Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Cion Sandidge

InClass Assignment6 CTEC350 (1) (1)

advertisement 
InClass-Assignment6
You should be submitted in Backboard CTEC350\ InClass-Assignment6: due date.
Due Date: 9/25/19 (10:00 pm)
Chapter 8
1. Explain that this section describes several tools used to discover vulnerabilities on
Windows systems. Using several tools collectively is advisable because they help you
pinpoint problems more accurately.
-The tools discussed for discovering vulnerabilities are built in windows tools, MBSA,
and antivirus solutions.
2. Explain to students that they can check the CVE and CERT Web sites to determine
vulnerabilities for any OS.
-CVE Websites hold research on vulnerability relevant to security tests. Security testers
use the information from CVE Websites to tests windows computer
3. Describe NetBEUI as a fast, efficient network protocol that allows NetBIOS packets to
be transmitted over TCP/IP.
-NetBEUI, also known as NetBios Extended User Interface, is a fast and efficient
network protocol that allows NetBIOS packets to be transmitted over TCP/IP. The
program allows computers to communicate in a local area network.
4. Explain that Server Message Block (SMB) is used to share files and usually runs on top
of NetBIOS, NetBEUI, or TCP/IP.
-SMB is used to share files, it was later replaced by CIFS.
5. Explain the main problems of having a Web server installed on your network and provide
some recommendations to better secure it.
-Its more costly than electronic website hosting and needs custom maade engineering and
design,
6. Explain that although IIS 6.0 (Windows Server 2003) through IIS 10.0 (Windows Server
2016) are installed in a “secure by default” mode, previous versions left crucial holes that
made it possible for attackers to sneak into a network.
-Secure by default means the default configurations setting are the most secure settings
possible, but as updates and patches come about the previous default setting may not be
so secure anymore.
7. Explain that it makes sense to disable unneeded services and delete unnecessary
applications or scripts, since they are an open invitation for attacks.
-Unneeded applications should be deleted because they receive less attention as others.
You may not update and patch them like you do used apps, which causes vulnerabilities
that are open for attacks.
8. Explain how filtering out unnecessary ports can protect systems from attack. Discuss
some of the ports frequently subject to attack.
-Some commonly attacked ports are 20, 22, and 80. Port 20 is a TCP port, 22 is a SSH
port, and port 80 is a HTTP port. Filtering out exploitable ports will reduce the risk of
attacks. Often ports are used to attack other sources which gives greater reason to filter
them out.
9. Explain that like any OS, Linux can be made more secure if users are aware of its
vulnerabilities and keep current on new releases and fixes.
-If the user keeps current with updates and patches a linux OS can be deemed more
secure than Windows. The fact is windows has far more viruses than linux which gives
linux the upper hand.
Related documents
OSI Model Reference Chart
OSI Model Reference Chart
Network Switch Diagnostic Chart
Network Switch Diagnostic Chart
Across 2. HTTP 4. TCP 10. ports used for specific applications like
Across 2. HTTP 4. TCP 10. ports used for specific applications like
This worksheet
This worksheet
Laura Kier Submission for Errata IT Essentials Fifth Edition Page
Laura Kier Submission for Errata IT Essentials Fifth Edition Page
Pertemuan 23 Overview of Transport Layer Ports 1
Pertemuan 23 Overview of Transport Layer Ports 1
choose one Well-Known TCP Port Numbers
choose one Well-Known TCP Port Numbers
ch8
ch8
CEH Summarized
CEH Summarized
Hands-On Ethical Hacking and Network Defense by Michael T. Simpson, Nicholas Antill (z-lib.org)
Hands-On Ethical Hacking and Network Defense by Michael T. Simpson, Nicholas Antill (z-lib.org)
Hands-On Ethical Hacking and Network Defense ( PDFDrive )
Hands-On Ethical Hacking and Network Defense ( PDFDrive )
OlO
OlO
Hands on Hacking - Become an Expert at Next Gen Penetration Testing and Purple Teaming (Matthew Hickey, Jennifer Arcuri) (z-lib.org)
Hands on Hacking - Become an Expert at Next Gen Penetration Testing and Purple Teaming (Matthew Hickey, Jennifer Arcuri) (z-lib.org)
Network Security Assessment, 2nd Edition
Network Security Assessment, 2nd Edition
Download
advertisement