IT395_ERIC_CLARKSON_UNIT_4_ASSIGNMENT
docx
keyboard_arrow_up
School
Purdue Global University *
*We aren’t endorsed by this school
Course
395
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
11
Uploaded by BarristerRiverRook47
1
Unit 4 Assignment
IT395 Certified Ethical Hacking II
Eric Clarkson
Purdue Global University
Professor Donald McCracken
September 19, 2023
2
As a student of computer science, I have always been fascinated by virtual machines and their potential applications. However, my recent experience with VirtualBox and virtual machines has taught me that resolving technical difficulties can be a demanding and complex task.
On September 17, 2021, at 6:30 p.m., I embarked on an endeavor to boot a provided Windows XP VM correctly with VirtualBox. Despite numerous attempts to double-check and reconfigure the settings, the problem persisted. It became clear that an alternative solution was necessary. Ultimately, I located and installed a compatible VM of Windows XP.
3
However, this resolution led to another issue. Kali Linux was found to be lacking Armitage, which was not present in the repository. Several attempts were made to troubleshoot the issue, but unfortunately, they were unsuccessful, and the virtual machines began to pause, forcing VirtualBox to be closed altogether. Upon restarting VirtualBox, it became apparent that the memory was running low, causing the browser and mouse pointer to lag.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
An investigation into the root cause of this issue was conducted, and a system check was performed. Despite cleaning up unused apps, duplicate files, and screenshots, the same problem persisted when attempting to run VirtualBox again. A screenshot of my Windows Surface Pro 7 storage has been included below.
It is suspected that the installation of Windows XP added an extra burden on the device's memory, which was already high due to the installation of VirtualBox and previous VMs. As of now, it is 11:36 p.m., and a solution to the current issue has yet to be found.
5
The benefits of virtualization are numerous, and the ability to run multiple operating systems on a single device can be a game-changer. However, it is also essential to recognize that virtualization presents unique challenges. Technical difficulties can arise, and resolving them can
6
be a complex and demanding task. Nonetheless, with patience, persistence, and a willingness to learn, virtualization can be a valuable tool for any computer scientist or IT professional.
In conclusion, my recent experience with VirtualBox and virtual machines has taught me the importance of problem-solving, troubleshooting, and research. Although the current issue remains unresolved, I am confident that I will find a solution and continue to reap the benefits of virtualization. As I move forward in my studies and career, I will carry these lessons with me and
continue to learn and grow as a computer scientist.
1.
When Windows first released Windows 2000, a default install resulted in IIS being installed and running. Why do you think Microsoft was criticized for this? What are
some vulnerabilities present in early versions of Microsoft’s Web server? 200 words minimum.
When Windows 2000 was first released, it came pre-installed and running by default with
IIS (Internet Information Services). Some users and industry professionals reacted negatively to Microsoft's choice. The biggest problem was that IIS had a reputation for being prone to attacks, which could jeopardize the system's security.
One of the primary grounds for the criticism was IIS's history of security flaws. Indeed, the Code Red and Nimda infections, which caused extensive harm to computer systems in the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
early 2000s, took advantage of IIS vulnerabilities. These occurrences emphasized the need for enhanced security measures, prompting Microsoft to issue a series of patches and upgrades to fix
the vulnerabilities.
Another problem with IIS was that it was built to work with other Microsoft products like
Active Directory and Exchange Server. As a result, any security issues in these products could also affect IIS, making it more vulnerable to assaults. Furthermore, IIS was notorious for being difficult to deploy and secure correctly, increasing the risk of security breaches.
Despite these reservations, Microsoft continued to incorporate IIS with Windows and gradually improved its security features. For example, in Windows Server 2003, a new security architecture called "Secure by Default" was introduced with the goal of reducing the system's attack surface and making it more resistant to attacks.
Overall, the choice to incorporate IIS with Windows 2000 was contentious, raising concerns about the system's security. However, in the following releases, Microsoft took measures to remedy the vulnerabilities and improve the overall security of IIS. It serves as a reminder that while designing and deploying software, security should always be a primary priority, especially for web servers and other internet-facing applications.
8
1.
What are some of the problems that might results from only deploying a firewall at the perimeter of an organization? Do most Linux distros come with a firewall? If so,
explain it. What are some of the features of Microsoft’s “Internet Connection Firewall”? 300 words minimum.
The initial implementation of a firewall at the network's perimeter is unquestionably a critical step toward system security. However, relying entirely on this strategy may expose the network to a variety of dangers. Insider threats, sophisticated threats, and misconfiguration concerns are examples of what a firewall cannot completely prevent.
Because firewalls cannot prevent malicious or irresponsible personnel from creating damage, insider attacks pose a serious challenge to network security. Advanced threats such as zero-day exploits and targeted assaults can circumvent standard security measures such as firewalls and inflict severe network damage. Furthermore, incorrectly designed firewalls might expose security flaws that attackers can exploit, rendering firewalls ineffective.
Most Linux distributions include a firewall, usually iptables, a command-line application that allows users to configure firewall rules. Although strong, iptables can be difficult to use, especially for novices. Microsoft's Internet Connection Firewall (ICF), on the other hand, is a user-friendly alternative that provides extensive protection against incoming internet traffic. ICF features an "Internet Connection Sharing" feature that lets numerous computers share a single
9
Internet connection while protecting them from typical attacks such as port scanning, denial of service, and buffer overflow.
ICF is available on Windows XP and later but is disabled by default. It is simple to enable in the Windows Control Panel. When enabled, ICF by default blocks all incoming traffic and allows only specifically approved traffic. Furthermore, ICF's "Application Exception Lists" feature allows users to select which programs can communicate through the firewall, making it suited for applications that require specific ports to be available or those that are by default blocked by the firewall.
Although implementing a firewall at the network's perimeter is an important first step toward securing it, it is insufficient in the absence of other security measures such as intrusion detection systems, endpoint protection, and employee training. These additional safeguards defend the network from a wide range of threats, making it as secure as feasible.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
References
Dosal, E. (2018, April 2).
5 firewall threats and vulnerabilities to look out for
. Cybersecurity Solutions | Enterprise IT Security Services Provider | Compuquip.
https://www.compuquip.com/blog/firewall-threats-vulnerabilities
Ellingwood, J. (2014, May 2).
How the Iptables firewall works
. DigitalOcean | The Cloud for Builders.
https://www.digitalocean.com/community/tutorials/how-the-iptables-firewall-
works
Gomez, B. (2022, September 19).
Does Linux need a firewall & how to configure the Linux firewall WI..
. Linux Security.
https://linuxsecurity.com/features/does-linux-need-a-
firewall-how-to-configure-the-linux-firewall-with-firewall-cmd
Laverty, S. (n.d.).
The disadvantages of a firewall
. Small Business - Chron.com.
https://smallbusiness.chron.com/disadvantages-firewall-62932.html
Naraine, R. (2009, May 21).
Microsoft accused of downplaying IIS flaw - vulnerability database | Vulners.com
. Vulners Database.
https://vulners.com/threatpost/THREATPOST:765141925BCF61E1BEC4EA2
E7E28C380
Roberts, P., & IDG News Service. (2003, March 17).
Microsoft warns of Windows 2000 flaw, IIS
exploit
. Computerworld.
https://www.computerworld.com/article/2581386/microsoft-
warns-of-windows-2000-flaw--iis-exploit.html
11
Rouse, M. (2011, August 19).
What is an internet connection firewall (ICF)? - Definition from Techopedia
. Techopedia.com.
https://www.techopedia.com/definition/2424/internet-
connection-firewall-icf
Spencer, J. (2022, October 21).
Windows XP's internet connection firewall (ICF)
. Practically Networked.
https://www.practicallynetworked.com/windows-xps-internet-connection-
firewall-icf/
Stevanovic, I. (2023, May 6).
What is Windows firewall and how do you turn it off?
DataProt | Cybersecurity Product Reviews, Tips & Latest News.
https://dataprot.net/articles/windows-firewall/
Those years make us tremble in fear of the IIS vulnerability- - vulnerability database | Vulners.com
. (2018, November 23). Vulners Database.
https://vulners.com/myhack58/MYHACK58:62201892148