User Account

All Pages

Describe the difference between base and temporal metrics

Assignment Help Database Management System
Reference no: EM131506945

Vulnerability Assessment and Management

ADD REFERENCES!!!

The template document should follow this format:

• Vulnerability Assessment Project Document Shell
• Use Microsoft Word
• Title Page

o Course number and name
o Project name
o Student name
o Date

• Table of Contents

o Use auto-generated TOC.
o Separate page
o Maximum of three levels deep
o Be sure to update the fields of the TOC so it is up-to-date before submitting your project.

• Section Headings (create each heading on a new page with TBD as content except for sections listed under New Content below)

o Intrusion Tools and Techniques
o Common Vulnerabilities and Exposures
o Attack Methods
o Intrusion Detection System Policies
o Protective Measures

Each Part you will add to this document and submit for grading, as a preview each Section will contain the following:

• Intrusion Tools and Techniques (Part 1 - IP)

o Intrusion Detection
o Auditing
o Audit Data Review

2-pages

• Common Vulnerabilities and Exposures (Part 2 - IP)

o Definition of CVE
o Calculation of CVSS
o The use of the NVD

- The management team is interested in knowing what potential vulnerabilities exist for your environment. Take this opportunity to review common vulnerabilities specific to your environment and provide the following information:

1. Define what the CVE database is designed to provide to security researchers.
2. Describe how the CVSS score is calculated.
3. Describe the difference between base and temporal metrics.
4. Describe what the National Vulnerability Database is and used for.
5. Find and describe three vulnerabilities that could potentially exist in your organization, that have a CVSS severity rated as high.---

2-pages

Add the discussion about CVE, CVSS and NVD to The Key Assignment Template section titled: Common Vulnerabilities and Exposures

• Attack Methods (Part 3 - IP)

o A discussion about various attack mechanisms and vectors, including:

- Authenticated and Unauthenticated
- Active and Passive

- The team liked the information you provided about authenticated and unauthenticated attacks, but they are still a little confused about the difference between active and passive attacks and how they relate to the authenticated attacks previously described. Take this opportunity to describe how active and passive attacks work and the authenticated and unauthenticated attacks tie together with them. Address the following and add your responses to your final Key Assignment:

1. A description of active attacks.
2. A description of passive attacks.
3. 3 examples of each (6 total) but ensure that 3 are Windows based and 3 are UNIX based.
4. Include a discussion talking about how authenticated and unauthenticated attacks are used during passive and active attacks.---

2-pages

Add the discussion about the attack methods and examples to the section titled: Attack Methods.

• Intrusion Detection System Policies (Part 4 -IP)

o Policies

- The project is going well so far, and the analysis and discussion of the vulnerabilities was well-received. You realize that when vulnerability scanning takes place, employees need to know what the expectations are for handling the findings. You want to ensure that the policies and expectations for action are in place. Discuss the following:

• The purpose of a policy
• Create a policy for your organization that will cover one of the following (choose just 1):

o Intrusion Detection
o Incident Handling
o Vulnerability Assessment and Handling----

2-pages

Add the discussion about the definition of a policy and the sample policy to the section titled: Intrusion Detection System Policies.

• Protective Measures (Part 5 - IP)

o Vulnerability Assessment

- The management team as well as your peers are happy with the work performed to this point:

• Setting up Intrusion Detection Systems and audit data.
• Defining and understanding vulnerabilities
• Identifying various attack mechanisms
• Creating a policy

The last and final step is to perform a vulnerability assessment against a workstation, server or combination and analyze the findings. Recommend the solutions to remediate any serious issues based on the established company policies.

It is important to know and understand the security posture of the devices attached to the network, as these might often be a step in a more sophisticated and multilevel attack of the infrastructure. An important step in the risk management process is to determine what vulnerabilities exist on these devices. Choose a vulnerability assessment tool and perform a vulnerability assessment against your target(s) in your environment, and report the findings. The information should include:

• A description about the tool used to perform the scan.
• A list of identified hosts (Obfuscate any specific IP addresses).
• The list of serious (on a scale of 1-5 (1 being the highest) report the 1 and 2 issues)
• Describe or list any false positive information.
• Discuss potential safeguards and remediation actions that could be implemented for each finding to reduce the risk.

At this point the Key Assignment Template is Complete. The following Sections should be completed, and ensure to incorporate any feedback previously received from the instructor and peer reviews:

o Title Page
o Table of Contents (Updated to reflect correct page numbers)
o Intrusion Tools and Techniques
o Common Vulnerabilities and Exposures
o Attack Methods
o Intrusion Detection System Policies
o Protective Measures
o References

Add the discussion about the scan, the analysis and results and the remediation suggestions to the section titled: Protective Measures.

Reference no: EM131506945

Questions Cloud

Describe and define a vulnerability and an exploit : Describe and define a vulnerability. Describe and define an exploit. Describe how all three of these concepts work together and lead to a compromised system.
Define all of the layers of the osi model : Define all of the layers of the OSI model, then select one layer and provide some examples of its use.
Describe how security administration works to plan : Describe how security administration works to plan, design, implement, and monitor man organization's security plan (250) words.
The impact of malware : From the first e-Activity, analyze the selected two (2) resources that are available for security professionals to find information.
Describe the difference between base and temporal metrics : Describe how the CVSS score is calculated. Describe the difference between base and temporal metrics. What the National Vulnerability Database is and used for.
Perform a before-tax analysis : Four years ago, the Attaboy Lawn Mower Company purchased a piece of equipment. Because of increasing maintenance costs for this equipment.
Determine the after-tax economic life of this equipment : Consider a piece of equipment that initially cost $8,000 and has these estimated annual expenses and MV.
Determine the classes that are required for the design : MN404- T1 2017 Fundamentals of Operating Systems and Java Programming Assessment. Determine the classes that are required for the design
What is the aftertax initial investment in the defender : A current asset (defender) is being evaluated for potential replacement. It was purchased four years ago at a cost of $62,000.

Reviews

Write a Review

Database Management System Questions & Answers

  Knowledge and data warehousing

Design a dimensional model for analysing Purchases for Adventure Works Cycles and implement it as cubes using SQL Server Analysis Services. The AdventureWorks OLTP sample database is the data source for you BI analysis.

  Design a database schema

Design a Database schema

  Entity-relationship diagram

Create an entity-relationship diagram and design accompanying table layout using sound relational modeling practices and concepts.

  Implement a database of courses and students for a school

Implement a database of courses and students for a school.

  Prepare the e-r diagram for the movie database

Energy in the home, personal energy use and home energy efficiency and Efficient use of ‘waste' heat and renewable heat sources

  Design relation schemas for the entire database

Design relation schemas for the entire database.

  Prepare the relational schema for database

Prepare the relational schema for database

  Data modeling and normalization

Data Modeling and Normalization

  Use cases perform a requirements analysis for the case study

Use Cases Perform a requirements analysis for the Case Study

  Knowledge and data warehousing

Knowledge and Data Warehousing

  Stack and queue data structure

Identify and explain the differences between a stack and a queue data structure

  Practice on topic of normalization

Practice on topic of Normalization

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd