Nt2580 Week 2 Essays

Similar Documents

Assignment 2 Microsoft Environmental Analysis

...Calculate the window of vulnerability For us to resolve the issue of the window of vulnerability, we would need to get the patch from Microsoft. According to Microsoft, it will take up to 3 days for the patch to be available. Then, we would need additional time to download and test the patch to make sure that this is what is needed to fix the security breach on the SMB server. After doing the testing, the IT department would need time to install the patch onto the servers and deploy to the client computers. This will take 2 days to do, depending on the IT staff, if they work on weekends will determine the completion date. Meaning, if they will work on the weekend, then the deployment to all computers and servers will be done by that Sunday. If not, then it will be the following Tuesday. So, the time that is needed would be a week. To recap, the security breach was reported on a Friday. On Monday, looked on Microsoft’s website to see when the patch would be released, and it indicated that it would take 3 days for it to be available. Counting Monday, 3 days would be, Wednesday. Depending on the time that the patch is released on Wednesday, would need an additional 2 days to download and test the patch before deploying, if early Wednesday, then Thursday to test. But if it comes late Wednesday, then it would take Thursday and Friday to test. Then that would leave the weekend, if the IT staff would work on the weekend. But if not, then it is going to restart on Monday and......

Words: 282 - Pages: 2

Microsoft Environment Analysis Unit2 Assiginment 2

...Explorer could allow remote code execution. This vulnerability has been investigated my Microsoft and a link to the appropriate update has been issued on the Advisory page. 2. Advisory 2755801: Vulnerabilities in Adobe Flash Player in IE 10. The software affected by this vulnerability are both 32/64-bit Windows 8 systems, and also Windows Server 2012. An update has been published that fixes this by updating the Adobe Flash libraries in IE 10 that are affected. It is also possible to temporarily remedy this by changing up the registry files with the text provided on the Advisory page. The Administrator may also disable Flash Player from running on IE 10 via group policy on Windows 8 and Server 2012. 3. Advisory 2736233: Microsoft has released new kill bits for ActiveX after multiple requests by Cisco concerning vulnerabilities in some of its services; Cisco Secure Desktop, Cisco Host scan, and Cisco Any Connect Secure Mobility Client are all services that are affected by ActiveX vulnerability. This affects most Windows XP/7 systems, along with Server 2003/2008 software. 4. Advisory 2661254: Update for Minimum Key Certificate Length. RSA keys being used in certificates that are less than 1024 bits in length are vulnerable to attackers duplicating the certificates, phishing, and man in the middle attacks. Examples of the services that are affected are encrypted emails and private PKI environments. It is suggested that this update is tested out first before being pushed out......

Words: 377 - Pages: 2

Unit 2 Assignment 2

...NT2580 Unit 2 Assignment 2 10/1/13 1. The five vulnerabilities that exist for this LAN based workgroup are 2755801, 2501696, 2588513 2639658, 2659883. 2. Yes, the vulnerability that involves privilege elevation is 2639658 (Vulnerability in TrueType Font Parsing), but it is not a high priority. 3. 2719662 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Apply the Microsoft Fix it solution that blocks the attack vector for this vulnerability. Disable Sidebar in Group Policy. Disable the Sidebar in the system registry. 2737111 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Disable WebReady document view for Exchange. 2755801 Solution: Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. Prevent Adobe Flash Player from running. Prevent Adobe Flash Player from running on Internet Explorer 10 through Group Policy on Windows 8 and Windows Server 2012. Prevent Adobe Flash Player from running in Office 2010 on Windows 8 and Windows Server 2012. Prevent ActiveX controls from running in Office 2007 and Office 2010. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active......

Words: 257 - Pages: 2

Unit 2 Microsoft Env

...Unit 2 Microsoft Environment Analysis 1. What vulnerabilities exist for this workgroup LAN based on the advisories? List five of them.a. 2401593 CVE-2010-3213b. 2264072 CVE-2010-1886c. 980088 CVE-2010-0255d. 975497 CVE-2009-3103e. 98343 CVE-2010-08172. Do any vulnerabilities involve privilege elevation? Is this considered a high priority issue? Only two from the five listed in question one are privileged elevation and identified by the asterisk alongside the CVE number. They are of importance but not considered a high priority issue as asked.3. Identify and document at least three vulnerabilities and the solutions related to the client configurations.a. Advisory Number: 977981a.i. Solution: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rightsb. Advisory Number: 979352b.i. Solution: Thissecurity update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the......

Words: 329 - Pages: 2

Unit 2 Assignment 2: Microsoft Envirnment Analysis

...Microsoft Environment Analysis Abstract Windows of Vulnerability is defined as the ability to attack something that is at risk. Hackers search and pride themselves on finding vulnerabilities or creating their own within a system. A few examples of vulnerabilities that will be covered in this paper are CodeRed, Spida, Slammer, Lovesan, and Sasser. The worm named Code Red was observed on the internet on July 13, 2001. Computers running Microsoft IIS web server were attacked with this worm. Code Red worm did not infect the largest amount of computers until July 19, 2001 with 359,000 hosts being infected. The worm would spread itself in a vulnerability known as a buffer overflow. It would do this by using a long string of the repetition of the letter “N” to overflow a buffer. Spida worm infects via Microsoft SQL installations with administrator accounts that have no passwords defined. Microsoft recommends the “sa” account be set upon installation but many servers are not properly secured after installation. The main purpose of the Spida worm is to export an infected server’s Sam password database. SQL Slammer worm caused a denial of service on Internet host and slowed down general internet traffic. On January 25, 2003 it spread rapidly and infected 75,000 victims in ten minutes. The worm exploited the buffer overflow and would generate random IP addresses, send itself out to those addresses. If one of those addresses happens to belong to a host that is running an......

Words: 522 - Pages: 3

Unit 2 Assignment 2 : Microsoft Environment Analysis

...Elvie Bramich Unit2 Assignment 2 : Microsoft Environment Analysis 1. WHAT VULNERABILITIES EXIST FOR THIS WORKGROUP LAN BASED ON ADVISORIES?LIST FIVE OF THEM. Answer: 2755801, 2719662, 2854544, 2846338, 2847140. 2. DO ANY VULNERABILITIES INVOLVE PRIVILEDGE ELEVATION?IS THIS CONSIDERED A HIGH-PRIORITY ISSUE? Answer: 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority. 3. IDENTIFY AND DOCUMENT AT LEAST 3 VULNERABILITIES AND THE SOLUTIONS RELATED TO THE CLIENT CONFIGURATIONS. Answer: Three vulnerabilities and Solutions related to client configurations. Advisory Number: 2719662 Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code: Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An......

Words: 468 - Pages: 2

Unit 3 Assignment 2 Nt2580

...1. Discretionary Access Control – For Shovels and Shingles I would use Discretionary Access Controls. This way certain user groups have certain access. Considering there is only 12 clients I would assume the employee base and small and only 2-3 groups would be required with different access levels. 2. Rule Based Access Control – Due to the small client base and the fact most users would most likely be sharing information in a small advertising company I would go with Rule Based. This way there is certain files that everyone can access and ones that can’t be accessed. It allows for a personal data structure while allowing some files to be shared freely. 3. Non-Discretionary Access Control – Due the company being larger and associated with IT, I would go with the non-discretionary controls. This way the employees will only have access to what is dictated to them by the administrators. This is especially recommended because there are employees traveling and using the network from the outside. All control for the network should be done administratively. 4. Role-Based Access Controls – For Backordered Parts defense contractor I would recommend Role-Based access controls. As there are many facets to a design and building company there will be many access levels and areas that should only be accessed by certain personnel. Using this role-based control will allow for all users to only see what they need to see, and not see what they don’t need to see as pertaining to......

Words: 321 - Pages: 2

Nt2580 Unit 9 Assignment 2

...Kimberly Warren November 18, 2014 NT2580 Summary of Malicious Attack The CIH virus (which also has names known as CIH, Spacefiller, and Win32.CIH, and Chernobyl) is a virus that was developed in 1998 that infected the 32-bit Windows 95, Windows 98 and Windows NT operating system executable files having the .EXE extension. The contents of this virus can damage the contents of the BIOS flash memory chip and completely ruin the configurations set or even the default. Most of the newer computers sold around this time have had their BIOS programmed into the flash memory chips (Yamamura). Various strains of this virus have been reported to exist such as: • CIH v1.2/CIH.1103 – which contains the string CIH v1.2 TTIT and was activated on the 26th of April. • CIH v1.3/CIH.1010A and CIH1010.B – which contains the string CIH v1.3 TTIT and was also activated on that same day. • CIH v1.4/CIH.1019 – which contains the string CIH v1.4 TATUNG and is not a common virus but is activated on the same day. • CIH.1049 – which activated on August 2nd as opposed to the April 26th date. Concerning infections that have been reported, there have been at least four underground pirate software groups got infected with the CIH virus during summer 1998. They inadvertently spread the virus globally in new pirated softwares they released through their own channels. These releases included some new games which spread world-wide very quickly. There's also a......

Words: 379 - Pages: 2

Nt2580 Unit 2 Assignment 2: Microsoft Environment Analysis

...Unit 2 Assignment 2: Microsoft Environment Analysis 1. What vulnerabilities exist for this workgroup LAN based on the advisories? List five of them. Answer: 2755801, 2719662, 2854544, 2846338, 2847140. 2. Do any vulnerabilities involve privilege elevation? Is this considered a high-priority issue? Answer: 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority. 3. Identify and document at least three vulnerabilities and the solutions related to the client configurations. Answer: Three vulnerabilities and Solutions related to client configurations. Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code: Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could create a malicious Gadget and...

Words: 285 - Pages: 2

Nt2580 Unit 4 Assignment 2

...Dallas Page July 17, 2015 Unit 4 Assignment 2 NT2580 Acceptable Use Policy Definition 1. Overview To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to...

Words: 689 - Pages: 3

Nt2580 Unit 1 Assignment 2

...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system.   * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation......

Words: 508 - Pages: 3

Nt2580 Unit 1 Assignment 2

...Unit 1 Assignment 2 Impact of a Data Classification Standard Internal use only is information that may or may not be confidential. But is shared within a organization and kept away from the public. With that being said it is imperative that we seek the following to be incorporated within the standards in each domain. User Domain refers to the people who have access to the organizations equipment User domains is the worst domain for security and personal information can be obtained on this domain under internal use only. The reasoning for this is the multitudes of social networking and the fallacy’s of the employee’s not even meaning to release information that could be detrimental. Employees are responsible for their own equipment. The best way to avoid this is to set up an Acceptable use Policy (AUP) that informs employees what they can and cannot do with company information, equipment, and resources. We must hold employees accountable who are abusing company’s AUP. Workstation Domain (WSD) refers to the computers or electronic devices in which a user uses to access the system. The WSD is where users first access the systems, applications, and data. This layer requires a login and password authentication before access is allowed to view information. The threats to this domain which vary from unauthorized access to downloading personal files, the best way to fix this is to “Harden” the system by setting up firewalls, anti-virus, malware programs and restricted access......

Words: 537 - Pages: 3

Nt2580 Unit 1 Assignment 2

...Unit 1 Assignment 2 Impact of a Data Classification Standard Internal use only is information that may or may not be confidential. But is shared within a organization and kept away from the public. With that being said it is imperative that we seek the following to be incorporated within the standards in each domain. User Domain refers to the people who have access to the organizations equipment User domains is the worst domain for security and personal information can be obtained on this domain under internal use only. The reasoning for this is the multitudes of social networking and the fallacy’s of the employee’s not even meaning to release information that could be detrimental. Employees are responsible for their own equipment. The best way to avoid this is to set up an Acceptable use Policy (AUP) that informs employees what they can and cannot do with company information, equipment, and resources. We must hold employees accountable who are abusing company’s AUP. Workstation Domain (WSD) refers to the computers or electronic devices in which a user uses to access the system. The WSD is where users first access the systems, applications, and data. This layer requires a login and password authentication before access is allowed to view information. The threats to this domain which vary from unauthorized access to downloading personal files, the best way to fix this is to “Harden” the system by setting up firewalls, anti-virus, malware programs and restricted access......

Words: 537 - Pages: 3

Unit 2 Case Assignment: an Environment for Change

...Unit 2 Case Assignment: An Environment for Change Click Link Below To Buy: http://hwcampus.com/shop/unit-2-case-assignment-an-environment-for-change/ Case Instructions: For this assignment, you are to prepare a brief report in which you identify and define your organization and/or industry of choice and in which you begin to analyze the organization's change environment. First, you must select an organization to use for your case. Choose carefully! You will continue to use this same organization for the Unit 3 and Unit 4 Case. It might be good to use your place of work or an organization in which you are involved. If you do not work or if you are not involved in any organization, then you should select an organization that interests you or perhaps where a family member works. If none of these situations apply to you, then select a local organization. We all have community fast food restaurants and supermarkets that would be excellent choices. Your report should contain the following information and points. This report is not to be written as questions and answers. You must write in paragraph/essay format. The bullet points listed here just describe the content that you need to include in this report. • . Identify the organization or industry you have selected. • . Explain why you selected this organization or industry. • . Describe the core business of this organization and include the mission statement. • . Include a brief history of this......

Words: 726 - Pages: 3

Nt2580 Unit 1 Assignment 2

...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...

Words: 364 - Pages: 2

Welcome back guys,

So I wanted to let you know of my adventures of having three essays due in one week. Now I know that sounds mad because come on! Three essays in one week that’s too much. But I did have about a month and a week extra to get them done due to the floods; thank you mother nature and storm Desmond for your help.

They key to getting all your essays done without stressing out is to start early. I had  property law, comparative law and human rights and civil liberties essays due in. The property essay is the one I hated the most, so obviously I started it first, and I’m so glad that I did because I got my first draft done and dusted before I arrived back at University for the new term. Another key help was my uncle Khamis, shout out to you uncle!! He was a big help to me because he did his masters in law and so he helped me with my work, with editing, making sure it makes sense and the big one: that I am answering the question.

You sometimes know when you start to type, you are just writing and writing but you’re not making sense and you’re not answering the question. Yeah, that’s me; story of my life. I am a better speaker than essay writer but hey, practice makes perfect. I also recommend downloading the app Grammarly, it is so amazing. It corrects your grammar and spelling mistakes more than Word. Ref.Me is also another great app for referencing. Referencing is a huge part of your essay, because if you have poor referencing you could be plagiarizing. So this app makes it so much easier, it helps with referencing and footnotes.

I think I loved my human rights and civil liberties essay the most, then my comparative and then property. But I know I did well, because I worked very hard. I wasn’t kidding when I told you about me wanting a First class this year. I’m dreaming big and never giving up, because “I’m a first class student,  I get first class all day everyday”. These are the words I say to myself three times a day so my brain stores this important quote and I start to believe it.

With hard work, time management and lots of self belief you will get the grade that you are aiming for; which I hope is a first.

Don’t stop dreaming,

Maab xoxo

Maab Saifeldin

dream bigfirst classhard workLancasterlancaster law schoollancaster universitylaw studentsecond yearwork

Categories: 1

0 Replies to “Nt2580 Week 2 Essays”

Leave a comment

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *