Homework answers / question archive / Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format

Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format

Computer Science

Share With

• Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
• Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.
• In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.

Transcript Operating Systems Vulnerabilities Congratulations. You are the newly appointed lead cybersecurity engineer with your company in the oil and natural gas sector. This is a senior-level position. You were hired two months ago based on your successful cybersecurity experience with a previous employer. Your technical knowledge of cybersecurity is solid. However, you have a lot to learn about this company's culture, processes, and IT funding decisions, which are made by higher management. You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources. First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company. You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly accessing your user account and conducting unauthorized configuration changes. You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization. You're also tasked with creating a nontechnical narrated presentation summarizing your thoughts. The organization uses multiple operating systems that are Microsoft-based and Linux-based. You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network. You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders. Close Project 1: Operating Systems Vulnerabilities (Windows and Linux) Start HereStep 1: Define the OSStep 2: Review OS VulnerabilitiesStep 3: Prepare for the Vulnerability ScanStep 4: Review Vulnerability Assessment Tools for OS and ApplicationsStep 5: Create the Security Assessment ReportStep 6: Develop the Presentation Project 2: Assessing Information System Vulnerabilities and Risk Project 3: Threat Analysis and Exploitation Project 4: Cryptography Project 5: Digital Forensics Analysis Project 1: Operating Systems Vulnerabilities (Windows and Linux) Start Here Transcript The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage. The OS coordinates all of these activities and ensures that sufficient resources are allocated. These are the fundamental processes of the information system, and if they are violated by a security breach or exploited vulnerability, that could have a significant impact on the organization. Security for operating systems means protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could include a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (for any type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS. As you assess your company’s systems, you will likely uncover gaps and errors. These may reveal mistakes that people at the company have made which might embarrass or anger those involved. However, the trust placed in you means that you have a responsibility to report your findings fully and accurately so that you can reduce or eliminate the risk of future unauthorized access. So be fair and follow industry standards, but have the courage to be a force for positive change in your company’s cybersecurity efforts. There are six steps that will help you create your final deliverables. The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR. 3. In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab. Competencies Your work will be evaluated using the competencies listed below. • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem. • 5.4: Identify potential threats to operating systems and the security features necessary to guard against them. Project 1: Operating Systems Vulnerabilities (Windows and Linux) Step 4: Review Vulnerability Assessment Tools for OS and Applications Vulnerability assessment is scanning a network for known security weaknesses. Vulnerability scanners are software tools designed to provide an automated method for conducting vulnerability scans across an entire network that may run into hundreds or even thousands of machines. According to ECCouncil (2018), vulnerability scanners can help identify the following types of weaknesses: • the OS version running on computers or devices • IP and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports that are listening • applications installed on computers • accounts with weak passwords • files and folders with weak permissions • default services and applications that might have to be uninstalled • mistakes in the security configuration of common applications • computers exposed to known or publicly reported vulnerabilities Additionally, vulnerability scanners can be used to help predict the effectiveness of countermeasures (security controls) and to test the effectiveness of those controls in the production network. Further, vulnerability scanners also have limitations, primarily in that they are only as effective as the supporting databases and/or plug-ins at a point in time. Large, automated vulnerability scanning suites also require maintenance, tuning, and frequent updates to be able to detect new vulnerabilities. Finally, scanning engines are prone to both false positives and negatives. That is where you as the cybersecurity professional will apply your deep knowledge of the environment, network, and applications in use. Two common vulnerability scanners used in industry are the free Open Source scanner OpenVAS, and the commercial tool, Nessus. In this lab, you will use OpenVAS. Select the following links to learn more about OpenVAS and computer networks: • OpenVAS • Computer Networks Your leadership will want to understand the capabilities of the OpenVAS scanner, so you will need to include that information in your Security Assessment Report (SAR). Use the tool’s built-in checks to complete the lab. For details on accessing the lab, see the "Complete This Lab" box below. Use OpenVAS to complete the following: For the Windows OS: 1. Determine if Windows administrative vulnerabilities are present. 2. Determine if weak passwords are being used on Windows accounts. 3. Report which security updates are required on each individual system. 4. The tool provides a dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other groupings. 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, the OpenVAS tool will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. For the Linux OS: 1. Determine if Linux vulnerabilities are present. 2. Determine if weak passwords are being used on Linux systems. 3. Determine which security updates are required for the Linux systems. 4. The tool provides a dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other groupings. 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. Knowledge acquired from this Workspace exercise will help your company's client organizations secure the computer networks' resources and protect corporate data from being stolen. Validate and record the benefits of using these types of tools. You will include this in the SAR. References EC-Council (2018). Certified Ethical Hacker (CEH) Version 10 eBook (Volumes 1 through 4). [VitalSource Bookshelf]. Retrieved from https://bookshelf.vitalsource.com/#/books/97816356719 19 Complete This Lab Course Resource Print Vulnerability Assessment Tools for Operating Systems and Applications (OpenVAS) Assignment Rules • This lab assignment should be completed individually. Your professor and classmates can be a resource if you need help, but you are required to complete the assignment independently. • Do not plagiarize by copying content from the internet or other sources. • Lab procedures and results need to be documented as part of your submission. • Provide screenshots where necessary to support your work. Assignment Objectives • Use open-source vulnerability tools to analyze Windows and Linux systems. • Identify vulnerabilities of the information technology (IT) systems. • Based on the automatic generated reports and information provided in the classroom steps, develop a security assessment report (SAR). Competencies: vulnerability assessments, risk assessment, risk rating, and threat identification. Lab Overview The main purpose of this lab is to gain hands-on experience running vulnerability tools that help determine potential weaknesses in a system and understand the concepts in the classroom. OpenVAS is used to identify vulnerabilities in a Windows and Linux-based operating system. Before proceeding, revisit the information provided in the classroom that cites items you will need to include in your SAR. You will use the Virtual lab environment to access OpenVAS. This tool is already installed on virtual machines (VMs). Course note: In labs and related screenshots, any instructions that apply to CST 610 also apply to DFC 610. Lab Topology The virtual lab environment has four lab virtual machines (VMs) in this course, which are connected as depicted in the schematic diagram that will follow. Two of the machines run the Linux operating system (OS), while the other two run Windows OS. Types of VMs in This Lab VM # VM Name VM1 NIXATK01 VM2 NIXTGT01 VM3 WINATK01 VM4 WINTGT01 Note: [1] There are two target VMs and two attacker VMs. [2] There are two internal IPv4 subnets for VMs. OS Type Linux Linux Windows Windows VM Type Attacker Machine Target Machine Attacker Machine Target Machine The lab topology is shown below. Part A (left side) of the schematic diagram is the virtual lab topology indicating how the VMs are laid out in the dedicated local area network (LAN); Part B (right side) consists of a hypothetical core network connection to the internet. As shown in the diagram, there are two internal subnets: 1. The 10.11.0.0/16 (or 10.11.5.0/24) subnet is used to connect to your allocated VMs. 2. The 192.168.0.0/16 (or 192.168.10.0/24) subnet is used for the VMs to communicate among themselves. The following is a list of specific examples of IPv4 addresses for the VMs that you are likely to encounter based on the subnets: 10.11.5.2, 10.11.5.10, 10.11.5.45, 192.168.10.1, 192.168.10.20, 192.168.10.6, etc. Note: For safety, legal, and ethical concerns about the potential for misuse of some software tools when performing the lab, students' access to the internet from the Virtual Lab Environment is blocked. Use the required VM and/or applications or software tools, which are provided in the Lab Resources section, to complete this lab. Important Lab Information • Step-by-step lab instructions are provided below. After reading the information in this section, follow the directions to perform the lab exercises. • Familiarize yourself with the resources provided in the Lab Resources section of this document. You will find helpful open-source links that help you understand the tools you will use in this lab. • Connect to the lab environment following the instructions provided in the Virtual Labs" document linked from a box within the project steps in your classroom. You will use NIXATK01 to run OpenVAS. To run this tool, carefully read and follow the step-by-step instructions provided below. The following information is required to be in your SAR based on the OpenVAS results. • Determine if vulnerabilities are present in your Linux and Windows system. • Determine if weak passwords or encryptions are being used on Linux systems. Compile your findings and incorporate them into your deliverables for this project. Lab Resources • Lab Credentials • OpenVAS Website o http://www.openvas.org/ • Additional OpenVAS resources o https://www.kali.org/penetration-testing/openvasvulnerability-scanning/ o https://nsrc.org/workshops/2012/ternet-nsrc/rawattachment/wiki/AgendaTrack1/exercisesopenvas.pdf Step-by-Step Instructions Connect to NIXATK01. Click Yes on Verify host authenticity screen and log in. Source: Linux, UMGC Virtual Labs The IP address of the target Windows and Linux VMs are needed to run the scan. The Ping command is one of the fastest ways to determine the IP address. In terminal windows, type the following commands: ping NIXTGT01 ping WINTGT01 Source: Linux, UMGC Virtual Labs You might get different IP addresses for both VMs. Next, you will access the OpenVAS Web interface running on port number 9392 of your Linux VM, NIXATK01. Type the following URL in the address bar of a web browser within the lab VM: https://127.0.0.1:9392 Note: A shortcut to the OpenVAS interface has also been created and placed in the Lab Resources folder located on the desktop of your Linux VM. You may use this shortcut to automatically launch a browser and access OpenVAS. If you get an error, ensure that you are using the browser within the lab VM as indicated by the screenshot below. Source: Linux, Virtual Labs You will be prompted with a screen that asks for a security exception. Allow the security exception by clicking the Advanced button. Source: Google, Virtual Labs Confirm the exception by clicking Proceed to 127.0.0.1 (unsafe). Source: Google, Virtual Labs After allowing the security exception, the OpenVAS login interface will appear to allow you to log in. Source: OpenVAS, UMGC Virtual Labs Log in to OpenVAS using the following credentials: Once logged in, familiarize yourself with the user interface, starting with the dashboard. Source: OpenVAS, Virtual Labs Source: OpenVAS, Virtual Labs From the Scans menu, click Task to be taken to the task management dashboard. Source: OpenVAS, Virtual Labs Observe the three icons in the upper left corner related to creating and managing tasks. The first icon is the Help icon (question mark). The second is the Wizard icon (wand) and the third is the New Task icon (star). Source: OpenVAS, Virtual Labs Click the Help icon to learn about the different aspects of task management available. Source: OpenVAS, Virtual Labs The Wizard and New Task icons allow you to create, save, and run tasks. Click the Wizard icon to initiate the process of a new scan. Source: OpenVAS, Virtual Labs When prompted on the task Wizard window, enter the IP address or hostname of the target VM to scan in place of the default loopback IP address, 127.0.0.1. Source: OpenVAS, Virtual Labs In the following example, you will enter the IP address of the NIXTGT01 VM that you had noted by running the Ping command earlier, 192.168.10.2, and start scanning that VM. Source: OpenVAS, Virtual Labs Notice the status of the scan at the bottom of the page as seen below. Source: OpenVAS, Virtual Labs Observe the scan progress. By default, the page refreshes every 30 seconds. Source: OpenVAS, Virtual Labs Once the scan is completed, the Status column will display a Done button. Source: OpenVAS, Click the Done button to display the scan results. The detected vulnerabilities will be listed in the Vulnerability column. Source: OpenVAS, Click each listed vulnerability to see detailed information compiled for it about its impact and potential solution. Repeat the above steps to scan the Windows VM, WINTGT01, and include your findings in your final report as indicated in the project steps in the classroom. This ends the lab. Close all open applications and exit the virtual lab. Be sure to include your findings in your report for submission. Linux machine Windows machine