unit 5 homework
docx
keyboard_arrow_up
School
Columbia Southern University *
*We aren’t endorsed by this school
Course
SEC 4302
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
9
Uploaded by briandjones127
Running head: CVE IN WORKSTATIONS
1
CVEs in the Workstation Domain
Brian Jones
Columbia Southern University
CVE IN WORKSTATIONS
2
CVEs in the Workstation Domain
Lab 5.1a
Both medical professionals and their respective offices must maintain compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to provide security of a
patient’s personal medical records and other personal information. The HIPAA regulations also outline who may access the information and how that information is disseminated to other individuals (Weiss & Solomon, 2016). There are also outlines for the penalties that a medical professional or facility may face if these regulations are not adhered to. This set of regulations and laws extends to the workstation domain, this domain being where most data and information is accessed (HHS, 2017). Their must be provisions for who is authorized to access the workstation otherwise anyone could view the information and potentially use it for nefarious purposes.
Similarly, the Department of Defense (DoD) has its own laws and regulations that must be followed to ensure confidentiality of data. The Cybersecurity Act of 2015, sometimes referred
to as “The Act”, outlines what steps must be taken to secure the information regarding the United
States national security systems and federally owned and operated computers (DoD, 2016). While both the Cybersecurity Act and HIPAA demand a level of security and confidentiality, HIPAA is concerned with personal information whereas the Cybersecurity Act and the DoD are concerned with protection and well being of the nation. A breach or leak of information from a federal computer or database could involve the exposure of national security or military secrets. Therefore, more in-depth vetting of users is conducted before giving an individual access to a DoD system.
Lab 5.1b
CVE IN WORKSTATIONS
3
CVEs
After reviewing the website related to Common Vulnerabilities and Exposures (CVEs) and doing a search for CVEs related to the workstation domain, these were the results.
CVE-2017-14111. Logging functions in ISCV 2.3.0 and earlier Xcelera R4 may allow attackers to use credentials to access the application or use other user entitlements.
CVE-2016-0912. Allows remote authenticated users to bypass intended password change restrictions by leveraging access to a different account with the same role or an account’s session at an unattended workstation.
CVE-2015-8467. This CVE does not properly check for administrative privilege while creating machine accounts. This will allow remote users to bypass intended restrictions.
CVE-2015-4515. This CVE is prevalent in Mozilla’s Firefox application. It will allow attackers to obtain sensitive hostname information.
CVE-2014-0348. When allowing Single Sign-On (SSO) in Artiva Workstation, attackers could remotely login to arbitrary domain accounts by using the same credentials as the Windows Client machine (Mitre, n.d.).
STIGS
After reviewing the site related to Security Technical Implementation Guides (STIGs), it is abundantly clear that there are very strict guidelines in place for the proper use of government workstations, especially pertaining to authorization and confidentiality. Three STIGs that contained pertinent information were as follows.
First is the memorandum on those employees who will be working remotely using government issued equipment. The guide gives explicit instructions on which connection services to use and how to best keep the workstation updated with the latest antivirus
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
CVE IN WORKSTATIONS
4
updates. Perhaps the largest section is the one devoted to encryption to ensure that data can not be viewed or used by unauthorized users.
The next STIG is regarding the installation and use of the VMWare VSphere to enhance the security of any virtual machines or virtual environments in use. The section of the document relating to vulnerability severity is especially interesting. The document assigns severity of vulnerabilities into three categories: Category I, Category II, and Category III. Category I is the most crucial, “any exploitation of a vulnerability will directly and immediately result in the loss of confidentiality, availability and integrity” (DISA, 2015).
The final STIG outlines the proper use of the Defense Collaboration Service (DCS). The DCS is akin to the Microsoft Teams application wherein users from different agencies and offices can gather via video link to discuss projects. The document outlines how to connect with the server and which encryption is best used.
Lab 5.1c
The first potential security issue discussed in the document are the instances of non-DoD approved instant messaging programs being installed on workstations. The programs in question are those that are provided by public companies such as Yahoo and MSN. They are considered security threats because the messages and data flows through a public server that could allow information to be intercepted or altered. Therefore, the use of these programs is prohibited. The document also states that it is the responsibility of the system administrator to perform a check for these programs. The document also states that DoD controlled instant messaging clients are allowed.
CVE IN WORKSTATIONS
5
The next issue discussed, similar to the instant messaging clients, pertains to workstations
having peer-to-peer sharing clients installed. In this case, the responsibility of checking for these clients lies with the system administrator. The clients, such as Napster and Freenet, pose a security threat due to the possibility of loss of sensitive data as well as the broadcasting of a computer existence to others. In addition to the security risks, there are also legal issues involved
with these types of programs including copyright infringement and issues surrounding intellectual property (Vaulted, 2017). Lab 5.1d
Firewall with Advanced Security
The STIG related to Windows firewall and advanced security details the steps that need to be taken to properly configure the firewall to ensure the maximum security possible. The steps
are presented in a natural flow from one step to the next and offer detail on each step of the configuration. Additionally, the steps are included to ensure that both inbound and outbound parameters are set.
Windows 10
1)
Display shutdown button – The button shall be disabled as a remote forced shutdown of the system could be performed.
2)
Clear system pagefile – Any user attempting this must be assigned by an administrator.
3)
Removable media devices – The system should be configured to display an audit section for the attempted transfer of any file from the system to a removable media source regardless of success or failure. 4)
Halt on audit failure – Upon failure of successful auditing functions, the system will notify the administrator to research the cause for failure.
CVE IN WORKSTATIONS
6
5)
Security configuration tools – A key point in the configuration tools section is the hard and fast rule that multifactor authentication must be used to access privileged
and non-privileged functions.
Windows Server 2016
1)
System recovery backups – Backups and audit logs must be backed up to a system
or media other than the system being monitored or audited.
2)
Caching of logon credentials – The ability of users to save logon credentials and passwords must be disabled. 3)
Dormant accounts – Temporary accounts will be terminated after 72 hours and accounts created for emergency use will be removed within 24 hours after the end
of the emergency.
4)
Recycle bin configuration – Privilege of the delete and restore functions of the recycle bin will be limited to those approved by the administrator as unauthorized use could bypass permissions and allow access to sensitive data.
5)
Password uniqueness – Pertaining to the uniqueness of passwords, the default of 24 passwords remembered is deemed to be sufficient. This will prohibit users from continually recycling the same password repeatedly, which would nullify the
requirement to change passwords.
6)
Printer share permissions – Improper configuration of the printer share function can allow unauthorized users access to devices and data beyond their permissions.
Standard users should, therefore, only have access to the Print function.
Lab 5.1e
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
CVE IN WORKSTATIONS
7
The information pertaining to CVEs housed on the site hosted by Mitre are categorized by a CVE number assigned to each vulnerability. The entries themselves are shown as the CVE number (e.g. CVE-1111-1111) followed by a brief description of the vulnerability and any references to the vulnerability such as vulnerability reports and/or advisories. Similar to the Mitre site, the CVEs listed on the National Vulnerability Database (NVD) are categorized by a CVE identification number followed by a summary of the vulnerability and a severity rating.
The entries regarding vulnerabilities listed on both sites are both a security tool and a hinderance to IT security professionals. The listings can be helpful tools because the entries can bring about awareness to potentially damaging exploits for known vulnerabilities. An IT professional can use this information to proactively take steps to defend against an attack looking
to exploit these vulnerabilities. Conversely, an attacker could use the same information to launch an attack on any of the vulnerabilities or use the information to devise a workaround for defenses
that may have put into place to prevent the attack.
Lab 5.2
In summation, there will always be vulnerabilities within any system or network just as there will always be those individuals who seek to exploit those vulnerabilities. Some vulnerabilities are unavoidable such as human error or weaknesses due to natural disaster. Others, however, can be planned for and mitigated with some planning and preemptive steps taken. By building upon past experience and the advice and research of others, a system administrator can customize and configure workstations and servers to make it much more difficult for an attacker to exploit vulnerabilities and corrupt or steal critical data. A successful defense plan will also take into consideration the severity of a potential successful attack by calculating the impact on the confidentiality, availability, and integrity of the data (Ghibanu,
CVE IN WORKSTATIONS
8
2019). Hardening the system against these attacks may be as simple as configuring systems during installation to remove default settings that could allow an attacker to bypass defenses.
CVE IN WORKSTATIONS
9
References
DISA (2015, December 21). VMWare VSphere 6.0 STIG overview. Retrieved from https://dl.dod.cyber.mil/wp-content/uploads/stigs/pdf/U_VMWare_vSphere_6-
0_V1R1_Overview.pdf
DoD. (2016, August 15). DoD’s Policies, Procedures, and Practices for Information
Security Management of Covered Systems. Retrieved from https://media.defense.gov/2016/Aug/15/2001714270/-1/-1/1/DODIG-2016-123.pdf
Ghibanu, I. A. (2019). Vulnerabilities and Threats of Information Systems and Communications. Academic Journal of Economic Studies, 4, 151
. Retrieved from http://eds.b.ebscohost.com.libraryresources.columbiasouthern.edu/eds/pdfviewer/pdfview
er?vid=0&sid=a07054b6-7092-4861-b750-d75cf3d24268%40pdc-v-sessmgr04#
HHS. (2017, June 16). HIPAA for professionals. Retrieved from https://www.hhs.gov/hipaa/for-
professionals/index.html
Mitre (n.d.). Common Vulnerabilities and Exposures. Retrieved from http://cve.mitre.org/cgi-
bin/cvekey.cgi?keyword=workstation+domain Vaulted (2017, July 28). Desktop applications general. Retrieved from https://vaulted.io/library/disa-stigs-srgs/desktop_applications_general
Weiss, M. M., & Solomon, M. G. (2016). Auditing IT infrastructures for compliance
(2nd ed.). Burlington, MA: Jones & Bartlett Learning
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help