Cybersecurity Project: Operating Systems Vulnerabilities Analysis

Verified

Added on 2022/09/01

AI Summary

This project assesses operating system vulnerabilities within a company in the oil and natural gas sector, where a newly appointed lead cybersecurity engineer needs to provide a security assessment report (SAR) to address observed security breaches and anomalies. The report focuses on vulnerabilities in both Windows and Linux operating systems, utilizing tools like MBSA and OpenVAS for vulnerability scanning. It covers the identification of potential risks, including administrative risks and future unauthorized access, and recommends a plan for organizational management, emphasizing administrative risk control and proactive measures to address vulnerabilities. The project also includes an overview of operating systems, common vulnerabilities, and the importance of effective identity management and security measures. The report provides a comprehensive analysis of the vulnerabilities and suggests the importance of strong passwords, security updates, and effective management to avoid administrative vulnerabilities. The project also includes separate documents for vulnerability assessment tools, security assessment report and a presentation.

Cyberspace & Cybersecurity
Foundations
Name of the Student:
Register ID:
University:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Project 1: Operating Systems Vulnerabilities (Windows and Linux)..................................................................................1
1. Assessment Overview................................................................................................................................................ 1
2. Reason to Conduct Security Review.......................................................................................................................... 1
3. About OS.................................................................................................................................................................. 2
Step 1: OS Overview..................................................................................................................................................... 2
Step 2: OS Vulnerabilities............................................................................................................................................. 3
Step 3: Vulnerability Scanning...................................................................................................................................... 4
Step 4: Review Vulnerability Assessment Tools for OS and Applications........................................................................5
Step 5: Create the Security Assessment Report..............................................................................................................5
Step 6: Develop the Presentation................................................................................................................................... 5
4. Risk Summary.......................................................................................................................................................... 5
5. Conclusion and Recommendation.............................................................................................................................6
References........................................................................................................................................................................ 7

Project 1: Operating Systems Vulnerabilities (Windows and Linux)
1. Assessment Overview
This report revolves around a company in the oil and natural gas sector, where a lead
cybersecurity engineer is newly appointed in a senior-level position. It just been two months
that the cybersecurity engineer is appointed, and still he not aware of the company. In this
company, the higher management takes the decisions related to company's culture, processes,
and IT funding.
The higher level officials of the company have asked him to deliver a
security assessment report/SAR, to represent the vulnerabilities on the available operating
systems. The company has Microsoft and Linux-based operating systems. These OSs are
understood for scanning the vulnerabilities, with the help of a tool.
The lead cybersecurity engineer must help the stakeholders understand that the
identity management can maximize the company’s security for the whole information
system’s infrastructure. And, it is important to have an effective identity management
system, security and productivity benefits, which can outweigh the incurred costs.
2. Reason to Conduct Security Review
The lead cybersecurity engineer has observed several anomalies and incidents, which
are directing towards security breaches. It is still not determined whether the incidents are
taken place by a single or multiple sources.
In this two months, the lead cybersecurity engineer has encountered crashing of three
corporate database servers, identified some anomalies in certain server and router system’s
configuration. As per his expertise he knew that there is some problem in the IT resources.
1

Moreover, he suspects that someone is regularly accessing the company’s user account and
performing configuration modifications illegally. Thus, this demands security review.
3. About OS
Step 1: OS Overview
The OS is controlled by the supervisor and whenever required loads the other OS’s
memory from the disk storage. The roles include managing the resources of a computer like
memory, CPU, printers, and disk drives; establishing user interface; and executing and delivering
the services for the applications software ("Operating Systems", n.d.).
The OS can be referred to a system software which functions as an interface between the
user and a hardware, whereas the application installed by an organization/user can be signified as
a program which performs a particular task (Lithmee, 2018).
Embedded OS is defined as a specialized OS for a device other than a computer, which is
mainly developed for performing a particular task. Its function includes running the code which
allows the device to perform its job. It even facilitates to make the hardware of the device
accessible by the software which runs on the OS (Posey, Wigmore & Rouse, 2019).
The cloud architecture provides various components, software, database, application and
so on for solving the problems faced by different businesses.
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Step 2: OS Vulnerabilities
The Windows and Linux vulnerabilities can hit the organization and must be protected
by the developers and security professionals. The Windows vulnerabilities affect all the
versions that supports Windows (Kelly, 2019). Linux vulnerability affects the functioning of
the system (Johnson, 2018).
Any form of vulnerabilities wither in a Mac OS or mobile devices acts as a serious
security threat to the respective devices, which must be prioritized and protected, as they can
cause serious consequences, along with loss of brand reputation and compliance fines (Blaich,
2017). It can encounter vulnerabilities such as DoS (Denial of Service), execute code, data
theft, memory corruption, make the device susceptible to the third party and avoids the
protection layer (Dimitrova, 2018; "Mobile OS Vulnerabilities: The Lurking Culprits In Your
Mobile Fleet - Mobliciti", n.d.).
Intrusion of the can take place by malware signatures, and with harmful patterns. The
protect methods can include keeping system updated, monitoring the user behavior for
detection of malicious intent, configuration and system settings or with backdoor protection.
The Linux OS can use vulnerability scanners and tools to detect the vulnerabilities.
Intrusion detection system/IDS could be a hardware or a software which utilizes the
known intrusion signatures for detecting and analyzing abnormal activities in the inbound as
3

well as outbound network traffic. Intrusion prevention systems/IPS helps to inspect incoming
traffic in a system to reject malicious requests ("Intrusion Detection & Intrusion Prevention",
2019).
Because they have lots of data of their employees, which can be breached and misused
(Danila Dumitrescu, 2019).
PL/SQL could be vulnerable for the SQL injection attacks. When the PL/SQL code
combines the user input with the query and it is executed, similar issue occurs when a classic
dynamic query is built. XML Injection refers to an attack which is utilized for manipulating or
compromising XML application or service’s logic. The other injections are Blind SQL
Injection and Out-of-Band Injection. Blind SQL Injection/Inferential SQL Injection, does not
directly disclose the data from a targeted database, instead the hacker checks the indirect clues
in the behavior. Out-of-Band Injection refers to a highly complicated attack which the hackers
utilize when they can’t accomplish their set goals in one and direct query-response attack
("What is SQL Injection? Attack Examples & Prevention", 2019).
Step 3: Vulnerability Scanning
The Windows and Linux operating systems are assessed for any vulnerabilities. The
4

vulnerabilities are determined with the help of Microsoft Baseline Security Analyzer (MBSA)
and OpenVAS, respectively.
MBSA is one of the vulnerability assessment tool provided by the Microsoft. This tool
helps the administrators to scan the system for common security misconfiguration, and missing
security updates. This tool can be used for the server operating system, IIS and SQL server.
The other used tool, OpenVAS is a one of the advanced open source vulnerability scanner
and manager which performs vulnerability analysis and assessment. It helps to determine the
vulnerabilities which can be easily overlooked during a manual assessment.
It helps to identify the risk factors, applicable tools, and methods. It is important to have
strong passwords, security updates, and effective management to avoid any administrative
vulnerabilities.
Step 4: Review Vulnerability Assessment Tools for OS and Applications
This part is provided in a separate word document as requested.
Step 5: Create the Security Assessment Report
This part is provided in a separate word document as requested.
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Step 6: Develop the Presentation
PowerPoint presentation attached.
4. Risk Summary
If the organization's leadership does not take any step to protect the OS, then it can lead
to the following risks:
a) Administrative Risk
b) Future Unauthorized Access Risk
5. Conclusion and Recommendation
It is recommended propose a plan for organizational management, which concentrates on
administrative risk control, to take appropriate actions when the professional suspects any
unauthorized action or when the vulnerabilities are encountered. For instance, the plan must
include new workplace policies, and procedures that must be practiced for decreasing the
employee’s exposure to risk conditions.
6

References
Blaich, A. (2017). Mobile vulnerabilities: What they are and how they impact the enterprise.
Retrieved 30 December 2019, from https://blog.lookout.com/mobile-risk-matrix-
vulnerabilities
Danila Dumitrescu, M. (2019). Corporations and governments are now the target- Interview with
Mircea Danila Dumitrescu from Status Today. Retrieved 30 December 2019, from
https://eforensicsmag.com/statustuday/
Dimitrova, M. (2018). 5 macOS Vulnerabilities that Shouldn’t Be Overlooked. Retrieved 30
December 2019, from https://sensorstechforum.com/5-macos-vulnerabilities-shouldnt-
overlooked/
Intrusion Detection & Intrusion Prevention. (2019). Retrieved 30 December 2019, from
https://www.imperva.com/learn/application-security/intrusion-detection-prevention/
Johnson, P. (2018). Top 5 Linux Kernel Vulnerabilities in 2018. Retrieved 30 December 2019,
from https://resources.whitesourcesoftware.com/blog-whitesource/top-5-linux-kernel-
vulnerabilities-in-2018
Kelly, G. (2019). Microsoft Warns New Vulnerabilities Impact Every Version Of Windows 10.
Retrieved 30 December 2019, from
https://www.forbes.com/sites/gordonkelly/2019/08/13/microsoft-windows-10-upgrade-new-
bluekeep-critical-warning-upgrade-windows/#7e275d1e7e1b
7

Lithmee. (2018). Difference Between Operating System and Application Software. Retrieved 30
December 2019, from https://pediaa.com/difference-between-operating-system-and-
application-software/
Mobile OS Vulnerabilities: The Lurking Culprits In Your Mobile Fleet - Mobliciti. Retrieved 30
December 2019, from https://mobliciti.com/mobile-os-vulnerabilities-mobile-fleet/
Operating Systems. Retrieved 30 December 2019, from
https://homepage.cs.uri.edu/faculty/wolfe/book/Readings/Reading07.htm
Posey, B., Wigmore, I., & Rouse, M. (2019). Embedded operating system. Retrieved 30
December 2019, from https://internetofthingsagenda.techtarget.com/definition/embedded-
operating-system
What is SQL Injection? Attack Examples & Prevention. (2019). Retrieved 30 December 2019,
from https://www.rapid7.com/fundamentals/sql-injection-attacks/
8