RBrown_Module 03 Assignment - Security Threats and Countermeasures_021824
pdf
keyboard_arrow_up
School
Rasmussen College, Minneapolis *
*We aren’t endorsed by this school
Course
123
Subject
Information Systems
Date
Feb 20, 2024
Type
Pages
8
Uploaded by GrandFog13041
Module 03 Assignment - Security Threats and Countermeasures
Roy Brown
Rasmussen University
CIS1648C Section 01 Hardware and Software II
Christine Stagnetto-Zweig
2-18-24
IT Department Training Manual
Case Scenario
One of the clients has been exposed to numerous malware threats recently. The client has asked
for training for users on three of the malware threats, the risks and exposure from those threats,
and security and configuration steps from a network and operating system standpoint that could
prevent these threats. Once the three threats are discussed, the users need to better understand
how to protect the physical security of their workstations, network equipment, and servers. Lastly,
the users need to better understand how to troubleshoot computers that have been exposed to
malware threats. What steps should be taken to identify, disable, and remove the malware and
prevent future exposure?
Using this template, in a 3–4-page paper, create a training module that describes three threats to
the computing environment and details steps for installing and configuring countermeasures.
Malware/Threat #1
a.) Define a specific type of threat.
Cybercriminals often use phishing because it's easy to accomplish and can produce the results they're
looking for with minimal effort. Phishing is the fraudulent attempt to collect sensitive information, or
data, such as usernames, passwords, and credit card details by pretending oneself as a trustworthy entity
in an electronic communication. They do so by addressing emails or building web pages designed to
collect an individual's online bank, credit card, or other login data. These emails and network pages look
like legitimate organizations users trust them and insert their personal information.
b.) Discuss the risks and exposure associated with the threat.
Fraudulent emails, text messages, and websites organized to look like they're from trustworthy
organizations. They're sent by criminals to steal private and financial information. The threats of being
phished are now widely recognized. Successful phishing elaborates on the scammer achieving
unauthorized access to an organization’s private information, which they use for personal gain. Some of
the most well-known pieces of information that phishers steal are bank account details. Once captured,
phishers may be able to use this information to withdraw funds from the account or execute an online
transaction utilizing the victim’s banking.
c.) Provide security installation and configuration steps that address network security in different
operating systems (e.g., best practices for router configurations for Windows and Linux).
A firewall is an essential part of our network security to defense against online attackers. First, we need to
secure our firewall. If an attacker can obtain administrative access to our firewall, our network security
will be in trouble. We need to configure our firewall—next architect the firewall zones and IP address to
protect the valuable assets on our network. Then we can set an access control list. Now that we have
established the network ones and assigned them to interfaces, we should determine which traffic needs to
flow into and out of each zone. Also, configure other firewall services and logging. After all, test your
firewall configuration. In a test environment, verify that the firewall works as intended. Don't forget to
check that the firewall blocks traffic that should be blocked according to the ACL configurations. After
we have configured the firewall settings, we need to monitor the logs and update the firmware when
available, vulnerability scans must be performed, and firewall rules must be reviewed at least every six
months. Finally, be sure to document the process and be diligent about performing these ongoing tasks to
ensure that the firewall continues to protect our network.
Malware/Threat #2
a.) Define a specific type of threat.
A computer worm is a sort of malware program that replicates quickly and spreads through a network by
exploiting security vulnerabilities. A worm spreads from an infected computer by sending itself to all of
the computer’s contacts and then immediately to the other workstations' contacts. It can spread through
email attachments, text messages, file-sharing programs, social networking sites, network shares,
removable drives, and software vulnerabilities.
b.) Discuss the risks and exposure associated with the threat.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Users should be familiar with a computer worm's signs so that they can immediately recognize viruses
and initiate the process of computer worm removal. Some of the common symptoms of computer worms
are Slow computer performance, freezing or crashing, programs opening and running automatically,
emails sent to contacts without the user’s knowledge, missing or modified files, etc. Computer worms can
modify and delete files, and they can even insert additional malicious software onto a computer.
Sometimes a computer worm’s mission is to make copies of itself repeatedly, depleting system sources,
such as hard drive space, by overloading a shared network. Besides, worms can also steal data, install a
back door, and enable a hacker to command a computer and its system settings.
c.) Provide security installation and configuration steps that address network security in different
operating systems (e.g., best practices for router configurations for Windows and Linux).
Because software vulnerabilities are significant infection vectors for computer worms, be sure your
computer’s operating system and applications are updated with the newest versions. Install these updates
as presently as they’re available because updates usually include patches for security flaws. Be sure to
invest in a secure internet security software solution that can accommodate specific block threats. The
right product should possess anti-phishing technology and defenses against viruses, spyware,
ransomware, and other online risks.
Antivirus software is the first preventive step on how to prevent computer worms and viruses. Most
viruses will be detected by anti-virus as long as the anti-virus software is up to date. Users must run
anti-virus software on their computers. Malware removal software allows you to detect and remove
adware, spyware, and other malicious software types. Run these malware removal tools, especially after
installing free or sponsored software. Computers, routers, and different devices must use the same
encryption. WPA2 is the most robust encryption, and it is available on almost all the newest routers so,
make sure you configure your router to the most substantial connection. Allow specific devices to access
your wireless network. Every machine that can communicate with a network is assigned a unique Media
Access Control address. Wireless routers typically have a mechanism to allow only devices with
particular MAC addresses to access the network. Some hackers have copied MAC addresses, so don't rely
on this step alone. Change the name and the password of the router from the default to something unique
that only you know. Also, some routers allow an option to enable remote access to router’s controls to
allow the operator to implement technical support, so never leave this feature approved. Manage your
router up to date. To be protected and practical, the software that comes with your router needs occasional
updates.
Malware/Threat #3
a.) Define a specific type of threat.
A Trojan horse is some sort of malware that hides its actual content to fool a user into believing it's a
harmless file. A trojan horse can be used by cyber-thieves and hackers trying to obtain access to users'
operations. Once initiated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and
allow hackers to remotely access and command a computer, frequently for uploading, downloading, or
affecting files at will.
b.) Discuss the risks and exposure associated with the threat.
Trojan horse is also known to produce backdoors to give malicious users access to the system. They are
destroying files, taking data, or initiating and expanding other malware, such as viruses. Unlike viruses
and worms, Trojans do not replicate by affecting other files; neither do they self replicate. Trojans need to
spread through user interaction, such as starting an email attachment or downloading and running a file
from the Internet.
c.) Provide security installation and configuration steps that address network security in different
operating systems (e.g., best practices for router configurations for Windows and Linux).
Computer security starts with installing and running an internet security suite. Continue intermittent
diagnostic scans. You can set, so the program operates scans automatically during regular periods.
Modernize your operating system’s software as quickly as updates are offered from the software
corporation. Cybercriminals manage to utilize protection gaps in outdated software applications. Besides,
you should also monitor updates on other software that you use on your computer. Protect your accounts
with complex, unique passwords. Generate a unique password for every account using a complex
combination of letters, numbers, and symbols. Keep your personal information safe with firewalls.
Backup your files frequently. If a Trojan affects your workstation, this will support you to restore your
data. Be cautious with email attachments. To help stay protected, scan an email attachment first.
4.) Include a discussion on the need for physical security for the workstations, network equipment, and
servers.
Trojan can be challenging to remove because they turn into hidden files on your computer. First, identify
the Trojan. After identifying a file infected with a Trojan horse, it becomes simple to remove. Most of the
time, your system will give you a DLL error associated with the Trojan attack. Next, disable the function
of the system restore and restart the computer to go into safe mode. Continue to add or eliminate
applications in the control panel, and then you can remove the programs affected with a trojan horse.
After, remove extensions to delete all files of a program, and you should remove them from the windows
system folder. Once successfully done the provided procedures, restart the computer to normal mode.
5.) Describe the steps that should be taken to identify, disable, and remove the malware and prevent future
exposure.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Once a Trojan is installed on your machine, removing it is related to like any other kind of malware, but
that isn't easy—detection of Trojan Horses by the analysis of system behavior and data packets. Trojan
Horse is one of the common severe threats to computer security. Attacks on workstations and networks
are increasing at an alarming rate nowadays. Many attacks are being seen today, and each attack has a
different purpose and uses a mixed strategy to exploit systems. This makes the detection and interception
of the attacks extremely difficult. Even though we have several types of attacks on computers like
malware, viruses, and worms, the trojan horses are most widely used, and their popularity in the field of
security is increasing every day.
References
https://fsapartners.ed.gov/sites/default/files/attachments/presentations/30ITSecurityThreatsVulne
rabilitiesandCountermeasuresV1.pdf
https://www.sciencedirect.com/topics/computer-science/security-countermeasure
https://networklessons.com/cisco/ccna-200-301/network-security-threats-vulnerabilities-and-cou
ntermeasures