Premium Essay

Lab 8

In: Computers and Technology

Submitted By London12
Words 917
Pages 4
1. What are some common risks, threats, and vulnerabilities commonly found in the Remote Access Domain that must be mitigated through a layered security strategy?
Some common risks, threats, and vulnerabilities commonly found in the Remote Access Domain that must be mitigated through a layered security strategy are:
• Private data or confidential data is compromised remotely (Kim & Solomon, 2012).
• Unauthorized remote access to IT systems, applications, and data (Kim & Solomon, 2012).
• Mobile worker laptop is stolen (Kim & Solomon, 2012).
• Multiple logon retries and access control attacks (Kim & Solomon, 2012).
2. What default configuration should be placed on host-based firewalls when accessing the network remotely?
The deny-by-default rulesets for incoming traffic should be placed on host-based firewalls when accessing the network remotely to prevent malware incidents (Wikia, n.d.).
3. What risks, threats, and vulnerabilities are introduced by implementing a Remote Access Server?
Risks, threats, and vulnerabilities introduced by implementing a Remote Access Server are:
• External hosts gain access to internal resources (Scarfone, Hoffman, & Souppaya, 2009)
• An unauthorized user eavesdrops on remote access communications and manipulate them using a compromised server (Scarfone, Hoffman, & Souppaya, 2009)
• Partially patched remote access servers (Scarfone, Hoffman, & Souppaya, 2009)
4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service?
Using multi-factor authentication is a recommended best practice when implementing a Remote Access Policy server user authentication service (Scarfone, Hoffman, & Souppaya, 2009).
5. What is a Remediation LAN?
A Remediation Local Area Network (LAN) is a network with devices like a Remediation Server that quarantines non-compliant computers from an...

Similar Documents

Free Essay

Lab # 8

...enumerates them, what would be a model? Common Vulnerability Enumeration (CVE) 6. What is the standard formula to rank potential threats? Decompose the application, determine and rank threats, and determine countermeasures and mitigation. 7. If an organization is identified as not using any password policies for any of its applications what would be two suggestions to note in the assessment? That the organization is a great risk without any password policies. 8. Should newly-released patches for a known vulnerability be applied to production system once released? Yes 9. What is the importance of having a security incident response plan in an organization? So that when there is a security incident all employees involved know the correct way to handle the incident. 10. What would an auditor be trying to verify if he/she is asking to view logs for certain dates? To view what was enter in on that day to match the reports. 11. How could the findings from the Skipfish and rats scanning performed in lab #7 be...

Words: 473 - Pages: 2

Premium Essay

Lab 8

...Lab #8 – Assessment Worksheet Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response......

Words: 442 - Pages: 2

Free Essay

Lab 8

...Lab 8.1 Step 2: The hour is 1 continue loop till the hour is 24 then stop. Step 3: Constant Integer Max_Minutes = 60 Declare Integer minutes For minutes = 1 to Max_Minutes Display “The minute is “, minutes End For Step 4: Constant Integer Max_Seconds = 60 Declare Integer seconds For seconds = 1 to Max_Seconds Display “The second is “, seconds End For Step 6: The number is 2 The number is 4 The number is 6 The number is 8 The number is 10 Step 7: Constant Integer Max_VALUE = 200 Declare Integer counter For counter = 20 to Max_VALUE step 20 Display “The number is “, counter End For Step 9: Enter the number of students in class Display however many numbered students you enter Step 11: Loop five times, each asking you to enter a number Displaying the total at the end Step 12: Declare Integer counter Declare Integer totalAge = 0 Declare Real averageAge = 0 Declare Integer age Declare Integer number Display “How many ages do you want to enter: “ Input number For counter = 1 to number Display “Enter age “ Input age Set totalAge = totalAge + age End For averageAge = totalAge / number Display “The average age is “, averageAge Lab 8.2 Lab 8.3 Module Module1 Sub Main() Dim anotherDay As String = "yes" While anotherDay = "yes" Dim totalSpeed As Double = 0 Dim averageSpeed As Double = 0 enterSpeeds(totalSpeed) calcAverage(totalSpeed, averageSpeed) ...

Words: 324 - Pages: 2

Free Essay

Lab 8

...Jack Ferguson 12 May 14 Lab #8 In cryptography, encryption is the process of encoding messages in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. In an encryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable ciphertext . This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm, that usually requires a secret decryption key that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key-generation algorithm to randomly produce keys. There are two basic types of encryption schemes: Symmetric-key and public-key encryption. In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must agree on a secret key before they wish to communicate. In public-key schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key and is capable of reading the encrypted messages. Public-key encryption is a relatively recent invention: historically, all encryption schemes have been symmetric-key (also called private-key)......

Words: 1540 - Pages: 7

Free Essay

Lab 8

...1. Define the five server roles. Exchange Organization Administrator- Full permission to all components of Exchange as well as Exchange-related objects and information in AD. Exchange Recipient Administrator- Ability to modify the properties of any recipient object including users, contacts, groups, and public folders, as well as mailbox and UM settings for recipient objects. Exchange Public Folder Administrator- Ability to create and delete public folders as well as manage all public folder properties that are not related to specific recipient objects. This administrative role is only available in Exchange Server 2007 SP1 and later. Exchange View-Only Administrator- Ability to view all Exchange-related information on Exchange servers and within AD. Exchange Server Administrator- Full permission to administer all Exchange-related components on a specific Exchange server. 2. What is the function of the DNS, MX, and A records? They are all used to locate email servers for organizations on the Internet, The Exchange servers in your organization that host the Edge or Hub roles contact a DNS server when they need to resolve the names and IP address of foreign email servers to which they need to relay email. 3. Define Postmaster. The postmaster is a special email address that represents the person who is responsible for the ongoing operation of the email server, users who have problems sending or receiving email will see the postmaster email address on their delivery...

Words: 923 - Pages: 4

Premium Essay

Lab 8

...Joshua Reynolds FW9135 Psy1010 Section 052 TA Monica De Iorio 8th Lab Assignment There are many ways to cope with stress but we learned about 3 specific strategies in lab. These three included cognitive, behavioral, and avoidance strategies. Active cognitive strategies include actively thinking about a situation to adjust more effectively to it. This strategy is one of the better ways to cope with stress. Then you have active behavioral strategies and this involves actively taking some type of action to improve a problem situation that is stressing you out. This is the other strategy that is best for relieving stress. The third strategy that we had learned about was the avoidance strategy. This strategy is not a good strategy to use and can sometimes make things worse. Avoidance involves keeping the stressful situation and circumstances out of awareness. This could potentially cause more stress. The strategy that I tend to use the most is the active behavioral strategy. I like to take action in everything that I do, especially when it involves things that are causing or will cause myself to stress out. An example of that would be of someone had a problem with me I would go talk to them about it and try to figure out what the problem is. Instead of avoiding it or just thinking about it I would go do something about it. Another example could be if I had a bad grade in a class I would go see my professor to see what I could do about it and make that extra effort. The......

Words: 315 - Pages: 2

Premium Essay

Lab 8

...12 failed log in attempts Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 5/30/2014 8:30:18 AM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: TarWin2012DC.securelabsondemand.com Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: TARGET2012B$ Account Domain: SECURELABSONDEM Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: TARGET2012B Source Network Address: 172.30.0.18 Source Port: 49304 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are...

Words: 711 - Pages: 3

Free Essay

Nos 230 Lab 8

...Lab 8 Creating and Configuring Virtual Machine Storage | | This lab contains the following exercises and activities: Exercise 8.1Exercise 8.2Exercise 8.3 Exercise 8.4Exercise 8.5Lab Challenge | Creating a Virtual Hard DiskEditing a Virtual Hard Disk FileCreating a Virtual Machine with an Existing Virtual Hard DiskConfiguring QOS on a Virtual Hard DiskCreating a Pass-Through DiskCreating a Checkpoint | BEFORE YOU BEGIN The lab environment consists of three servers connected to a local area network, one of which is configured to function as the domain controller for a domain called adatum.com. The computers required for this lab are listed in Table 8-1. Table 8-1 Computers Required for Lab 8 Computer | Operating System | Computer Name | Domain controller 1 | Windows Server 2012 R2 | SERVERA | Member server 2 | Windows Server 2012 R2 | SERVERB | Member server 3 | Windows Server 2012 R2 | SERVERC | In addition to the computers, you also require the software listed in Table 8-2 to complete Lab 8. Table 8-2 Software Required for Lab 8 Software | Location | Lab 8 student worksheet | Lab08_worksheet.docx (provided by instructor) | Working with Lab Worksheets Each lab in this manual requires that you answer questions, take screen shots, and perform other activities that you will document in a worksheet named for the lab, such as Lab08_worksheet.docx. It is recommended that you use a USB flash drive to store your worksheets, so you can submit them to...

Words: 1958 - Pages: 8

Free Essay

Lab 8 Discussion

...Experiment 8 Lab Report Analysis of Oxidizing Capacity of Bleach The goal of this lab is to perform a titration of a sample of bleach with thiosulfate, figuring the end point with a starch indicator. We will determine the percent mass of sodium hypochlorite in bleach by using the volume of sodium thiosulfate needed to reach the end point. This value represents the oxidizing capacity of the unknown bleach. At the end, we will create two redox reactions to determine the overall chemical reaction that occurs during this process. I think that my oxidizing capacity will be 5.0g. Most bleach contains salts with the hypochlorite ion, the oxidizing agent that removes stains and whitens them. The hypochlorite ion usually comes in the form of sodium hypochlorite, NaOCl, or calcium hypochlorite. The two oxidation reduction reactions that occur during this experiment are first the oxidation of iodide to iodine, I2(aq), by the hypochlorite ion and then making the aqueous iodine reduce back to iodide by titrating it with sodium thiosulfate. The overall stoichiometry of the reaction is one mole of hypochlorous acid, formed by placing the sodium hypochlorite into acidic solution, plus two moles of the thiosulfate ion plus hydrogen ions from the solution yielding one mole of chlorite anions, one mole of the tetrasulfur hexoxide anion and one mole of liquid water. We began the titration of aqueous iodine by adding .05M sodium thiosulfate until the brown colored solution began to turn a...

Words: 818 - Pages: 4

Premium Essay

Pt1420 Lab 8

...Lab 8.1 Step 2: The hour is 1 continue loop till the hour is 24 then stop. Step 3: Constant Integer Max_Minutes = 60 Declare Integer minutes For minutes = 1 to Max_Minutes Display “The minute is “, minutes End For Step 4: Constant Integer Max_Seconds = 60 Declare Integer seconds For seconds = 1 to Max_Seconds Display “The second is “, seconds End For Step 6: The number is 2 The number is 4 The number is 6 The number is 8 The number is 10 Step 7: Constant Integer Max_VALUE = 200 Declare Integer counter For counter = 20 to Max_VALUE step 20 Display “The number is “, counter End For Step 9: Enter the number of students in class Display however many numbered students you enter Step 11: Loop five times, each asking you to enter a number Displaying the total at the end Step 12: Declare Integer counter Declare Integer totalAge = 0 Declare Real averageAge = 0 Declare Integer age Declare Integer number Display “How many ages do you want to enter: “ Input number For counter = 1 to number Display “Enter age “ Input age Set totalAge = totalAge + age End For averageAge = totalAge / number Display “The average age is “, averageAge Lab 8.2 Lab 8.3 Module Module1 Sub Main() Dim anotherDay As String = "yes" While anotherDay = "yes" Dim totalSpeed As Double = 0 Dim averageSpeed As Double = 0 enterSpeeds(totalSpeed) calcAverage(totalSpeed, averageSpeed) ...

Words: 324 - Pages: 2

Premium Essay

Unit 8 Lab

...Lab 8 Assessment 1. Where can you store your public keys or public certificate files in the public domain? Is this the same thing as a public key infrastructure (PKI) server? Certificate stores 2. What do you need if you want to decrypt encrypted messages and files from a trusted sender? Decryption key 3. When referring to IPSec tunnel mode, what two types of headers are available and how do they differ? Authentication Header is used to prove the identity of the sender and ensure the data is not tampered with while Encapsulated Security Payload provides authentication and encryption and encrypts the IP packets and ensures their integrity. 4. Provide a step by step progression for a typical Certificate Enrollment process with a Certificate Authority. Create Enrollment Object Set Enrollment Parameters Create Request Submit Request Process request Get Certificate Accept Certificate 5. When designing a PKI infrastructure what are the advantages and disadvantages of making the CA available publicly over the Internet or keeping it within the private network? Advantages Straight-forward Concept Chain-length limit Less time to obtain a usable certificate within the CA Disadvantages Scalability Single point of trust Still need an impeccable CA 6. Designing a PKI involves several steps. Per the Windows Best Practices for Designing a PKI, what are those steps? In your words, explain what each step is meant to do? *......

Words: 634 - Pages: 3

Premium Essay

Lab 8 Assessment

...1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no attackers can penetrate your web application before the Web App goes live. It is critical to perform a penetration test on a Web application because the Web application is running on an Application Server or a Web Server, if an attacker is able to access the application code for how the database is called, it may be able to retrieve information about the database (name, attributes, IP address, etc.) and or access the Web Server and attempt a DoS attack. If a Web form cannot handle the unexpected data and fails to return the expected outcome. You have uncovered a vulnerability in this form; penetration testing in this area help IT security identify the vulnerabilities a Web Application may have.  2. What is a cross-site scripting attack? The goal of an XSS attack is see if the Web Application allows the attacker to have administrative read/write access to the functionality of the Web Application. This attack is a type of computer security vulnerability typically found inweb applications that enables attacks to inject client-side script into web pages viewed and accessed by other users. 3. What is a reflective cross-site scripting attack? If the attacker can type a script in a text field and the script alters or creates a pop-up display, the attacker can use these windows to navigate users off the Web Application pages and to......

Words: 849 - Pages: 4

Premium Essay

Is4680 Lab 8

...Aaron Douglas 09428009 IS4680 Unit 1 Assignment 1: Compliance Laws I believe the correct law that will work for my organization is the HIPPA compliance law. This law stands for Health Insurance Portability and Accountability Act. This law fits for what our organization needs to give auditors the table they need. The HIPPA law will also provide employees and citizens to maintain and get health insurance coverage in the case of any serious health problems. Also it improves efficiency and effectiveness of the American health care system. It will combat waste, fraud, and abuse in both health insurance and the delivery of health care overall so everyone is treated fairly. The requirements that will help our organization are: * Title I; Health Care Access, Portability, and Renewability * Title II; Preventing Health Care Fraud and Abuse, Administrative, Simplification, and Medical Liability Reform. * Title III; Tax-Related Health Provisions * Title IV; Application and Enforcement of Group Health Plan Requirements * Title V; Revenue Offsets These requirements will give the auditors what they need to do so that way we can get our goals accomplished on our end. Title I offers protection of health insurance coverage without regard to pre-existing conditions to those who lose or change jobs, locations. Title II provides requirements for the privacy and security of health information from fraud and hackers. This is often referred to......

Words: 270 - Pages: 2

Free Essay

Demo Speech Magic Square

...Demo Speech November 2, 2010 Topic: Magic square personal yantra Specific Purpose Statement: By the end of my speech, my audience will know how to make their own personal yantra by way of a magic square. Thesis Statement: Knowing your personal yantra is an interesting way to gain insights of your character and life’s path. I. Introduction A. Attention- Getter: Who hasn’t wondered, what is the purpose of life? 1. Who hasn’t thought to themselves, what will my life be like in the future? 2. Will I be happy? 3. What about my family and friends? 4. Have you ever wondered if you will be rich. B. Reason to Listen: Well what if I told you, there was an easy way to answer some of life’s most interesting questions. 1. That simple mathematically equations can decipher your fate. 2. That there is a reason why you are who you are. 3. A way to obtain your ideals about love, money and career. C. Credibility Statement: The ancient tradition of creating numerical yantras has been around for 5 thousand years. 1. I found numerous resources concerning numerology. a. Including Richard Webster’s Numerology Magic , that I got from the library. b. There are also plenty of websites dedicated to numerology. 2. I personally have created many yantras for my friends and family. D. Personal yantras are not only fun to construct, but perhaps can give a person some insight on the purpose of their lives. E. Today, I am......

Words: 1905 - Pages: 8

Free Essay

Alan

...The Big Book of Huddle Energizers Ideas to enliven your huddle Contributed by employees of Citibank Singapore Table of Contents Service Value # 1 – Make Each Interaction Personal ................................................. 6  Energizer: Hebrew Numerology ................................................................................... 6  Energizer: Brain Teaser ............................................................................................... 9  Energizer: Human Treasure Hunt............................................................................... 10  Energizer: Secret Hat Trick ........................................................................................ 11  Energizer: Accentuate the Positive............................................................................. 11  Energizer: Name Game.............................................................................................. 11  Energizer: Heart to Heart ........................................................................................... 11  Energizer: Guess my Body Language ........................................................................ 11  Energizer: How to Say Hello in Different Languages ................................................. 12  Energizer: Good Morning Game ................................................................................ 12  Service Value # 2 – Maintain A Professional Image ...................................................

Words: 24325 - Pages: 98