Symbian is an operating system used in special purpose computers

Running Head: WINDOWS AND LINUX 1

WINDOWS AND LINUX 12

Project 2: Operating Systems Vulnerabilities

Aisha Tate

UMUC

August 8, 2019

Hi Aisha

I know you submitted this report before the detailed self analysis you did last week. Please go through this checklist. First, work through the lab results, perform the necessary research and complete the SAR report. The PowerPoint presentation is the last item to be completed. Review this checklist and let me know if you have any questions before you start your work.

Thanks for your continued efforts.

Dr K

Student Name: Aisha Tate

Date:6-Sep-2019

This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission

Project 2: Requires the Following THREE Pieces

Areas to Improve

1. Security Assessment Report (including relevant findings from Lab)

Revise

2. Non-Technical Presentation Slides (Narration Not Needed)

Revise

3. Lab Experience Report with Screenshots

Revise

1. Security Assessment Report

Defining the OS

Brief explanation of operating systems (OS) fundamentals and information systems architectures.

Meets expectations

1. Explain the user's role in an OS.

????

2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.

Does not meet expectation

3. Describe the embedded OS.

More details needed

4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture.

More details needed

Include a brief definition of operating systems and information systems in your SAR.

Other outstanding information

Need to find better references/ more details – use tables or graphs

OS Vulnerabilities

1. Explain Windows vulnerabilities and Linux vulnerabilities.

???

2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.

Research needed

3. Explain the motives and methods for intrusion of MS and Linux operating systems.

????

4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems.

5. Describe how and why different corporate and government systems are targets.

Does not meet requirements

6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections

Preparing for the Vulnerability Scan

1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems.

Please review project instructionss

2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.

3. Include a description of the applicable tools to be used, limitations, and analysis.

4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS.

5. In your report, discuss the strength of passwords

5a. any Internet Information Services'

5b. administrative vulnerabilities,

5c. SQL server administrative vulnerabilities,

5d. Other security updates and

5e. Management of patches, as they relate to OS vulnerabilities.

Vulnerability Assessment Tools for OS and Applications (Lab)

Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA):

1. Determine if Windows administrative vulnerabilities are present.

2. Determine if weak passwords are being used on Windows accounts.

3. Report which security updates are required on each individual system.

4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.

5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.

Please review and share observations in Lab report – Results and recommendations in SAR

Utilize the OpenVAS tool to complete the following:

See note above

1. Determine if Linux vulnerabilities are present.

2. Determine if weak passwords are being used on Linux systems.

3. Determine which security updates are required for the Linux systems.

4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.

5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment

3. Presentation Slides

Title Slide

Use of Readable Fonts and Color

Meets requirements

Summarizes Findings and Recommendations at High Level

Update based on your revised SAR report

Summarizes Findings and Recommendations at High Level

Update based on your revised SAR report

Presentation Slides Feedback

4. Lab Experience Report

Summarizes the Lab Experience and Findings

Use a table to summarize key findings

Responds to the Questions

Does not meet requirements

Provides Screenshots of Key Results

Meets requirements

Lab Experience Report Feedback

Operating Systems

An operating system is a collection of software that manages computer hardware resources and provides standard services for computer programs. Operating systems are the essential software that runs on computers. They manage the computer's memory and processes as well as all the software and hardware activities. It is the OS that allows communication with the network without knowing how to speak the computer language. An operating system must be able to manage system resources, and these include CPU scheduling, Process management, Memory management, Input/output device management, Storage device management (hard disks, CD/DVD drives, etc.), File System Management (Silberschatz, Gagne & Galvin, 2018).

Examples of operating systems include Windows OS, which is the most widely used over 90% of the world's computer systems. Another category of the operating system is the Mac OS X, an operating system used for Macintosh computers such as the Mac Book Pro laptop series. Although IBM PCs, which are Windows and Mac Computers, are not directly compatible, it’s possible to use virtualization t run one operating system on an incompatible computer. UNIX is a command-line interface OS developed for large machines and networks. Notably, Linux, last generation of UNIX, is a free, open-source operating system that most computers support (Silberschatz, Gagne & Galvin, 2018).

Lastly, most electronic devices use an operating system to manage their physical components and enhance the development of applications for use in such instruments. An embedded (particular purpose) operating system is one that is correctly configured for a specific operating system. Implicitly, the operating systems are designed for specific tasks, and they perform them efficiently. Embedded operating systems are also called real-time operating system (RTOS). Examples of the specific-purpose operating system include Apple iOS, Google Android, Symbian, Blackberry, Palm, and Windows Mobile operating systems used for personal digital assistants (PDAs) and mobile phones.

Applications are types of software's that help a computer user to perform specific tasks. Applications designed for desktops or laptops are called desktop applications, while those designed for mobile devices are called mobile apps (Silberschatz, Gagne & Galvin, 2018). When a user opens an app, it runs inside the operating system until it is closed. Often, a user runs more than a single app, which is commonly known as multitasking.

Kernel refers to the core part in the operating system which manages system resources. Notably, kernel acts as the bridge between the application and hardware of the computer. Therefore, kernel applications of the OS are applications that relate to the management of the system resources and computer hardware. On the other hand, user applications are applications that the user (either organizations or individual) installs for specific purposes (Silberschatz, Gagne & Galvin, 2018). For instance, user applications include word processors, database programs, web browsers, and communications platforms.

Lastly, information system refers to the software that helps organize and analyze data. The fundamental purpose of the information system is to convert raw data into useful information for enhanced decision making in the organization. The four major types of information systems are transaction processing system (TPS), decision support system (DSS), management information system (MIS), and executive support system (ESS) (Silberschatz, Gagne & Galvin, 2018).

Cloud computing has changed how the MIS services providers and their employees conduct business activities. Cloud computing refers to the practice of using networks of remote servers hosted on the internet to store, manage, and process data into useful information for optimal decision making. Notably, a cloud operating system manages the operation, execution, and processes of virtual machines, servers, and infrastructures as well as backend software and hardware resources. Implicitly, a cloud operating system is used to enhance information systems agility in an organization and eradicate the need for local servers and personal computers.

Vulnerabilities and intrusions

Windows Vulnerabilities

Blue Keep is a vulnerability that exists in various versions of Windows Operating system, including both the 32-bit and 64-bit versions and service packs. The versions include Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 (Jajodia, 2010).

Blue Keep exists within the Remote Desktop Protocol (RDP) in the above versions of Ms. Windows's operating systems. Attackers can exploit BlueKeep to perform remote code execution on any system that is not protected. This can happen when the attacker sends specially crafted packets to one of the Operating System that has RDP enabled within it. Some of the activities that attacker may perform are adding accounts with full user rights; viewing, changing, and deleting data, and installing programs. The Cybersecurity and Infrastructure Security Agency encourage users and administrators to review security guidelines and install available measures as soon as possible (Jajodia, 2010).????? Additional research/Information?

Linux Vulnerabilities

One of the most common vulnerability is CVE-2017-18017, Linux Kernel Netfilter: xt_TCPMSS, which sits on the Linux kernel and helps filter network communication by defining the maximum segment size that permits TCP headers. When an attacker exploits this vulnerability, they send communications floods and throw the system offline in denial of service attack.

Another vulnerability is CVE-2017-18202, which lies in the mm/oom_kill.c file. This file is useful in killing a process when memory is low. Vulnerability versions of the file can lead to mishandling of operations as well as opening doors for denial of service (DoS) attacks.

(Just two vulnerabilities? Please research this topic)

Mac OS and Mobile Device Vulnerabilities

First, Denial of Service (DoS) vulnerability exists within the Apple or Android operating systems. The underlying purpose of this attack is to make software resources unavailable for the tasks it has been designed. DoS vulnerabilities are highest in iOS than in Android operating systems. (Jajodia, 2010)

Secondly, a bypass something vulnerability makes a given mobile device vulnerable to a third party evading protection layer established by the user or the administrator. Both Apple and Android are focused on limiting the vulnerabilities that allow hackers to bypass the security process (breach security protocol) (Jajodia, 2010).????

Furthermore, code execution is a type of security flaw which allows hackers to bypass authentication and run any code. It can be triggered remotely and can be used in various scenarios. Consequently, the attack can happen without the knowledge of the user.

Data theft is another vulnerability of Mac OS and Mobile devices. Recently, the security firm. F-Secure unveiled dangerous firmware exploit that affected almost all Mac and Windows devices. This vulnerability could lead to data theft, and even left Macs with FileVault turned on susceptible (Jajodia, 2010).

Lastly, memory corruption vulnerability is a programming error in the operating system, which makes the memory of the device susceptible to hacker's exploitation. The weakness lies in the memory location of the invention. An attack occurs when the code is modified, violating the safety of the information stored in the memory (Jajodia, 2010).

Microsoft and Linus OS intrusion

Intrusion, by definition, is to comprise an operating system by breaching the security of such system. The act of intruding or slightly gaining unauthorized access to the OS leaves traces that can be detected by the intrusion detection system. Intruders use various methods to gain access to operating systems by breaching security. One of them is physically breaking through and robbing away the operating systems from the owner. Physical intrusion is frequent when the OS is installed in a device that can easily be stolen (Munson & Elbaum, 2004).????

Asymmetric routing is another method of intruding the operating system. The attackers utilize more than a single route to the target device consisting of the desired OS. The idea of this method is to have an overall attack evade detection by bypassing specific security codes. Any OS devices that are not set up for asymmetric routing are impervious to this kind of intrusion.

Additionally, buffer overflow attack is an approach which overwrites specific sections of memory and replaces standard data with commands which, when executed attacks the operating system. In other words, it's "a popular class of attacks strategically overburdens that buffer, so the data "overflows" into other parts of the memory" (Newman, 2019). Often, the goal for this intrusion is to initiate a denial of service (DoS) situation. Although, averting an overflow may sound simple, the practice itself has proven to be a daunting task to achieve, hence the continuous appearance of the buffer overflow attacks. This problem recurs due to there being no generic mechanism in use across languages in use what can perfectly specify such capacity (Piromsopa & Enbody, 2011)????

Security awareness technologies and system attack targets???? What does this graphic mean?

The intrusion detection system ranges from antivirus to hierarchical models which checks the traffic of the network. This can be best described as a network intrusion detection systems and host-based detection systems. The system is critical as it helps in the analysis of the traffic that enters the market. The IDS is classified as signature-based and anomaly-based detection. A section of the intrusion detection system can detect intrusions (Wilson & Hash, 2003).

The intrusion prevention system is a network to prevention technology that determines the traffic, detects and prevents vulnerability issues. The exploits come in the form of uncertain applications that are objective to attackers and use it to punctuate or acquire control of a device. When the exploit has been successful, the attacker can disable the target application or can obtain potential access to the rights of the target applications (Munson & Elbaum, 2004).

Corporate and government systems are the one that faces significant threats (Baccass et al., 2011). This can be attributed to their notable high level of information that is of interest to several people, notably politicians, rival companies, countries, and groups. Additionally, this information is of high value, and when they are sold to interested parties, they can fetch high levels of income.

Types of Intrusions

An SQL injection is an explosion where the attacker can include the SQL code to the Webform input to acquire access to the resources. It is linked to an attack where the end-user enters a system and places special characters and used to corrupt data. XML injection is an attack that is applied to control or harm the logic XML application. The infusion can undertake alteration of logic. It can lead to the placing of harmful content. The SMTP injection attacks the mail server in a way that would be made possible without the use of the internet (Munson & Elbaum, 2004).

Vulnerability Results

The following vulnerabilities were identified during the lab:

· There are several Windows administrative vulnerabilities on the host scanned.

· The following administrative vulnerabilities were found:

· Developer tools, runtimes, and redistributables are missing security updates

· There were multiple Linux vulnerabilities detected

· Weak encryption and ciphers

· Accounts have passwords with no expiration

· Accounts have blank or weak passwords

· Multiple administrators on a computer

Vulnerability Scanning and Security Assessment Report

Considering the organization utilizes several advanced technological systems, the majority of the security processes and strategies can't guarantee that the system is protected from attack. However, the routers help secure the gateway to the internet while firewalls secure the network. This is dependent on the abilities of the staff, the ability to patch as well as keeping vigilance on the web. Notable from the company systems, the networks are not well protected from risks that may arise????. This can be attributed to poor security and inadequate data protection from the third party. The passwords used are weak and irregular system updates. The Linux OS was not found to comprise of any dangers when it came to the virus. However, there is a need to consider reliable password protection against the third party.

The Microsoft Baseline Security Analyzer can scan several computer software. This is effective because it saves time. Those that have a green check are stated to be secure. It is also a useful security feature in that it makes sure that the IE and IIS server is set in the best way. The system is easy to run and offers stable security features. It is the best way to keep Microsoft windows features updated. Its essential asset is the capacity to go above the OS to ferret gaps in several applications. The OpenVas is the mode of analysis of several services and tools by giving information on the level of vulnerability (Baccass et al., 2011). Similar to the MBSA, it is a system that is easy and reliable for the users.

MBSA is the best tool for system analysis and threat detection (Wilson & Hash, 2003). The system, though with notable challenges, has proved to be effective. It allows frequent security updates as well as focusing on several machines at a go hence saving time. Notably, risks, as noted from the paper, arise from inferior password protection methods, unlimited access to sensitive data in the company, and failing to update system security mechanisms. This can be resolved by keeping the systems up to date, restricting access to sensitive data, and use of strong passwords as well as the use of antivirus. Eventually, it will help in managing the threats in the company.

Operating systems are the center and nerve system of which businesses and applications process run off. The role that operating systems take on is to control hardware resources within a computer system and are vulnerable to attacks in which there is missing improper security controls and user account controls. Due to the popularity of the Windows operating system, it is the most susceptible to attacks in business and home users. The vulnerability scans are only one way of reducing attacks on a system, and vulnerability assessments require discovery, planning an attack, and reporting to mitigate risk. By utilizing free tools such as Microsoft Baseline Security Analyzer and Open VAS, such vulnerabilities can be identified early on, and remediation can take place.

(Table of key observations, analysis and recommendations?)

References

Baccass, P. et al. (2011). OS X Exploits and Defense: Own it...Just like Windows or Linux! New York: Syngress.

Jajodia, S., (2010). Cyber Situational Awareness Issues and Research (pp. 139-154). Springer, Boston, MA.

Munson, J. C., & Elbaum, S. G. (2004). U.S. Patent No. 6,681,331. Washington, DC: U.S. Patent and Trademark Office.

Newman, L. H. (2019, May 14). How Hackers Broke WhatsApp With Just a Phone Call. Retrieved from https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-overflow/

Piromsopa, K., & Enbody, R. J. (2011). Survey of Protections from Buffer-Overflow Attacks. Engineering Journal, 15(2), 31–52. doi: 10.4186/ej.2011.15.2.31

Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating system concepts. Wiley.

Wilson, M., & Hash, J. (2003). Building an information technology security awareness and training program. NIST Special publication, 800(50), 1-39.