Professional Documents
Culture Documents
Intrusion Detection
Fall 2023
Submitted to
Dr. Angela D. Shearry-Sneed
South Campus
by
Name
Name
Title
Contact Information
Date
Information Security Department
Recipient
Aim Higher College
College Address
City, State, Zip Code
Dear All,
Re: Comprehensive Security Report - Key Findings and Action Plan
I trust this correspondence reaches you in good health. As an Information Security
Analyst at Aim Higher College, I am writing to provide you with an update on the
findings derived from the recently concluded report concerning the primary security
threats that our institution is currently facing. Ensuring the security of our college's
information systems is of utmost significance. It has been an honor for me to conduct an
analysis and provide a comprehensive report on the critical security threats that demand
our constant vigilance. The report, as part of our continuous endeavors to enhance
information security, provides a comprehensive analysis of the top five security threats
and vulnerabilities that may pose a potential risk to Aim Higher College. In this report,
we have identified the following significant security threats:
I. Malware-
II. Operating System Vulnerabilities-
III. Phishing
IV. Denial of Service (DOS)-
V. Ransomware
The findings presented in this study are crucial for understanding the ever-changing
nature of the threat landscape and ensuring the security of our organization in the
presence of cyber-attacks. In the author's perspective, a heightened awareness of
vulnerabilities and risks may contribute to enhanced protection of data, students,
employees, and the broader campus community. This comprehensive study thoroughly
analyses the aforementioned threats, providing a detailed analysis of their potential
repercussions and proposing effective security measures to mitigate their impact. As an
integral component of the report's discoveries, an examination of the accessible ports and
susceptibilities inside our information systems has also been undertaken. The study offers
an analysis of the possible vulnerabilities and presents a structured approach for
addressing these specific areas of concern.
I would be delighted to arrange a meeting at your convenience to engage in a
comprehensive discussion of the report, address any apprehensions you may possess, and
collaboratively devise a plan to enhance our organization's data security. I express my
gratitude for the allocation of your time and thoughtful deliberation. I eagerly anticipate
receiving your input and assistance about the further measures to be taken in mitigating
these security vulnerabilities.
Sincerely,
Your Name
Your Title
Current Security Threats
Overview
The issue of data system exploitation has been a prominent worry for over a decade, with
information, including account data, examination records, graduation lists, and other
these security issues in order to preempt their exploitation by malicious hackers inside
explicate the five distinct hazards, while concurrently elucidating the rationale for their
body, faculty, alumni, and other constituent groups within the campus vicinity.
Malware
There are several different networks that make up the internet. The campus's PCs and
mobile devices are linked to the network in the normal course of business. The internet is
used for both academic and recreational purposes by students at the University. As a
server, it might cause serious problems for the institution. In addition, once infected,
students, faculty, and anyone on campus may lose data from their mobile devices and
are the most common. Creators of the program are always working to improve it and fix
any flaws they find, and they do so by releasing security updates. The security of
computers using these operating systems might be compromised if they were not
promptly updated. The Linux web server used by the institution is potentially vulnerable
due to flaws like the Linux Kernel use-after-free bug. On the other hand, Windows-based
PCs may face extra threats. Potential attackers might take control of the institution's
Phishing
Our university faces a third danger to information security in the shape of phishing.
Students and faculty at Marymount University are quite active on social media. Each
social media profile is locked down with a password only the account holder knows,
including sensitive information about the profile owner. When a user visits a malicious
website designed to seem like a popular social networking platform and tricks them into
danger has significance for our organization due to its targeting of expansive networks
deliberate assault that seeks to interrupt the normal functioning of a large-scale network.
This implies that an assault on our school would result in the excessive use and
University.
Ransomware
Ransomware is a significant cybersecurity concern wherein malicious software is injected
into operating systems, compelling victims to pay a ransom in order to regain access to
their data (Meurs et al., 2022). The significance of this danger inside our institution is
rooted in its status as a prominent establishment housing a substantial volume of data that
consequences of a cyber assault on the institution include financial losses incurred in the
process of recovering the compromised data or complete loss of the data if the ransom
flaw that may be exploited by a malicious actor, hence enabling unauthorized access to
the security measures protecting a certain system's information. In order for vulnerability
to manifest, it is essential that there exist inherent weaknesses within the hardware,
exploit the identified weakness or defect, they must possess the requisite tools for
carrying out the exploitation. Therefore, I analyzed the port and vulnerability scan data
acquired from a recent scan and assessed the exposed ports and the vulnerabilities
present.
Exposed Ports
I found out that Aim Higher College had five open ports in the Zenmap scan. The first
port was port 139, which was on I.P address 172.30.0.30. Port 139 is a TCP or NETBIOS
used for connection-oriented file sharing. The second port was port 53, which is a TCP
on address 172.30.0.30, commonly used for DNS. The third port was port 23, which is a
TCP on 172.30.0.30 and is for Telnet used for UNIX remote access. The fourth port was
identified as 5900, which is a TCP on 172.30.0.30 used for virtual network computing.
The fifth and final port was port 3306 used for SQL programming and was located on I.P
address 172.30.0.30.
Critical Vulnerabilities
The Nessus scan identified two critical vulnerabilities. The first one was identified as ID
attackers to execute random SQL commands via the id parameter. The second critical
release of version 5.70. It allows attackers to inject random web scripts or HTML via the
id parameter.
patches or updates to get rid of the security holes. We should always keep track of the
latest releases on security and patch updates. We should start by planning a way to
defend, identify, and react to malware attacks. Preventive controls should be developed
according to the level of threat that is from low, medium to high. Another step for
protection would be to make a habit of frequent change of passwords for websites and
use only use unique logins tailored for each site. Only the necessary ports should be left
open; otherwise, all the other ports should be closed and protected by a secure firewall, in
that no unauthorized access will be allowed through. In our case, we should only keep
port 2121 open but also make sure that port 21 is closed if the system requires to run in
FTP. Besides, DNS should be settled in cases where the system is not supposed to run
SSH (Secure often used for remote login and command execution on
HTTP (Hypertext
80 Protocol) on the World Wide Web, used for web page retrieval.
HTTPS (HTTP transmission between server and client, commonly used for
3389 Protocol (RDP) used for system administration and remote support.
Name
Vulnerability [Vulnerability
consisting of three security measures that are tailored to the particular risks associated
with our firm, Aim Higher College. However, before to proceeding, it is essential to
conduct a comprehensive risk assessment including three facets. This assessment will
enable the identification and evaluation of risk factors and regions of vulnerability, hence
allowing for a focused approach on areas with higher levels of risk. Subsequently, it is
any potential recurrences. The next stage of the remediation procedure will serve as a
Meurs, T., Junger, M., Tews, E., & Abhishta, A. (2022, December). NAS-ransomware:
hoe ransomware-aanvallen tegen NAS-apparaten verschillen van reguliere
ransomware-aanvallen. Tijdschrift Voor Veiligheid, 21(3–4), 69–88.
https://doi.org/10.5553/tvv/.000044
Microsoft Vulnerability Research Advisories. (2019). Retrieved from
https://docs.microsoft.com/en-us/security-updates/
vulnerabilityresearchadvisories/microsoftvulnerabilityresearchadvisories
Theriault, C. (2019). Top five IT security threats AND what you can do about them –
TBG
Security – Information Security Consulting. Retrieved from
https://tbgsecurity.com/top-five-it-security-threats-and-what-you-can-do-about-
them/