CTEC5803 - A Detailed Report on Network Security Vulnerability
VerifiedAdded on 2023/04/21
|20
|5617
|397
Report
AI Summary
This report provides a critical analysis of network vulnerabilities and underlying flaws, focusing on detection, mitigation, and counter-measures. It examines threats such as USB drives, system vulnerabilities, wireless access points, and human Trojans. Mitigation strategies are discussed for each vulnerability, including implementing encrypted file systems, controlling endpoint access, using strong passwords, and enforcing resource policies. The report also highlights the importance of employee awareness and security protocols for portable devices. The analysis is conducted within a virtual machine environment, and the report aims to guide readers in replicating the attack scenario in a GH 5.53 forensic lab. The document concludes with a personal reflection on the tasks performed and the professional development gained. Desklib is a valuable resource for students seeking similar solved assignments and past papers.
Running head: INVESTIGATING NETWORK SECURITY
Investigating Network Security
(GH 5.53 forensic lab)
Name of the student:
Name of the university:
Author Note
Investigating Network Security
(GH 5.53 forensic lab)
Name of the student:
Name of the university:
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INVESTIGATING NETWORK SECURITY
Executive summary
The following study performs a critical assessment of different type of network vulnerabilities and
underpinning flaws. This has involved detection, mitigation and counter measuring of those attacks.
After that, various process of detection, mitigation and counter measurements for various attacks are
also analyzed. The overall task is done within the scenario of virtual machine to avoid the effect of
actual systems. Furthermore, a guidance is provided to measure the network security attacks in the
context of GH 5.53 forensic laboratory. Lastly, a critical reflection is provided in the study on the
overall analysis done and various types of personal experience achieved.
Executive summary
The following study performs a critical assessment of different type of network vulnerabilities and
underpinning flaws. This has involved detection, mitigation and counter measuring of those attacks.
After that, various process of detection, mitigation and counter measurements for various attacks are
also analyzed. The overall task is done within the scenario of virtual machine to avoid the effect of
actual systems. Furthermore, a guidance is provided to measure the network security attacks in the
context of GH 5.53 forensic laboratory. Lastly, a critical reflection is provided in the study on the
overall analysis done and various types of personal experience achieved.
2INVESTIGATING NETWORK SECURITY
Table of Contents
1. Introduction:......................................................................................................................................3
2. Critical analysis of vulnerability and underpinning flaws:................................................................3
3. Guide for setting up system for the attacking scenario:..................................................................11
4. Critical reflection of the task done and personal development gained:...........................................14
5. Conclusion:......................................................................................................................................15
6. References:......................................................................................................................................16
Table of Contents
1. Introduction:......................................................................................................................................3
2. Critical analysis of vulnerability and underpinning flaws:................................................................3
3. Guide for setting up system for the attacking scenario:..................................................................11
4. Critical reflection of the task done and personal development gained:...........................................14
5. Conclusion:......................................................................................................................................15
6. References:......................................................................................................................................16
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INVESTIGATING NETWORK SECURITY
1. Introduction:
The network security is the system activity that is developed for protecting integrity and
usability of network. This also includes providing security to data. This includes various
technologies of software and hardware. It is useful to control the access to networks. This targets
various threats and the stop them to enter or spread then to individual network.
The software vulnerability refers to the defect or flaw in construction software. This is
exploited by attackers for obtaining privileges in the system. This also indicates the vulnerability
offering probable entry points for the system. In this study, the vulnerability present in the software
is examined. This software is been running on the network component and host-machine.
In this report a critical analysis for various vulnerabilities and underpinning flaws are
discusses. This also includes the detecting, mitigating and counter measuring for attacks. Next, a
step-by-step guidance to set up the system for this scenario of attack is investigated. This is done
under the environment of virtual machine for avoiding the impact of real systems. Here, the guide is
considered enough for reproducing the attack under the scenario of GH 5.53 forensic lab. At last, a
critical reflection is provided on the task done and different personal development gained.
2. Critical analysis of vulnerability and underpinning flaws:
It is seen that the present “state-of-the-art” of various network security appliances has been
undertaking huge job. This is to keep the cyber hackers away from invading the business. Various
vulnerabilities for the network security are demonstrated below. This also includes the underpinning
flaws. Besides, the ways to identify, mitigate and countermeasure are also provided hereafter.
1. Introduction:
The network security is the system activity that is developed for protecting integrity and
usability of network. This also includes providing security to data. This includes various
technologies of software and hardware. It is useful to control the access to networks. This targets
various threats and the stop them to enter or spread then to individual network.
The software vulnerability refers to the defect or flaw in construction software. This is
exploited by attackers for obtaining privileges in the system. This also indicates the vulnerability
offering probable entry points for the system. In this study, the vulnerability present in the software
is examined. This software is been running on the network component and host-machine.
In this report a critical analysis for various vulnerabilities and underpinning flaws are
discusses. This also includes the detecting, mitigating and counter measuring for attacks. Next, a
step-by-step guidance to set up the system for this scenario of attack is investigated. This is done
under the environment of virtual machine for avoiding the impact of real systems. Here, the guide is
considered enough for reproducing the attack under the scenario of GH 5.53 forensic lab. At last, a
critical reflection is provided on the task done and different personal development gained.
2. Critical analysis of vulnerability and underpinning flaws:
It is seen that the present “state-of-the-art” of various network security appliances has been
undertaking huge job. This is to keep the cyber hackers away from invading the business. Various
vulnerabilities for the network security are demonstrated below. This also includes the underpinning
flaws. Besides, the ways to identify, mitigate and countermeasure are also provided hereafter.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INVESTIGATING NETWORK SECURITY
USB thumb drives:
They is regarded as one of the popular processes. This can infect any kind of network from
within any type of firewall. The underpinning flaws include the facts that they are small, inexpensive
and holding lots of data (Pathan 2016). Further, they can be utilized between various types of
computers. Here, the ubiquity property of thumb drives is found to drive hackers for developing
targeted malware. This includes Conficker worm. They can automatically undertake establishment
of connecting with the live port of USB. Here, the worse thing is that there are configurations of
default operating system permitting maximum of the programs like malicious ones in running
automatically.
Ways of mitigation:
The default auto run policies of the computer must be modified. One can find data on the
ways to perform under the Windows scenario (FIRST — Forum of Incident Response and Security
Teams 2019). The CVSS or Common Vulnerability Scoring System providing the method to capture
the properties of vulnerability and create numerical score that reflects the severity and textual
representation.
Besides, CVE can be deployed which is a popular exposure and vulnerability identifies. It is
helpful to provide data exchanges such the services and products of cyber security is able to speak
with others (Nvd.nist.gov 2019).
Vulnerabilities in systems:
The laptops are portable, discreet and involved competing the operating systems. They are
able to operate through different internal battery. They have been coming with various handy
Ethernet port. This is to tap directly to network (Singhal and Ou 2017). Besides, the notebook might
USB thumb drives:
They is regarded as one of the popular processes. This can infect any kind of network from
within any type of firewall. The underpinning flaws include the facts that they are small, inexpensive
and holding lots of data (Pathan 2016). Further, they can be utilized between various types of
computers. Here, the ubiquity property of thumb drives is found to drive hackers for developing
targeted malware. This includes Conficker worm. They can automatically undertake establishment
of connecting with the live port of USB. Here, the worse thing is that there are configurations of
default operating system permitting maximum of the programs like malicious ones in running
automatically.
Ways of mitigation:
The default auto run policies of the computer must be modified. One can find data on the
ways to perform under the Windows scenario (FIRST — Forum of Incident Response and Security
Teams 2019). The CVSS or Common Vulnerability Scoring System providing the method to capture
the properties of vulnerability and create numerical score that reflects the severity and textual
representation.
Besides, CVE can be deployed which is a popular exposure and vulnerability identifies. It is
helpful to provide data exchanges such the services and products of cyber security is able to speak
with others (Nvd.nist.gov 2019).
Vulnerabilities in systems:
The laptops are portable, discreet and involved competing the operating systems. They are
able to operate through different internal battery. They have been coming with various handy
Ethernet port. This is to tap directly to network (Singhal and Ou 2017). Besides, the notebook might
5INVESTIGATING NETWORK SECURITY
contain malicious codes that has been found to be running in background. This is been tasked for
scouring the overall network and has been seeking extra systems that has been involved in infecting.
These can also belong to any type of internal employee or other outside guests. They are visiting and
has been the working for the business. Thus beyond the affected laptops consisting in internal
network, it has been vital to thing about the laptops. Here, the companies comprise of various types
of sensitive data. This cannot leave the walls of building absolutely. Examples of this include, social
security numbers, phone numbers, home address, medical records and salary information. This turns
to be harmful as the data is stored to unsecured portable computers (Zhou and Luo 2017). Moreover,
there are publicly disclosed examples of notebook for sensitive data that are found to be missing. Till
the laptop employs complex algorithm of encryption, the data can be recovered easily from any
specific file system.
Ways of mitigation:
Here, any encrypted file system must be implemented for the sensitive information. There
has been various solutions that are off-the-shelf. It has been present there for choosing. It has also
included the open source elements like TyrCrypt. Here, the endpoints must be controlled. This can
be entered or might exit the internal system which is vital. The various sensitive data like Wi-Fi, DV,
and VPN access has not been stored persistently over the devices.
Different wireless access points:
This Wireless APS has been supplying different immediate kind of connectivity to users.
This is under the proximity of network. Here, the attacks of wireless from, wardrives are common.
They have been causing notable damages. For example, it was seen that various popular businesses
has been attacked through this process. Here the intruders accessed the systems that has been
processing and storing different customer transactions. This include merchandise return transactions,
contain malicious codes that has been found to be running in background. This is been tasked for
scouring the overall network and has been seeking extra systems that has been involved in infecting.
These can also belong to any type of internal employee or other outside guests. They are visiting and
has been the working for the business. Thus beyond the affected laptops consisting in internal
network, it has been vital to thing about the laptops. Here, the companies comprise of various types
of sensitive data. This cannot leave the walls of building absolutely. Examples of this include, social
security numbers, phone numbers, home address, medical records and salary information. This turns
to be harmful as the data is stored to unsecured portable computers (Zhou and Luo 2017). Moreover,
there are publicly disclosed examples of notebook for sensitive data that are found to be missing. Till
the laptop employs complex algorithm of encryption, the data can be recovered easily from any
specific file system.
Ways of mitigation:
Here, any encrypted file system must be implemented for the sensitive information. There
has been various solutions that are off-the-shelf. It has been present there for choosing. It has also
included the open source elements like TyrCrypt. Here, the endpoints must be controlled. This can
be entered or might exit the internal system which is vital. The various sensitive data like Wi-Fi, DV,
and VPN access has not been stored persistently over the devices.
Different wireless access points:
This Wireless APS has been supplying different immediate kind of connectivity to users.
This is under the proximity of network. Here, the attacks of wireless from, wardrives are common.
They have been causing notable damages. For example, it was seen that various popular businesses
has been attacked through this process. Here the intruders accessed the systems that has been
processing and storing different customer transactions. This include merchandise return transactions,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INVESTIGATING NETWORK SECURITY
check, debit card, credit cards and so on (Li et al. 2016). Moreover, it is also seen that the intrusion
has been costing more than 500 million dollars till date for many business. Hence, it can be said that
the Aps has been naturally insecure. This is regardless as the encryption has been used or not.
Moreover, the protocols like wireless encryption protocols has been containing various types of
known vulnerabilities. These has been simply compromised with various types o attack framework
such as Aircrack. Here, the more robust protons like WPA or “Wireless Protected Access” and
WPA2. It has been still prone to different types of dictionary attacks. These are as the strong keys
that are found to be not be utilized.
Ways of mitigation:
The WPA2 Enterprise that has been utilizing RADIUS is suggested here with the AP. This is
able to perform authentication and enforce the measures of security. Different mixed and strong
passwords must be utilized and changed on frequent basis. The wireless APs are been connected for
convenience. Hence this has been not needed to have them interconnected to the working scenario
(Sgora, Vergados and Chatzimisios 2016).
Vulnerability for USB devices:
Here, the thumb drives are not the devices that the information technology requires o be wary
of. Here, most of the devices are able to store data within common file systems. This could be
written and read through USB or same connection. And this is not the main activity of the devices
that are very often forgotten as the effective challenges. Here, the fact is that as the endpoint is able
to execute and read the data from the device, they can pose must of the threat as the thumb drive
(Durkota et al. 2015). Here, the devices involves digital picture frames, fax machines, scanners,
printers, AMP3 players and digital cameras. It was reported by Best Buy in 2008, that a virus is
check, debit card, credit cards and so on (Li et al. 2016). Moreover, it is also seen that the intrusion
has been costing more than 500 million dollars till date for many business. Hence, it can be said that
the Aps has been naturally insecure. This is regardless as the encryption has been used or not.
Moreover, the protocols like wireless encryption protocols has been containing various types of
known vulnerabilities. These has been simply compromised with various types o attack framework
such as Aircrack. Here, the more robust protons like WPA or “Wireless Protected Access” and
WPA2. It has been still prone to different types of dictionary attacks. These are as the strong keys
that are found to be not be utilized.
Ways of mitigation:
The WPA2 Enterprise that has been utilizing RADIUS is suggested here with the AP. This is
able to perform authentication and enforce the measures of security. Different mixed and strong
passwords must be utilized and changed on frequent basis. The wireless APs are been connected for
convenience. Hence this has been not needed to have them interconnected to the working scenario
(Sgora, Vergados and Chatzimisios 2016).
Vulnerability for USB devices:
Here, the thumb drives are not the devices that the information technology requires o be wary
of. Here, most of the devices are able to store data within common file systems. This could be
written and read through USB or same connection. And this is not the main activity of the devices
that are very often forgotten as the effective challenges. Here, the fact is that as the endpoint is able
to execute and read the data from the device, they can pose must of the threat as the thumb drive
(Durkota et al. 2015). Here, the devices involves digital picture frames, fax machines, scanners,
printers, AMP3 players and digital cameras. It was reported by Best Buy in 2008, that a virus is
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INVESTIGATING NETWORK SECURITY
found within the picture frames of Insignia that were sold during Christmas. This has been coming
directly from various manufacturers.
Ways of mitigation:
Deploying and enforcing the resource policies and controls that the devices are able to enter
the environment and the time of entering. Next, a follow up must be taken from the frequent policy
reminders. The “department of defence” in 2008, has created policies and then banned USB and
various additional removable data to enter and exit from the scenarios (Shin, Son and Heo 2015).
Inside connections: The internal employees of the company is also able to intentionally and
inadvertently access various sectors of network that should not be accessed to. This also includes the
compromising of endpoints.
The passwords must be changed on regular basis. The levels of access and authentication
must for the employees. Moreover, they must have the overall access to various file shares along
with systems and so on. These are required to fulfill the overall duties. Here, different types of
special requests has been always escalated to the group. Further, any single user that has been having
authority have been authorizing the request (Scott-Hayward, Natarajan and Sezer 2016).
Vulnerability from Trojan human:
The Trojan human has been coming to business in various kinds of disguise. They is done in
the business attire in legitimate repairman. The kinds of tricksters is been known for penetrating
various pretty secure scenarios. This also include server rooms. With the help of individual social
conditioning, there is the tendency of not stopping and making queries to suitably attired person that
are not identified in the environment of business (Shan and Liao 2016). The staffs might not think
found within the picture frames of Insignia that were sold during Christmas. This has been coming
directly from various manufacturers.
Ways of mitigation:
Deploying and enforcing the resource policies and controls that the devices are able to enter
the environment and the time of entering. Next, a follow up must be taken from the frequent policy
reminders. The “department of defence” in 2008, has created policies and then banned USB and
various additional removable data to enter and exit from the scenarios (Shin, Son and Heo 2015).
Inside connections: The internal employees of the company is also able to intentionally and
inadvertently access various sectors of network that should not be accessed to. This also includes the
compromising of endpoints.
The passwords must be changed on regular basis. The levels of access and authentication
must for the employees. Moreover, they must have the overall access to various file shares along
with systems and so on. These are required to fulfill the overall duties. Here, different types of
special requests has been always escalated to the group. Further, any single user that has been having
authority have been authorizing the request (Scott-Hayward, Natarajan and Sezer 2016).
Vulnerability from Trojan human:
The Trojan human has been coming to business in various kinds of disguise. They is done in
the business attire in legitimate repairman. The kinds of tricksters is been known for penetrating
various pretty secure scenarios. This also include server rooms. With the help of individual social
conditioning, there is the tendency of not stopping and making queries to suitably attired person that
are not identified in the environment of business (Shan and Liao 2016). The staffs might not think
8INVESTIGATING NETWORK SECURITY
twice regarding swiping the access card for allowing uninformed workers to their servicing
environment. This takes less time for unsupervised people in server tools for infecting the networks
(Cve.mitre.org 2019).
Things to be done:
Here, reminders must be set to employee regarding authorized third parties. The sources must
be identified through asking questions and without making any assumption.
Optical media:
There has been instances of leaking and stealing confidential information to different public
networks. It is claimed that as they access any networked workstation, he gets access to classified
data that has comprised of authorized credentials for and storing data in encrypted archives (Shin,
Wang and Gu 2015). Hence, for instance, recordable media appearing to be legitimate is used as the
stored data. This has been in and out of the business networks. Besides, it has been similar to
different thumb drives. Moreover, they can be utilized as the source for infection of the overall
network.
Ways of mitigation:
Similar to USB tip, it is vital for implementing and enforcing the resources controlling the
policies across what devices has been able to enter the scenario and when. Next, the frequent policy
reminders are to be followed up.
Hindsight is 20/20:
twice regarding swiping the access card for allowing uninformed workers to their servicing
environment. This takes less time for unsupervised people in server tools for infecting the networks
(Cve.mitre.org 2019).
Things to be done:
Here, reminders must be set to employee regarding authorized third parties. The sources must
be identified through asking questions and without making any assumption.
Optical media:
There has been instances of leaking and stealing confidential information to different public
networks. It is claimed that as they access any networked workstation, he gets access to classified
data that has comprised of authorized credentials for and storing data in encrypted archives (Shin,
Wang and Gu 2015). Hence, for instance, recordable media appearing to be legitimate is used as the
stored data. This has been in and out of the business networks. Besides, it has been similar to
different thumb drives. Moreover, they can be utilized as the source for infection of the overall
network.
Ways of mitigation:
Similar to USB tip, it is vital for implementing and enforcing the resources controlling the
policies across what devices has been able to enter the scenario and when. Next, the frequent policy
reminders are to be followed up.
Hindsight is 20/20:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INVESTIGATING NETWORK SECURITY
Maximum of the list has been found to be focusing on mitigation of the threats. These have
been capitalizing on digital technologies. It must not be forgotten that human mind has also been
efficient at storing data.
Ways of mitigation:
Here, the best process of security is to become overall conscious and become alert. It is the
overall threat while working over type of sensitive elements. Though it has been indicated for
stopping of that has been done to momentarily see the environment (Cvedetails.com 2019).
Smartphones and digital devices:
Currently, the phones has been more than just allowing calls. They have been full filling the
actions of computers, compete with Wi-Fi connections, high storage capacities, multithread
operating systems, huge support of applications and high-resolution cameras. Next, with other
portable devices, there has been green light for business scenarios (Liyanage et al. 2016). The new
devices have the efficiency of posing the similar threats that are seen on thumb drives and systems.
Furthermore, the system comprises of the ability. This is to elude the conventional solutions that are
data-lead preventions.
Ways of mitigation:
Here the similar rules for optical media and USB devics are applicable. Enforcing and
implementation of resource policies and controls across the devices has been able to enter the
scenario and the time of happening (Cwe.mitre.org 2019).
E-mail:
Maximum of the list has been found to be focusing on mitigation of the threats. These have
been capitalizing on digital technologies. It must not be forgotten that human mind has also been
efficient at storing data.
Ways of mitigation:
Here, the best process of security is to become overall conscious and become alert. It is the
overall threat while working over type of sensitive elements. Though it has been indicated for
stopping of that has been done to momentarily see the environment (Cvedetails.com 2019).
Smartphones and digital devices:
Currently, the phones has been more than just allowing calls. They have been full filling the
actions of computers, compete with Wi-Fi connections, high storage capacities, multithread
operating systems, huge support of applications and high-resolution cameras. Next, with other
portable devices, there has been green light for business scenarios (Liyanage et al. 2016). The new
devices have the efficiency of posing the similar threats that are seen on thumb drives and systems.
Furthermore, the system comprises of the ability. This is to elude the conventional solutions that are
data-lead preventions.
Ways of mitigation:
Here the similar rules for optical media and USB devics are applicable. Enforcing and
implementation of resource policies and controls across the devices has been able to enter the
scenario and the time of happening (Cwe.mitre.org 2019).
E-mail:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10INVESTIGATING NETWORK SECURITY
This has been sued frequently under business for sending and receiving information. Besides,
it has been commonly misused. Here, messages having confidential data is easily forwarded to
external targets. Additionally, the e-mails themselves are able to carry harmful viruses. Here the
targeted e-mails are also able to phish for various credentials for success for the staffs. These
credentials that are stolen gets leveraged under the attack of second-stage (Fielder et al. 2016).
Ways of mitigation:
Having the security of email in place, the source can be identified. The sender using he
technologies such as PGP must be identified. Otherwise, a simple array of queries must be utilized
prior sending sensitive data. The control of access to wider alias-based addresses of emails can also
be enforced. Besides, the reminders and policies must also be sent to employees.
3. Guide for setting up system for the attacking scenario:
In order to understand the scenario, the environment of GH 5.53 forensic lab is considered
here. Here, the case within the virtual machines is considered for avoiding the impacts on real
systems. This FSL or Forensic Science laboratory of Ghana police was established for providing
effective scientific support to different criminal investigations. This is the only one forensic service
for them and catering various regions at Ghana. The steps are demonstrated hereafter. Here, the
execution, detection and mitigation processes are also analyzed.
Step 1: Initial assessment:
The assets are to be identified and the critical value and risks are to be defined for every
service. These are based on the input of the clients. It also includes security analysis scanner of
vulnerability. This is also helpful to determine minimum of the importance of the device in the
network of devices that are tested. Moreover, this is also vital to know the devices that can be
This has been sued frequently under business for sending and receiving information. Besides,
it has been commonly misused. Here, messages having confidential data is easily forwarded to
external targets. Additionally, the e-mails themselves are able to carry harmful viruses. Here the
targeted e-mails are also able to phish for various credentials for success for the staffs. These
credentials that are stolen gets leveraged under the attack of second-stage (Fielder et al. 2016).
Ways of mitigation:
Having the security of email in place, the source can be identified. The sender using he
technologies such as PGP must be identified. Otherwise, a simple array of queries must be utilized
prior sending sensitive data. The control of access to wider alias-based addresses of emails can also
be enforced. Besides, the reminders and policies must also be sent to employees.
3. Guide for setting up system for the attacking scenario:
In order to understand the scenario, the environment of GH 5.53 forensic lab is considered
here. Here, the case within the virtual machines is considered for avoiding the impacts on real
systems. This FSL or Forensic Science laboratory of Ghana police was established for providing
effective scientific support to different criminal investigations. This is the only one forensic service
for them and catering various regions at Ghana. The steps are demonstrated hereafter. Here, the
execution, detection and mitigation processes are also analyzed.
Step 1: Initial assessment:
The assets are to be identified and the critical value and risks are to be defined for every
service. These are based on the input of the clients. It also includes security analysis scanner of
vulnerability. This is also helpful to determine minimum of the importance of the device in the
network of devices that are tested. Moreover, this is also vital to know the devices that can be
11INVESTIGATING NETWORK SECURITY
accesses by member of GH 5.53 forensic lab. This also includes their authorized users and
administrators.
Here, various strategic factors are to be considered. Further, a clear understanding of various
details is to be done. They include, countermeasures for every device or service, as the service gets
correlated to the device, treatment of residual risks, practices of risk mitigation and policies for every
device, level of risk tolerance and risk appetite (Czyz et al. 2016).
Step 2: Defining system baseline:
Information must be gathered regarding systems prior the analysis of the vulnerability is
done. A review of the devices must be done for the open services, processes and ports. Those must
not be opened. Further, the approved software and drivers are to be understood. These must not be
installed on those devolves and the primary configuration of every device. As the device of a
perimeter one, this must not possess the default administrator username should be get configured.
Trying to do a banner grabbing or learning the overall type of public data is accessible. This is based
on considerable baseline. It must be also determined whether the device has been sending longs to
the SIEM or “Security Information and Event Management” platform. Besides, the logs that are
stored in core repository has to be determined. Besides, various vulnerabilities and public
information about the vendor, version, device platform and additional relevant details are to be
determined.
Step 3: Performing the vulnerability scan:
Next, proper policy on the scanner is to be used for accomplishing the intended outcomes.
Before starting the scanning of vulnerability, the compliance requirements are to be looked on the
basis of the business and posture of GH 5.53 forensic lab. Then the best date and time is to be found
accesses by member of GH 5.53 forensic lab. This also includes their authorized users and
administrators.
Here, various strategic factors are to be considered. Further, a clear understanding of various
details is to be done. They include, countermeasures for every device or service, as the service gets
correlated to the device, treatment of residual risks, practices of risk mitigation and policies for every
device, level of risk tolerance and risk appetite (Czyz et al. 2016).
Step 2: Defining system baseline:
Information must be gathered regarding systems prior the analysis of the vulnerability is
done. A review of the devices must be done for the open services, processes and ports. Those must
not be opened. Further, the approved software and drivers are to be understood. These must not be
installed on those devolves and the primary configuration of every device. As the device of a
perimeter one, this must not possess the default administrator username should be get configured.
Trying to do a banner grabbing or learning the overall type of public data is accessible. This is based
on considerable baseline. It must be also determined whether the device has been sending longs to
the SIEM or “Security Information and Event Management” platform. Besides, the logs that are
stored in core repository has to be determined. Besides, various vulnerabilities and public
information about the vendor, version, device platform and additional relevant details are to be
determined.
Step 3: Performing the vulnerability scan:
Next, proper policy on the scanner is to be used for accomplishing the intended outcomes.
Before starting the scanning of vulnerability, the compliance requirements are to be looked on the
basis of the business and posture of GH 5.53 forensic lab. Then the best date and time is to be found
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.