...Identify types of security events and baseline anomalies that might indicate suspicious activity. Different traffic patterns can be a red flag when it comes to identifying different types of suspicious activities. There are multiple ways traffic can change to point out the activities: A sudden increase in overall traffic. This may just mean that your web site has been mentioned on a popular news site, or it may mean that someone is up to no good. A sudden jump in the number of bad or malformed packets. Some routers collect packet-level statistics; you can also use a software network scanner like Observer or Network Monitor to track them. Large numbers of packets caught by your router or firewall's egress filters. Recall that egress filters prevent spoofed packets from leaving your network, so if your filter is catching them you need to identify their source, because that's a clear sign that machines on your network has been compromised. Unscheduled reboots of server machines may sometimes indicate their compromise. You should be already be watching the event logs of your servers for failed logons and other security-related events. What do log files help you learn that filtering systems overlook? Log Files contain complete records of all security events (logon events, resource access, attempted violations of policy, changes in system configuration or policies) and critical system events (service/daemon start/stop, errors generated, system warnings) that can allow...
Words: 393 - Pages: 2
...A security risk management approach for e-commerce M. Warren School of Information Technology, Deakin University, Geelong, Australia W. Hutchinson School of Computer and Information Science, Edith Cowan University, Mt Lawley, Australia Keywords Electronic commerce, Risk analysis, Information systems Introduction Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be impossible to manage without them. This has been encapsulated by the recent development of e-commerce in a consumer and business environment. The situation now arises that information systems are at threat from a number of security risks and what is needed is a security method to allow for these risks to be evaluated and ensure that appropriate security countermeasures are applied. Abstract E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks. Security methods The aim of the research was too combine a information systems modeling method with a baseline security method to form a hybrid security method. This method could be used to evaluate high and low level security risks associated with e-commerce. The methods used in this model are the viable...
Words: 2218 - Pages: 9
...Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using...
Words: 426 - Pages: 2
...Worksheet Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control Course Name and Number: _____CIST 20700_________________________________________ Student Name: ____________Karen Dudley ________________________________________ Overview There are many tools and suites designed to aid the security practitioner and the organization in implementing and managing change management. In this lab, you explored two such tools for the Windows platform: Group Policy Objects (built into the Windows operating systems) and the Microsoft Security Baseline Analyzer (provided free of charge). You used Group Policy Objects to strengthen the organization’s password policy by adding complexity and minimum password length requirements. You scanned the Windows server with the Microsoft Baseline Security Analyzer (MBSA) to assess its security state, and you examined the results of the Microsoft Baseline Security Analyzer in detail. Lab Assessment Questions & Answers 1. Name six (6) policies you could enable in a Windows Domain. Enforce password history Maximum password age Minimum password age Minimum password length Store password using reversible encryption Password must meet complexity requirements 2. What is the minimum password length enforced by the “Password must meet complexity requirements” policy? 8 characters 3. What sources could you use as a source to perform the MBSA security scan? Computer by Name or IP and multiple Computers...
Words: 298 - Pages: 2
...know your system you are observing on a daily basis is essential. Doing so you develop a kind of sixth sense to when things are going wrong. If you are always observing when things are going right you will better understand when things are not doing what they are supposed to do. This is also known as a baseline, or something you can refer to when you think there may be an intrusion or malfunction. When you’re more comfortable with a baseline, and how your system operates then it is easier to spot what professionals call anomalies. These are things that force your system to not run properly or maybe be able to look at the system files, causing security issues. Some of these things are worth taking note over, and some are not. It is necessary to look into all anomalies, and these can be detected by a Network Behavior Anomaly Detector. These types of programs allow you to use real time packet analysis to find different types of security threats. Discovering different security threats and patterns can prove to come in handy. By utilizing traffic pattern packet analyzers, you can find anomalies that are in your baseline traffic. Becoming more comfortable with how your baseline operates will give you clues to when an intrusion is occurring. The more you see these intrusions or attacks on your network you will be able to identify them quicker. Now when you are a victim of an attack, as a system administrator you need to know where to start looking. Log files are the best place...
Words: 396 - Pages: 2
...which areas need your attention the most. 2. 2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management? * Setting up security measures through various means. * Forcing users to update password every X number of days. * Educating users. * Firewalls * Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? 4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers. * A good antivirus program and have all devices scanned as soon as they are plugged in. * Educate employees. * Disable optical drives/USB ports (if they are not needed) 5. What is security baseline definition? A baseline is a starting point or a standard. Within IT, a baseline provides a standard focused on a specific technology used within an organization. When applied to security policies, the baseline represents the minimum security settings that must be applied. 6. What questions do you have for executive management in order to finalize your IT risk mitigation plan? What is the budget? What are their priorities? Disclose all your...
Words: 319 - Pages: 2
...1. Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why? While both Wireshark and NetWitness Investigator can be used to capture network traffic, the freeware version of NetWitness Investigator has a limitation of 1G of protocol capture per session. Wireshark does not have a limitation on the size of the capture file, which makes it better suited to protocol capture. Wireshark can be used to analyze capture files, but NetWitness Investigator is a seven-layer protocol analyzer that provides detailed protocol analysis and protocol behavior analysis and is much more user-friendly in terms of understanding protocol behavior and protocol analysis. 2. What is the significance of the TCP three-way handshake for applications that utilize TCP as transport protocol? A three-way handshake (SYN > SYN-ACK > ACK) is performed between the IP source and IP destination to establish a connection-oriented connection. 3. How many different source IP host address did you capture in your protocol capture? 8 including 0.0.0.0, otherwise 7 4. How many different protocols did your protocol capture session have? What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment? There were 10 protocols that the protocol capture session have. Click on: Statistics → Protocol Hierarchy In order to see the breakdown of the different protocol types on the LAN segment. 5...
Words: 625 - Pages: 3
...* ------------------------------------------------- Why are information security policies important to an organization? ------------------------------------------------- They strengthen the company's ability to protect its information resources * ------------------------------------------------- Which of the following should include any business process re-engineering function? ------------------------------------------------- Security review * ------------------------------------------------- Policies and procedures differ, because policies are ___ and procedures are ___. ------------------------------------------------- Requirements, technical * ------------------------------------------------- Among other things, security awareness programs must emphasize value, culture, and ___. ------------------------------------------------- Resiliency * ------------------------------------------------- To achieve repeatable behavior of policies, you must measure both ___ and ___. ------------------------------------------------- Consistency, quality * ------------------------------------------------- Within the user domain, some of the ways in which risk can be mitigated include: awareness, enforcement, and ___. ------------------------------------------------- reward * ------------------------------------------------- In a workstation domain, you can reduce risk by ___. ------------------------------------------------- Securing the workstation ...
Words: 867 - Pages: 4
...This is a guide on how to use Microsoft Baseline Security Analyzer (MBSA) for a security audit in Ken 7 Windows Limited. The first step is to Google “Microsoft Baseline Security Analyzer,” and begin to download and save it to your computer, after it is has been downloaded and saved then begin to install the MBSA tool on your computer infrastructure. The next step is to open MBSA by selecting the start button then choosing Microsoft Baseline Security Analyzer. The next step is to choose what scan you would like to do, so you can select “scan a computer,” to scan one computer or select scan multiple computers to scan more than one computer on the network. If you have chosen to scan one computer then you can either enter a computer name or IP address. If you are choosing to scan two or more computers than you can enter a domain name or a range of IP addresses. Next is to select the checkboxes next to the desired scanning options, in most situations it is good best to leave all the options checked for the most extensive scan and then start the scan to begin the scanning process. Once the scan is finished, then examine the results to see vulnerabilities have been discovered on your network. Address the vulnerabilities by download the necessary updates and patches to help in decreasing the vulnerabilities on the network and my sure to document enter step that was taken in correcting the vulnerability on the...
Words: 254 - Pages: 2
...A comparison of existing security controls and settings with one or more baselines helps to validate the correctness of security controls. The process of comparing real computer configurations to known baselines, also called profiling, is important to ensure your configurations are correct and secure. For each of the following scenarios, select the best tool to profile a Windows computer to determine if it satisfies your security requirements. You must select from the following options: a. Security Configuration and Analysis (SCA) b. Microsoft Security Baseline Analyzer (MBSA)–Graphical User Interface (GUI) c. MBSA command line interface d. Shavlik NetChk Protect e. Secunia Security Analyzers Suspected malware scenarios: | 1. You want to schedule a weekly analysis for the Windows servers in your data center. The command should run as a scheduled job and report any available patches for the Windows Server 2008 R2 operating system, Internet information services (IIS) Web server, or structured query language (SQL) server that have not been installed. Which tool would be the best choice? | | 2. | | 3. You like the way MBSA presents scan results but you need to scan for vulnerabilities in older Windows products, including Microsoft Office 2000. Which tool provides extended scanning and the ability to use MBSA to view scan reports? | | 4. | | 5. Your organization wants to encourage all of its employees and contractors...
Words: 328 - Pages: 2
...organizations with recommendations for improving the Security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and their devices connecting to those networks. The scope of this publication is limited to unclassified wireless networks and unclassified facilities within range of unclassified wireless networks. This publication supplements other NIST publications by consolidating and strengthening their key recommendations, and it points readers to the appropriate NIST publications for additional information (see Appendix C for the full list of references and Appendix A for a list of major security controls relevant for WLAN security). This publication does not eliminate the need to follow recommendations in other NIST publications, such as [SP800-48] and [SP800-97]. If there is a conflict between recommendations in this publication and another NIST wireless publication, the recommendation in this publication takes precedence. NIST Special Publication 800-53 is part of the Special Publication 800-series that reports on the Information Technology Laboratory’s (ITL) research, guidelines, and outreach efforts in information system security, and on ITL’s activity with industry, government, and academic organizations. Specifically, NIST Special Publication 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in Federal Information Processing...
Words: 1201 - Pages: 5
...Current Location .HCIS333019VA016-1142-001 Networking Security Fundamentals Course-to-Course Question 1 .2.5 out of 2.5 points Correct Which of the following is a detailed written definition of how software and hardware are to be used? Answer Selected Answer: Standard Correct Answer: Standard . Question 2 .2.5 out of 2.5 points Correct Which law requires all types of financial institutions to protect customers' private financial information? Answer Selected Answer: GLBA Correct Answer: GLBA . Question 3 .2.5 out of 2.5 points Correct Which equation do you use to calculate the annual estimated loss due to a specific realized threat? Answer Selected Answer: ALE = SLE × ARO Correct Answer: ALE = SLE × ARO . Question 4 .2.5 out of 2.5 points Correct When conducting a business impact analysis on critical business functions, the maximum allowable time to recover the function is called __________. Answer Selected Answer: Recovery time objective (RTO) Correct Answer: Recovery time objective (RTO) . Question 5 .2.5 out of 2.5 points Correct What is the primary benefit of defense in depth? Answer Selected Answer: Strength of security Correct Answer: Strength of security . Question 6 .2.5 out of 2.5 points Correct Which of the following refers to the management of baseline settings for a system device? Answer Selected Answer: Configuration control Correct...
Words: 1094 - Pages: 5
...IS3340-WINDOWS SECURITY | Minimizing Recovery Time Strategies | Unit 6 Assignment 1 | | | 5/5/2014 | | This document outlines the required steps to follow, in-order to properly scan the necessary servers and workstations in the Ken 7 Windows Limited Domain for security vulnerabilities. 1) Acquire and install MBSA(Microsoft Baseline Security Anaylizer) •Download MBSA. Download MBSA from the MBSA home page, and then install it to the default directory. •Updates for MBSA. If both the computer you will be scanning and the computer with MBSA installed have Internet access, the latest security catalog (.cab file), authentication files, and WUA installer files will be automatically downloaded, if needed. If either the target computer or the computer with MBSA installed does not have Internet access, download the following files and place them in the C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\ directory on the computer that is performing the scan. 2) Scan computers Run MBSA and clear the Check for security updates check box when performing the scan. Using the Graphical Interface Tool The following procedure describes how to use the MBSA GUI tool. To use the MBSA GUI tool to scan for updates and patches 1. On the Programs menu, click Microsoft Baseline Security Analyzer. 2. Click Scan a computer. 3. Make sure that the following options are not selected, and then click Start scan. * Check...
Words: 487 - Pages: 2
...In order to mitigate risk security vulnerabilities, I make the next recommendations: System security plans should be formalized at the system and application levels for networks, facilities, and systems or groups of systems, as appropriate. Encryption is used to protect the confidentiality of stored data and data that are being transmitted to and from the secured network via the Internet. Additionally, encryption is extremely important in protecting wireless access to the secured network and on portable storage devices. Establishing encryption where necessary is a basic step for protecting sensitive data. Contingency plans should be formalized to ensure the availability of critical information systems and the continuity of operations in emergencies. These plans should contain detailed roles, responsibilities, recovery team designations, and procedures associated with the restoration of an information system following a disruption. Configuration management policies, plans, and procedures should be developed, documented, and implemented at the entity wide, system, and application levels to ensure an effective configuration management process. The procedures should cover employee roles and responsibilities, change control and system documentation requirements, establishment of a decision making structure, and configuration management training. Configuration management should be a key part of an entity’s Systems Development Life Cycle methodology Risk assessments should...
Words: 609 - Pages: 3
...data is the process of ensuring data confidentiality. Organizations must use proper security controls specific to this concern. An example is: o Adopting a data classification standard that defines how to treat data throughout your IT infrastructure. This is the road map for identifying what controls are needed to keep data safe. • Standard – A standard is a detailed written definition for hardware and software and how it is to be used. Standards ensure that consistent security controls are used throughout the IT system. • Data Classification Standards: o Private Data – Data about people that must be kept private. Organizations must use proper security controls to be in compliance. o Confidential – Information or data that is owned by the organization. Intellectual property, customer lists, pricing information, and patents are examples of confidential data. o Internal Use Only – Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization. o Public Domain Data – Information or data shared with the public such as web site content, white papers, etc. • Federal Government Data Classification Standards: o Top Secret – Applies to information that the classifying authority finds would cause grave damage to national security if it were disclosed. o Secret – Applies to...
Words: 1641 - Pages: 7