ITSY 2330

Intrusion Detection

Fall 2023

Threat and Vulnerability Analysis, and

Incident Response

Submitted to
Dr. Angela D. Shearry-Sneed

South Campus

Submitted in Partial Fulfillment of the Requirements for

ITSY 2330/ Fall 2023

by

Name

Assignment Due Date

Contents
Cover Letter.........................................................................................................................3
Current Security Threats......................................................................................................5
Overview..........................................................................................................................5
Malware...........................................................................................................................5
Operating System Vulnerabilities....................................................................................6
Phishing...........................................................................................................................6
Denial of Service (DOS)..................................................................................................6
Ransomware....................................................................................................................7
Project Part 2: Identify Vulnerabilities in IT Security.........................................................8
Exposed Ports..................................................................................................................8
Critical Vulnerabilities.....................................................................................................8
Protection Measures and Remediation............................................................................9
Analysis of Zenmap Scan Results...................................................................................9
Critical Vulnerabilities Identified..................................................................................10
REFERENCES..................................................................................................................12
 Cover Letter

Name
Title
Contact Information
Date
Information Security Department
Recipient
Aim Higher College
College Address
City, State, Zip Code
Dear All,
Re: Comprehensive Security Report - Key Findings and Action Plan
I trust this correspondence reaches you in good health. As an Information Security
Analyst at Aim Higher College, I am writing to provide you with an update on the
findings derived from the recently concluded report concerning the primary security
threats that our institution is currently facing. Ensuring the security of our college's
information systems is of utmost significance. It has been an honor for me to conduct an
analysis and provide a comprehensive report on the critical security threats that demand
our constant vigilance. The report, as part of our continuous endeavors to enhance
information security, provides a comprehensive analysis of the top five security threats
and vulnerabilities that may pose a potential risk to Aim Higher College. In this report,
we have identified the following significant security threats:
I. Malware-
II. Operating System Vulnerabilities-
III. Phishing
IV. Denial of Service (DOS)-
V. Ransomware
The findings presented in this study are crucial for understanding the ever-changing
nature of the threat landscape and ensuring the security of our organization in the
presence of cyber-attacks. In the author's perspective, a heightened awareness of
vulnerabilities and risks may contribute to enhanced protection of data, students,
employees, and the broader campus community. This comprehensive study thoroughly
analyses the aforementioned threats, providing a detailed analysis of their potential
repercussions and proposing effective security measures to mitigate their impact. As an
integral component of the report's discoveries, an examination of the accessible ports and
susceptibilities inside our information systems has also been undertaken. The study offers
an analysis of the possible vulnerabilities and presents a structured approach for
addressing these specific areas of concern.
I would be delighted to arrange a meeting at your convenience to engage in a
comprehensive discussion of the report, address any apprehensions you may possess, and
collaboratively devise a plan to enhance our organization's data security. I express my
gratitude for the allocation of your time and thoughtful deliberation. I eagerly anticipate
receiving your input and assistance about the further measures to be taken in mitigating
these security vulnerabilities.

Sincerely,
Your Name
Your Title
 Current Security Threats

Overview
The issue of data system exploitation has been a prominent worry for over a decade, with

the emergence of novel vulnerabilities on an annual basis. The presence of these

vulnerabilities presents a significant risk to the security of the institution's private

information, including account data, examination records, graduation lists, and other

sensitive data that might have detrimental consequences if accessed by unauthorized

individuals. Furthermore, the University's stakeholders, including students, employees,

and visitors, may be adversely impacted by hackers' exploitation, potentially resulting in

unauthorized access to their personal data. Hence, it is essential to proactively detect

these security issues in order to preempt their exploitation by malicious hackers inside

our organization (Theriault,2019). In this analysis, I will proceed to enumerate and

explicate the five distinct hazards, while concurrently elucidating the rationale for their

inclusion in this discourse. Subsequently, an exposition will be presented delineating the

potential ramifications of these aforementioned dangers on the institution, its student

body, faculty, alumni, and other constituent groups within the campus vicinity.

Malware
There are several different networks that make up the internet. The campus's PCs and

mobile devices are linked to the network in the normal course of business. The internet is

used for both academic and recreational purposes by students at the University. As a

result, they put themselves at risk of downloading and opening malware-ridden

attachments in unsolicited emails. If malware or a virus infects the institution's main

server, it might cause serious problems for the institution. In addition, once infected,
students, faculty, and anyone on campus may lose data from their mobile devices and

PCs. Therefore, Malware is a major concern for campus IT security.

Operating System Vulnerabilities

Linux, Windows, and iOS are all widely used on campus although Linux and Windows

are the most common. Creators of the program are always working to improve it and fix

any flaws they find, and they do so by releasing security updates. The security of

computers using these operating systems might be compromised if they were not

promptly updated. The Linux web server used by the institution is potentially vulnerable

due to flaws like the Linux Kernel use-after-free bug. On the other hand, Windows-based

PCs may face extra threats. Potential attackers might take control of the institution's

network via these holes.

Phishing
Our university faces a third danger to information security in the shape of phishing.

Students and faculty at Marymount University are quite active on social media. Each

social media profile is locked down with a password only the account holder knows,

including sensitive information about the profile owner. When a user visits a malicious

website designed to seem like a popular social networking platform and tricks them into

entering their login information, this is called phishing. Institutional, student, or

employee social media accounts might be compromised by phishing attacks, and

impersonation of these individuals is another possible outcome.

Denial of Service (DOS)

The denial of service (DOS) phenomenon is an often seen and apparent danger. The

danger has significance for our organization due to its targeting of expansive networks

characterized by a multitude of linked devices. Denial of Service (DoS) refers to a

deliberate assault that seeks to interrupt the normal functioning of a large-scale network.
This implies that an assault on our school would result in the excessive use and

subsequent incapacitation of the information technology systems of Marymount

University.

Ransomware
Ransomware is a significant cybersecurity concern wherein malicious software is injected

into operating systems, compelling victims to pay a ransom in order to regain access to

their data (Meurs et al., 2022). The significance of this danger inside our institution is

rooted in its status as a prominent establishment housing a substantial volume of data that

is actively processed on its computers. Furthermore, it is a prime target for such

malicious assaults due to its involvement in financial transactions. The possible

consequences of a cyber assault on the institution include financial losses incurred in the

process of recovering the compromised data or complete loss of the data if the ransom

demand is not met.

 Project Part 2: Identify Vulnerabilities in IT Security

The concept of vulnerability in the realm of Information Technology refers to a specific

flaw that may be exploited by a malicious actor, hence enabling unauthorized access to

the security measures protecting a certain system's information. In order for vulnerability

to manifest, it is essential that there exist inherent weaknesses within the hardware,

software, and firmware components. Moreover, in order for an assailant to effectively

exploit the identified weakness or defect, they must possess the requisite tools for

carrying out the exploitation. Therefore, I analyzed the port and vulnerability scan data

acquired from a recent scan and assessed the exposed ports and the vulnerabilities

present.

Exposed Ports
I found out that Aim Higher College had five open ports in the Zenmap scan. The first

port was port 139, which was on I.P address 172.30.0.30. Port 139 is a TCP or NETBIOS

used for connection-oriented file sharing. The second port was port 53, which is a TCP

on address 172.30.0.30, commonly used for DNS. The third port was port 23, which is a

TCP on 172.30.0.30 and is for Telnet used for UNIX remote access. The fourth port was

identified as 5900, which is a TCP on 172.30.0.30 used for virtual network computing.

The fifth and final port was port 3306 used for SQL programming and was located on I.P

address 172.30.0.30.
Critical Vulnerabilities
The Nessus scan identified two critical vulnerabilities. The first one was identified as ID

32314. According to Common Vulnerabilities and Exposure (CVE), ID 32314 is an SQL

injection vulnerability in a track.Php in PHP store Wholesales that allows remote

attackers to execute random SQL commands via the id parameter. The second critical

vulnerability was ID 33850, called CVE-2019-9961. The vulnerability is a cross-site

scripting vulnerability in resource view in core or modules.Php in Wikndx before the

release of version 5.70. It allows attackers to inject random web scripts or HTML via the

id parameter.

Protection Measures and Remediation

Now that we are aware of the vulnerabilities in the system, we should consider issuing

patches or updates to get rid of the security holes. We should always keep track of the

latest releases on security and patch updates. We should start by planning a way to

defend, identify, and react to malware attacks. Preventive controls should be developed

according to the level of threat that is from low, medium to high. Another step for

protection would be to make a habit of frequent change of passwords for websites and

use only use unique logins tailored for each site. Only the necessary ports should be left

open; otherwise, all the other ports should be closed and protected by a secure firewall, in

that no unauthorized access will be allowed through. In our case, we should only keep

port 2121 open but also make sure that port 21 is closed if the system requires to run in

FTP. Besides, DNS should be settled in cases where the system is not supposed to run

services such as SSH and FTP.

Analysis of Zenmap Scan Results

Port Service Name Brief Description

 Number

SSH is a network protocol for secure data communication,

SSH (Secure often used for remote login and command execution on

22 Shell) networked systems.

HTTP (Hypertext

Transfer HTTP is the foundational protocol for data communication

80 Protocol) on the World Wide Web, used for web page retrieval.

HTTPS is a secure version of HTTP, encrypting data

HTTPS (HTTP transmission between server and client, commonly used for

443 Secure) secure online transactions.

MySQL is a relational database management system used for

storing, managing, and retrieving data, particularly for web

3306 MySQL Database applications.

Remote Desktop RDP allows remote access to desktop environments, often

3389 Protocol (RDP) used for system administration and remote support.

Critical Vulnerabilities Identified

Name

Vulnerability [Vulnerability

ID Name] Brief Description [Description of Vulnerability]

An SQL injection vulnerability identified in a track. Php in

SQL Injection PHP store Wholesales, allowing remote attackers to execute

32314 Vulnerability random SQL commands via the id parameter.

Cross-Site A cross-site scripting vulnerability in resource view in core

33850
Scripting (XSS) or modules. Php in Wikndx, occurring before the release of
 version 5.70. This vulnerability allows attackers to inject

Vulnerability random web scripts or HTML via the id parameter.

The IT management report should include the development of a framework or system

consisting of three security measures that are tailored to the particular risks associated

with our firm, Aim Higher College. However, before to proceeding, it is essential to

conduct a comprehensive risk assessment including three facets. This assessment will

enable the identification and evaluation of risk factors and regions of vulnerability, hence

allowing for a focused approach on areas with higher levels of risk. Subsequently, it is

essential to devise a comprehensive strategy aimed at mitigating the identified risk

factors, followed by a thorough examination of the post-risk scenario to proactively avert

any potential recurrences. The next stage of the remediation procedure will serve as a

means of documenting the advancements made in the implementation of the strategy.

 REFERENCES

Computer Security Research - Secunia. (2019). Retrieved from

https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/

CVE -Search CVE List. (2019). Retrieved from

https://cve.mitre.org/cve/search_cve_list.html

Interpreting Scan Results | Nmap Network Scanning. (2019). Retrieved from

https://nmap.org/book/zenmap-results.html

Meurs, T., Junger, M., Tews, E., & Abhishta, A. (2022, December). NAS-ransomware:
hoe ransomware-aanvallen tegen NAS-apparaten verschillen van reguliere
ransomware-aanvallen. Tijdschrift Voor Veiligheid, 21(3–4), 69–88.
https://doi.org/10.5553/tvv/.000044
Microsoft Vulnerability Research Advisories. (2019). Retrieved from
https://docs.microsoft.com/en-us/security-updates/
vulnerabilityresearchadvisories/microsoftvulnerabilityresearchadvisories
Theriault, C. (2019). Top five IT security threats AND what you can do about them –
TBG
Security – Information Security Consulting. Retrieved from
https://tbgsecurity.com/top-five-it-security-threats-and-what-you-can-do-about-
them/