...WINDOW OF VULNERABILITY A security breach has been identified within a small Microsoft workgroup LAN. The workgroup consists of three primary workgroups which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: However, first it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment a vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is...
Words: 312 - Pages: 2
...Solomon Jones CPSC 2106 Dr. Peker 09/17/2014 Vulnerability Analysis 1) As of today the network that consists of the small Microsoft workgroup LAN contains vulnerabilities, which are listed as viewed: * 1) Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege, 2) Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass and 3) Vulnerability in Internet Explorer Could Allow Remote Code Execution, 4) Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service, 5) Vulnerability in Internet Explorer Could Allow Remote Code Execution. All of these Vulnerabilities existed in the workgroup LAN in the past months. 2) While checking over the different vulnerability description, we found that one the Vulnerabilities involve privilege elevation, * which was dated January 01, 2014 where in Microsoft windows Kernel NDProxy Vulnerability could allow privilege elevation in telling that if you were to give me certain privilege to just “read only “and I change those privileges to include “read and write” then I would most defiantly consider this vulnerability a high priority being that this group is exposed to this elevation of privilege. 3) In this section I will be identifying three vulnerabilities and the solutions to the related client configurations for each LAN vulnerability. * The Vulnerability in DirectAccess and IPsec could allow Security feature bypass, the solution recommended would...
Words: 448 - Pages: 2
...environment and identify the issues described in Microsoft Security Advisories. Assignment Requirements You are reviewing the security status for a small Microsoft workgroup LAN. The workgroup contains many distinct separations in the network as determined by group memberships. The network consists of computers working on a variety of client platforms, such as Windows XP, Windows Vista, and Windows 7, and server products in a single environment. An example of the network divisions is as follows: * Windows laptops: Traveling salespeople, remote suppliers, branch offices * Windows desktops: Accounting group, developer group, customer service group * Windows servers: Administrative server, Microsoft SharePoint server, Server Message Block (SMB) server Microsoft Common Vulnerability and Exposures (CVEs) are addressed through security advisories with a corresponding advisory ID. Other CVE sources attach a CVE ID to advisories. Go through the archive of Microsoft Security Advisories at http://technet.microsoft.com/en-us/security/advisoryarchive Answer the following questions based on the advisories for the past 12 months: 1. What vulnerabilities exist for the workgroup LAN listed above based on the advisories? List five of them. Explain what could happen to the LAN for each. 1. Update for Vulnerabilities in Adobe Flash Player in Internet Explorer – Intrusion of someones computer using adobe flash to gain access to credentials. By using ActiveX controls the hacker...
Words: 684 - Pages: 3
... it is the operating system that governs how any application actually reads from, or writes to, a physical disk. Consequently, the operating system is a prime candidate for attack and a valuable resource to protect. From an attacker's point of view, a compromised operating system provides easy access to protected information. Compromising operating system controls gives the attacker the ability to remove evidence of attacks and "clean up" any leftover log entries or other traces of the attack. A secure operating system is the basis of a secure environment. In this chapter you will learn about the Windows operating system architecture and controls to ensure system security. You will also learn how attackers search for, find, and exploit operating system vulnerabilities. With the knowledge of how attackers operate you'll be able to identify and implement the right controls to secure your environment. Chapter 2 Topics In this chapter, the following topics and concepts are presented: What the organization of the operating system components and architecture are What the basic Windows operating system architecture is What access controls and authentication are What security tokens, rights, and permissions are What users, groups, and Active Directory are What Windows attack surfaces and mitigation are What fundamentals of Microsoft Windows security monitoring...
Words: 6274 - Pages: 26
...10/ 1/ 2014 NT2580 Unit 2 assignment 1 The workgroup consists of three primary workgroups, which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: First it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is also important to explore the device(s) that were targeted by the attack. In this instance, being the SMB server within...
Words: 286 - Pages: 2
...window of vulnerability ITT tech | Window of Vulnerability | Review of unauthorized access to SMB server. | | Cory Reiss | 4/1/2014 | This is the Window of Vulnerability For a patch to a newly discovered exploit residing in manufacturer software. | The security breach was detected by the server software manufacturer and a patch is currently being worked on. This vulnerability affects the SMB server giving access to an unauthorized user. The estimated time for the patch to be completed is three days with 7 additional days required for testing and executing the patch. There has been no documented timeline on when the security exploit was established, discovered, or executed. From discovery of the breach yesterday to final completion of fix there is a window of vulnerability consisting of 11 days. From the information presented the exploit only affects the SMB server. If the unauthorized user is able to run an interactive shell this should not be taken likely. Recommended procedure should be to block access on ports defined or suspend the server if possible. Access to SMB can put all of your files at risk and an aftermarket firewall blocking all IP ranges not specified in the workgroup should lower and impede the effectiveness of the exploit. Scans should be run to assess the possibility of injected code or malware. Someone skilled in security forensics should be deployed to assess the files affected or viewed. This can also give you a direction to search for...
Words: 260 - Pages: 2
...1. What vulnerabilities exist for this workgroup LAN based on advisories? List 5 * Microsoft Security Advisory (MSVR13-009) Cisco Security Service File Verification Bypass Could Allow Elevation of Privilege Published or Last Updated: Tuesday, June 18, 2013 * Microsoft Security Advisory (MSVR13-008) Cisco Security Service IPC Message Heap Corruption Could Allow Elevation of Privilege Published or Last Updated: Tuesday, June 18, 2013 * Microsoft Security Advisory (MSVR13-007) Heap Corruption in Nitro Reader Could Allow Arbitrary Code Execution Published or Last Updated: Tuesday, May 21, 2013 * Microsoft Security Advisory (MSVR13-006) Memory Corruption in Nitro Reader Could Allow Arbitrary Code Execution Published or Last Updated: Tuesday, May 21, 2013 * Microsoft Security Advisory (MSVR13-005) Vulnerability in SumatraPDF Reader Could Allow Remote Code Execution Published or Last Updated: Tuesday, April 16, 2013 1. Does any vulnerability involve privilege elevation? Is this considered high-priority issue? There are two most current vulnerability could allow elevation of privilege through Cisco security service File verification bypass and IPC message Heap corruption. This is considered a high level priority due to unauthorized access to higher domains which control high profile information that can compromise a company’s integrity financially and reputation which carries the risk of overall total loss of business. 2. Identify and document...
Words: 388 - Pages: 2
...1. What vulnerabilities exist for this workgroup LAN based on the advisories? List five of them. 2755801, 2719662, 2854544, 2846338, 2847140. 2. Do any vulnerabilities involve privilege elevation? Is this considered a high-priority issue? 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority. 3. Identify and document at least three vulnerabilities and the solutions related to the client configurations. Three vulnerabilities and Solutions related to client configurations. * Vulnerabilities- ActiveX Controls and Active Scripting. Many websites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. * Solution- After you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. * Vulnerabilities- Software code execution * Solution- Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder...
Words: 455 - Pages: 2
...NT2580 Unit 2 Assignment 2 10/1/13 1. The five vulnerabilities that exist for this LAN based workgroup are 2755801, 2501696, 2588513 2639658, 2659883. 2. Yes, the vulnerability that involves privilege elevation is 2639658 (Vulnerability in TrueType Font Parsing), but it is not a high priority. 3. 2719662 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Apply the Microsoft Fix it solution that blocks the attack vector for this vulnerability. Disable Sidebar in Group Policy. Disable the Sidebar in the system registry. 2737111 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Disable WebReady document view for Exchange. 2755801 Solution: Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. Prevent Adobe Flash Player from running. Prevent Adobe Flash Player from running on Internet Explorer 10 through Group Policy on Windows 8 and Windows Server 2012. Prevent Adobe Flash Player from running in Office 2010 on Windows 8 and Windows Server 2012. Prevent ActiveX controls from running in Office 2007 and Office 2010. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting...
Words: 257 - Pages: 2
...Elvie Bramich Unit2 Assignment 2 : Microsoft Environment Analysis 1. WHAT VULNERABILITIES EXIST FOR THIS WORKGROUP LAN BASED ON ADVISORIES?LIST FIVE OF THEM. Answer: 2755801, 2719662, 2854544, 2846338, 2847140. 2. DO ANY VULNERABILITIES INVOLVE PRIVILEDGE ELEVATION?IS THIS CONSIDERED A HIGH-PRIORITY ISSUE? Answer: 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority. 3. IDENTIFY AND DOCUMENT AT LEAST 3 VULNERABILITIES AND THE SOLUTIONS RELATED TO THE CLIENT CONFIGURATIONS. Answer: Three vulnerabilities and Solutions related to client configurations. Advisory Number: 2719662 Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code: Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker...
Words: 468 - Pages: 2
...Donell Jones NT2580 Unit 2 Assignment 2: Microsoft Environment Analysis 5 vulnerabilities for this workgroup LAN based on the Microsoft Security Advisories numbers. 2755801, 2719662, 2854544, 2846338, 2847140. 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority. Three vulnerabilities and Solutions related to client configurations. Advisory Number: 2719662 Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code: Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could create a malicious Gadget and then trick a user into installing the malicious Gadget. Once installed, the malicious Gadget could run arbitrary code in the context of the current user. If the current user is logged on with administrative...
Words: 571 - Pages: 3
...Window Of Vulnerability (WoV) Window of Vulnerability (WoV) is calculated from the time the attack started to when the attack is found removed or fixed. In this case the attack was found but just referred to as the previous day and the detection was found by the server software. We will say that the attack was on a Monday morning. The software company will be releasing a patch for the attack in three days. We should receive the patch on Thursday then. When we get the patch we will need to install and test the patch, this will take generally according to the size of the computer and the # of end users any part of one week to complete the testing before putting it into production. Once the testing is done on all workgroups & end users devices the patch will need to be installed which is considered into production. The update will be company-wide to all machines that access the network. We will need to send out notification office wide via memo and/or email message to all employees. We should request that all end user’s leave the PC’s or devices on so that we can remotely install the updates or for all of the end users that contain windows 7 which most companies do have the upgrade from XP since it will soon be unsupported, you can use Microsoft Deployment Toolkit (MDT) to automate the update to reduce the Desktop support time & cost to do each and every machine. From the day we found the security hole to the the time we fix the security hole, according to industry...
Words: 296 - Pages: 2
...PA r T O N e Foundations of Network Security Fundamentals of Network Security 2 Firewall Fundamentals 43 VPN Fundamentals 79 Network Security Threats and Issues 111 CHAPTer Fundamentals of Network Security 1 C OMPUTER NETWORK SECURITY is very complex. New threats from inside and outside networks appear constantly. Just as constantly, the security community is always developing new products and procedures to defend against threats of the past and unknowns of the future. As companies merge, people lose their jobs, new equipment comes on line, and business tasks change, people do not always do what we expect. Network security configurations that worked well yesterday, might not work quite as well tomorrow. In an ever-changing business climate, whom should you trust? Has your trust been violated? How would you even know? Who is attempting to harm your network this time? Because of these complex issues, you need to understand the essentials of network security. This chapter will introduce you to the basic elements of network security. Once you have a firm grasp of these fundamentals, you will be well equipped to put effective security measures into practice on your organization’s network. While this textbook focuses on general network security, including firewalls and virtual private networks (VPNs), many of the important basics of network security are introduced in this chapter. In Chapters 1–4, network security...
Words: 16205 - Pages: 65
...Environment Analysis ITT Technical Institute Instructor: Date 1. What vulnerabilities exist for this workgroup LAN based on the advisories?Publication Date | Advisory # | Title | December 29, 2015 (Originally published September 21, 2012) | 2755801 | Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge | December 8, 2015 | 3123040 | Inadvertently Disclosed Digital Certificate Could Allow Spoofing | December 8, 2015 (Originally published July 14, 2015) | 3057154 | Update to Harden Use of DES Encryption | November 30, 2015 | 3119884 | Improperly Issued Digital Certificates Could Allow Spoofing | November 10, 2015 | 3108638 | Update for Windows Hyper-V to Address CPU Weakness | October 13, 2015 (Originally published September 24, 2015) | 3097966 | Inadvertently Disclosed Digital Certificates Could Allow Spoofing | October 13, 2015 (Originally published May 12, 2015) | 3042058 | Update to Default Cipher Suite Priority Order | October 13, 2015 (Originally published May 13, 2014) | 2960358 | Update for Disabling RC4 in .NET TLS | September 8, 2015 | 3083992 | Update to Improve AppLocker Publisher Rule Enforcement | July 14, 2015 | 3074162 | Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege | June 9, 2015 (Originally published May 5, 2014) | 2962393 | Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client | April 14, 2015 | 3045755...
Words: 818 - Pages: 4
...I. Objectives * Familiarize with the different tools in cracking passwords II. Procedure I. Identify the use of the following Password Cracking Tools a. LCP It is designed to help administrators identify and remediate security vulnerabilities that results from the use of weak and/or easily guessed passwords that users use. It is also designed to help administrators recover lost passwords and streamline migration of users to another authentication system. b. Crack It is designed to allow system administrators locate users who may have used weak passwords and are vulnerable to a dictionary attack. c. Access Passview This utility reveals the database password of every password-protected mdb file that was created with the use of Microsoft Access 95/97/2000/XP or with the use of Jet Database Engine 3.0/4.0. It can be used to recover any lost Access Database password. d. MS Access Database Password Decoder It is a program that helps users to recover any lost or forgotten passwords for MS Access database files and user-level passwords that are stored in the workgroup information file. e. Asterisk Logger It is a program that can be used to reveal passwords stored behind asterisks in standard password text-boxes. f. CHAOS Generator It is an application designed to generate passwords of any length and character content. CHAOS Generator will create alphabetic, numeric, alphanumeric or all keyboard characters passwords of user-defined...
Words: 262 - Pages: 2