_6-1 Lab Activity_ Closing Security Holes

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

18TW1

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by ElderLightning8081

6-1 Lab Activity: Closing Security Holes 1 Ryan White 6-1 Lab Activity: Closing Security Holes Professor Donald Champion 10/29/2023 Southern New Hampshire University

6-1 Lab Activity: Closing Security Holes 2 1. What attack tool(s) did you choose to conduct a sophisticated technical attack that would exploit vulnerabilities in the target system? Provide a screenshot where the lab confirmed you successfully performed the attack. The attack tools used to conduct a sophisticated attack which would exploit vulnerabilities in the target system are Armitage and Windows Server Messenger Block (SMB) in Metasploit to attack the machine. This attack was done through two methods, the first being the SMB vulnerability which allows for a system crash. This is done through the windows server and can cause lasting damage and access other system vulnerabilities. The second attack was performed through the Kali Linux server which comes with Armitage for exploitation and Metasploit already installed which is built for penetration testing. These two attacks focused on exploiting a vulnerable database called Postgres database, this attack works to achieve account privileges and compromise the servers (Infosec, 2023).

6-1 Lab Activity: Closing Security Holes 3 2. What countermeasure(s) did you choose to prevent the target system from being exploited? Provide a screenshot where the lab confirmed you successfully deployed the countermeasure. The first countermeasure that was used to prevent the system from being exploited was to implement a firewall as it is the first line of defense against an attacker. The firewall would have a list of rules and only users with the correct answers to those rules would be allowed into the system. The wrong answer would reject the user from being able to enter that system and therefore would prevent the spread of an attack. As the system currently does not have a firewall, I will implement one. Closing ports also ensures that the attacker can not enter certain parts of the system and is imperative when implementing a firewall. In this case we will block port 445 from entering the system under a new rule which applies to the system domain, private, and public connections. We will then use a reverse connection and the system will be safeguarded through the use of SMB being turned on for firewalls ( Vandenberghe, 2019).

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

6-1 Lab Activity: Closing Security Holes 4 3. How might you go about deconstructing a basic attack that exploits a vulnerability in a target system in a real-world situation? Logically support your explanation with examples from the lab and module resources. In deconstructing a basic attack that exploits a vulnerability in a target system in a real- world situation I would follow the lab examples and patch the issue that was made. This includes updating the entire system to the newest version. This security update would patch the way into the security system and prevent any attackers from doing more harm. This will essentially block the intruders' way into the system. A basic hack into the system can be easily patched, security updated, and documentation recorded in case of future events. It is also important to review all security policies, procedures, and guidelines in order to stay in compliance with company and NIST standards (Infosec, 2019).

6-1 Lab Activity: Closing Security Holes 5 4. How might you go about developing effective countermeasures to an attack in a real- world situation? Logically support your explanation with examples from the lab and module resources. In developing effective countermeasures to an attack in a real-world situation it is important to ensure that procedures are up to date. The company should be prepared for a breach at any moment. Creating rules for open or closed ports will allow only proper users to enter the system and will prevent unauthorized users from entering. Ports should be opened or closed depending on the level of administrative use the user will need as well as the safety of each user. Systems should be monitored and managers should ensure all policies and procedures are up to date, training is up to date, and the system has implemented firewalls. Utilizing attack countermeasures such as network security controls can dictate who has access to what, when,

6-1 Lab Activity: Closing Security Holes 6 and where. With the assistance of network administrators countermeasures can be implemented easily. If network administrators are not available to the company 24/7 it would be a cost savings to have third party monitoring. This can lead to less expenses for the company in the long run and is an effective countermeasure for a cyber attack. The below table outlines the ATT&CK Model that can also be used in countermeasures and implementation of software, techniques, and different tactics to be used (Scheldt, 2023). Reference Infosec. (2023). Closing Security Holes . https://lab.infoseclearning.com/course/IWNTZJCEVC/lab/QIWVSVYMQD Scheldt, A. (2023, August 21). What is a countermeasure in computer security? CompTIA.org. https://www.comptia.org/blog/what-is-a-countermeasure-in-computer-security

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

6-1 Lab Activity: Closing Security Holes 7 Vandenberghe, G. (2019, September 12). Visually assessing possible courses of action for a computer network incursion . Cyber Security Training, Degrees & Resources | SANS Institute. https://www.sans.org/white-papers/1786/