Is3110T Lab 2 Assessment Worksheet

In: Computers and Technology

Submitted By Lanreb1
Words 934
Pages 4
Lab #2 Assessment Worksheet
Align Risks, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls
1.
a. Unauthorized access from public internet - HIGH
b. User destroys data in application and deletes all files - LOW
c. Workstation OS has a known software vulnerability – HIGH
d. Communication circuit outages - MEDIUM
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM
2.
a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects.
b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods.
c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels.
3.
a. Unauthorized access from public internet - AVAILABILITY
b. User destroys data in application and deletes all files - INTEGRITY
c. Workstation OS has a known software vulnerability – CONFIDENTIALITY
d. Communication circuit outages - AVAILABILITY
e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - INTEGRITY
4.
a. Unauthorized access from public internet – Operating system, software patches, updates, change passwords often, and hardware or software firewall.
b. User destroys data in application and deletes all files – Restrict access for users to only those systems, applications, and data needed to perform their jobs. Minimize write/delete permissions to the data owner only.
c. Workstation OS has a known software vulnerability – Define a…...

Similar Documents

Lab #2 – Assessment Worksheet

...Lab #2 – Assessment Worksheet IEE 802.3 CSMA/CD & Ethernet II Networking 1. Using the Wireshark Protocol Analyzer how was you able to isolate and inspect IP and CDP packets for further analysis? Navigating to the Analyze menu interface, selecting the “Disable All” button at the bottom of the window, in the “Protocol” window scroll to “IP” and select it the same steps apply to CDP. 2. In what section of the Wireshark Protocol Analyzer interface is the details of a capture packet frame displayed? On the Frame Analysis Window 3. Draw an IEEE 802.3 frame Showing segments and bytes assigned to each segment? 4. What are the main speeds of Ethernet? 10 mbps 100 mbps (fast Ethernet) 1000 mbps (gigabit Ethernet) 10000 mbps (ten gigabit Ethernet) 5. What is the Maximum size allocated for information in an IEEE 802.3 Ethernet Frame? Maximum length Ethernet II frames (1518 bytes, with a payload of 1500 bytes) 6. What is the main difference in the layout of IEEE.802.3and Ethernet II frame? IEEE 802.3 decided to include the Type of both source and destination in the 802.2 LLC header. So they replaced the Type field (bytes 13-14) with a Length field. The length" is not the full frame size - rather, it is the 802.2 packet length - the number of bytes of the 802.2 (LLC and data) portion of the frame, excluding padding. 7. What is the maximum number of bytes assigned to the “source address” segment of an IEEE.802.3? Ethernet and IEEE 802.3 specify similar...

Words: 485 - Pages: 2

Is3230 Lab 6 Assessment Worksheet

...Lab 6 Assessment Worksheet 1. What are the available password policy options that could be enforced to improve security in a group policy object? * Enforce password history, Maximum password age, Minimum password age, Minimum password length, and Passwords must meet complexity requirements 2. How would you set security permission and user access rights on a home computer using windows XP professional or similar that is not a member of the domain? * When a Windows PC is not a member of the domain, the ONLY user accounts it will trust are those it finds in its local security database. 3. Why is the use of the different password policy options available and why is it important to implement complexity and length requirements? * A password policy sets certain standards for passwords, such as the password complexity and the rules for changing passwords. A password policy minimizes the inherent risk of using passwords by ensuring that they meet adequate complexity standards to thwart brute force attacks and they are changed frequently enough to mitigate the risk of someone revealing or discovering a password. 4. Microsoft defines user rights in two types of categories: logon rights and privileges. Explain the difference of the two from an access control perspective? *  Logon rights control who is authorized to log on to a computer and how they can log on. Privileges control access to system-wide resources on a computer and can override the...

Words: 733 - Pages: 3

Is3110T Lab 2 Assessment Worksheet

...Lab #2 Assessment Worksheet Align Risks, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls 1. a. Unauthorized access from public internet - HIGH b. User destroys data in application and deletes all files - LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages - MEDIUM e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - MEDIUM 2. a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels. 3. a. Unauthorized access from public internet - AVAILABILITY b. User destroys data in application and deletes all files - INTEGRITY c. Workstation OS has a known software vulnerability – CONFIDENTIALITY d. Communication circuit outages - AVAILABILITY e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers - INTEGRITY 4. a. Unauthorized access from public...

Words: 934 - Pages: 4

Lab #3: Assessment Worksheet

...Lab 3 1. What is the goal or objective of an IT risk management plan? * The purpose of the Risk Management Plan is to define how risks will be managed, monitored and controlled throughout the project. 2. What are the five fundamental components of an IT risk management plan? * The components of a Risk Management Plan are: Risk Identification, Risk Analysis, Risk Evaluation, Risk Monitoring and Review. 3. Define what risk planning is. * Risk planning is developing and documenting organized, comprehensive, and interactive strategies and methods for identifying risks. 4. What is the first step in performing risk management? * One of the most important first steps for a risk management plan is to establish the objectives. 5. What is the exercise called when you are trying to identify an organization’s risk health? * Health Risk Assessment 6. What practice helps reduce or eliminate risk? * Risk Management. 7. What on-going practice helps track risk in real-time? * Risk Mitigation. 8. Given that an IT risk management plan can be large in scope, why is it a good idea to develop a risk management plan team? * Scope identifies boundaries. So, if the plan is that large in scope, a team would work obviously together and not against to maintain its structure in nature and have consensus. 9. Within the seven domains of a typical IT infrastructure...

Words: 471 - Pages: 2

Lab 1 Assessment Worksheet

...1. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-I-A- for departmental LANs, departmental folders, and data. They create security principals in the Active Directory (AD) domain partition. 2. Is it good practice to include the account or user name in the password? Why or why not? It is not a good idea to have a user name in the password, because it is easy for people to either hack or decode the password. 3. In order to enhance the strength of user passwords, what are some of the best practices to implement for user password definitions in order to maximize confidentiality? It is suggested to make your passwords long with eight or more characters, include letters (both lower and uppercase), special characters (punctuation & symbols), and numbers. Also change them often. 4. Can a user defined in Active Directory access a shared drive if that user is not part of the domain? No the users clients cannot access shared folders. 5. Does Windows Server 2008 R2 require a user’s login/password credentials prior to accessing shared drives? Yes 6. When looking at the Active Directory structure for Users and Computers, which group has the least amount of implied privileges? The user. 7. When granting access to LAN systems for GUESTS (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented in order to maximize C-I-A of production...

Words: 403 - Pages: 2

Lab 2 Assessment Worksheet

...IS3340-WINDOWS SECURITY | Lab #2 | Assessment Worksheet | | [Type the author name] | 4/3/2014 | | 1. What is the Principle of Least Privilege? Providing only the necessary access required to carry out a task. 2. What does DACL stands for and what does it mean? Discretionary Access Control List is the list of access control rules (ACL’s). 3. Why would you add permissions to a group instead of the individual? Management of the permissions (add/remove) is easier to do from the Group Level, other than Individual User and is quicker. 4. Why would you allow shared access to groups instead of to everyone? By allowing access by Groups it is easier to manage – all users have to be part of a Group in order to be created. 5. List at least 3 different types of access control permissions you can enable for a file. Read, (permits viewing or accessing of the file's contents) Write (permits adding to the file) Modify (permits reading and writing of the file and allows deletion of the file) 6. Which access control permissions allow you to delete files and/or folders? Modify is the access control permission allowing the user to delete files and/or folders. 7. What is the lowest level permission needed in order to view the contents of a folder? Read 8. If you don’t remember the syntax when using iCacls.exe what command do you type in to see the options? icacls.exe (the command with no arguments) 9. What other tool......

Words: 331 - Pages: 2

Lab 3 Assessment Worksheet

...1. Within a Microsoft Windows 2008 Servers R2 environment, who has access rights to EFS features and functions in the server? Only users that have rights to encrypt file systems certainties and have rights to encrypt and decrypt but this is not a default, these rights would have to be given to them 2. There are three modes of access control that Bitlocker can enable on drives. List the three modes. Three modes that run on Bitlocker are: TPM, PIN, and USB 3. What feature and function can you enable to mitigate the risk caused by USB thumb drives moving confidential data to/from a USB hard drive? You can be able to use either a USB key/password or smartcard, via windows prompts and it should encrypt the data 4. What are some best practices you can implement when encrypting BitLocker drives and the use of Bitlocker recovery passwords? For encrypting BitLocker drives and the use of Bitlocker recovery passwords, Windows will ask where you would like to save a recovery key and it gives you some options which are: Save to USB flash drive, a file, or print the recovery key 5. What encryption algorithm is supported BitLocker? The main encryption algorithm is asymmetric algorithm, secure hash algorithm or elliptic curve cryptography could be used to. 6. What is the Trusted Platform Module (TPM) within Bitlocker and how does this verify the integrity of the Workstation Domain and laptops boot process? TPM within Bitlocker is microchip to...

Words: 510 - Pages: 3

Lab 4 Assessment Worksheet

...1. What is one Thing that a virus, a worm, spyware, and malicious code have in common? What are the differences among these four threats: They are all created to create a threat to the security of you system. A virus – A small program designed to infect your computer and cause errors, computer crashes, and even destroy your computer hardware A worm – Software applications designed to spread via computer networks Spyware – Tracking software that hides itself (runs in the background) and gathers information without the computer owner's or user's knowledge or permission for the benefit of someone else. Malicious code – Malware short for "Malicious" software is designed to infiltrate or damage a computer system without the owner's informed consent. 2. How often should you update your anti-virus protection? Must be updated regularly to stay effective against new viruses, and most anti-virus software is designed to update automatically, but you can also update your software manually. 3. Why is it a best practice to have and to carry an antivirus boot-up disc or CD? So that there is not a chance of anti-virus program to have issues (with virus, malware, etc.). Installed on the workstation already there could be virus’s already in there. 4. What other anti-malicious software and anti-malicious code applications are included with Avira under the Real-Time Shields application? What risk and threats do these help mitigate? Real-Time Shield (with Avira...

Words: 992 - Pages: 4

Lab 5 Assessment Worksheet

...1. What are other available Password Policy options that could be enforced to improve security? Enforce password history, Maximum password age, Minimum password age, Minimum password length, Password must meet complexity requirements, & Store passwords using reversible encryption. 2. Is using the option to ‘Store passwords using reversible encryption’ a good security practice? Why or why not? As it stores passwords without encrypting them, it is not good practice because they will be stored in plain text. 3. When should you enable the option to ‘Store passwords using reversible encryption’? Only when using a program that requires it. 4. Why should you use the different password policy options available (with exception to storing the password using reversible encryption)? Enforce password history - Prevents users from creating a new password that is the same as their current password or a recently used password, Maximum password age - Sets the maximum number of days that a password is valid and after this number of days, the user will have to change the password Minimum password age - Sets the minimum number of days that must pass before a password can be changed Minimum password length - Specifies the fewest number of characters a password can have Password must meet complexity requirements - Requires that passwords: be at least six characters long/contain a combination of at least three of the following characters: uppercase letters...

Words: 676 - Pages: 3

Lab 6 Assessment Worksheet

...1. What is the difference between Roles and Features in Windows Server 2008? A server role is a set of software programs that lets a computer perform a specific function for multiple users or other computers within a network. Features are software programs that can support or increase the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. 2. What is installed when you choose the Windows Server Backup Feature? Windows Server Backup Microsoft Management Console (MMC) snap-in 3. How often should servers be backed up? It is recommended to do them frequently. About every 90 days should be fine. 4. What are the different types of backup that are performed in servers? Copy Backup, Daily Backup, Differential Backup, Incremental Backup, Normal Backup 5. What are the primary purposes of backing up a server? Recover information after it is lost. 6. Besides performing and scheduling changes, what else can you do in the Windows XP Backup and Restore program? How can these applications be used as part of the Business Continutity and Disaster Recovery Plan? In the Backup you can backup everything on the computer, selected files, drives, or network data, only backup the System State data. In the Restore you can only restore from a backup file. 7. Can you restore a server’s operating system image using the restore application? Yes, by using Windows Recovery Environment and a...

Words: 387 - Pages: 2

Lab 7 Assessment Worksheet

...1. How should you apply the settings the first time you try working with SCW? Lock it down as much as possible (all services not being used). 2. Why or why is it not a good option to implement this configuration from a remote location? Not a good idea because a hacker could be getting the data being transferred or accessed. 3. What are other ports that are normally block when using the SCW process? Identify the port number and the service or application it supports? 80-HTTP, 123-NTP, 135-RPC endpoint mapper/DCOM, 139-NetBIOS, 443-HTTPS, 445-SMB, 3389-Remote Desktop Protocol. 4. How can you run SCW in multiple servers? Systems Management Server (SMS) with Service Pack 1 (SP1) & unattended installation 5. Would the same policy work for all the servers in the domain? Yes 6. In what Operating Systems can you use SCW? SCW is not used with Windows XP or other client operating systems or Microsoft Windows Small Business Server 2003. 7. What is the best practice to disable Windows XP services? By using the Control Panel > Administrative tools > Services shortcut > Stopping Windows services” 8. What is a best practice regarding disabling or enabling a Windows XP Firewall rules? * Use Security Configuration Wizard to configure Windows Firewall. * Use Group Policy to manage Windows Firewall. * Do not configure Windows Firewall settings on a computer-by-computer basis. * Do not configure per-connection......

Words: 341 - Pages: 2

Lab 10 Assessment Worksheet

...1. Why is it important to run the MBSA? It is important to run to check current settings that are insecure. 2. What does an MBSA analysis look for? The analysis looks for any available security updates that can be downloaded. 3. How can MBSA be executed? Via its GUI in the program panel or you can use the command line tool. 4. Does the system that is being scanned need to have access to the internet for the scan to be successful? Yes it does need to have access to the internet for the scan to be successful. 5. In what formats can the scan results be viewed? If you are running the tool from the GUI you can view them in there right after the scans. If you run it from the command line you can view it in the text file. 6. Could you scan one computer at a time or could you perform multiple scans at a time? Each computer can only be scanned at a time. 7. What portion of the scan takes longer? Is it necessary to perform this scan every time? Full scan. No, but you should run a full scan periodically. 8. Are the scans saved locally, and if so where? Yes, C:\users\username\SecurityScans folder 9. Could you exclude patches to be scanned for? No. 10. Which are some of the major recommendations that you would provide to secure any Windows system? Harden the operating system FIRST; install only the necessary services; use server roles when possible; SCW to apply least privilege principle to applications; remove or disable......

Words: 368 - Pages: 2

Lab 2 Assesment Worksheet

...Lab 2 Assessment Worksheet 1. A. Denial of Service attack on organization’s email server Medium Risk B. Fire destroys primary data center High Risk C. Loss of Production Data High Risk 2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are effective? 3. A. Denial of Service attack on organization’s email server Threat to Availability B. Fire Destroys Data Center Threat to Integrity and Availability C. Loss of Production Data Threat to Integrity and Availability 4. Effectiveness, Efficiency, Compliance, and Reliability secondary. 5. A. Denial of Service Information- Information would not be able to be accessed to end users from outside the primary server control. By adding firewalls and limiting access to certain IPs, the risk can be lessened. Applications- Deny access to necessary applications needed by the organization. Can be mitigated as stated above by firewall procedures to limit IPs. Infrastructure- Access from remote terminals will be very limited. Firewalls should be installed to help limit which IPs have access. People- Will have limited access to the organization’s server. Contact their local IT manager to give them access to the server by allowing their IP through. B. Fire Destroys Data Center Information- Information will be destroyed by the fire. Back up data to an offsite server/hard drive to have a fall back plan. Applications- Applications will...

Words: 515 - Pages: 3

Lab #4 – Assessment Worksheet

...Lab #4 – Assessment Worksheet Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation IS4650 Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you performed all five phases of ethical hacking: reconnaissance (using Zenmap GUI for Nmap), scanning (using OpenVAS), enumeration (exploring the vulnerabilities identified by OpenVAS), compromise (attack and exploit the known vulnerabilities) using the Metasploit Framework application), and conducted post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits. Lab Assessment Questions & Answers 1. What are the five steps of ethical hacking? reconnaissance, scanning,enumeration, compromise, post-attack activities: recommended countermeasures for remediation. 2. During the reconnaissance step of the attack, what open ports were discovered by Zenmap? What services were running on those ports? There were several Ports, I will list onl a few POrts, 21,3306,22,53,445,111,25, all running TCP: the services running were Linux telneted, smtp Postfix, Apache Tomcat/Coyote JSP 3. What step in the hacking attack process uses Zenmap...

Words: 285 - Pages: 2

Lab 2 Worksheet

...LAB 2 WORKSHEET WORKING WITH DISKS AND DEVICES Exercise 2.1 Creating a Basic Disk Partition Overview In Exercise 2.1, you create a new basic partition for Alice where she can store her data. Completion time 10 minutes 7. Based on the information in the Disk Management snap-in, fill out the information in Table 2-1 on your lab worksheet. Table 2-1 Disk information Disk 0 Disk type (basic or dynamic) basic Total disk size 25.00 Number and type of partitions 2 ntfs Amount of unallocated space 0 Disk 1 Disk type (basic or dynamic) basic Total disk size 25 gb Number and type of partitions No partitions on this drive Amount of unallocated space 25 GB Exercise 2.2 Extending a Basic Disk Partition Overview A few days later, you receive another call at the help desk from Alice. She has been diligently moving her data files to the special partition you created for her, but she has now run out of disk space. The partition was not big enough! To address the problem, you decide to extend the Alice1 partition, using some of the unallocated space left on the disk. For this task, you intend to use the Diskpart.exe command line utility. Completion time 15 minutes 1. Consult the Disk Management snap-in, and fill out Table 2-2 with the amount of unallocated space left on the drives in gigabytes and megabytes. Table 2-2 Disk 0 Disk 1 Unallocated space left (in gigabytes) 0 23.04 Unallocated space left (in megabytes) 0 23040...

Words: 931 - Pages: 4