Operating Systems Vulnerabilities Note: Need help making a security assessment report You have recently come acr

Operating Systems Vulnerabilities

Note: Need help making a security assessment report

You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources.

First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company. You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly accessing your user account and conducting unauthorized configuration changes.

You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization.

You're also tasked with creating a non­technical narrated presentation summarizing your thoughts. The organization uses multiple operating systems that are Microsoft-­based and Linux­-based. You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network.

You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders.
Part of solutionLab results (to give give an idea of the vulnerabilities that are being assessed)

After conducting a scan of the Linux-based (NIXTGT01) system with IP address 192.168.10.2, the vulnerabilities detected were;

i) Telnet unencrypted cleartext login, ii) SSH weak encryption algorithms supported, iii) SSL/TLS: Report weak cipher suites, iv)  TCP timestamps (On completing the Lab) The recommended security updates for the Linux systems include;

i) Using a secure protocol that supports encrypted connections like SSH, to replace the Telnet protocol. This would mitigate against the ‘Telnet unencrypted cleartext login’.

ii) Disabling weak encryption algorithms between all forms of client and server connections to mitigate against the ‘SSH weak encryption algorithm’ vulnerability.

iii) Changing the configuration of the SSL/TLS services to no longer accept the following weak cipher suites: TLS_ECDHE_RSA_WITH_RC4_128_SHATLS_ RSA_WITH_RC4_128_MD5TLS_RSA_WITH_RC4_128_SHATLS_RSA_WITH_SEED_CBC_SHAiv) To prevent the possibility of the uptime of a remote host being computed by a malicious actor due to delays, the TCP timestamps on the Linux systems can be disabled (this can also be applied with some versions of the Windows operating systems).Scan Results for the Windows SystemAfter conducting a scan of the Windows (WINTGT01) system with IP address 192.168.10.4, the detected vulnerability was;i) DCE/RPC and MSRPC Services enumeration reporting.recommended mitigation: there is need to filter incoming traffic to TCP ports 49664-49672 to prevent possible sniffing or scanning from attackers. 

"The following are a few questions to consider when creating your non­technical presentation:

• How do you present your technical findings succinctly to a non­technical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.
• How do you describe the most serious risks factually but without sounding too dramatic? No one likes to hear that the entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.
• How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.
• Be clear about what action you are recommending. Upper-level managers will want to understand not only what you discovered, but also what you propose as a solution. They will want to know what decisions they need to make based on your findings.

Your goal for the presentation is to convince the leadership that the company needs to adopt at least one security vulnerability assessment tool to provide an extra layer of security."