Discusion Replies

Must be 150 words each. The content must be meaningful and not just a critique of the posts writing/ grammar etc.

1) Module 2 : Servers vs workstations

Module 2 focuses in on securing the operating system but what you do to secure the workstation is not always the same on a server, even when the operating systems are virtually the same, as in Windows. What are some security controls you would place on your server operating system but not your workstation, and vice-versa and why are they different?

2) Module 2: Securing the windows 10 OS

I never would have thought there were so many techniques to make the Windows environment more secured. Windows 10 also brings a number of interesting security tools such as Bitlocker and EFS. There are important tips to keep in mind. For example, the admin account should be renamed to something other than admin or administrator. it is also advice able to disable the default admin and provide a user account with admin privileges. The windows firewall and windows defender should always be on and defender should make full volume searches regularly. The User Account Control bar should be at the highest. The windows network sharing settings should not allow shared folders without proper login authorizations. And the settings should allow for windows updates to be downloaded and installed automatically and regularly.

3) Module 2: Securing the windows 10 OS

Good post. Changing the default administrator account name is considered a best practice and is something that is commonly done. A prior company I had worked for changed the name of the local Administrator account to something generic like ‘Dave Anderson’ on all their servers. For a moderately skilled attacker, however, this provides very little value in the way of security on a Windows server. Do you know why that is?

4) Module 3 Antivirus

Antivirus is a very mature method of combating malware but it is far from perfect. What are some of the weaknesses of AV and what are some compensating controls you can do to try to cover those gaps that may lease your systems open?

5) Module 3 :Scan engines

It might be less of a balance than at first sight. I used to think that as long as my virus definitions were up to date I was good, but many years ago I learned that was not the case. I was running an AV product that was a couple years old but my signature was always on the newest version. One day I set my system up on a LAN with some friends to play some first person shooter gaming and after everyone was connected to the switch, the host based firewall on another system kept popping up a warning that it was being attacked. We traced it back to my system and suspected a virus. I downloaded the newest version of the AV software and did a full scan and found a virus. So that day I learned it’s not just important to keep your definitions up to date, but also your scanning engines. The same goes for other scanning software like IDS.

6) Module 3: Content Filtering

Filtering internet traffic and email attachments is another way to reduce the risk of malicious software from entering the network. Properly configured filter settings reduce the risk of employees accessing or accidentally downloading virus and malware packages. This weakness falls on the employees – which goes back to proper training and policies (which is beside the point) but limiting the sites accessible and download content will definitely help alleviate some of the Antivirus operations.

7) Discussion Question: Dealing with Malware

Over the last couple decades, malware has taken many different forms to accomplish different things. In addition to the original DQ listed for this activity, describe one of the types of malware and, doing a little research, provide a real world example of the type of malware, how it works and what it is trying to do (escalate privileges, steal cookies, steal money, etc.).

Words: 64

8) Discussion Question Sasser

Very detailed and comprehensive post. I’d like to focus on the last one and give an example of one I’ve seen. Sasser is something I had to deal with in the summer of 2004 when this worm found its way into our network. Worms can spread without user interaction as you described, which makes the especially dangerous and this one would scan the network and connect to other vulnerable machines through port 445, which is commonly open on Microsoft systems. When it takes hold it will start an FTP server to help distribute the worm to other systems and then proceeds to consume a large amount of the CPU, taking the system down to a crawl and eventually the system will likely crash. Although this worm did nothing more than create a denial of service, it was very time consuming to deal with and get out of our network and cost our company, and many others, many lost person hours.