Homework answers / question archive / The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls)

The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls)

Computer Science

Share With

The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls).

The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements in order to stay in step with ever-changing information system technologies.

The data breach at the US Office of Personnel Management (OPM) was one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some failures of security practices, such as lack of diligence with security controls and management of changes to the information systems infrastructure, were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report, which can be found in open-source searches.

Some of the findings in the report include:your network design.

Step 1: Enterprise Network Diagram

STEP 2 Enterprise Threats

Step 3: Scan the Network

Step 4: Identify Security Issues

Step 5: Firewalls and Encryption

Step 6: Threat Identification

Step 7: Risk and Remediation

Step 8: Creating the SAR and RAR

The last part is to analyze the laps. I will provide the screenshots for the lapwork

Vulnerabilities In Operating Systems What is OS? • Operating system is system software that acts as the interface between the hardware components of the computer and the user. • OS creates an environment for Application Software to execute and it satisfies their demand for memory and process. Kernel Application The kernel is the system program that controls all programs running in the background, it basically acts as a bridge between the Software and Hardware of the system. The kernel is important to program in the Operating system, it is the first program that is loaded in the main memory and stays there until the system is shut down. Information System Architecture Information system (IS) Architecture, encompasses the hardware and software used to deliver the solution to the end-user, from the study of complementary networks of hardware and software data is collected, filtered and processed which is used in organizational settings. Cloud Computing It is an emerging computer network architecture that is based on information system architecture where it refers to the use of remote servers over the internet for the purpose of sharing resources. Operating System Vulnerabilities A Vulnerability is effectively an error that can be present in the code or the logical operation with an Operating System or application software, as Operating Systems are very large and complex, and includes lots of functionality which makes it hard to recognize the error. Vulnerabilities can be used by the attackers to exploit the system which directly or indirectly leads to the system Confidentiality, Integrity, and Availability (CIA). Windows Vulnerabilities • . As windows provides its user advance eye catching features, which are most vulnerable. The most common vulnerabilities can be found in any version of windows. Some of the window's vulnerabilities include DoS, XSS, SQL injection, memory corruption, and overflow. Linux Vulnerabilities • On the other side Linux is an open-source OS, which means it can be modified and altered by anyone in the world that makes Linux very vulnerable and prone to the errors • . Linux kernel is prone to many vulnerabilities like denial of service, execution of arbitrary code and root level access to the system. MAC OS Vulnerability Mac OS is designed by Apple for its desktops and workstations, Mac OS also known as OS X is a series of OS, some MAC vulnerabilities include Security-Keychain vulnerability, where the security component of OS X doesn’t properly implement keystroke observers. iPhone Mobile phones are more vulnerable as phone users are often connected to the network and insecure data storage is one of the major issues. Other than that tracked as CVE-2021-1879, the security flaw resides in the WebKit, as iPhone uses Open source web browser safari, therefore maliciously crafted web content may lead to universal cross-site scripting. Intrusion Of MS And Linux Operating Systems • Intrusion means finding out the weakness in a system or a network and exploiting them, intruders are aware of the weakness of the network by continuously using their network scanning programs. Motives for intrusion • The motives of intrusion can be multiple but the main motives are to use the host as a spam relay to continuous flood in the network. • To establish a web server (non-privileged port) to be used for some phishing scam. • . To perform network scanning to find out vulnerable hosts in the network. To install an FTP server for distributing illegal content on the network . Methods to Intrusion detection • An intrusion detection system (IDS) monitors the network traffic for activities and instantaneously issues an alert whenever any suspicious activities are discovered, any malicious venture or violation is normally reported to the administrator or SIEM. • Intrusion Detection System is classified into 5 types:- Host Intrusion Detection System (HIDS), Protocol-based Intrusion Detection System (PIDS), Application Protocol-based Intrusion Detection System (APIDS), Hybrid Intrusion Detection System, Intrusion Prevention System(IPS) • The intrusion prevention system (IPS) is a network security application that monitors networks and system activities for malicious activity. IPS' main functions are identifying, collecting information, reporting, and attempting to prevent or stop any malicious activity. • There are four classifications of IPS: Network-based, Wireless, Network behaviour analysis, and Host-based. PREPARING FOR THE VULNERABILITY SCAN Vulnerability Scanning is the process of find and classifying security problems. Therefore it is important to do it in order to resolve the security issue that the system or the network is facing. A vulnerability assessment is a process for finding and classifying security problems in a system or network. Steps: 1. Initial Assessment-It includes the identification of the assets and critical value of the device is defined, it is important to identify and analyse every device for the security and vulnerability of the network. 2. Defining a system baseline- The second step is to gather basic information about the system like reviewing the open ports, processes and services that shouldn’t be present. 3. Perform the vulnerability Scan- it includes the actual vulnerability test such as Best scan, Firewall scan, Stealth scan and Aggressive scan must be performed. 4. Vulnerability Access report Creation- It Includes Details like the Name of the vulnerability, date of discovery, detailed description of the vulnerability etc must be included. Summary Of Findings By using the vulnerability assessment tool there were different findings for Windows and Linux machines: LINUX • The system had a telnet service enabled which is allowing cleartext login over unencrypted connection. • SSL/TLS weak cipher suites were present. • SSH weak encryption algorithm support were present. • TCP timestamp reveal Windows RPC and MSRPC services enumeration by connecting to port 135 and doing queries. RECOMMENDATIONS LINUX • Weak encryption algorithms in the SSH service needs to be disabled. • The SSL configurations needs to be updated so that it does not accept Weak cipher suites. • Avoid using telnet for preventing clear text login vulnerability instead start using SSH for encrypted connections. • Update the TCP timestamp in the system configuration file to 0 so that time stamps does not get transmitted while establishing a TCP connection. Windows • RPC and MSRPC services enumeration by connecting to port 135 and doing queries. • Always keep system softwares as well as application softwares update to the latest version with latest security. • Organize security audits regularly after a period for testing the security of the environment and to be sure that all the things are updated and not misconfigured. • Assign an experienced administrator for the system. THANK-YOU Vulnerability Assessment Tools for OS and Applications LINUX 1. Linux Vulnerabilities Present Following Linux vulnerabilities were present in the OS. 1. Telnet unencrypted cleartext login The system has a telnet service enabled which is allowing cleartext login over an unencrypted connection. 2. SSL/TLS weak cipher suites 3. SSH weak encryption algorithm Support 4. TCP timestamp reveal The remote host is running a Telnet service which allows cleartext logins over unencrypted connections. 2. Determine if weak passwords are being used on Linux systems. No, there were no weak passwords being used in the system. 3. Determine which security updates are required for the Linux systems. The following security updates are required on the linux system: 1. Weak encryption algorithms in the SSH service need to be disabled. 2. The SSL configuration needs to be updated so that it does not accept Weak cypher suites. 3. Avoid using telnet for preventing cleartext login vulnerability instead start using SSH for encrypted connections. 4. Update the TCP timestamp in the system configuration file to 0 so that timestamps do not get transmitted while establishing a TCP connection. 5. 4. Recommendations on how to keep system secure. 1. Always keep system software as well as application software updated to the latest version with the latest security. 2. Organize security audits regularly after a period for testing the security of the environment and to be sure that all the things are updated and not misconfigured. 3. Assign an experienced administrator for the system. WINDOWS 1. Determine if Windows administrative vulnerabilities are present. No administrative vulnerabilities with high severity were present in the systems except for one which was RPC and MSRPC services enumeration by connecting to port 135 and doing queries. OS detection and Consolidation Report The script consolidates the OS Information Detected by NVTs and tries to best find the matching OS. ICMP Timestamp Detection The host responded to ICMP timestamp request. This information can be used to exploit weak time-based random number generators in other services. Traceroute Traceroute from the scanning server to the target system was conducted, it doesn’t represent a vulnerability however, it displaced traceroute contains any private address that should not be publicly visible then there is an issue that needs to be corrected. SSL/TLS report medium cipher suites The routine responds all medium SSL/TLS cipher suites accepted by service. OS and Service Banner Reporting Report was consolidated by NVT and a confident identification of the service was not possible. SSL/TLS routine reports all SSL/TLS cipher suites accepted by PFS. 2. Determine if weak passwords are being used on Windows accounts. No weak passwords were being used on windows accounts. 3. Report which security updates are required on each individual system. No security updates were required on the systems but the incoming traffic at port 135 needs to be filtered to avoid attackers from enumerating RPC services by making queries on port 135. 4. Recommendations on how to keep system secure. 1. Always keep system software as well as application software update to the latest version with latest security. 2. Organize security audits regularly after a period for testing the security of the environment and to be sure that all the things are updated and not misconfigured. 3. Assign an experienced administrator for the system. Summary: In the lab assignment, OpenVMS tool was used to scan systems for vulnerabilities and was observed that both the machines including the Windows and Linux had some vulnerabilities and solution, Linux vulnerabilities included Weak encryption algorithms in the SSH service that needed to be disabled, thee SSL configurations needs to be updated so that it does not accept Weak cypher suites, the use of should be avoided for preventing cleartext login vulnerability instead start using SSH for encrypted connections and the need for Updating the TCP timestamp in the system configuration file to 0 so that timestamps do not get transmitted while establishing a TCP connection. Whereas in Windows no administrative vulnerabilities with high severity were present in the systems except for one which was RPC and MSRPC services enumeration by connecting to port 135 and doing queries. where the incoming traffic at port 135 needs to be filtered to avoid attackers from enumerating RPC services by making queries on port 135. There were several vulnerabilities detected on both the system and the common recommendations for both could be keeping the system software as well as an application software update to the latest version with the latest security, organizing security audits regularly after a period for testing the security of the environment and to be sure that all the things are updated and not misconfigured, and Assigning an experienced administrator for the system. Vulnerabilities In Operating Systems What is OS? • Operating system is system software that acts as the interface between the hardware components of the computer and the user. • OS creates an environment for Application Software to execute and it satisfies their demand for memory and process. Kernel Application The kernel is the system program that controls all programs running in the background, it basically acts as a bridge between the Software and Hardware of the system. The kernel is important to program in the Operating system, it is the first program that is loaded in the main memory and stays there until the system is shut down. Information System Architecture Information system (IS) Architecture, encompasses the hardware and software used to deliver the solution to the end-user, from the study of complementary networks of hardware and software data is collected, filtered and processed which is used in organizational settings. Cloud Computing It is an emerging computer network architecture that is based on information system architecture where it refers to the use of remote servers over the internet for the purpose of sharing resources. Operating System Vulnerabilities A Vulnerability is effectively an error that can be present in the code or the logical operation with an Operating System or application software, as Operating Systems are very large and complex, and includes lots of functionality which makes it hard to recognize the error. Vulnerabilities can be used by the attackers to exploit the system which directly or indirectly leads to the system Confidentiality, Integrity, and Availability (CIA). Windows Vulnerabilities • . As windows provides its user advance eye catching features, which are most vulnerable. The most common vulnerabilities can be found in any version of windows. Some of the window's vulnerabilities include DoS, XSS, SQL injection, memory corruption, and overflow. Linux Vulnerabilities • On the other side Linux is an open-source OS, which means it can be modified and altered by anyone in the world that makes Linux very vulnerable and prone to the errors • . Linux kernel is prone to many vulnerabilities like denial of service, execution of arbitrary code and root level access to the system. MAC OS Vulnerability Mac OS is designed by Apple for its desktops and workstations, Mac OS also known as OS X is a series of OS, some MAC vulnerabilities include Security-Keychain vulnerability, where the security component of OS X doesn’t properly implement keystroke observers. iPhone Mobile phones are more vulnerable as phone users are often connected to the network and insecure data storage is one of the major issues. Other than that tracked as CVE-2021-1879, the security flaw resides in the WebKit, as iPhone uses Open source web browser safari, therefore maliciously crafted web content may lead to universal cross-site scripting. Intrusion Of MS And Linux Operating Systems • Intrusion means finding out the weakness in a system or a network and exploiting them, intruders are aware of the weakness of the network by continuously using their network scanning programs. Motives for intrusion • The motives of intrusion can be multiple but the main motives are to use the host as a spam relay to continuous flood in the network. • To establish a web server (non-privileged port) to be used for some phishing scam. • . To perform network scanning to find out vulnerable hosts in the network. To install an FTP server for distributing illegal content on the network . Methods to Intrusion detection • An intrusion detection system (IDS) monitors the network traffic for activities and instantaneously issues an alert whenever any suspicious activities are discovered, any malicious venture or violation is normally reported to the administrator or SIEM. • Intrusion Detection System is classified into 5 types:- Host Intrusion Detection System (HIDS), Protocol-based Intrusion Detection System (PIDS), Application Protocol-based Intrusion Detection System (APIDS), Hybrid Intrusion Detection System, Intrusion Prevention System(IPS) • The intrusion prevention system (IPS) is a network security application that monitors networks and system activities for malicious activity. IPS' main functions are identifying, collecting information, reporting, and attempting to prevent or stop any malicious activity. • There are four classifications of IPS: Network-based, Wireless, Network behaviour analysis, and Host-based. PREPARING FOR THE VULNERABILITY SCAN Vulnerability Scanning is the process of find and classifying security problems. Therefore it is important to do it in order to resolve the security issue that the system or the network is facing. A vulnerability assessment is a process for finding and classifying security problems in a system or network. Steps: 1. Initial Assessment-It includes the identification of the assets and critical value of the device is defined, it is important to identify and analyse every device for the security and vulnerability of the network. 2. Defining a system baseline- The second step is to gather basic information about the system like reviewing the open ports, processes and services that shouldn’t be present. 3. Perform the vulnerability Scan- it includes the actual vulnerability test such as Best scan, Firewall scan, Stealth scan and Aggressive scan must be performed. 4. Vulnerability Access report Creation- It Includes Details like the Name of the vulnerability, date of discovery, detailed description of the vulnerability etc must be included. Summary Of Findings By using the vulnerability assessment tool there were different findings for Windows and Linux machines: LINUX • The system had a telnet service enabled which is allowing cleartext login over unencrypted connection. • SSL/TLS weak cipher suites were present. • SSH weak encryption algorithm support were present. • TCP timestamp reveal Windows RPC and MSRPC services enumeration by connecting to port 135 and doing queries. RECOMMENDATIONS LINUX • Weak encryption algorithms in the SSH service needs to be disabled. • The SSL configurations needs to be updated so that it does not accept Weak cipher suites. • Avoid using telnet for preventing clear text login vulnerability instead start using SSH for encrypted connections. • Update the TCP timestamp in the system configuration file to 0 so that time stamps does not get transmitted while establishing a TCP connection. Windows • RPC and MSRPC services enumeration by connecting to port 135 and doing queries. • Always keep system softwares as well as application softwares update to the latest version with latest security. • Organize security audits regularly after a period for testing the security of the environment and to be sure that all the things are updated and not misconfigured. • Assign an experienced administrator for the system. THANK-YOU