Free Essay

Is3110

In: Computers and Technology

Submitted By joehem
Words 870
Pages 4
Overview

One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.

1. What are the differences between ZeNmap GUI (Nmap) and Nessus?
ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.

2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.

3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.

4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?
Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route

5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device? 443/tcp open ssl/http, No exact OS matches for host, Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%).

6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf report)? Nmap scan report for 172.30.0.1

7. How many IP hosts were identified in the Nessus® vulnerability scan? List them.
172.16.20.1- Low Severity problem(s) found
172.17.20.1- High Severity problem(s) found
172.18.20.1- High Severity problem(s) found
172.19.20.1- Low Severity problem(s) found
172.20.20.1 -High Severity problem(s) found
172.30.0.10-High Severity problem(s) found
172.30.0.66- High Severity problem(s) found

8. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability? The number of impacts on your systems and which ones pertain to the scan.

9. Are open ports necessarily a risk? Why or why not? I would think, YES. If you have a port open that is not being used, then it is a open door telling hackers to come on in. On the other hand it could be open for a honey pot to trap an attack and trace it. So yes and no.

10. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability? It would be found under solutions. This is for found vulnerabilities that have been addressed already.

11. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability. CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. Network exploitable. Allows unauthorized modification; Allows disruption of service. This a Medium Risk.

12. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.
It allows the user to identify vulnerabilities on systems. This could be great information for a hacker. If he knows that you have this vulnerability he could used it to launch an attack. For the administrator this will help to find problems and fix them, or at least mitigate them.

13. What must an IT organization do to ensure that software updates and security patches are implemented timely? Scan for vulnerabilities and find the patch to fix them. If there is no patch then get new software.

14. What would you define in a vulnerability management policy for an organization? The possible risk involved with vulnerabilities that were found on you systems and how you plan to mitigate them.

15. Which tool should be used first if performing an ethical hacking penetration test and why?
I would use Nessus first to see the already know vulnerabilities and then Footprint the network using Nmap to see if there are other holes in the system that can be exploited. Also test DOS and DDOS in a controlled environment to see what that network can take before total collapse. After that I would use snort to see if it picks up on SQL injections along with MetaSploit attacks. Then we can test the integrity of the wireless network, if any, with Airecrack to see if the password can be brute forced, along with getting a successful handshake from the router. WireShark could also be used for sniffing the wireless network to capture data that could potentially be useful.

Similar Documents

Premium Essay

Is3110

...S3110 Risk Management in Information Technology Security Quiz Quiz Questions 1. Define an SLA and state why it is required in a risk adverse organization. A SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of business and formulation of disaster recovery. 2. Using the user domain, define risks associated with users and explain what can be done to mitigate them. The user domain has several risks involved, as people are involved and there is no way employees can be monitored without the use of CCTV, Social engineering a person trying to obtain information through malicious means. The greatest tool in mitigating risk in the user domain is training and reminders for users to be aware of their surroundings. No acceptable users policy, AUP, or lack of training employees on the correct usage of the network. User accounts left active, if the employee is terminated, and another employee has the log on credentials. Mitigation would to be disabling all user accounts upon termination. 3. Using the workstation domain, define risks associated within that domain and explain what can be done to reduce risks in that domain. The use of USBs or disk, the files could contain viruses and infect other files or applications...

Words: 462 - Pages: 2

Premium Essay

Is3110

...Joseph Rogers IS3110 1-30-15 1. SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of business and formulation of disaster recovery. 2. The user domain has several risk’s involved, as people are involved and there is no way employees can be monitored without the use of CCTV. Social engineering a person trying to obtain information through malicious means. The greatest tool in mitigating risk in the user domain is training and reminders for users to be aware of their surroundings. No acceptable user’s policy, AUP, or lack of training employees on the correct usage of the network. User accounts left active, if the employee is terminated, and another employee has the log on credentials. Mitigation would to be disabling all user accounts upon termination. 3. The use of USB’s or disk, the files could contain viruses and infect other files or applications on the network. No acceptable user’s policy, AUP, or lack of training employees on the correct usage of the network 4. A. HIPPA-applies to any organization that handles health information.it contains health employers ,health plan sponsors, health care providers, public health authorizes and more B. SOX- applies to any business...

Words: 389 - Pages: 2

Premium Essay

Is3110

...Lab 2 Align Risk, Treats, & Vulnerabilities to COBIT P09 Risk Management Controls 1. Risk Factors a. Remote communications from home office (MEDIUM Risk) b. LAN server OS has known software vulnerability (HIGH Risk) c. User downloads an unknown e-mail attachment (HIGH Risk) 2. COBIT Risk Management * No. * Yes, the identified software vulnerabilities relate to risk context for both internal and external access. * Yes, the identified software vulnerabilities themselves are events that represent risk identification. Once identified, the event can be assessed for risk. * Yes, once risk events are identified (such as software vulnerabilities), they can properly assessed (quantitatively or qualitatively). * Yes, once the risk has been assessed (high, medium, low) the response that risk can be aligned appropriately. * No. 3. Vulnerability impacts a. Remote communications from home office (Confidentiality) b. LAN server OS has known software vulnerability (Integrity) c. User downloads an unknown e-mail attachment (Availability) 4. Effectiveness, Efficiency, Compliance, and Reliability 5. Mitigated and managed a. Remote communications from home office * Information – Medium Impact, Firewall, Keep up to date * Application – Low Impact, HTTPS for email websites, Make sure it is secured * Infrastructure – Medium Impact, Workstation must have malware and anti-virus detection, Keep up to date * People...

Words: 794 - Pages: 4

Premium Essay

Is3110

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1102 - Pages: 5

Premium Essay

Is3110

...1. What is the goal or objective of an IT risk assessment? The goal is to define how the risk to the system will be managed, controlled, and monitored. 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? A qualitative assessment is based on opinion than actual fact, and IT risk assessments need to be based on a quantitative analysis. 3. What was your rationale in assigning “1” risk impact/risk factor value of “critical” for an identified risk, threat, or vulnerability? The critical needs to be mitigated immediately. 4. When you assemble all of the “1” and “2” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to executive management in regards to your final recommended prioritization? By assessing how important the risk is to the infrastructure and how quickly the risk needs to be mitigated. The one’s and two’s need to be mitigated as soon as possible and the three’s can be mitigated or left alone at managements decision. 5. Identify a risk mitigation solution for each of the following risk factors: a. User downloads and clicks on an unknown e-mail attachment. Restrict user access and set it up that a user has to get authorization for downloads. b. Workstation OS has a known software vulnerability. Patch or update software. c. Need to prevent eavesdropping on WLAN due to customer privacy data access. Increase WLAN...

Words: 322 - Pages: 2

Free Essay

Is3110 Wk1

...Unit 1 Roles Scenario 1. There are many different threats to consider when considering the IT infrastructure at hand.1 of the branches is located in Oklahoma and that is know for its tornados that could be a environmental hazard right there. Also the fact that they employ so many people all over the whole country provides human threats from disgruntled employees. The database server has all of its information stored locally rather. 2. The location in Oklahoma is a vulnerability because of its location so its important to have all of its information backed up and moved to a remote location daily. Lack of antivirus software and maintaining its updates can result in a malware vulnerability. No software or databases being backed up can be a huge vulnerability. 3. A tornado can be a threat and its vulnerability can be its location and not having a plan for if and when it does hit. Having many different employees all over the country can be a threat and the vulnerability can be having no antivirus software, also not keeping software up to date. The database server data all being stored at the same location can be a threat. Not backing up the information can be a vulnerability that will be horrible incase of loss of information or system failure. 4. The likelihood of a tornado hitting in a location that is high for environmental disasters of that sort can be somewhat decent i would estimate %50. The likelihood of a disgruntled employee trying to implement malware i feel...

Words: 365 - Pages: 2

Premium Essay

Is3110 Lab 6

...IS3110 Lab 6 DAWOOD ALRUBAYE 1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most. 2. 2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management? * Setting up security measures through various means. * Forcing users to update password every X number of days. * Educating users. * Firewalls * Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? 4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers. * A good antivirus program and have all devices scanned as soon as they are plugged in. * Educate employees. * Disable optical drives/USB ports (if they are not needed) 5. What is security baseline definition? A baseline is a starting point or a standard. Within...

Words: 319 - Pages: 2

Premium Essay

Is3110 Labs

...Brett Reigel Lab 2 Assessment Worksheet COBIT 1. A. WAN to LAN Domain B. System Application Domain C.LAN Domain D. Server Domain 2. a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels. 3. a. Unauthorized access from public internet - AVAILABILITY b. User destroys data in application and deletes all files - INTEGRITY c. Workstation OS has a known software vulnerability – CONFIDENTIALITY d. Communication circuit outages – AVAILABILITY e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – INTEGRITY 4. I have yet to remediate any threats in a real world application. 5. a. People b. Infrastructure c. People d. People e. People 6. True 7. Because risk management is an ongoing process that requires a constant, and vigilant application of COBIT. 8. The data classification standard defines categories of data. Each Category defines how you must handle that data and any special handling...

Words: 373 - Pages: 2

Premium Essay

Is3110 Chapter 15

...1. A computer incident is a violation of a security policy or security practice. P 393 2. All events on a system or network are considered computer security incidents. P 394 b. false 3. An administrator has discovered that a Web server is responding very slowly. Investigation shows that the processor, memory, and network resources are being consumed by outside attackers. This is a DoS or DDoS attack. P 402-403 4. A user has installed P2P software on a system. The organization’s policy specifically states this is unauthorized. An administrator discovered the software on the user’s system. Is this a computer security incident? If so, what type? P 394 c. this is a form of inappropriate usage 5. Some malware can execute on a user’s system after the user accesses a Web site. The malware executes from within the Web browser. What type of malware is this? P 404 d. e. f. mobile code 6. A malicious virus is replicating and causing damage to computers. How do security professionals refer to the virus? P 407 d. in the wild 7. What is the greatest risk to an organization when peer-to-peer software is installed on a user’s system? P 408 c. data leakage 8. Only police or other law enforcement personnel are allowed to do computer forensic investigations. P 400 g. false 9. A log has shown that a user has copied proprietary data to his computer. The organization wants to take legal action against the user. You...

Words: 454 - Pages: 2

Free Essay

Is3110 Lab 4

...| LAB 4 * A. Healthcare provider under HIPPA compliance law * Risk-Threat-Vulnerability | Primary Domain Impacted | Risk Impact/Factor | Unauthorized access from public Internet | LAN-WAN | Major | User destroys data in application and deletes all files | USER | Minor | Hacker penetrates your IT infrastructure and gains access to you internal network | SYSTEM APPLICATION | Critical | Intra-office employee romance gone bad | USER | Minor | Fire destroys primary data center | LAN | Major | Service provider SLA is not achieved | WAN | Major | Workstation OS has a known software vulnerability | LAN-WAN | Major | Unauthorized access to organization owned workstations | USER | Major | Loss of production data | SYSTEM APPLICATION | Minor | Denial of Service attack on organization DMZ and e-mail server | LAN-WAN | Critical | Remote communications from home office | REMOTE ACCESS | Minor | LAN server OS has a known software vulnerability | LAN | Major | User downloads an unknown e-mail attachment | USER | Minor | Workstation browser has software vulnerability | WORKSTATION | Major | Mobile employee needs secure browser access to sales order entry system | REMOTE ACCESS | Minor | Service provider has a major network outage | WAN | Critical | Weak ingress/ egress traffic filtering degrades Performance | LAN-WAN | Major | User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers |...

Words: 296 - Pages: 2

Premium Essay

Is3110 Lab 6

...Lab 6 1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? It is important to prioritize because you must be aware of what the risks, threats, and vulnerabilities there are to your infrastructure. You need this so that you know where the most attention needs to be focused on. 2. Based on your executive summary produced in Lab #4 Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management? Setting up security measures through various means includes the following: * Forcing users to update password every X number of days. * Educating the users. * Firewalls - Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? Common things such as user activity can be a very big risk, so your best bet is to consider all options as potential threats. You will have to rank some risk higher than the others. 4. What risk mitigation solutions do you recommend for handling the following risk element? A user inserts a CD or USB hard drive with personal photos, music, and videos on organization owned computers. A good antivirus program and have all devices scanned as soon as they are plugged in. Educate employees Disable optical drives/USB ports. 5. What is security baseline definition? A baseline is a starting point or a standard...

Words: 759 - Pages: 4

Premium Essay

Is3110 Lab 6

...1. You must be aware of what the risks, threats, and vulnerabilities are to your infrastructure so that you know where the most attention is needed 2. Setting up security measures through various means. Forcing users to update password every X number of days. Educating users. Firewalls Anti-malware 3. Common things such as user activity can be a huge risk, so it’s best to consider all options as potential threats with some being higher and lower than others. 4. Disable auto-run, deny USB storage devices for users, and restrict installation rights from within Active Directory 5. Security baselines are security settings which establish duties, but nothing else. 6. What are your plans/goals? What will the budget cost be? 7. Evaluating risk interactions and common causes because if you don’t know what the risk is, you can’t possibly mitigate it. 8. All short-term mitigation tasks need to be implemented immediately. Long-term mitigation tasks should be implemented immediately following all critical tasks. On- going is exactly that, the tasks involved here are part of day-to-day operations and need to be handled. 9. User Domain 10. System-Application 11. WorkStation 12. Because it allows users to access the private network 13. Because you do not know how it will react to the already implemented software. Just because there is a security does not mean you install it to the live servers. You basically need...

Words: 290 - Pages: 2

Free Essay

Is3110 Week 5 Lab

...Lab Assessment Questions 1. How do documented back-up and recovery procedures help achieve RTO? * By documenting and implementing backup and recovery procedures, the process for recovery is much more efficient, helping with the time portion of RTO. By having effective backup and recovery procedures you should have the necessary resources to restore systems from backups and a repeatable process that is known to succeed in achieving RTO. 2. True or False. To achieve an RTO of 0, you need 100% redundancy in your IT system, application, and data. * True. This is a special case of disaster recovery called business continuance. Technology that is capable of maintaining a synchronous mirror or continuous data replication stream must be utilized for all data (work product, application, server personalities, etc.). 3. Review the “Restore Horror Stories” scenario on page 371 of the text. What is most important when considering data back-up? * The goal of backing up data is to be able to restore it. 4. Review the “Restore Horror Stories” scenario on page 371 of the text. What is most important when considering data recovery? * Perform test restores. A test restore will attempt to restore data from a recent backup. If the test succeeds, the backup is good. If the test doesn’t succeed, the backup process needs to be addressed. 5. What are the risks of using your external e-mail box as a back-up and data storage...

Words: 467 - Pages: 2

Premium Essay

Is3110 Week 1 Assignmnet 1

...Gregory Swinehart IS 3110 Risk Management in Information Technology Security Week 1 Assignment 1 Risk one: Application Server Host Threat: Denial of service or distributed denial of service attack Vulnerability: The organization doesn’t use intrusion detection system Impact: Depending on the attack, the credibility of the company could be affected Harmful Event or Loss: Lost of productivity due to unable to access applications and services Likelihood of Occurrence: 24/7 Risk Management Techniques Use: Avoidance Company should configure Firewall setting and implement both IPS and IDS to strengthen the system to avoid vulnerabilities Risk two: Database Server Threat: Equipment failure due to environmental disaster impact such as fire or tornado Vulnerability: The organization does not have a data backup contingency plan Impact: The possible loss could affect functionality of the company Harmful Event or Loss: Lost of productivity, data availability Likelihood of Occurrence: Likely to occur because Indiana, Nebraska and Oklahoma are in the Tornado Alley Zone Risk Management Techniques Use: Avoidance and Transfer Create a strategic disaster recovery plan for the company to recovery data. Store backup data on secure off-site location or use secure third party Cloud service to manage the data. Use RAID method to improve data redundancy. Risk three: Window Vista Workstations Threat: Social Engineer Vulnerability: Windows Vista is vulnerable to virus...

Words: 474 - Pages: 2

Premium Essay

Is3110 Project Plan Part 1

...Risk Management Plan Purpose of this Plan Senior management at the Defense Logistics Information Services (DLIS) has decided to update the former risk management plan and requested for us to develop a new risk management plan. The plan will provide specific guidelines and regulations to ensure risk management is adhered by at all levels. This plan will be developed to reduce the loss of data and prevent any future risks, while complying with all federal and state rules and regulations. Scope This risk management plan will be solely for the use of DLIS, including but not limited to, all operational departments, the organization’s network/remote access, all personnel employed by or under the control of DLIS, including DoD, and any facility and land under the control of DLIS. Any other organizations, not mentioned above, will be denied access due to the high security risk they may present by possibly allowing unauthorized personnel access the DLIS systems, information, files, and/or data. Compliance to laws applicable to our company All federal agencies, including DLIS, are required to abide by all laws and regulations of the Federal Information Security Management Act (FISMA) to allow the protection of sensitive information. Since DLIS provides logistics and information technology services to the U.S. Department of Defense (DoD) and other federal agencies and international partners, they are also provided with standards for risk management including the Defense...

Words: 1341 - Pages: 6