Cybersecurity

Back to Vulnerbility Assessment System Description The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections. Scope The scope of this vulnerability assessment relates to the current access controls of the system. The assessment will cover a period of three months, from June 20XX to August 20XX. NIST SP 800-30 Rev. 1 is used to guide the risk analysis of the information system. ...

Back to SQL Queries Project description This project is for investigating security issues to help keep the system secure. Based on findings that some potential security issues involve login attempts and employee machines. We use SQL filters to retrieve records from different datasets and investigate potential security issues. Retrieve after hours failed login attempts In order to list all after-hours failed logins, which are suspicious in this case, we performed a SQL query as follows. Since hour regular hour ends at 18:00:00, we set the condition accordingly. ...

Project description This project repairs file permissions to its appropriate status. Check file and directory details After performing the command, ls -la in the /home/researcher2/projects/ directory, we found the following status. Describe the permissions string In the /home/researcher2/projects directory, there are five files with the following names and permissions: project_k.txt: -rw-rw-rw- User = read, write Group = read, write Other = read, write project_m.txt: -rw-r----- User = read, write Group = read Other = none project_r.txt: -rw-rw-r-- ...

Back to incident report Incident report analysis Instructions As you continue through this course, you may use this template to record your findings after completing an activity or to take notes on what you’ve learned about a specific tool or concept. You can also use this chart as a way to practice applying the NIST framework to different situations you encounter. Summary The organization recently experienced a DDoS attack, which compromised the internal network for two hours until it was resolved. ...

Back to Security Audit Stakeholder memorandum TO: IT Manager, Stakeholders FROM: Kazuhiro Funakoshi DATE: 07/13/2023 SUBJECT: Internal IT Audit Findings and Recommendations Dear Colleagues, Please review the following information regarding the Botium Toys internal audit scope, goals, critical findings, summary and recommendations. Scope The following systems are in scope: accounting, endpoint detection, firewalls, intrusion detection system, security information and event management (SIEM) tool. Ensure current user permissions, controls, procedures, and protocols in place align with necessary compliance requirements. ...

Back to Security Audit [ ] The Federal Energy Regulatory Commission - North American Electric Reliability Corporation (FERC-NERC) The FERC-NERC regulation applies to organizations that work with electricity or that are involved with the U.S. and North American power grid. Organizations have an obligation to prepare for, mitigate, and report any potential security incident that can negatively affect the power grid. Organizations are legally required to adhere to the Critical Infrastructure Protection Reliability Standards (CIP) defined by the FERC. ...

Back to Security Audit Controls Assessment Current assets Assets managed by the IT Department include: On-premises equipment for in-office business needs Employee equipment: end-user devices (desktops/laptops, smartphones), remote workstations, headsets, cables, keyboards, mice, docking stations, surveillance cameras, etc. Management of systems, software, and services: accounting, telecommunication, database, security, ecommerce, and inventory management Internet access Internal network Vendor access management Data center hosting services Data retention and storage Badge readers Legacy system maintenance: end-of-life systems that require human monitoring Administrative Controls Least Priviledge Needs to be implemented; High Preventative; reduces risk by making sure vendors and non-authorized staff only have access to the assets/data they need to do their jobs Disaster recovery plans Needs to be implemented; Medium Corrective; business continuity to ensure systems are able to run in the event of an incident/there is limited to no loss of productivity downtime/impact to system components, including: computer room environment (air conditioning, power supply, etc.); hardware (servers, employee equipment); connectivity (internal network, wireless); applications (email, electronic data); data and restoration Password policies Needs to be implemented; Medium Preventative; establish password strength rules to improve security/reduce likelihood of account compromise through brute force or dictionary attack techniques Access control policies Needs to be implemented; High Preventative; increase confidentiality and integrity of data Account management policies Needs to be implemented; High Preventative; reduce attack surface and limit overall impact from disgruntled/former employees Separation of duties Needs to be implemented; High Preventative; ensure no one has so much access that they can abuse the system for personal gain Technical Controls Firewall Preventative; firewalls are already in place to filter unwanted/malicious traffic from entering internal network Intrusion Detection System (IDS) Detective; allows IT team to identify possible intrusions (e.g., anomalous traffic) quickly Encryption Needs to be implemented; Medium Deterrent; makes confidential information/data more secure (e.g., website payment transactions) Backups Needs to be implemented; Medium Corrective; supports ongoing productivity in the case of an event; aligns to the disaster recovery plan Password management system Needs to be implemented; Medium Corrective; password recovery, reset, lock out notifications Antivirus (AV) software Needs to be implemented; High Corrective; detect and quarantine known threats Manual monitoring, maintenance, and intervention Needs to be implemented; Medium Preventative/corrective; required for legacy systems to identify and mitigate potential threats, risks, and vulnerabilities Physical Controls Time-controlled safe Needs to be implemented; Low Deterrent; reduce attack surface/impact of physical threats Adequate lighting Needs to be implemented; Low Deterrent; limit “hiding” places to deter threats Closed-circuit television (CCTV) surveillance Needs to be implemented; High Preventative/detective; can reduce risk of certain events; can be used after event for investigation Locking cabinets (for network gear) Needs to be implemented; High Preventative; increase integrity by preventing unauthorized personnel/individuals from physically accessing/modifying network infrastructure gear Signage indicating alarm service provider Needs to be implemented; Low Deterrent; makes the likelihood of a successful attack seem low Locks Needs to be implemented; Low Preventative; physical and digital assets are more secure Fire detection and prevention (fire alarm, sprinkler system, etc.) Needs to be implemented; High Detective/Preventative; detect fire in the toy store’s physical location to prevent damage to inventory, servers, etc.