Preview

ISSC342 Assignment5

Good Essays
Open Document
Open Document
338 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
ISSC342 Assignment5
During the first two phases of the five step process of a cyber-attack a hacker conducts reconnaissance of the target network and scans for any vulnerabilities that could be exploited. (EC-Council, 2009) These vulnerabilities are known as a system’s attack surface. One of the core job functions of Network administrators is reducing this attack surface through a process called system hardening. There a number of techniques that can be used to harden Microsoft clients and servers such as scanning the system with nmap to find any vulnerabilities that comes from having open ports. After the initial scan the administrator should close open ports and uninstall unnecessary services. (Solomon, 2014) Administrators should also run follow up scans with nmap to make sure that there are no ports or services that they may have missed during their first run. Nmap is not the only program that can identify vulnerabilities within a server, the SCW utility should also be used when you are installing new server hardware to check for any unwanted services that may be set to run on the server as a default setting. (Solomon, 2014) In addition to removing programs and services network administrators should also restrict the accesses the users have on client systems limit what they can do to effect the security of the network. If users could change the security settings or download third party software from potentially unsafe websites they could very easily compromise the security of the network. By limiting user access and defining user roles network administrators can potentially prevent future system vulnerabilities that a user may introduce to the system either unwittingly or maliciously. Another system hardening measure that should be taken to help secure the client side of the network is disabling the default administrator account after you create additional administrator accounts assigned to different roles. (Solomon, 2014)

Works Cited
EC-Council. (2009). Ethical Hacking and



Cited: EC-Council. (2009). Ethical Hacking and Countermeasures: Attack Phases. Clifton Park: Centage Learning. Solomon, M. G. (2014). Security Strategies in Windows Platforms and Applications. Burlington: Jones & Bartlett Learning.

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Jennifer’s full time position as Sales would need Sales access for her primary position. She should only have By Position access to Accounts Payable when she is working that position. She would need Read Only for Shipping and Receiving in order provide customers with information on inventory availability. Neither of her positions should have required her to have full access to Shipping and Receiving.…

    • 252 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Penetration testing should be done to test the network for vulnerabilities. There are several types of penetration testing. “An automated port based scan is generally one of the first steps in a traditional penetration test because it helps obtain a basic overview of what may be available on the target network or host. Port based scanners check to determine whether a port on a remote host is able to receive a connection. Generally, this will involve the protocols which utilize IP (such as TCP, UDP, ICMP, etc.), However, ports on other network protocols could be present as well dependent on the environment (for example, it’s quite common in large mainframe environments for SNA to be in use). Typically, a port can have one of two possible states: open – the port is able to receive data and closed – the port is not able to receive data. A service based vulnerability scanner is one which utilizes specific protocols to communicate with open ports on a remote host, to determine…

    • 550 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    | * OS Level * Patch history Configuration hardening Desktop access, Application access * File Access * File Storage * VPN Authentication Browsing * Emails * Backups…

    • 409 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    We are looking for the item Brake Set, Luffing Mechanism, GUL. Please kindly quote for the following item.…

    • 67 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    Security implementation responsibilities focus on implementing the access controls and account management processes outlined in this Plan. The following positions are responsible for security implementation:…

    • 1211 Words
    • 5 Pages
    Powerful Essays
  • Good Essays

    is4680 lab #2

    • 630 Words
    • 2 Pages

    Windows Hardening Defense, starts with the basics, Log in with least amount of privileges. Always use Firewall and AV. Monitor channels for security advisories and alerts. Know your system(s). Patch early and patch often, Unpatched Systems are the lowest of low hanging fruit. Have a patch policy documented and stick with it. Review patches as they are released and determine criticality based on the exploit, threat footprint for your system(s), and whether or not there is a POC or fully weapon exploit in the wild. When possible, test patches before rolling out in production on servers. Most clients should have automatic updates enabled for the OS and any application listening on a socket or used with untrusted data (java, adobe, browsers, etc...) Servers should be updated during maintenance windows if possible and depending on criticality (of threat and server).…

    • 630 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Richman Investment needs and new enterprise encryption strategy. This is for a more secure network. They are wanting to grow to 10,000 employees worldwide. Richman Investment wants to operate out of 20 different countries in the future. This is very easy to do but to have a secure network there are many things that would have to happen which will make this more difficult to do. Have a secure network takes a lot of work and has to be monitored 24 hours a day 7 days a week. There are many different ways to go about this topic the one I am going to pick is a public key infrastructure (PKI).…

    • 444 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    IS3110 U5D1

    • 712 Words
    • 3 Pages

    There are several different types of controls that you can take advantage of for securing your servers. Below are official guidelines from the (National Institute for Standards and Technology), or NIST.…

    • 712 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    In the workstation domain, we need to make sure that each of the workstations, whether desktop or laptop, has to have antivirus and malware protection installed on them. Express strict access control polices and standards. And mandate annual security awareness training for all employees…

    • 386 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Johnson Company provides networking components and services. Today we are using the yellow pages for advertising, which is still useful but outdated. In most businesses today use other methods such as In person by using sale representatives. Mostly all the businesses today use the internet to reach out to customers, either by having a website, social media, sending emails or even newsletters. There are some that use a totally different approach, some of which include video conferencing and text messages. Other companies even push it further by utilizing social media sources such as Facebook, twitter, LinkedIn, Instagram and so many more to promote their company.…

    • 811 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Lab 9

    • 1001 Words
    • 3 Pages

    Unauthorized access to data centers, computer rooms and wiring closets, servers must be shut down occasionally for maintenance causing network downtime, data can be easily lost or corrupt and recovering critical business functions may take too long to be useful.…

    • 1001 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Assignment 2 SOc 300

    • 543 Words
    • 2 Pages

    I choose Rwanda as my developing country to write about and explore their health care, lending institutions and human capital system structure. Developing countries such as Rwanda lack what we in the United States take for granted as basic necessities. Rwanda is capable of overcoming the poor quality of life that it has grown accustomed to if the help they are receiving is allocated, dispersed and tracked accordingly. Rwanda is seen as a development model that other countries should mirror; they remain focused on the results of their labor and continue to show eagerness toward their global recognition. Financial Institutions such as the World Bank and IMF primaries focus is designed with one goal in mind; to assist developing countries attack their poverty levels head on. Rwandan lending institutions, health care and human capital infrastructure is essential to providing an overall basic life free of poverty stricken, disease infected, and financially poor country. After the conclusion of the 1994 Rwandan genocide, Rwanda was considered a failed state drowning in an unmatched state of poverty and chaos. The effects of the genocide destroyed what little financial, health care and human capital infrastructure that Rwanda had already established. The 1994 genocide eliminated an already fragile economic system, which posed insurmountable challenges while trying to rebuild and attract any potential private investors to fund the non-existent infrastructure. In reviewing Rwanda and its past, present and future current state affairs it’s clear that the focus must be on all three (lending, healthcare and human capital) entities to build an infrastructure and surpass the negative connotation of it being a third world country with little to no growth for its citizens. If the bureaucratic nonsense will take a back seat and focus solely on the health, welfare and restructuring any designated third world impoverished country we should see great accomplishments comparable to…

    • 543 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    After achieving your objectives, you typically takes steps to hide the intrusion and possible controls left behind for future visits. Again, in addition to anti-malware, personal firewalls, and host-based IPS solutions, deny business users local administrator access to desktops. Alert on any unusual activity, any activity not expected based on your knowledge of how the business works. To make this work, the security and network teams must have at least as much knowledge of the network as the attacker has obtained during the attack process.…

    • 284 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    ILM3 Assignment 1

    • 2281 Words
    • 7 Pages

    behavior. If they can be observed to have the desire to work towards their needs they must have motivation.…

    • 2281 Words
    • 7 Pages
    Powerful Essays
  • Satisfactory Essays

    Information Technology

    • 389 Words
    • 2 Pages

    Services that do not authenticate clients, services that use insecure protocols, or services that run with too much privilege are risks. If you do not need them, do not run them. By disabling unnecessary services you quickly and easily reduce the…

    • 389 Words
    • 2 Pages
    Satisfactory Essays