TermPaperWarehouse.com - Free Term Papers, Essays and Research Documents

The Research Paper Factory

Free Essay

Performing a Vulnerability Assessment

In:

Submitted By raftek
Words 2332
Pages 10
1. Distinguish between and define (see glossary in Maxfield and Brown’s Bebop Bytes Back for the definition of terms not found in Andrews’ A Guide to Managing and Maintaining Your PC):
a. Hardware (H/W)
b. Software (S/W)
c. Firmware (F/W)
d. Wetware (W/W)
e. Vaporware (V/W)

2. Be able to define or describe:
a. I/O device
b. I/O controller
c. peripheral device
d. serial and parallel ports (explain the difference)
e. adapter card, expansion card, interface card
f. video adapter, video card
g. pixel
h. keyboard
i. mouse
j. printer
k. BIOS
l. device driver
m. systemboard, motherboard
n. video cable
o. drive cable
p. ribbon cable
q. expansion slot (ISA, EISA, MCA, VL bus, PCI, local bus; what does each of the acronyms stand for?)
r. ZIF socket (what does “ZIF” stand for?)
s. SIMM (what does “SIMM” stand for?)
t. system realtime clock
u. jumper
v. chipset
w. cache memory
x. power supply cable
y. RAM and ROM
z. CPU, microprocessor aa. coprocessor bb. primary storage and secondary storage (give examples of each, and know which is which) cc. volatile vs. nonvolatile memory (know which is which) dd. CMOS configuration chip ee. traces ff. bus gg. power supply

3. Be able to identify all of the items shown in Figures 1-2, 1-3, 1-4, and 1-5 in Andrews’ A Guide to Managing and Maintaining Your PC.

4. What are the principal functions of an Operating System?

5. Distinguish between, and give examples of the use of:
a. a command-driven interface
b. a menu-driven interface
c. a GUI

6. Define:
a. Multitasking
b. Multithreading
c. Operating environment (e.g., a GUI environment; a single- or multitasking environment)

7. OPTIONAL: Name seven operating systems that are commonly used in desktop computers, and describe the advantages and disadvantages of each.

8. What are the principal operations that occur when an IBM-compatible Personal Computer (PC) boots up?

9. In what ways can configuration information be represented on a computer?

10. Be able to identify all of the components in Andrews’ A Guide to Managing and Maintaining Your PC, Figure 2-5.

11. What computer resource assignments are subject to the possibility of conflict?

12. How many IRQ numbers does a single device need?

13. How many DMA channels does a single device need?

14. Explain the difference between BIOS and a device driver.

15. Understand and be able to explain how an interrupt works (refer to Andrews’ A Guide to Managing and Maintaining Your PC, Figure 2-15). (NOTE: a much more detailed coverage of interrupts will be given in Maxfield and Brown’s Bebop Bytes Back.)

16. What features and characteristics of the PC are determined by the Systemboard:

17. How many pins are there in a memory module, and what is the width of the data path?

18. What are the two principal types or levels of cache memory, and how big are they typically?

19. Define a bus:

20. List the four kinds of electrical lines that may exist in a bus, and give the directionality of each:

21. What are the critical characteristics of a bus?

22. Be able to identify each of the bus connectors in Andrews’ A Guide to Managing and Maintaining Your PC, Fig. 3-15.

23. Be able to identify the critical characteristics of the buses typically found in PCs: ISA, MCA, EISA, VL, PCI, and Pentium/Pentium II local bus

24. With regard to a 3-1/2” High-Density floppy diskette:
(a) How many tracks are there on each side of the diskette, and how many tracks total?
(b) How many sectors per track?
(c) How many Bytes per sector?
(d) Calculate the exact storage capacity of such a diskette in Bytes (show your calculation; memorization is not called for).
(e) How rapidly does the diskette rotate while it is being read from or written to?
(f) What is the size of a single cluster on this diskette?
(g) What is the size of a File Allocation Unit for this diskette?

25. Where is the Master Boot Record located on a floppy diskette, i.e., which track number(s), which sector number(s), top or bottom of disk (DOS or any variant of MS-Windows)? Also, describe in words where this is located.

26. What is a fragmented file?

27. Describe/Recognize how the File Allocation Table (FAT) for a DOS-compatible diskette (DOS/Windows-95/Windows-NT) is organized. Answers to Selected Questions:

2. Be able to define or describe:
a. I/O device
b. I/O controller
c. peripheral device
d. serial and parallel ports (explain the difference)
e. adapter card, expansion card, interface card
f. video adapter, video card
g. pixel
h. keyboard
i. mouse
j. printer
k. BIOS
l. device driver
m. systemboard, motherboard
n. video cable
o. drive cable
p. ribbon cable
q. expansion slot (ISA, EISA, MCA, VL bus, PCI, local bus; what does each of the acronyms stand for?)
r. ZIF socket (what does “ZIF” stand for?)
s. SIMM (what does “SIMM” stand for?)
t. system realtime clock
u. jumper
v. chipset
w. cache memory
x. power supply cable
y. RAM and ROM
z. CPU, microprocessor aa. coprocessor bb. primary storage and secondary storage (give examples of each, and know which is which) cc. volatile vs. nonvolatile memory (know which is which) dd. CMOS configuration chip ee. traces ff. bus gg. power supply

Answers:
Examples of primary storage: RAM and ROM
Examples of secondary storage: hard disk, floppy disk, tape cassette, CD-ROM

4. What are the principal functions of an Operating System?

Answer: (NOTE: This issue is examined here from the limited perspective of Andrews’ A Guide to Managing and Maintaining Your PC. You can expect this issue to be addressed in far more detail in an Operating Systems course.)
a. management of BIOS and device drivers, and in general of the interface between hardware and applications software
b. management of files on secondary storage
c. management of RAM
d. diagnosis of software and hardware problems, and generation/display of error messages
e. utility functions (e.g., formatting of disks; deletion, copying, and moving of files; maintenance of the settings for system date and time)
f. networking and communications services

7. OPTIONAL: Name seven operating systems that are commonly used in desktop computers, and describe the advantages and disadvantages of each.

Answer:
a. Microsoft’s MS-DOS, IBM’s PC-DOS, and Novell’s DR-DOS (these three are considered as one, because of their basic similarity; see Table 1-2 in Andrews’ A Guide to Managing and Maintaining Your PC)
b. Microsoft’s Windows 3.x with DOS (Table 1-3 in Andrews’ A Guide to Managing and Maintaining Your PC)
c. Microsoft’s Windows-95 (Table 1-4 in Andrews’ A Guide to Managing and Maintaining Your PC)
d. Microsoft’s Windows-NT (Table 1-5 in Andrews’ A Guide to Managing and Maintaining Your PC)
e. IBM’s OS/2 Warp (Table 1-6 in Andrews’ A Guide to Managing and Maintaining Your PC)
f. Apple’s Mac O/S (Table 1-7 in Andrews’ A Guide to Managing and Maintaining Your PC)
g. various flavors of UNIX, such as SCO UNIX, BSD, LINUX, etc. (all considered as one, because of their conceptual similarity; see Table 1-8 in Andrews’ A Guide to Managing and Maintaining Your PC)

8. What are the principal operations that occur when an IBM-compatible Personal Computer (PC) boots up?

Answer:
a. ROM-BIOS Startup Program does POST, then reads configuration and setup information.

b. ROM-BIOS Startup Program reads configuration and setup information, checks the hardware(CPU, video card and other adapter cards, various disk drives and other peripherals), and assigns memory addresses and other system resources to each.

c. ROM-BIOS startup program finds the Operating System and starts loading it.

d. O/S takes over, finishes configuring the system and tests it.

e. O/S completes loading itself, including the installation of device drivers for floppy disk drives, hard disk drives, CD-ROM, mouse, scanners, and other peripheral devices.

f. O/S sets up MMI (HMI?) and gives control to the user.

9. In what ways can configuration information be represented on a computer?

Answer:
a. DIP switch settings (what does “DIP” stand for?)
b. jumper settings
c. CMOS setup or configuration chip with on-board long-term battery power
d. Flash ROM (EEPROM)

11. What computer resource assignments are subject to the possibility of conflict?

Answer:
a. IRQ number (what does “IRQ” stand for?)
b. memory address allocations:
• ROM-BIOS
• device drivers
• I/O addresses

c. DMA channels (what does “DMA” stand for?)

12. How many IRQ numbers does a single device need?

Answer: Depending on the device, it could be either zero, one, or more than one.

13. How many DMA channels does a single device need?

Answer: Depending on the device, it could be either zero or one.

16. What features and characteristics of the PC are determined by the Systemboard:

Answer:
a. CPU: type, and possible speeds
b. supporting chipset and its capabilities
c. L2 cache memory (SRAM): type and size
d. types of buses present, and number of expansion slots for adapter cards for each bus:
(i) old PC/PC-XT/ISA
(ii) PC-AT/newer ISA
(iii) MCA
(iv) EISA
(v) VLB (VESA Local Bus)
(vi) PIC
(vii) AGP
(viii) various proprietary and local-bus slots
e. Memory (DRAM):
(i) parity or non-parity
(ii) type: FPM, EDO, SDRAM
(iii) SIMMS and/or DIMMS: and width of local bus
(iv) maximum amount of memory usable on the system
(v) permissible memory increments, and conditions (e.g., one module can be added, or must add two modules at a time)
f. ports and connectors: serial (COM), parallel (LPT), keyboard, mouse
g. facilities for connecting disk drives and other peripherals: IDE and SCSI controllers
h. integrated video on systemboard?
i. size of case

17. How many pins are there in a memory module, and what is the width of the data path?

Answer:
(a) SIMM (Single In-Line Memory Modulc): either 30 or 73pins, with 16- or 32-bit data paths
(b) DIMM (Dual In-Line Memory Modulc): 168 pins, with a 64-bit data path

18. What are the two principal types or levels of cache memory, and how big are they typically?

Answer:
(a) Level 1 (L1), primary, or internal cache: 1k,B 2kB, 4kB, 15kB, 32kB
(b) Level 2 (L2), secondary, or external cache: 128kB, 256kB, 512kB, 1 MB

19. Define a bus:

Answer: A bus is both:
(a) a set of functionally related electrical communications lines intended for the conveyane of information between different components of a computer; and
(b) a set of rules governing how the electrical lines are to be used: including physical and electronics standards, as well as a communications protocol

20. List the four kinds of electrical lines that may exist in a bus, and give the directionality of each:

Answer:
(a) Electrical power lines (power bus): unidirectional
(b) Data lines (data bus): bidirectional
(c) Address lines (address bus): can be either uni- or bidirectional
(d) Control lines (control bus): can be either uni- or bidirectional

21. What are the critical characteristics of a bus?

Answer:
(a) Bus width: # of data lines
(b) Bus address space: # of address lines
(c) Bus type: master/slave or bus-master
(d) Bus speed in MHz: reciprocal of bus time
(e) Bus throughput in MB/sec (or Mbits/sec): width*speed/8 (= MB/sec) or width*speed (=Mbits/sec)

23. Be able to identify the critical characteristics of the buses typically found in PCs: ISA, MCA, EISA, VL, PCI, and Pentium/Pentium II local bus

Answer:
(a) ISA: 8 or 16 bits bus width, 8.33 MHz bus speed, 8.33 or 16.66 (nominally 8 or 16) MB/sec bus throughput
(b) MCA: 32 bits bus width, 8.33 to 10 MHz bus speed, 33 or 40 MB/sec bus throughput
(c) EISA: 32 bits bus width, 8.33 MHz bus speed, 33 MB/sec bus throughput
(d) VL: 32 bits bus width, 33 MHz bus speed, 132 MB/sec bus throughput
(e) PCI: 32 or 64 bits bus width, 33 or 60-66 MHz bus speed, 132/264/528 MB/sec bus throughput
(f) Pentium/Pentium II local bus: 32 or 64 bits bus width, 66 MHz bus speed, 264/528 MB/sec bus throughput

24. With regard to a 3-1/2” High-Density floppy diskette:
(a) How many tracks are there on each side of the diskette, and how many tracks total?
(b) How many sectors per track?
(c) How many Bytes per sector?
(d) Calculate the exact storage capacity of such a diskette in Bytes (show your calculation; memorization is not called for).
(e) How rapidly does the diskette rotate while it is being read from or written to?
(f) What is the size of a single cluster on this diskette?
(g) What is the size of a File Allocation Unit for this diskette?

Answers:
(a) 80 tracks/side * 2 sides = 160 tracks total
(b) 18 sectors/track
(c) 512 Bytes/sector
(d) 160 tracks * 18 sectors/track * 512 Bytes/sector = 1,474,560 Bytes total
(e) 360 RPM
(f) Cluster size = one sector = 512 Bytes
(g) The File Allocation Unit is the same as a cluster, which in this case has a size of 512 Bytes

25. Where is the Master Boot Record located on a floppy diskette, i.e., which track number(s), which sector number(s), top or bottom of disk (DOS or any variant of MS-Windows)? Also, describe in words where this is located.

Answer: Track 0, sector 1 on bottom of disk (outermost track on bottom of disk).

27. Describe/Recognize how the File Allocation Table (FAT) for a DOS-compatible diskette (DOS/Windows-95/Windows-NT) is organized.

Answer: See Andrews’ Figure 4-4 and accompanying text on page 148.

Similar Documents

Premium Essay

Lab 24 Science

...Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet...

Words: 426 - Pages: 2

Free Essay

Vulnerability Assessment Scan

...Assignment for Chapter 3 Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical...

Words: 559 - Pages: 3

Premium Essay

Mr Security

...VULNERABILITY ASSESSMENT WHITEPAPER Automating Vulnerability Assessment This paper describes how enterprises can more effectively assess and manage network vulnerabilities and reduce costs related to meeting regulatory requirements. Automated Vulnerability Assessment / Vulnerability Management (VA/VM) solutions are supplementing and in some cases replacing manual penetration testing with an overall improvement in network security without increasing costs. New advances have eliminated the high management overhead and false positive rate issues that plagued open source and early market VA/VM entries. This whitepaper discusses: Speed of change in networks, equipment and applications plus the speed of exploit deployment is revealing weakness in corporate policies specifying relatively infrequent manual penetration testing. Perimeter defences (anti-virus, firewall and IPS/IDS) are vital, but can be bypassed by determined effort to reach and exploit known vulnerabilities that reside just inside the fence. The introduction of an automated network scanning mechanism and consolidated reporting to identify and track mitigation of known vulnerabilities is establishing a higher overall security level often using already existing budget and manpower. Table of Contents Introduction................................................................................................................................................... 3 The Challenges of Network Security Assessments .......

Words: 3435 - Pages: 14

Free Essay

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration, patch...

Words: 1156 - Pages: 5

Premium Essay

Is3110

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1102 - Pages: 5

Free Essay

Is3110

...first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains. 1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities. 2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon. 3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such. 4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform? Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction...

Words: 870 - Pages: 4

Premium Essay

Never

...is the relationship between risks, threats, and vulnerabilities as it pertains to information systems security throughout the seven domains of a typical IT infrastructure?Without threats or vulnerabilities you have very little risk of having an incident.   The more likely a threat can exploit any vulnerability the higher the risk becomes.   Risk mitigation must include finding and eliminating vulnerabilities and exploits.  3) Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?Nessus is a vulnerability assessment scanner that can be downloaded for home and educational use but can also be licensed for corporate, enterprise features and functions.  4) Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance, probing, and scanning procedures?Written permission.   You must obtain written authorization to perform an intrusive Penetration test or vulnerability assessment scan on a live production network.  5) What is a CVE listing? Who hosts and who sponsors the CVE database listing website?CVE stands for common vulnerabilities and exposures.   The Mitre Corporation under contract with the Department of Homeland Security (sponsor) and the U.S. National Cyber Security Division (sponsor) is responsible for hosting the CVE database listing website.   CVE publishes known software vulnerabilities and exposures and how to mitigate them with software...

Words: 296 - Pages: 2

Premium Essay

Lab 8

...Lab #8 – Assessment Worksheet Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using...

Words: 442 - Pages: 2

Premium Essay

Vulnerability-Assessment

... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this chapter...

Words: 9203 - Pages: 37

Premium Essay

Chapter 5 Assessment

...#4 - Assessment Worksheet Performing a Qualitative Risk Assessment for an IT Infrastructure Course Name and Number: CYBS 221 1001 Student Name: Kendall Watson Instructor Name: Dave Anderson Lab Due Date: September 20, 2015 at 11:59pm Overview In this lab, you defined the purpose of an IT risk assessment, you aligned identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you classified the risks, threats, and vulnerabilities, and you prioritized them. Finally, you wrote an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab Assessment Questions & Answers 1. What is an IT risk assessment's goal or objective? Click here to enter text. The goal is to define how the risk to the system will be managed, controlled, and monitored. 2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure? A qualitative assessment is based on opinion than actual fact, and IT risk assessments need to be based on a quantitative analysis. 3. What was your rationale in assigning a "1" risk impact/risk factor value of "Critical" to an identified risk, threat, or vulnerability? The critical needs to be mitigated immediately. 4. After you had assigned the "1," "2," and "3" risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how...

Words: 428 - Pages: 2

Premium Essay

Ocr Risk Analysis

...HIPAA Security Standards: Guidance on Risk Analysis Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.1 (45 C.F.R. §§ 164.302 – 318.) This series of guidances will assist organizations2 in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information (e-PHI). The guidance materials will be developed with input from stakeholders and the public, and will be updated as appropriate. We begin the series with the risk analysis requirement in § 164.308(a)(1)(ii)(A). Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule. Therefore, a risk analysis is foundational, and must be understood in detail before OCR can issue meaningful guidance that specifically addresses safeguards and technologies that will best protect electronic health information. The guidance is not intended to provide a one-size-fits-all blueprint for compliance with the risk analysis requirement. Rather, it clarifies the expectations of the Department for organizations working to meet these requirements.3 An organization should determine the most appropriate way to achieve compliance, taking into account the characteristics of the organization and its environment. We note that some of...

Words: 3309 - Pages: 14

Premium Essay

Nt1310 Unit 3 Penetration Test

...exist for performing a pen test; however, we will be using the Penetration Test Execution Standard framework (PTES) to execute the assessment. PTES consists of seven guidelines to follow during an evaluation: Pre-Engagement Interactions occurred when management approved conducting a pen test of the network. Additionally, we have defined the scope of the project, including the goals of the assessment, which tools will be used to conduct the evaluation and how long it will take to complete the penetration test. Intelligence Gathering entails collecting as much information about the network as possible to use during the vulnerability analysis and exploitation phases of the assessment. Specifically,...

Words: 449 - Pages: 2

Premium Essay

Risk Assessment

...Risk assessment is a structured and methodical process, which is reliant on the correct identification of hazards and a suitable assessment of risks ascending from them, with a sight to making inter-risk comparisons for purposes of their control and prevention. Information technology, as a technology with the fastest rate of development and application in all branches of business, requires adequate protection to provide high security. The focus of the safety analysis applied on an information system is to recognize and evaluate threats, vulnerabilities and safety characteristics. IT assets are uncovered to risk of harm or losses. IT security includes protecting information stored electronically. That protection implies data integrity, availability and confidentiality. According to“Risk Assessment of Information Technology Systems” (2009) risk assessment is the most critical part of Information Security Management (ISM).  Risk Management and Risk Assessment involves analysis, planning, implementation, control and monitoring of implemented measurements, and Risk Assessment, as part of Risk Management. It involves several processes: · Risk identification, · Relevant risk analysis, · Risk evaluation The main purpose of Risk Assessment is to make a choice whether a system is acceptable, and which measures would provide its acceptability. For every organization using IT in its business process it is important to conduct the risk assessment. Numerous threats and vulnerabilities...

Words: 742 - Pages: 3

Premium Essay

Risk Consultant

...2016 Risk Consultant A risk assessment is a way to identify, evaluate, quantify, and prioritize risks (Gibson, 2011). They are primarily used to assess the overall security of a network from the eyes of an attacker in order to protect the network from intruders (Schmittling, n.d.). There are no regulations instructing organizations on how systems need to be controlled or secured, however there are regulations requiring systems be secure in one way or another (Schmittling, n.d.). The rationale for conducting an assessment include: cost justification, productivity, breaking barriers, self analysis, and communication (Schmittling, n.d.). Adding security adds an extra expense that may not seem justifiable to a company. Businesses may not understand that an intrusion could cost more than proper security equipment and it is important for a security risk analysist to relay this important information. Productivity can be increased by properly formalizing a formalizing a review and implementing self analysis features (Schmittling, n.d.). Conducting a risk assessment can also break down barriers between the organization's management and the IT staff as they work together to secure the network. By making the security risk assessment system easy to use, management will be able to take part in the security of the network which will in turn make security a part of the business's culture. Risk assessments can boost communication and help with decision making (Schmittling...

Words: 792 - Pages: 4

Premium Essay

Risk Assessement Plan

...Risk Assessment Plan | IS3110 | | | 11/7/2013 | [Type the abstract of the document here. The abstract is typically a short summary of the contents of the document. Type the abstract of the document here. The abstract is typically a short summary of the contents of the document.] | Risk Assessment Plan A.) Identify key personnel- Involved personnel are CEO, CRO, and CITO. B.) Identify assets – Determined assets are hardware, software, systems, and data. C.) Identify threats- This will identify threats that are a potential danger to data, hardware, and systems D.) Identify vulnerabilities- The process to identify is by implementing and assessment and once identified a penetration test will be implemented E.) Identify and evaluate countermeasures- Identified risks will be counter measured to reduce the risk. F.) Assess threats vulnerabilities, and exploits- Test will be implemented to reduce the threat and help identify the problem. G.) Evaluate risks- The counter measure will be implemented to reduce the impact of the threat. H.) Develop recommendations to mitigate risks- Data taken will be used to reduce the threat and evaluate it. I.) Present recommendations to management- Threats and vulnerabilities and the risk that impacts will be presented. Key Personnel The personnel involved in making the key decisions will be the CEO, CRO, and CITO. No other personnel other than the above mention will play in a role in any of the...

Words: 695 - Pages: 3

Popular Essays

Maths B Assignment Essay
Operations Management Essay
The Brain Essay
Tesis Essay
Vaccinations: a Practice of Public... Essay
Unit 1 P3 Essay