Operating Systems Vulnerabilities Windows and Linux Research Paper

Content Type

User Generated

User

Ybhof

Subject

Computer Science

Description

It is not a one question but please see this..The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer's memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer's memory, central processing unit, and storage.The OS coordinates all of these activities and ensures that sufficient resources are allocated. These are the fundamental processes of the information system, and if they are violated by a security breach or exploited vulnerability, that could have a significant impact on the organization.Security for operating systems means protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could include a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data.It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (for any type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS. As you assess your company’s systems, you will likely uncover gaps and errors. These may reveal mistakes that people at the company have made which might embarrass or anger those involved. However, the trust placed in you means that you have a responsibility to report your findings fully and accurately so that you can reduce or eliminate the risk of future unauthorized access. So be fair and follow industry standards, but have the courage to be a force for positive change in your company’s cybersecurity efforts.There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.

this are the criteria:1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.10.1: Identify potential threats to operating systems and the security features necessary to guard against them.

Unformatted Attachment Preview

The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This report should be a sevento eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR. 1. Explain the user's role in an OS. 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. 3. Describe the embedded OS. 4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture 5. explain Windows vulnerabilities and Linux vulnerabilities; 6. explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices; 7. explain the motives and methods for intrusion of the MS and Linux operating systems; 8. explain the types of security awareness technologies, such as intrusion detection and intrusion prevention systems; 9. describe how and why different corporate and government systems are targets; and 10. describe different types of intrusions such as SQL PL/SQL, XML, and other injections. 11. A description of the methodology you propose to assess the vulnerabilities of the operating systems, including an explanation of how this methodology will determine the existence of those vulnerabilities in the your company's OS 12. A description of the applicable tools to be used and any limitations of the tools and analyses, including an explanation of how your proposed applicable tools will determine the existence of those vulnerabilities in your company's OS 13. The projected findings from using these vulnerability assessment tools For the Windows OS: 1. Determine if Windows administrative vulnerabilities are present. 2. Determine if weak passwords are being used on Windows accounts. 3. Report which security updates are required on each individual system. 4. The tool provides a dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other groupings. 1. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, the OpenVAS tool will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. For the Linux OS: 1. Determine if Linux vulnerabilities are present. 2. Determine if weak passwords are being used on Linux systems. 3. Determine which security updates are required for the Linux systems. 1. The tool provides a dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other groupings. 2. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. PRESENTATION: Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. Team members are more interested in the bottom line. You must help these nontechnical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation: • • • • How do you present your technical findings succinctly to a nontechnical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion. How do you describe the most serious risks factually but without sounding too dramatic? No one likes to hear that the entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today. How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand. Be clear about what action you are recommending. Upper-level managers will want to understand not only what you discovered, but also what you propose as a solution. They will want to know what decisions they need to make based on your findings The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This report should be a sevento eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR. 1. Explain the user's role in an OS. 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. 3. Describe the embedded OS. 4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture 5. explain Windows vulnerabilities and Linux vulnerabilities; 6. explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices; 7. explain the motives and methods for intrusion of the MS and Linux operating systems; 8. explain the types of security awareness technologies, such as intrusion detection and intrusion prevention systems; 9. describe how and why different corporate and government systems are targets; and 10. describe different types of intrusions such as SQL PL/SQL, XML, and other injections. 11. A description of the methodology you propose to assess the vulnerabilities of the operating systems, including an explanation of how this methodology will determine the existence of those vulnerabilities in the your company's OS 12. A description of the applicable tools to be used and any limitations of the tools and analyses, including an explanation of how your proposed applicable tools will determine the existence of those vulnerabilities in your company's OS 13. The projected findings from using these vulnerability assessment tools For the Windows OS: 1. Determine if Windows administrative vulnerabilities are present. 2. Determine if weak passwords are being used on Windows accounts. 3. Report which security updates are required on each individual system. 4. The tool provides a dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other groupings. 1. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, the OpenVAS tool will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. For the Linux OS: 1. Determine if Linux vulnerabilities are present. 2. Determine if weak passwords are being used on Linux systems. 3. Determine which security updates are required for the Linux systems. 1. The tool provides a dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other groupings. 2. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. PRESENTATION: Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. Team members are more interested in the bottom line. You must help these nontechnical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation: • • • • How do you present your technical findings succinctly to a nontechnical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion. How do you describe the most serious risks factually but without sounding too dramatic? No one likes to hear that the entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today. How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand. Be clear about what action you are recommending. Upper-level managers will want to understand not only what you discovered, but also what you propose as a solution. They will want to know what decisions they need to make based on your findings
Purchase answer to see full attachment

Explanation & Answer:

8 Pages

Tags: Information System Operating Systems Vulnerabilities Windows and Linux

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

Non-technical Presentation
Student’s Name
Institution Affiliations
Professor’s Name
Course
Date

Introduction


The presentation provides information related to the Operating Systems

Vulnerabilities (Windows and Linux).


The focus of the presentation is to help non-technical leaders understand
technical vulnerabilities that have been discovered in the report.



The presentation shows the need to perform a vulnerability assessment of the
OS.

Overview of the Operating System


This section examines the OS, why it is needed, an what it doe in the computer

system.


The operation system (OS) enables user application programs to interact with the
computer's hardware.



The user's role in an OS is usually to transmit commands.



The user's role in the operating system is normally dispersed in two operating tasks

and through application tasks.

Kernel and User Application Modes


Computers use user application mode when running application software.



When the application software requests the hardware, the computer gets into kernel mode.



The Kernel mode is the most important in the computer system because it reserves the most
trusted functions of an OS.



The user applications deal with software and do not have direct access to the computer's
hardware.



An embedded OS is designed to carry out specific tasks for devices that are not computers.

OS Vulnerabilities


The report examines Windows OS, Linux, MAC OS and mobile devices vulnerabilities.

Windows Vulnerabilities


The mount manager vulnerability (CVE-2015-1769, MS15-085).



The CVE-2018-8414-20, which involves a remote code execution.



The CVE-2018-8405-264 which exists in windows 2012

Linux Vulnerabilities


The buffer overflow (CVE-2021-3177).



The xterm vulnerability (CVE-2021-27135)

Cont. Vulnerabilities




Mac OS vulnerabilities


Dock vulnerability (CVE-2014-4431).



The mail vulnerability (CVE-2014-4431).



The launch services vulnerability (CVE-2015-1142).



The AppStore vulnerability (CVE-2014-4499).

Vulnerabilities of Mobile Devices


The mobile application-based threat.



The web-based mobile vulnerability.



The mobile network security used by cybercriminals.



The mobile device security vulnerability.

Methodology to Assess OS Vulnerabilities


The proposed methodology in assessing the vulnerability of the OS has four main steps
 The

scope

 The

focus

 The

assessment

 The

response.



The proposed measure for the assessment is penetration testing.



Penetration testing will examine the organization's computer systems, web applications,

and network to find any potential vulnerability attackers can exploit.

Applicable Tools and Projected Findings



The applicable tools include the Wireshark, John the ripper and Network
mapper (Nmap).



The projected findings of these tools is to show different systems in the
organization's network that are not supposed to be there and to protect
organization users with weak passwords ad those resetting their passwords.

Administrative Vulnerabilities in Windows OS


Using the Microsoft Baseline Security Analyzer, the following administrative vulnerabilities were
identified



✓

There were more than one system admin.

✓

There were many accounts, about 19, that did not have the expiration date of the passwords.

✓

Disabled windows firewall.

✓

1 out of 20 accounts had weak passwords

Recommendations


Developing policies that enhance password security.



Changing the number of administrators who can open an account on a single computer.



Organization’s computers need to have automatic updates.



There need for Windows firewall to stay enabled to enable.

Administrative Vulnerabilities in Linux OS




Several vulnerabilities in the Linux OS were generated from the OpenVAS. Weak encryption algorithms supported.
➢

Weak MAC algorithms.

➢

Weak cipher.

➢

Denounced SSLv2.

➢

Stop using SSLv2 and deactivating it

Recommendations

➢

have a new version of TSL for authentication and data encryption between organization servers and
applications in the network.

➢

Protocols such as SSH are recommended to support encrypted connections.

References


Anand. (2021, December 21). Difference between kernel mode and user mode in Windows operating system. The Windows Club.
https://www.thewindowsclub.com/kernel-mode-and-user-mode-in-windows



Gontovnikas, M. (2021, June 25). The 9 most common security threats to mobile devices in 2021. Auth0 - Blog. https://auth0.com/blog/the-9most-common-security-threats-to-mobile-devices-in-2021/



Rosencrance, L. (2021, September 24). What is a vulnerability assessment (vulnerability analysis)? Definition from SearchSecurity.
SearchSecurity. https://www.techtarget.com/searchsecurity/definition/vulnerability-assessment-vulnerability-analysis



Syxsense. (2021, March 9). Top Linux vulnerabilit...