...Home Security Vulnerabilities DeVry Online, SEC310 Professor Kathryn Fenner The neighborhood I have lived in for the past three years is southwest of Chicago. The main benefit of living forty-five minutes from the city is the peace and quiet. It is an old farm town with newly built homes. The population of Lockport houses approximately twenty-five thousand residents. The town is very quiet, with two lane access roads throughout much of the city. The traffic is minimal, the stars are visible at night and the sound of horses and roosters in the morning are what make residents feel a sense of security. When walking through the neighborhood, it is not out of the ordinary to see garage doors left open or front doors open with the screen door closed to let some air in the house. As a result of a small town feel, people tend to feel their town is totally safe. They forget to assess home security vulnerabilities because there seems to be no imminent threat. Burglars make the most of on this by studying their subjects, the neighborhood they live in, and the routine of their victims. In order to properly assess vulnerabilities, we must think like a criminal and analyze what areas around our home can be used as an advantage for entry; including a neighborhood assessment, alarms, lighting, doors, windows, locks, windows, and cameras. My neighborhood would be considered an upper-middle class area with a good blend of older homes and new subdivisions. The areas surrounding my home...
Words: 1342 - Pages: 6
...Lab 2 Align Risk, Treats, & Vulnerabilities to COBIT P09 Risk Management Controls 1. Risk Factors a. Remote communications from home office (MEDIUM Risk) b. LAN server OS has known software vulnerability (HIGH Risk) c. User downloads an unknown e-mail attachment (HIGH Risk) 2. COBIT Risk Management * No. * Yes, the identified software vulnerabilities relate to risk context for both internal and external access. * Yes, the identified software vulnerabilities themselves are events that represent risk identification. Once identified, the event can be assessed for risk. * Yes, once risk events are identified (such as software vulnerabilities), they can properly assessed (quantitatively or qualitatively). * Yes, once the risk has been assessed (high, medium, low) the response that risk can be aligned appropriately. * No. 3. Vulnerability impacts a. Remote communications from home office (Confidentiality) b. LAN server OS has known software vulnerability (Integrity) c. User downloads an unknown e-mail attachment (Availability) 4. Effectiveness, Efficiency, Compliance, and Reliability 5. Mitigated and managed a. Remote communications from home office * Information – Medium Impact, Firewall, Keep up to date * Application – Low Impact, HTTPS for email websites, Make sure it is secured * Infrastructure – Medium Impact, Workstation must have malware and anti-virus detection, Keep up to date * People...
Words: 794 - Pages: 4
...Even though news stories are full of computer security concerns, home computer users do not have a clear image about computer security. Home computers are target for hackers because of their vulnerabilities. Hackers change home computers into what is know a Zombie army which facilities them to attack other computers on the network by using smart software. Moreover, Home computers are subject to other threats like identity theft. Therefore, this report focuses on the importance of Home Computer Security by shedding light on threats to them with tangible solution to these threats. introduction Home computer is the preferable target of hackers according to Symantec (computer Security Company) that 86 precent \cite{Hacker} of all attacks aim home computers. Home computers are targeted due to the user’s lack of basic information about how to secure their computers. Another...
Words: 1093 - Pages: 5
...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal photos...
Words: 616 - Pages: 3
...PC Security Threats DeVry University Professor Andino SEC 280: Principles Info Sys Security Computer security is not an issue for organizations alone. Anyone whose personal computer is connected to a network or the Internet faces a potential risk of attack. The Internet continues to grow exponentially which I believe makes us less secure since there is more to secure. Information security is concerned with three main areas: Confidentiality - information should be available only to those who rightfully have access to it. Integrity -- information should be modified only by those who are authorized to do so, and availability - information should be accessible to those who need it when they need it. These concepts apply to home Internet users just as much as they would to any corporate or government network. You wouldn't let a stranger look through your important documents. In the same way, you may want to keep the tasks you perform on your computer confidential, whether it's tracking your investments or sending email messages to family and friends. Also, you should have some assurance that the information you enter into your computer remains intact and is available when you need it. Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you weren't connected to the Internet; hard disk failures, theft, power outages. The bad news is that you probably cannot plan for...
Words: 786 - Pages: 4
...relationship between risk management and problem management of a compromised UNIX operating system CSMN 655 Computer Security, Software Assurance, Hardware Assurance, and Security Management Abstract Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. The entire risk management process balances the operational and economic costs of protective measures and contributes to mission capability by protecting the systems and the data that support the organizational mission from both deliberate and unintentional compromise. Computer security problem, or incident, management is an administrative function of managing and protecting computer assets, networks and information systems. These systems continue to become more critical to the personal and economic welfare of our society. Organizations must understand their responsibilities to the public good and to the welfare of their members. This responsibility extends to having a management program for reacting to system breaches, if and when they occur. Incident management is a program which defines and implements a process that an organization may adopt to promote its own welfare and the security of the public. Table of Contents Risk Management Overview 4 ...
Words: 4103 - Pages: 17
...Security of a system when you are open to the internet is paramount in the world of servers. Linux has many layers of ever evolving security in order to keep up with the would be attackers in cyberspace. This is one of the reasons that Linux is one of the most used servers for internet sites and has few viruses engineered towards it. IP Tables Developed by the Netfilter organization the IP tables package for Linux is an evolution of the IP chains which came from the IPv4 Linux firewall package. Paul Russel was the initial head author of the organization and also behind the IP chains project The Netfilter organization began to come together in 1999 and through collaboration and research recognized the shortcomings of the IP chains package and developed this new product in order to address these concerns and make needed improvements. The improvements added to the new IP tables package helped improve performance and overall security. Better integration with the kernel led to improved speed and reliability but the true value came from the new security features. Stateful packet inspection allows the firewall to keep track of every connection passing through it allowing for better monitoring and can even view certain contents and attempt to anticipate actions of certain protocols. Also the ability to filter packets based on MAC address and TCP header flags helps to prevent attacks using malformed packets. Even a rate limiting feature that is designed to eliminate some denial...
Words: 1131 - Pages: 5
...Security in the Smart Grid introduction Present and future battlefronts of electronic terrorism includes the state of readiness and resilience of the computer equipment protecting America's energy distribution networks and industrial control systems. According to a Pike research report [1] published March 1st of this year, it is projected that investments in smart grid cyber security will total $14 billion through 2018. First, what is a power grid? A power grid consists of several networks that carry electricity from the power plants where it is generated to consumers, and includes wires, substations, transformers, switches, software, and other hardware. The grid in the past used a centralized one-way communication distribution concept that consisted of limited automation, limited situational awareness, and did not provide the capability for consumers to manage their energy use. “Smart Grid” generally refers to a class of technology designed to upgrade the current utility grid infrastructure to improve the efficiency on the power network and in energy users’ homes and businesses. Much of the legacy power plant infrastructure is now over 30 years old with electrical transmission and distribution system components (i.e. power transformers) averaging over 40 years old and 70% of transmission lines being 25 years or older [2]. In December 2007, Title XIII of the Energy Independence and Security Act of 2007 became an official...
Words: 3081 - Pages: 13
...IS3340-WINDOWS SECURITY | Security Audit Procedure Guide | Unit 5 Assignment 3 | | [Type the author name] | 5/1/2014 | | This document outlines the required steps to follow, inorder to properly scan the necessary hardware (servers and workstations) in the Ken 7 Windows Limited Domain for security vulnerabilities. 1) Acquire and install MBSA •Download MBSA. Download MBSA from the MBSA home page, and then install it to the default directory. •Updates for MBSA. If both the computer you will be scanning and the computer with MBSA installed have Internet access, the latest security catalog (.cab file), authentication files, and WUA installer files will be automatically downloaded, if needed. If either the target computer or the computer with MBSA installed does not have Internet access, download the following files and place them in the C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\ directory on the computer that is performing the scan. 2) Scan computers Run MBSA and clear the Check for security updates check box when performing the scan. Using the Graphical Interface Tool The following procedure describes how to use the MBSA GUI tool. To use the MBSA GUI tool to scan for updates and patches 1. On the Programs menu, click Microsoft Baseline Security Analyzer. 2. Click Scan a computer. 3. Make sure that the following options are not selected, and then click Start scan. * Check for Windows administrative...
Words: 487 - Pages: 2
...IS3340-WINDOWS SECURITY | Minimizing Recovery Time Strategies | Unit 6 Assignment 1 | | | 5/5/2014 | | This document outlines the required steps to follow, in-order to properly scan the necessary servers and workstations in the Ken 7 Windows Limited Domain for security vulnerabilities. 1) Acquire and install MBSA(Microsoft Baseline Security Anaylizer) •Download MBSA. Download MBSA from the MBSA home page, and then install it to the default directory. •Updates for MBSA. If both the computer you will be scanning and the computer with MBSA installed have Internet access, the latest security catalog (.cab file), authentication files, and WUA installer files will be automatically downloaded, if needed. If either the target computer or the computer with MBSA installed does not have Internet access, download the following files and place them in the C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\ directory on the computer that is performing the scan. 2) Scan computers Run MBSA and clear the Check for security updates check box when performing the scan. Using the Graphical Interface Tool The following procedure describes how to use the MBSA GUI tool. To use the MBSA GUI tool to scan for updates and patches 1. On the Programs menu, click Microsoft Baseline Security Analyzer. 2. Click Scan a computer. 3. Make sure that the following options are not selected, and then click Start scan. * Check...
Words: 487 - Pages: 2
...Week 1 Laboratory How to Identify Threats & Vulnerabilities in an IT Infrastructure Learning Objectives and Outcomes Upon completing this lab, students will be able to: • Identify common risks, threats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure. • Align risks, threats, and vulnerabilities to one of the seven domains of a typical IT infrastructure • Given a scenario, prioritize risks, threats, and vulnerabilities based on their risk impact to the organization • Prioritize the identified critical, major, and minor software vulnerabilities Week 1 Lab: Assessment Worksheet Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT Infrastructure Overview One of the most important first steps to risk management and implementing a risk mitigation strategy is to identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities and map them to the domain that these impact from a risk management perspective. Lab Assessment Questions & Answers The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing patients with life-threatening situations. Given the list, select which of the seven domains...
Words: 590 - Pages: 3
... * Analyze a mixed-version Microsoft Windows environment and identify the issues described in Microsoft Security Advisories. Assignment Requirements You are reviewing the security status for a small Microsoft workgroup LAN. The workgroup contains many distinct separations in the network as determined by group memberships. The network consists of computers working on a variety of client platforms, such as Windows XP, Windows Vista, and Windows 7, and server products in a single environment. An example of the network divisions is as follows: * Windows laptops: Traveling salespeople, remote suppliers, branch offices * Windows desktops: Accounting group, developer group, customer service group * Windows servers: Administrative server, Microsoft SharePoint server, Server Message Block (SMB) server Microsoft Common Vulnerability and Exposures (CVEs) are addressed through security advisories with a corresponding advisory ID. Other CVE sources attach a CVE ID to advisories. Go through the archive of Microsoft Security Advisories at http://technet.microsoft.com/en-us/security/advisoryarchive Answer the following questions based on the advisories for the past 12 months: 1. What vulnerabilities exist for the workgroup LAN listed above based on the advisories? List five of them. Explain what could happen to the LAN for each. 1. Update for Vulnerabilities in Adobe Flash Player in Internet Explorer – Intrusion of someones computer using adobe flash to gain access...
Words: 684 - Pages: 3
...Metasploit Vulnerability Scanner Executive Proposal Paul Dubuque Table of Contents Page 3 Executive Summary Page 5 Background Information Page 6 Recommended Product Page 7 Product Capabilities Page 10 Cost and Training Page 11 References Page 13 Product Reviews Executive Summary To: Advanced Research Corporation Mr. J. Smith, CEO; Ms. S. Long, V.P. Mr. W Donaldson, CCO; Mr. A. Gramer, CCO & Mr. B. Schuler, CFO CC. Ms. K. Young, MR. G. Holdsoth From: P. Dubuque, IT Manager Advance Research Corporation (ARC) has grown rapidly during the last five years and has been very successful in developing new and innovative devices and medicines for the health care industry. ARC has expanded to two locations, New York, NY and Reston, VA which has led to an expanded computer network in support of business communications and research. ARC has been the victim of cyber-attacks on its network and web site, as well as false alegations of unethical practices. ARC’s network is growing, with over two thousand devices currently and reaching from VA to NY. ARC needs to ensure better security of communications, intellectual property (IP) and public image, all of which affect ARC’s reputation with the public and investors. ARC has previously limited information technology (IT) expenditures to desktop computers and network infrastructure hardware such as routers, firewalls and servers. It is imperative that ARC considers information security (IS) and begins to invest in products...
Words: 2593 - Pages: 11
...is the relationship between risks, threats, and vulnerabilities as it pertains to information systems security throughout the seven domains of a typical IT infrastructure?Without threats or vulnerabilities you have very little risk of having an incident. The more likely a threat can exploit any vulnerability the higher the risk becomes. Risk mitigation must include finding and eliminating vulnerabilities and exploits. 3) Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?Nessus is a vulnerability assessment scanner that can be downloaded for home and educational use but can also be licensed for corporate, enterprise features and functions. 4) Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance, probing, and scanning procedures?Written permission. You must obtain written authorization to perform an intrusive Penetration test or vulnerability assessment scan on a live production network. 5) What is a CVE listing? Who hosts and who sponsors the CVE database listing website?CVE stands for common vulnerabilities and exposures. The Mitre Corporation under contract with the Department of Homeland Security (sponsor) and the U.S. National Cyber Security Division (sponsor) is responsible for hosting the CVE database listing website. CVE publishes known software vulnerabilities and exposures and how to mitigate them with software...
Words: 296 - Pages: 2
...Home Depot Vulnerabilities Jim Johnson IT Institute of Technology Home Depot Hacked Home depot was on the receiving end of a sophisticated cyber-attack in April of 2014. Over 53 million email addresses and 56 million credit card accounts were compromised during the attack. I am going to briefly discuss the sequence of events and steps that the hackers utilized to gain all of the information. I will also discuss how Home Depot was able to utilize phase 6 of the security process from the event and secure their network (Smith, 2013). The attackers had to go through a series of steps in order to infiltrate the Home Depot customer information. The attackers first gained access to into the Home Depot private network. Initially one may wonder how this was able to be done to a big business. The lack of patches and updates made the attack obtainable. The second step to the complicated process was to develop custom malware to attack the self-checkout registers that the company owned. Technology is always changing and attackers are always trying to develop new tools. The custom malware utilized in this attack was something that no one had ever seen before. It was developed to run and be undetectable from antivirus and intrusion detection systems. Due to the hidden nature of the malware it went undetected for months. The criminal was also able to load the software onto over 7500 self-checkout machines. The software would copy all of the credit card and debit card information...
Words: 695 - Pages: 3