+1443 776-2705 panelessays@gmail.com

  

Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.

The deliverables for this project are as follows:

Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.

Project 2: Operating Systems Vulnerabilities (Windows and Linux)

Transcript: Congratulations, you are the newly appointed lead cybersecurity engineer with your company in the oil and natural gas sector.This is a senior­level position. You were hired two months ago based on your successful cybersecurity experience with a previous employer. Your technical knowledge of cybersecurity is solid. However, you have a lot to learn about this company’s culture, processes, and IT funding decisions, which are made by higher management. You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources. First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company.You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly accessing your user account and conducting unauthorized configuration changes. You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization. You're also tasked with creating a non­technical narrated presentation summarizing your thoughts.  The organization uses multiple operating systems that are Microsoft­based and Linux­based.  You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network.You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders.   

The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.

Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.

Step 1: Defining the OS

The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.

Click on and read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation:

operating systems fundamentals

the applications of the OS

The Embedded OS

information system architecture

cloud computing

web architecture

After reviewing the resources, begin drafting the OS overview to incorporate the following:

Explain the user's role in an OS.

Explain the differences between kernel applications of the OS and the applications installed by an organization or user.

Describe the embedded OS.

Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture.

Include a brief definition of operating systems and information systems in your SAR.

Step 2: OS Vulnerabilities

You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying "So what?" The organization's leaders are not well versed in operating systems and the threats and vulnerabilities in operating systems, so in your SAR, you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.

Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:

Windows vulnerabilities

Linux vulnerabilities

Mac OS vulnerabilities

SQL PL/SQL, XML and other injections

Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:

Explain Windows vulnerabilities and Linux vulnerabilities.

Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.

Explain the motives and methods for intrusion of the MS and Linux operating systems;

Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.

Describe how and why different corporate and government systems are targets.

Describe different types of intrusions such as SQL PL/SQL, XML, and other injections

You will provide leadership with a brief overview of vulnerabilities in your SAR.

Step 3: Preparing for the Vulnerability Scan

You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of the organization's operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the purpose, goals, objectives, and execution of vulnerability assessments and security updates:

Vulnerability assessments

Patches

Then provide the leadership with the following:

Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.

Include a description of the applicable tools to be used, and the limitations of the tools and analyses, if any. Provide an explanation and reasoning of how the applicable tools to be used, you propose, will determine the existence of those vulnerabilities in the organization’s OS.

Include the projected findings from using these vulnerability assessment tools.

In your report, discuss the strength of passwords, any Internet Information Services' administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches, as they relate to OS vulnerabilities.

Step 4: LAB (I will conduct the lab)

Step 5: The Security Assessment Report

By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system's security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR).

In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.

Remember to include these analyses and conclusions in the SAR deliverable:

After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.

You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.

Include your SAR in your final deliverable to leadership.

Step 6: The Presentation

Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company's leadership.

Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these non­technical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your non­technical presentation:

How do you present your technical findings succinctly to a non­technical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.

How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.

How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.

Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings.

Requirements:

Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.

The deliverables for this project are as follows:

Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.

In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.

Graded competencies:

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.

2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.

10.1: Identify potential threats to operating systems and the security features necessary to guard against them.

,

Project 2: OPERATING SYSTEM VULNERABILITY LAB

Microsoft (MS), Baseline Security Analyzer (MBSA), and the Open Vulnerability Assessment System (OpenVAS) operating system (OS) vulnerability (OSV) scanning tools were required to conduct Lab 2. This Lab required the security manager (Sec Mgr) and system administrator (Sys Admin) to use the MBSA and OpenVAS tools to scan for OS vulnerabilities across the company’s network for Windows (Microsoft Office) and LINUX. Screenshots provided displays the process of using both of these tools. While using the tools during this lab, the Security Manager and the System Administrator noted that the MBSA tools were more simplified to use and provided a more detailed list of findings and remediation steps for all types of Microsoft Office (MO) vulnerabilities. It also concluded, that the OpenVAS tool was much more difficult to use due to it requiring the user to have a decent knowledge or understanding of the Linux operating system and commands. Although, the operation was more challenging, the OpenVAS tool provided a more comprehensive list of common vulnerabilities and exposure findings that encompassed all vulnerabilities. This detailed list also includes hyperlinks that explained remediation instructions for the system administrator to use. The Microsoft Baseline Security Analyzer (MBSA) scan of the network granted the Security Manager and the System Administrator with a list of vulnerabilities. In addition to the notation that the Windows Firewall was disabled without proper authorization. This led to incorrect auditing configurations, Sequel (SQL) Server and Microsoft Server Desktop Engine (MSDE) not being installed, the Internet Information System (IIS) not running on the system, and none of the Microsoft Office products on the system were supported. The OpenVAS scan of the network allowed for the System Administrator and the Security Manager to find numerous encryption vulnerabilities, program errors, and other vulnerabilities. A security scan of the network also determined that more than half of all of the system vulnerabilities were classified as High or Medium. This would mean that these were serious threats to be monitored. The System Administrator and the Security Manager will need to work harmoniously in order to correct the vulnerabilities identified during the OpenVAS and MBSA scans. Both the System Administrator and the Security Manager will need to complete of all scans in order to discuss the different vulnerabilities and discuss remediation procedures. Once this has taken place, both will require the discussion of and provide a list of the vulnerabilities by priority (High to Low) in regards to threat level.

,

Project 2

Student Name: Aisha Tate
Date: 8-Oct-19
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 2: Requires the Following THREE Pieces Areas to Improve
1. Security Assessment Report (including relevant findings from Lab)
2. Non-Technical Presentation Slides (Narration Not Needed)
3. Lab Experience Report with Screenshots
1. Security Assessment Report
Defining the OS
Brief explanation of operating systems (OS) fundamentals and information systems architectures.
1. Explain the user's role in an OS. good
2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. good
3. Describe the embedded OS. missing
4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture. missing
Include a brief definition of operating systems and information systems in your SAR.
Other outstanding information
OS Vulnerabilities
1. Explain Windows vulnerabilities and Linux vulnerabilities. good
2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. good
3. Explain the motives and methods for intrusion of MS and Linux operating systems. missing
4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems. missing
5. Describe how and why different corporate and government systems are targets. missing
6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections missing
Preparing for the Vulnerability Scan
1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. good
2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. good
3. Include a description of the applicable tools to be used, limitations, and analysis. good
4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS. good
5. In your report, discuss the strength of passwords good
5a. any Internet Information Services' good
5b. administrative vulnerabilities, missing
5c. SQL server administrative vulnerabilities, missing
5d. Other security updates and good
5e. Management of patches, as they relate to OS vulnerabilities. good
Vulnerability Assessment Tools for OS and Applications (Lab)
Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA): good
1. Determine if Windows administrative vulnerabilities are present. good
2. Determine if weak passwords are being used on Windows accounts. good
3. Report which security updates are required on each individual system. missing
4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. missing
5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. missing
Utilize the OpenVAS tool to complete the following: missing
1. Determine if Linux vulnerabilities are present.
2. Determine if weak passwords are being used on Linux systems. missing
3. Determine which security updates are required for the Linux systems. missing
4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. missing
5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment missing
3. Presentation Slides
Title Slide good
Use of Readable Fonts and Color good
Summarizes Findings and Recommendations at High Level good
Presentation Slides Feedback
4. Lab Experience Report
Summarizes the Lab Experience and Findings good
Responds to the Questions good
Provides Screenshots of Key Results good
Lab Experience Report Feedback