University Computer Security: Virtual Machine Evaluation Report
VerifiedAdded on 2023/01/23
|21
|3764
|57
Report
AI Summary
This report presents a comprehensive security evaluation of a virtual machine image, undertaken as part of a computer security assignment. The project's aim was to assess the security posture of a VM provided by 'Benny Vandergast Inc.' for 'Widgets Inc.' The evaluation involved installing VMware, identifying the VM's IP address, and gaining access to the system using Kali Linux and penetration testing techniques. The report details the security investigation process, including the use of tools like Hydra to discover credentials. Findings include vulnerabilities related to encrypted data communication, security patches, network services, web server hardening, password settings, OpenSSL, and malware. The report explores system security investigation methods, including security assessments based on international standards and the implementation of security tools. Furthermore, it details system hardening techniques, such as using strong passwords, disk encryption, automatic security updates, and web server hardening. The report also proposes various measures to secure the system, addressing identified security issues and offering recommendations for improving the overall security posture of the VM. References to cited sources are included throughout the report to support the findings and recommendations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
University
Semester
Computer Security
Student ID
Student Name
Submission Date
Semester
Computer Security
Student ID
Student Name
Submission Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
1. Aim of the Project..........................................................................................................................1
2. VMware Installation......................................................................................................................1
3. System Security Investigation........................................................................................................7
4. Results.........................................................................................................................................13
5. Proposal on System Security.......................................................................................................15
References...........................................................................................................................................18
1. Aim of the Project..........................................................................................................................1
2. VMware Installation......................................................................................................................1
3. System Security Investigation........................................................................................................7
4. Results.........................................................................................................................................13
5. Proposal on System Security.......................................................................................................15
References...........................................................................................................................................18
1. Aim of the Project
Today, system Security indicates serious issue which can be caused due to various
reasons. This report will shed light on all the reasons, its impact and solution. In computing,
a Virtual Machine (VM) is a reflection of a Computer system, which depends on the
computer architecture and gives functionality of a physical computer.In this report two firms
are involved namely, “Widgets Inc.” and “Benny Vandergast Inc.” Widgets Inc., is the firm
that gives the virtual machine image, whereas the other firm has given a VMware to be tested
for security reasons and will be utilized for a new web-based store.
The overall aim is to evaluate security for the given VM images. Thus, various
security aspects will be inspected and tested, for recognizing any kind of loop holes and
security problems. For this task, it is suggested to utilize some special security evaluation
tool. With Security evaluation the Virtual Machine Image files will be tested and the below
mentioned parameters will be considered:
A. Explanation on the system security’s investigation.
B. Implementation of system security tool for investigating the system security,
with outcomes.
C. A system security proposal along with the identified security problems
(DONG et al., 2010).
2. VMware Installation
The following are the installation steps to be followed:
On the Portal, the given Virtual machine image file should be downloaded.
Next, complete the installation of VMware work station.
Open it when once installed.
The below represented image helps to understand the above mentioned steps,
1
Today, system Security indicates serious issue which can be caused due to various
reasons. This report will shed light on all the reasons, its impact and solution. In computing,
a Virtual Machine (VM) is a reflection of a Computer system, which depends on the
computer architecture and gives functionality of a physical computer.In this report two firms
are involved namely, “Widgets Inc.” and “Benny Vandergast Inc.” Widgets Inc., is the firm
that gives the virtual machine image, whereas the other firm has given a VMware to be tested
for security reasons and will be utilized for a new web-based store.
The overall aim is to evaluate security for the given VM images. Thus, various
security aspects will be inspected and tested, for recognizing any kind of loop holes and
security problems. For this task, it is suggested to utilize some special security evaluation
tool. With Security evaluation the Virtual Machine Image files will be tested and the below
mentioned parameters will be considered:
A. Explanation on the system security’s investigation.
B. Implementation of system security tool for investigating the system security,
with outcomes.
C. A system security proposal along with the identified security problems
(DONG et al., 2010).
2. VMware Installation
The following are the installation steps to be followed:
On the Portal, the given Virtual machine image file should be downloaded.
Next, complete the installation of VMware work station.
Open it when once installed.
The below represented image helps to understand the above mentioned steps,
1
When it is opened, browse for the virtual machine file that is given and open it, as
illustrated in the below figure (HU et al., 2013).
2
illustrated in the below figure (HU et al., 2013).
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
This must be followed by opening Ubuntu, which requires clicking on the Power on button.
3
3
4
User has to make use of “Kali Linux” and crack and identify the IP Address which
will be provided for the VM by using below steps such as,
1. Start Kali Linux
2. Make sure Hydra is enabled which is illustrated as below.
3. In Kali Linux, open the terminal which is illustrated as below.
5
will be provided for the VM by using below steps such as,
1. Start Kali Linux
2. Make sure Hydra is enabled which is illustrated as below.
3. In Kali Linux, open the terminal which is illustrated as below.
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4. By crack the IP address, user name and password by using the below command on
terminal,
hydra -t 1 -1 admin -P /root/Desktop/password.1st -vV 192.168.1.1 ftp
It is illustrated as below.
6
terminal,
hydra -t 1 -1 admin -P /root/Desktop/password.1st -vV 192.168.1.1 ftp
It is illustrated as below.
6
As soon as the VM Ubuntu is fully installed, login by entering the user name and
password. i.e., administrator and administrator, respectively. In this project, both the user
name and password credentials are hacked by using the following steps:
i. In recovery mode do booting.
ii. Drop for rooting the shell prompt.
iii. Remounting of root using the write access.
iv. Resetting username and password.
v. The following Authentication manipulation error gets displayed, as the new password
is entered.
This error occurs due to the fact that file system is mounted with “read access
only.”However, it is possible to modify this and remount the file system. Next, it requires
resetting the password. Then, as the user logins, the below mentioned security problems
occur on the Ubuntu virtual machine:
7
password. i.e., administrator and administrator, respectively. In this project, both the user
name and password credentials are hacked by using the following steps:
i. In recovery mode do booting.
ii. Drop for rooting the shell prompt.
iii. Remounting of root using the write access.
iv. Resetting username and password.
v. The following Authentication manipulation error gets displayed, as the new password
is entered.
This error occurs due to the fact that file system is mounted with “read access
only.”However, it is possible to modify this and remount the file system. Next, it requires
resetting the password. Then, as the user logins, the below mentioned security problems
occur on the Ubuntu virtual machine:
7
When the data is transmitted via network, the encrypt data communication
problems occur related to monitoring of the encrypted data, along with
password.
Security patches
Network services problems on the VM instance.
Web server hardening problems
Password setting problems
Open SSL problems
Backup problems
Malware problems
3. System Security Investigation
For security evaluation of a system on a given virtual machine image file this section
sheds light on the investigation of system security on the VM. The assessment or evaluation
of security is utilized to look at the system to decide the compliance of the system based on
specifications, security standards, and model. It is watching the system’s functional behaviour
by endeavouring to enter the system. As Ubuntu 18.04, in the given VM image file, security
assessment in the international standard for computer security certification is utilized to gives
a confirmation that an item fulfils a characterized arrangement of security needs. The security
prerequisites’ specification is utilized to indicate the security targets (Jendrosch et al., 2014).
The security evaluation is utilized to do changes in the configuration and use the extra
packages. Further, it assesses the configuration manual for disclosing how to set up the
assessed configuration to give the data to the admin and client, which can be guarantee on
system operation’s security. Security assessment uses full disk encryption to expand the data
assurance in the system. It enables the users to encryption and ensure protection of data. It
also carried out software updates on Ubuntu 18.04. It is significant part to evaluate the
security that is utilized to offer assurance against any vulnerabilities.
The below depicted figures show how with the help of Ubuntu OS, system security
and system hardening can be performed.
8
problems occur related to monitoring of the encrypted data, along with
password.
Security patches
Network services problems on the VM instance.
Web server hardening problems
Password setting problems
Open SSL problems
Backup problems
Malware problems
3. System Security Investigation
For security evaluation of a system on a given virtual machine image file this section
sheds light on the investigation of system security on the VM. The assessment or evaluation
of security is utilized to look at the system to decide the compliance of the system based on
specifications, security standards, and model. It is watching the system’s functional behaviour
by endeavouring to enter the system. As Ubuntu 18.04, in the given VM image file, security
assessment in the international standard for computer security certification is utilized to gives
a confirmation that an item fulfils a characterized arrangement of security needs. The security
prerequisites’ specification is utilized to indicate the security targets (Jendrosch et al., 2014).
The security evaluation is utilized to do changes in the configuration and use the extra
packages. Further, it assesses the configuration manual for disclosing how to set up the
assessed configuration to give the data to the admin and client, which can be guarantee on
system operation’s security. Security assessment uses full disk encryption to expand the data
assurance in the system. It enables the users to encryption and ensure protection of data. It
also carried out software updates on Ubuntu 18.04. It is significant part to evaluate the
security that is utilized to offer assurance against any vulnerabilities.
The below depicted figures show how with the help of Ubuntu OS, system security
and system hardening can be performed.
8
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Utilizing strong passwords
In all the device’s security passwords work as an effective method to enforce security,
from various external exploits. With the installation is finished system hardening takes place
where a User account is created. It is very important to have a strong and secured password
that is difficult to crack for the attackers. Moreover, the created account belongs to the
Administrative group which is the reason to have a secured password (Kali Linux – Assuring
Security by Penetration Testing, 2014).
Make use of disk encryption
Security is connected to encryption as well as privacy. Encryption is an advanced
method which helps the users to maximize the security and privacy of the OS.The external
attacks are the dynamic force that always changes.Thus, there are less chances that the
security system can always guarantee protection, as a result this increases the need to secure
the system from external attacks where the data is also secured. In Ubuntu, it is necessary to
have a decryption key. Though, it is a tiring process, Ubuntu encryption is a simple method
which benefits each feature of the OS. The use of this method increases the complexities to
crack the data that is stored irrespective of any effective decryption software.
9
In all the device’s security passwords work as an effective method to enforce security,
from various external exploits. With the installation is finished system hardening takes place
where a User account is created. It is very important to have a strong and secured password
that is difficult to crack for the attackers. Moreover, the created account belongs to the
Administrative group which is the reason to have a secured password (Kali Linux – Assuring
Security by Penetration Testing, 2014).
Make use of disk encryption
Security is connected to encryption as well as privacy. Encryption is an advanced
method which helps the users to maximize the security and privacy of the OS.The external
attacks are the dynamic force that always changes.Thus, there are less chances that the
security system can always guarantee protection, as a result this increases the need to secure
the system from external attacks where the data is also secured. In Ubuntu, it is necessary to
have a decryption key. Though, it is a tiring process, Ubuntu encryption is a simple method
which benefits each feature of the OS. The use of this method increases the complexities to
crack the data that is stored irrespective of any effective decryption software.
9
Automatic Security Updates
Linux server must ensure to take time and efforts on updating the software and
system. It is highly significant update as the Linux Distributions namely Ubuntu provides
daily updates and on a long term gap of updates can be a threat to the users and their system.
Surely, it is tiring task to daily work on the updates and most of the time it can be forgotten,
thus, the solution for this to select the option, “Install security updates automatically”. This
option ensures to automatically take care of the daily updates, without worrying the users
(Veloz et al., 2017).
10
Linux server must ensure to take time and efforts on updating the software and
system. It is highly significant update as the Linux Distributions namely Ubuntu provides
daily updates and on a long term gap of updates can be a threat to the users and their system.
Surely, it is tiring task to daily work on the updates and most of the time it can be forgotten,
thus, the solution for this to select the option, “Install security updates automatically”. This
option ensures to automatically take care of the daily updates, without worrying the users
(Veloz et al., 2017).
10
Software updates
The system software indicates an automatic approach. It is the option that the user
choses during the procedure. Despite the fact that there existsa manual option forupdating the
software, the users mostly preferto opt auto option.
Web server Hardening
The process of Web Server Hardening enhances the security of a server with different
ways that results in highly secured server operating infrastructure. The reason is advanced
security measures which are used when the server hardening process takes place.
The Secure Sockets Layer and the TLSrefers to a standard technology that secures the
internet connection and safeguards the sensitive data which must be shared between a couple
or more systems, then it prevents the hackers from modify or reading the transferred
information and personal details. In Linux system, SSL and TLS should be optimized with
the help of server hardening and by taking care of the security and speed.
Choose Certificates from Proven Sources
Take certificates in a specialized and reputable service in online security.
Optimize TLS Handshake
Use of “three-way” handshake is ensured which uses normal TCP connection, to establish a
secure connection.
Enable Persistent Connections
In a single connection many requests can be maned with persistent connection.The
new SSL connection is needed when an individual wish to visit a site that is secure when
compared to one times in just few minutes. Use of a persistent connection, just for a single
time then it can initiate the SSL connection that removes the required additional extra
handshakes.
Utilize CDN
The websites affect CDNs to advance its page load speed. This helps in deploying and
causes the CDN to advance the SSL/TLS exhibitions. Ensure to deal with the shared
measures that are recorded in the prior passage related to TLS handshake and persistent
connection establishment. Utilizing the most recent SSL version just as TLS which must be
pursueddependably. The purpose of using new versions are the ineffective old versions,
which are exceptionally helpless against the viruses and bugs.
11
The system software indicates an automatic approach. It is the option that the user
choses during the procedure. Despite the fact that there existsa manual option forupdating the
software, the users mostly preferto opt auto option.
Web server Hardening
The process of Web Server Hardening enhances the security of a server with different
ways that results in highly secured server operating infrastructure. The reason is advanced
security measures which are used when the server hardening process takes place.
The Secure Sockets Layer and the TLSrefers to a standard technology that secures the
internet connection and safeguards the sensitive data which must be shared between a couple
or more systems, then it prevents the hackers from modify or reading the transferred
information and personal details. In Linux system, SSL and TLS should be optimized with
the help of server hardening and by taking care of the security and speed.
Choose Certificates from Proven Sources
Take certificates in a specialized and reputable service in online security.
Optimize TLS Handshake
Use of “three-way” handshake is ensured which uses normal TCP connection, to establish a
secure connection.
Enable Persistent Connections
In a single connection many requests can be maned with persistent connection.The
new SSL connection is needed when an individual wish to visit a site that is secure when
compared to one times in just few minutes. Use of a persistent connection, just for a single
time then it can initiate the SSL connection that removes the required additional extra
handshakes.
Utilize CDN
The websites affect CDNs to advance its page load speed. This helps in deploying and
causes the CDN to advance the SSL/TLS exhibitions. Ensure to deal with the shared
measures that are recorded in the prior passage related to TLS handshake and persistent
connection establishment. Utilizing the most recent SSL version just as TLS which must be
pursueddependably. The purpose of using new versions are the ineffective old versions,
which are exceptionally helpless against the viruses and bugs.
11
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
There must be a capacity to recognize certain aspects with respect to what is the need for
example, the general system or the Security System’s performance for the server. Normal and
continuous tests led on the authorized websites for SSL/TLS must be led. Ensure to recognize
the parts that require Performance when compared to security and similarly check where
security is essential than performance. Utilize the inbuilt expansion tools such as system
security audit in the Linux System.
Accounts
The account like,Ubuntu Single Sign On can be utilized to validate the desktop
applications. The creation of accountscan be utilized to access the server. This is essential for
the system administration. The users without much stress can access the servers when
utilizing the systemopenly by the SCP (Secure Copy) and SSH. The Secure Copy means the
command line tool that is utilized toreplicate or exchange the files from one host to the next.
It utilizes comparative security system, for example, SSH program.
Risks related to User Account
Any system despite being secured and strong it generally needs rebooting. In any
case, we have discovered that there are a few systems that constantly run and worknon-stop.
Similarly, the said system winds up being defenceless against the exploits that were
previously established within a system either local or external exploits. The genuine user
must be aware of the drawbacks to comprehend the issues. Here, the job of system hardening
is essential and significant. Each system is recommended to conduct system hardening, which
can kill such defaults and issues that occur in any system (greghub.com, 2019).
Open SSH security and System Hardening
In the Linux systems, to ensure system administration the SSH is recommended
protocol as it is significant for server management. The majority of the Linux based systems
have thisprotocol and run based on this. The default setting refers to the unaltered
configuration. The Linux System hardening is one of the best approach to diminish the
potential system attacks. Subsequent to altering the configuration file it is essential to test the
validity before the service is reloaded.
12
example, the general system or the Security System’s performance for the server. Normal and
continuous tests led on the authorized websites for SSL/TLS must be led. Ensure to recognize
the parts that require Performance when compared to security and similarly check where
security is essential than performance. Utilize the inbuilt expansion tools such as system
security audit in the Linux System.
Accounts
The account like,Ubuntu Single Sign On can be utilized to validate the desktop
applications. The creation of accountscan be utilized to access the server. This is essential for
the system administration. The users without much stress can access the servers when
utilizing the systemopenly by the SCP (Secure Copy) and SSH. The Secure Copy means the
command line tool that is utilized toreplicate or exchange the files from one host to the next.
It utilizes comparative security system, for example, SSH program.
Risks related to User Account
Any system despite being secured and strong it generally needs rebooting. In any
case, we have discovered that there are a few systems that constantly run and worknon-stop.
Similarly, the said system winds up being defenceless against the exploits that were
previously established within a system either local or external exploits. The genuine user
must be aware of the drawbacks to comprehend the issues. Here, the job of system hardening
is essential and significant. Each system is recommended to conduct system hardening, which
can kill such defaults and issues that occur in any system (greghub.com, 2019).
Open SSH security and System Hardening
In the Linux systems, to ensure system administration the SSH is recommended
protocol as it is significant for server management. The majority of the Linux based systems
have thisprotocol and run based on this. The default setting refers to the unaltered
configuration. The Linux System hardening is one of the best approach to diminish the
potential system attacks. Subsequent to altering the configuration file it is essential to test the
validity before the service is reloaded.
12
Continuously check the SSH’sstatus before the deployment. And often a well-
documented approach to deal with the system verification supports to make things easy. The
SSH configuration test helpsto ensure and recognize the systemFunctioning and Non-
Functioning. Encrypting all the traffic gives additional security from the network sniffing and
different attacks. Moreover, it is accessible in numerous platforms. Likewise, it is possible to
execute the SSH port forwarding to give data security. The SSH server is generally utilized to
help server authentication. It is safe yet we can in any case do a few changes for advanced
security. It suits the security platforms like Ubuntu Security, where the system is safe from
any potential attacks.
The following main features are required to set up SSH security:
a) Use different port other than 22 (i.e., the default port)
b) Just use the Protocol SSH 2.
c) Disable direct root login.
d) Utilize public keys in place of passwords.
e) Enable two-factor authentication
f) Disable Empty Passwords
g) Use strong passwords and passphrase for SSH users/keys
h) Configure Idle Timeout Interval
i) Disable port forwarding
j) Make changes to remote system
k) Use of X11 forwarding
l) Restrict SSH logins to specific IP addresses
The Ubuntu’s system security begins with software hardening and then the other
linked applications. Ubuntu’s system security commences with system software hardening
and then the associated applications followed by the utilized main software.The most
effective solution is to enforce daily and on-timescans with necessary updates for the system,
which keeps its functioning effective. For SSH security, the main tool includes Lynis
software. It is an audit tool which does testing and from Unix-based systems it gathers
security information. It is easy to use and gives the security reports quickly, to take instant
actions.
13
documented approach to deal with the system verification supports to make things easy. The
SSH configuration test helpsto ensure and recognize the systemFunctioning and Non-
Functioning. Encrypting all the traffic gives additional security from the network sniffing and
different attacks. Moreover, it is accessible in numerous platforms. Likewise, it is possible to
execute the SSH port forwarding to give data security. The SSH server is generally utilized to
help server authentication. It is safe yet we can in any case do a few changes for advanced
security. It suits the security platforms like Ubuntu Security, where the system is safe from
any potential attacks.
The following main features are required to set up SSH security:
a) Use different port other than 22 (i.e., the default port)
b) Just use the Protocol SSH 2.
c) Disable direct root login.
d) Utilize public keys in place of passwords.
e) Enable two-factor authentication
f) Disable Empty Passwords
g) Use strong passwords and passphrase for SSH users/keys
h) Configure Idle Timeout Interval
i) Disable port forwarding
j) Make changes to remote system
k) Use of X11 forwarding
l) Restrict SSH logins to specific IP addresses
The Ubuntu’s system security begins with software hardening and then the other
linked applications. Ubuntu’s system security commences with system software hardening
and then the associated applications followed by the utilized main software.The most
effective solution is to enforce daily and on-timescans with necessary updates for the system,
which keeps its functioning effective. For SSH security, the main tool includes Lynis
software. It is an audit tool which does testing and from Unix-based systems it gathers
security information. It is easy to use and gives the security reports quickly, to take instant
actions.
13
4. Results
The following are the results obtained from the investigation by using a system
security tool. On Ubuntu 18.04, Lynis auditing tool is used for performing system security.
Lynis is an open source security audit tool. It contains the capacity to thoroughly evaluate the
system security of a VM. Thus, based on these features this tool was selected for the Linux
Platform. It is beneficial for the security professionals and system administrators to scan the
system for any security defences. The outcome is system hardening. The observation of this
investigation is that Ubuntu suits this system (Boelen, 2019).
Lynis: Installation
The source code is used for installing the Lynis software. The file is downloaded and then the
binary on the system is copied. It can also be done with the help of package manager. It is
easy to do Lyris installation. For Lynis software’s installation on Ubuntu 18.04, the below
mentioned command can be used (Rajput, 2019):
Sudo apt-get installs lynis
This figure displays the output of the above steps.
14
The following are the results obtained from the investigation by using a system
security tool. On Ubuntu 18.04, Lynis auditing tool is used for performing system security.
Lynis is an open source security audit tool. It contains the capacity to thoroughly evaluate the
system security of a VM. Thus, based on these features this tool was selected for the Linux
Platform. It is beneficial for the security professionals and system administrators to scan the
system for any security defences. The outcome is system hardening. The observation of this
investigation is that Ubuntu suits this system (Boelen, 2019).
Lynis: Installation
The source code is used for installing the Lynis software. The file is downloaded and then the
binary on the system is copied. It can also be done with the help of package manager. It is
easy to do Lyris installation. For Lynis software’s installation on Ubuntu 18.04, the below
mentioned command can be used (Rajput, 2019):
Sudo apt-get installs lynis
This figure displays the output of the above steps.
14
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
With the completion of Lynis software’s installation, it is ready for auditing the Security
status.It even offers suggestions that shows you how you can go about hardening the system yourself.
To identify the weakness in the system, itis beneficial to use this software.
15
status.It even offers suggestions that shows you how you can go about hardening the system yourself.
To identify the weakness in the system, itis beneficial to use this software.
15
A scanning with Lynis completes, a report is presented that determines its results and
hardening index and linked files’ locations.
The Lynis is utilized to identify the following information with regards to system security
like,
A. Detection and analysis of the vulnerabilities
B. Improvements in system security
C. Compliance tests such as HIPAA and PCI
D. Administrative management
E. Security audits
Lynis software suggests help for the investigated system, to increase its server’s security
level. The suggestion comprises of the following:
I. Suggestion ID
II. Suggestion’s brief
III. Respective solution
However, as mentioned earlier, it also gives respective warnings, if any. This is a tool that
conducts several individual tests with a solely purpose of detecting the potential system
weaknesses. It shows the results in a report which displays suggestion along with security
advancements in the system.
5. Proposal on System Security
The following section gives a brief of the proposal, which intends to explain how a system
can be secured. On the other hand, how to identify the security issues is represented. The identified
security issues include:
a) The Pacemaker Vulnerabilities
16
hardening index and linked files’ locations.
The Lynis is utilized to identify the following information with regards to system security
like,
A. Detection and analysis of the vulnerabilities
B. Improvements in system security
C. Compliance tests such as HIPAA and PCI
D. Administrative management
E. Security audits
Lynis software suggests help for the investigated system, to increase its server’s security
level. The suggestion comprises of the following:
I. Suggestion ID
II. Suggestion’s brief
III. Respective solution
However, as mentioned earlier, it also gives respective warnings, if any. This is a tool that
conducts several individual tests with a solely purpose of detecting the potential system
weaknesses. It shows the results in a report which displays suggestion along with security
advancements in the system.
5. Proposal on System Security
The following section gives a brief of the proposal, which intends to explain how a system
can be secured. On the other hand, how to identify the security issues is represented. The identified
security issues include:
a) The Pacemaker Vulnerabilities
16
b) The PHP vulnerabilities
c) The System vulnerability
d) The Libxslt vulnerability
e) The Wget vulnerabilities
Therefore, with so many issues identified it is mandatory to rectify the solution and the following
aspects are considered for securing the system:
1. The System must be kept Up-to-date at regular and timely schedule
The system must be updated frequently by the user.
2. Utilize less user account
Always, it is suggested to make use of just less user account.
3. Network that faces issues must be removed.
Networks face issues related to services that must be isolated or it must be discarded
from the system. This confirms to improve the system’s performance in the whole network,
including the system. Moreover, this directs towards less possibilities for security threats. The
following process could be implemented:
Identify running services for instance TCP etc.
Identify the service to be discarded.
Un-installation of the listening services.
4. Remove unused network facing services
Basically, the network facing services that are not required for the investigated system
must be removed. This process is helpful in diminishing the attacks in the running processes
and in the installed packages. It involves the below mentioned processes:
1) The determination of the running services for instance, TCP, UDP etc.
2) The determination of the services to be discarded.
3) Uninstalling the listening services.
5. Configure firewall
The unauthorized access prevention to or from a private network is enforced with a
firewall. It can be used as a combination of hardware and software, or individually for
preventing unauthorized internet access and traffic.
It stops unnecessary inbound traffic and gives system security layer for the system. It
secures network mapping and intrusions. The below mentioned list depicts the commonly
used firewall applications:
17
c) The System vulnerability
d) The Libxslt vulnerability
e) The Wget vulnerabilities
Therefore, with so many issues identified it is mandatory to rectify the solution and the following
aspects are considered for securing the system:
1. The System must be kept Up-to-date at regular and timely schedule
The system must be updated frequently by the user.
2. Utilize less user account
Always, it is suggested to make use of just less user account.
3. Network that faces issues must be removed.
Networks face issues related to services that must be isolated or it must be discarded
from the system. This confirms to improve the system’s performance in the whole network,
including the system. Moreover, this directs towards less possibilities for security threats. The
following process could be implemented:
Identify running services for instance TCP etc.
Identify the service to be discarded.
Un-installation of the listening services.
4. Remove unused network facing services
Basically, the network facing services that are not required for the investigated system
must be removed. This process is helpful in diminishing the attacks in the running processes
and in the installed packages. It involves the below mentioned processes:
1) The determination of the running services for instance, TCP, UDP etc.
2) The determination of the services to be discarded.
3) Uninstalling the listening services.
5. Configure firewall
The unauthorized access prevention to or from a private network is enforced with a
firewall. It can be used as a combination of hardware and software, or individually for
preventing unauthorized internet access and traffic.
It stops unnecessary inbound traffic and gives system security layer for the system. It
secures network mapping and intrusions. The below mentioned list depicts the commonly
used firewall applications:
17
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
i. To secureLayer 7, Imperva’s cloud-based web application firewall is the right
option, because it contains the capacity of securing web applications from all sorts
of attacks in the application-layer, including OWASP Top 10.
ii. It is advantages in detecting the application layer related threats, OWASP Top 10
and zero-day vulnerabilities. On the other hand, it protects from various
exploitations.
6. Hardening SSH Access
For establishing connection with the system, by default password authentication is
required via SSH. The SSH utilizes a cryptographic key pair due to its high security.
Whereas, the SSH’s private key uses password which iscomplex to brute force the attacks.
The Harden SSH access comprises of the following processes, they are:
i. The authentication key pair must be created.
ii. The options of SSH Daemon is utilized for disallowing the root logins over the
SSH, and simultaneously the SSH password authentication is disabled.
iii. For the login protection of SSH, the Fail 2 Ban can be utilized, as it helps in
monitoring several protocols, along with the prevention of security deterrence
for the servers.
iv. For having a secure SSH, the extremely beneficial method is to use the login
based on the public or the private key. This can be seen in the
SSH/OpenSSH/Keys.
v. By knowing the importance of password, the password authentication’s
importance is understood to be the most easy approach for securing the SSH,
to disable the root login. It also helps with changing the SSH portfrom a
standard port 22 to some other thing.
vi. It is necessary to create a new SSH user before disabling the root login and
further it is required to take care that the user belongs to the administrative
group.
All the above mentioned steps ensures effective and secure system and it is also
determined that Ubuntu is highly secure.
18
option, because it contains the capacity of securing web applications from all sorts
of attacks in the application-layer, including OWASP Top 10.
ii. It is advantages in detecting the application layer related threats, OWASP Top 10
and zero-day vulnerabilities. On the other hand, it protects from various
exploitations.
6. Hardening SSH Access
For establishing connection with the system, by default password authentication is
required via SSH. The SSH utilizes a cryptographic key pair due to its high security.
Whereas, the SSH’s private key uses password which iscomplex to brute force the attacks.
The Harden SSH access comprises of the following processes, they are:
i. The authentication key pair must be created.
ii. The options of SSH Daemon is utilized for disallowing the root logins over the
SSH, and simultaneously the SSH password authentication is disabled.
iii. For the login protection of SSH, the Fail 2 Ban can be utilized, as it helps in
monitoring several protocols, along with the prevention of security deterrence
for the servers.
iv. For having a secure SSH, the extremely beneficial method is to use the login
based on the public or the private key. This can be seen in the
SSH/OpenSSH/Keys.
v. By knowing the importance of password, the password authentication’s
importance is understood to be the most easy approach for securing the SSH,
to disable the root login. It also helps with changing the SSH portfrom a
standard port 22 to some other thing.
vi. It is necessary to create a new SSH user before disabling the root login and
further it is required to take care that the user belongs to the administrative
group.
All the above mentioned steps ensures effective and secure system and it is also
determined that Ubuntu is highly secure.
18
References
DONG, Y., REN, K., WANG, S. and ZHANG, S. (2010). Construction and Certification of a
Bytecode Virtual Machine. Journal of Software, 21(2), pp.305-317.
HU, Y., XIAO, R., JIANG, J., HAN, J., NI, Y., DU, X. and FANG, L. (2013). Virtual
machine memory of real-time monitoring and adjusting on-demand based on Xen virtual
machine. Journal of Computer Applications, 33(1), pp.254-257.
Jendrosch, M., Dueck, G., Gracie, C. and Hinkenjann, A. (2014). PC Based Escape Analysis
in the Java Virtual Machine. Lecture Notes on Software Engineering, pp.16-20.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8),
p.4.
Veloz, J., Alcivar, A., Salvatierra, G. and Silva, C. (2017). Ethical hacking, una metodología
para descubrir fallas de seguridad en sistemas informáticos mediante la herramienta KALI-
LINUX. Informática y Sistemas: Revista de Tecnologías de la Informática y las
Comunicaciones, 1(1).
19
DONG, Y., REN, K., WANG, S. and ZHANG, S. (2010). Construction and Certification of a
Bytecode Virtual Machine. Journal of Software, 21(2), pp.305-317.
HU, Y., XIAO, R., JIANG, J., HAN, J., NI, Y., DU, X. and FANG, L. (2013). Virtual
machine memory of real-time monitoring and adjusting on-demand based on Xen virtual
machine. Journal of Computer Applications, 33(1), pp.254-257.
Jendrosch, M., Dueck, G., Gracie, C. and Hinkenjann, A. (2014). PC Based Escape Analysis
in the Java Virtual Machine. Lecture Notes on Software Engineering, pp.16-20.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8),
p.4.
Veloz, J., Alcivar, A., Salvatierra, G. and Silva, C. (2017). Ethical hacking, una metodología
para descubrir fallas de seguridad en sistemas informáticos mediante la herramienta KALI-
LINUX. Informática y Sistemas: Revista de Tecnologías de la Informática y las
Comunicaciones, 1(1).
19
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.