Essay on ISSC362 Week 2

The penetration tools provided in this document allow us to review our network from a security standpoint. This paper focused predominantly on phase two of a penetration test, the exploitation phase; however, a successful penetration test typically starts with the reconnaissance phase. In this phase, the tester attempts to gain as much information about the target company and its network as possible. He or she will test the physical infrastructure (how do people gain access to the building?) and other organizational aspects of the company to find a weakness and a way to get in. Also during this portion of the test, the penetration tester will use tools such as NMAP, whois.com, and other resources to obtain information regarding the network

Known Vulnerabilities Exploitation – an attack that takes advantage of a vulnerability for which a software patch is

Utilizing two simple command switches, -O and -v, provided a wealth of information about the host system. Most notably, it listed all of the open ports, protocols, and the operating system of the target system. This quick gathering of information enabled the execution of more detailed commands against specific ports to expose specific vulnerabilities. This information can then be used to address any specific vulnerabilities that are

Critical Security Control 1 was implemented to actively manage all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. This is critical because attackers, who can be located anywhere in the world, are continuously scanning and monitoring the address space of target organizations. They do this for the main purpose of waiting for new or unprotected systems to be attached to the network. A main focus is looking for devices (especially laptops) that come and go off of the enterprise’s network. These devices are vulnerable because they can commonly get out of sync with patches or

After initial intrusion malicious software is installed on victim host that is re-ferred as RAT (remote access Trojan). RAT takes the responsibility to connect with attacker and regularly performed the actions that instructed by attacker. At this intruder take the full command and control (C2) over target host. The fact is that the initial connection is established by victim host, not by the attacker [6]. This will happens mainly for two reasons: (i) organizations firewall usually allows the connections initialized by internal hosts, and (ii) this will help the attacker to not to detected easily. Because intrusion detection systems [7] can easily detect the extremely suspicious activity such as downloads from outside hosts.

HTML5 will also allow pen-testers to review new scans, create new policies, and view scans from any device on the scanner, which means the entire network will be secure. This magnificent security tool is capable of providing any vulnerability within the IP address range, network or host located on the network. Within the configuration and compliance auditing, it can be compared to the Security Content Automation Protocol (SCAP), which is a method used to enable automated vulnerability management (National Institute of Standards and Technology, 2016). Nessus will also ensure the system is configured to be compliant within the security structure of Windows, Linux, Mac OS and applications. One more feature included is the integration of patch management, which allows patch information to be retrieved and to be included in the patch management report. Nessus will go one step further and check to ensure that patches have been properly installed, will audit mobile device weaknesses, gathering data and writing reports about potential threats for the devices connected to the network, whether it be iOS, Android, or Windows operating

As basic users, security is one feature that most of us overlook when it comes to operating systems until it is too late. In this paper we will discuss the security flaws within the Windows Operating system, and then discuss countermeasures to fix the system flaw.

On April 4th of this year, Microsoft issued security bulletin MS15-034; this security bulletin explains a vulnerability that “could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.” Later, on June 9th, Microsoft issued another security bulletin, MS15-056; this security bulletin explains a vulnerability that “could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who

CIS 500 Week 6 Case Study 1 - Cyber Security in Business Organizations - Strayer University 2015 Version NEW

June 2010, VirusBlokAda a computer company in Belarus receives an email containing information on a computer located in Iran that appears to have a virus causing it to continually reboot. The virus is using a “zero-day” exploit from a LNK file of Windows Explorer, then infects the computer when a flash drive (USB stick) is installed and scanned and then the virus is automatically copied from the flash drive to the computer. Zero-day exploits are extremely rare occurring in approximately 1 in 1 million viruses. Because of the rarity of “zero-day” exploits, the cyber community usually takes notice and contacts the appropriate vendor, in this case Microsoft, so the vendor can patch the software and eliminate the issue. Microsoft then began building its patch for Stuxnet, but in the background Stuxnet continued on its mission.

Review a ZeNmap GUI (Nmap) network discovery and Nessus vulnerability assessment scan report (hardcopy or softcopy)

A. First let me describe to you the tools a hacker has available to infiltrate your computer.

This report contains an overview of the testing process and issues that were found, details of the testing process, results found, the risks associated with the vulnerability and recommendations for rectifying the vulnerability. The results of the test can be of assistance to Ernst & Young when making decisions regarding information security.

* Check existing security scan reports, from WireShark and NetWitness Investigator, and see if we can identify data leakage, and setup new policies and procedures for monitoring web servers and applications.

For current technology vulnerability the outdated antivirus was used an example that pertains to all corporations to include Yahoo!, where malware can be introduced into the companies system. The attack vector for this vulnerability occurs through an injection of malware that occurs through email attachments, chat rooms, Trojan programs that lead to the loss or corruption of existing data, or system impacts such as