - Pages: 501
...College, New Rochelle, NY 10801 ABSTRACT Recent events such as hurricanes, tsunamis, earthquakes, power outages, and the threat of pandemics have highlighted our vulnerability to natural disasters. This vulnerability is exacerbated by many organizations’ increasing dependence on computer, telecommunications, and other technologies, and trends toward integrating suppliers and business partners into everyday business operations. In response many organizations are implementing disaster recovery planning processes. In this paper we discuss how to identify threats and scenarios; how to articulate the disaster recovery strategies; and four elements of the generic disaster recovery plan: Mitigation, preparedness, response, and recovery. We then provide examples of software that can help disaster recovery professionals in the planning and implementation process. Finally we present some trends that will reinforce the criticality of the issue. Keywords: Disaster Recovery Planning; Business Continuity Planning; Risk Assessment INTRODUCTION Several major natural disasters that have occurred in the past few years have placed disaster management on the front pages: The Tsunami of late 2004, Hurricanes Katrina and Rita, and the earthquake in Pakistan in 2005 affected both life and property and emphasized our vulnerability to natural threats. EM-DAT (2006) figures complied by the Belgian Université Catholique de Louvain’s Center for Research on the Epidemiology of Disasters (CRED) and...
Words: 7241 - Pages: 29
...Index * Introduction * Definition * Purpose * Benefits and costs of reserve accumulation * Theories of reserve accumulation * History of Foreign Exchange Reserves * Adequacy and Excess reserves * List of countries by Foreign Exchange Reserves * New Realities of Forex Reserves and Management * Conclusion * Reference SIGNIFICANCE OF FOREIGN EXCHANGE RESERVES Introduction Foreign-exchange reserves (also called forex reserves or FX reserves) are assets held by central banks and monetary authorities, usually in different reserve currencies, mostly the United States dollar, and to a lesser extent the euro, the United Kingdom pound sterling, and the Japanese yen, and used to back its liabilities, e.g., the local currency issued, and the various bank reserves deposited with the central bank, by the government or financial institutions. Deposits of a foreign currency held by a central bank. Holding the currencies of other countries as assets allow governments to keep their currencies stable and reduce the effect of economic shocks. The use of foreign exchange reserves became popular after the decline of the gold standard. Definition In a strict sense, foreign-exchange reserves should only include foreign currency deposits and bonds. However, the term in popular usage commonly also adds gold reserves, special drawing rights (SDRs), and International Monetary Fund (IMF) reserve positions. This broader figure is more readily available...
Words: 7085 - Pages: 29
...INFORMATION RESOURCE GUIDE Computer, Internet and Network Systems Security An Introduction to Security i Security Manual Compiled By: S.K.PARMAR, Cst N.Cowichan Duncan RCMP Det 6060 Canada Ave., Duncan, BC 250-748-5522 sunny@seaside.net This publication is for informational purposes only. In no way should this publication by interpreted as offering legal or accounting advice. If legal or other professional advice is needed it is encouraged that you seek it from the appropriate source. All product & company names mentioned in this manual are the [registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement. The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization. ii T eofContent abl 1.0 INTRODUCTION........................................................................................................................................................... 2 1.1 BASIC INTERNET TECHNICAL DETAILS ........................................................................................................................ 2 1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol .........................................
Words: 134858 - Pages: 540
...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information...
Words: 229697 - Pages: 919
