Operating Systems Vulnerabilities
Note: Need help making a security assessment report
You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources.
First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company. You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly accessing your user account and conducting unauthorized configuration changes.
You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization.
You're also tasked with creating a nontechnical narrated presentation summarizing your thoughts. The organization uses multiple operating systems that are Microsoft-based and Linux-based. You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network.
You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders.
Part of solutionLab results (to give give an idea of the vulnerabilities that are being assessed)
After conducting a scan of the Linux-based (NIXTGT01) system with IP address 192.168.10.2, the vulnerabilities detected were;
i) Telnet unencrypted cleartext login, ii) SSH weak encryption algorithms supported, iii) SSL/TLS: Report weak cipher suites, iv) TCP timestamps (On completing the Lab) The recommended security updates for the Linux systems include;
i) Using a secure protocol that supports encrypted connections like SSH, to replace the Telnet protocol. This would mitigate against the ‘Telnet unencrypted cleartext login’.
ii) Disabling weak encryption algorithms between all forms of client and server connections to mitigate against the ‘SSH weak encryption algorithm’ vulnerability.
iii) Changing the configuration of the SSL/TLS services to no longer accept the following weak cipher suites: TLS_ECDHE_RSA_WITH_RC4_128_SHATLS_ RSA_WITH_RC4_128_MD5TLS_RSA_WITH_RC4_128_SHATLS_RSA_WITH_SEED_CBC_SHAiv) To prevent the possibility of the uptime of a remote host being computed by a malicious actor due to delays, the TCP timestamps on the Linux systems can be disabled (this can also be applied with some versions of the Windows operating systems).Scan Results for the Windows SystemAfter conducting a scan of the Windows (WINTGT01) system with IP address 192.168.10.4, the detected vulnerability was;i) DCE/RPC and MSRPC Services enumeration reporting.recommended mitigation: there is need to filter incoming traffic to TCP ports 49664-49672 to prevent possible sniffing or scanning from attackers.
"The following are a few questions to consider when creating your nontechnical presentation:
Your goal for the presentation is to convince the leadership that the company needs to adopt at least one security vulnerability assessment tool to provide an extra layer of security."