Answer 3 discussion questions
Discussion 1: Vulnerability Analysis
The list below, pick the four most significant attacks you would consider in the network security design process. Provide at least four high-level security policies and describe mitigation technologies.
Medium Network Campus Top 10 Attacks
Attack |
Identity spoofing |
Virus/worm/Trojan horse |
Rogue devices |
Sniffer |
Man-in-the-middle (MITM) |
War dialing/driving |
Direct access |
ARP redirection/spoofing |
Remote control software |
Buffer overflow |
Discussion 2: Preparing for an Audit
The result of an information security audit can impact a business significantly. Failure to pass an audit usually means that information systems are not secure. This could result in the loss of customer confidence; the loss of business opportunities and stiff penalties could be imposed if federal regulations and standards were not met. Understanding the audit process can help employees bring more value to their organization. In the following discussion, you will evaluate the audit process and discuss some key issues that organizations should consider.
Instructions;
Read through the following documents
- Gelbstein, E. (2015). IS Audit Basics: Helping Auditees Prepare for an IS/IT Audit (Links to an external site.)Links to an external site.. ISACA Journal, 4. Retrieved from https://www.isaca.org/Journal/archives/2015/Volume…
- Posescu, G., Popescu A., Popescu, C. (2008). Conducting an Information Security Audit (Links to an external site.)Links to an external site.. {PDF file 09KB] Retrieved from http://manager.faa.ro/download/496_714.pdf
- Discuss the following questions: Cite your work:
- According to the Gelbstein article, there are different types of audits. Pick two to discuss. What are they? What do they cover? From the same article outline some important steps ‘auditees’ can take before an audit.
Read through the Popescu article. The authors discuss other important ways to prepare for an audit. Select four areas from this reading that an organization should consider during an audit.
Discussion 3: Windows Security
To many, the most important file on a Windows system is the SAM file. This is where the hashes for the users are stored. The hashes are not salted in Windows, so rainbow tables can be utilized. All of the operating systems prior to Windows Vista use a LM hash and an NT hash. Starting with Windows Vista, only the NT hash is used by default.
Discuss the SAM file and discuss password cracking tools or websites that can be used to crack Windows password hashes. Some of the most popular tools are John the Ripper, Cain, and ophcrack, which are all free. Finally, you might want to mention if the hashes from Active Directory are stored in the SAM file. If not, where are they stored?
Here is a list of some password hashes. You may elect to crack some of them and explain how you did it for part of this discussion. Also, please do not spoil it for your classmates and crack all of the passwords below.
Administrator:””:””:921988BA001DC8E14A3B108F3FA6CB6D:E19CCF75EE54E06B06A5907AF13CEF42
Guest:””:””:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0
krbtgt:””:””:AAD3B435B51404EEAAD3B435B51404EE:69B03C034DA89B3E0A824D393ADBFA75
SUPPORT_388:””:””:AAD3B435B51404EEAAD3B435B51404EE:962F4737E27E2F30C1B2080DE741BEE9
IUSR_SERVER:””:””:F16534E45F5C441F0C9B8A6757A2DD26:9A3D15D3969E1AACBC3E7B001B7AEDB4
IWAM_SERVER:””:””:9CADB50562599885A95F9229BA192885:8A249FC47CBF728107D93F72CBF11F6C
ASP””:””:E9AA7F1E22D9BE4AA31D729B1370A06C:60E269A7615FD554524D39BD6FA03B73
8E3F3522-DBCC-4040-A:””:””:AAD3B435B51404EEAAD3B435B51404EE:73BF9D67BBD187644CF2BCC2AB6E0E8D
antonio:””:””:0ED3D91389ACB5F4B267DF22CB945E3E:895C4794EBABF311D888C27565F4743B
alex:””:””:3C6FFCF797C0CB69B79AE2610DD89D4C:CD9E25FC389A47DFF41DC823ED750ACD
jessica:””:””:6279A086DF44F8674BBF904BD45DD8B6:A12DB999F58484F2BBFAB57D5AC35849
partick:””:””:AA79E536EDFC475E1FD352BDD2352014:D316A79FFAE36A556FEA176E3A663F29
jesse:””:””:81CBBF89080A4C47AAD3B435B51404EE:93DA2C1F3C964AE9105AD7BD566E2561
ajay:””:””:1A75F05EC01E47F0AAD3B435B51404EE:C12A3C6A81704B3BFACEC61CF502EEDE
val:””:””:739A57A8A0CF3013AAD3B435B51404EE:7A3602E4B4CD6BB73E1B0F8D9EBC1593
jimmy:””:””:97BD484586C5D6326159F8F809147DAE:B84FB0AB9693EF6A84675BEAE63FE5A7
elmo:””:””:7B96B77A223162B1AAD3B435B51404EE:2C8A51B3BC2395D6F3623A0B7C4F1CFA
zombie:””:””:E5262769CD7BE10DAAD3B435B51404EE:CF563AC5D3FD5DBF665A4240482467AD
kermit:””:””:85CF5B940A2C076CAAD3B435B51404EE:488CDCDD2225312793ED6967B28C1025
oscar:””:””:85CF5B940A2C076CAAD3B435B51404EE:488CDCDD2225312793ED6967B28C1025
bigbird:””:””:4A1E6840967FA270AAD3B435B51404EE:BB3876FA436EECA003EFD946774F7C5D
luke:””:””:0FB2BA42035F6B70AAD3B435B51404EE:4B43CB4B09E7F914A0AF81DBCC4B7256
vader:””:””:E29AE80C840FCFCCAAD3B435B51404EE:025A8834D18CBF4EBEC5B1B033053070
jabba:””:””:C4568A7A1D15528EAAD3B435B51404EE:3BF83D07E6B7524B6F6CD5788054757F
r2d2:””:””:16209367625F0E2EAAD3B435B51404EE:CA1E2799CF207BBCB88B6FBB3B9AE0B4
c3p0:””:””:5C71E134537B07F6AAD3B435B51404EE:A51CDE4077A4C7860C69B6225DE0B902
chewbacca:””:””:42637E7AA1F0B514AAD3B435B51404EE:D35145AB4433D044FA7A4FB93886381F
han:””:””:B2CE70CE4C795680AAD3B435B51404EE:4552D7D4DA5A5EF21D7C3BD9FCE88E68
lando:””:””:42495678E8EB733AAAD3B435B51404EE:CB8C645F64E630E1526E46D73DAEA40C
SERVER$:””:””:AAD3B435B51404EEAAD3B435B51404EE:D63E48A89A777A96F1007482EB152185
After answering these questions, can you please go on my blackboard and reply to 2 students for each post. So 6 total replies to students. I will give you my login info. The initial answer you can do within 1 day, the replies to other students is due Sunday June 23rd by 11:59pm.