Question 1
Scenario: Your organization which is based in Dubai has recently decided to expand its distributed
system operations to Abu Dhabi and Sharjah. This decision is going to result in an addition to the
number Of users. As a security Admin your responsivity is to classify the Host level threats and
develop solutions for the expansion.
Ans: Protecting your company should. Here are 5 safety precautions to require .
1. Bolster Access Control
Access control is a crucial a part of security. Weak access controls leave your data and systems
susceptible to unauthorized access. Finally, create a robust access control policy.
2. Keep All Software Updated
As annoying as those updates could also be , they're important for the health of your network.
From anti-virus software to computer systems, confirm your software is updated When a replacement
version of software is released, the version usually includes security security updates.
3. Standardize Software
Keep your systems safe by modifying software. confirm users aren't ready to install software into the
system without permission.
Operating system
Browser
Media player
Plugins
Setting up also makes system updates easier .
4. Apply Network Protection Steps
Protecting your network is vital . to stay your network and its traffic secure:
5. Staff Training
Sometimes external threats are effective due to the interior threat. A weak link in data protection could
also be your employees. Make sure your employees understand network security. Your employees
should be ready to identify threats. they ought to also know who to contact to avoid security breaches.
2 Scenario: Assess the categories to Information Security compromising your organizations
Client-Server each threat category should be supported with samples?
Ans: categories to Information Security compromising your organizations
Internal threats
Internal intimidation occurs when people on the brink of the organization have intentionally denied
access to its network or didn't shall use that access adversely affecting the organization's sensitive data
or systems. Some insiders deliberately bypass safety measures due to simple use or unthinkable efforts
to supply better. Malicious intruders deliberately violate cyber security policies to erase data, steal sales
or exploit data over time, disrupt operations or damage business in how .
Preventing internal threats
The list of things organizations can do to scale back the risks related to internal threats includes the
following:
reducing staff access to certain services they have to perform their duties;
train new employees and contractors with safety awareness before allowing them to access the
network. Include details about inadvertent and harmful internal awareness generally safety training; set
contractors and other private individuals with temporary accounts that expire on certain days, like the
expiry of their contracts;
Bacteria and worms
Viruses and worms are malicious software programs (malware) intended to destroy organization, data,
and network systems. A bug may be a malicious code that replicates itself by copying itself to a different
program, program or file. It remains dormant until someone miraculously uses it unknowingly or
unintentionally, spreading the infection without the user's knowledge or permission or system
management.
Preventing germs and worms
To reduce the danger of those sorts of information security threats from viruses or worms, companies
should install antivirus and antimalware software on all their systems and connected devices and keep
that software up so far . additionally , organizations should train users to not download email
attachments or click links in emails to anonymous senders and to avoid downloading free software from
unreliable websites. Users should even be very careful when using P2P file sharing services and will not
click on ads, especially ads from unfamiliar products and websites.
Bottles
A botnet may be a collection of Internet-connected devices, including PCs, mobile devices, servers and
IoT devices that are infected and remotely controlled by a standard sort of malware. Often, botnet
malware searches for vulnerable devices across the web.
Drive Attack by downloading
In a drive-driven download attack, malicious code is downloaded to the web site via a browser, OS or OS
without permission or user information..
Prevent download-by-drive download attacks
One of the simplest ways a corporation can prevent attacks is by following the download regularly and
installing systems with the newest versions of software, apps, browsers and operating systems. Users
should even be warned to remain far away from unsafe websites. Installing security software that
actively scans websites can help prevent endpoints from downloading.
Attract criminal information theft
Cybercrime may be a sort of information security threats that break common security practices and
supply tip , including names, addresses, login credentials, Community security numbers, Mastercard
details and other financial information. In many cases, hackers send fake e-mails
Question 3
Scenario: The Organization you work for is large manufacturing company in Dubai. your role is
security admin in the organization. Recent there have been cyber-attack targeting several
organization Systems- Evaluate the threats and develop a mitigation to strategy the distributed
system environment.
Ans: The general guidelines for using risk management options .These options are supported the tested
combination of probability and magnitude of the identified risk outcome. These guidelines are suitable
for many projects, but not all.
Risk Management Options
Take , Accept: Acknowledge any risks, and deliberately plan to accept them without resorting to special
measures to regulate it. The approval of project or program leaders is required.
Avoid: Adjust system requirements or issues to eliminate or reduce risks. These adjustments could also
be made to a change in financial, system, or technical requirements.
Control: Use actions to attenuate impact or risk.
Transfers: Re-assign organizational responsibility, responsibility, and authority to at least one of the
parties willing to simply accept the danger .
Observing , Monitoring: Observe the environment with environmental changes and , or impact.
Each of those options requires the event of an efficient and efficient system. Many details about
management practices are discussed under best practice and lessons learned below.
From a system engineering perspective, standard risk reduction or risk reduction strategies for a
identified program include the subsequent , listed to extend risk [4]:
Strengthening of technical reviews and management of the engineering process
Specialized engineering supervision of designated materials
Special analysis and testing of critical construction materials
Quick testing and feedback testing
Consideration of mitigating critical construction needs
Implementation of backwardly similar development
When determining the danger reduction method, MITER SE can help the client evaluate the
effectiveness, planning and price implications of 1 mitigation strategy over another. In other words, as a
discount in "parallel" development, MITER SEs can help the govt determine whether the value is quite
double, while time are often increased by more (e.g., doubling the value of an equivalent effort, but also
by adding additional office costs and user engagement). By making rapid prototyping or modifying
operational requirements, MITER SEs can use the knowledge to make prototypes and use prototyping
and experimenting Prevention and testing and therefore the topic of Engineering Requirements) to
think about cost and time performing some sort of assistance to scale back specific risks (e.g., needs).
Question 4
Evaluate and report infrastructure level threat vulnerabilities network grid and cluster and data
system ?
Ans:
Smart grid challenges and objectives
Threats ask a spread of actions which will be influenced by artificial or natural methods, against the
system (Mendel, 2017). These threats don't indicate failure but can cause failure if appropriate action
isn't taken. Therefore the necessity to find out the threats and challenges and therefore the well-stated
goal of a well-protected SG.
Smart grids security threats and challenges
The formation of SGs and infrastructure faces many thousands of security threats and challenges
starting from theft, cyber-attacks, terrorism, natural disasters, etc. major closures), SG IT infrastructure
failures, false system vision, cascade failures, corrupt consumer devices, power market turmoil,
endangered human security, etc.
Various security threats and smart grid challenges are highlighted in work to extend the danger of
violating the high volume of sensitive customer information about competitors; theft, physical damage,
malware spread on cyber systems, malware program malfunction; spread the risks of control
equipment; lack of physical protection from natural or natural disasters like floods, earthquakes, fires,
tsunamis, explosions, landslides, dangerous radiation, pollution, dust rust; Insufficient control systems in
standard systems that have did not answer cyber threats; trade between security provision and system
performance; aging infrastructure especially that the majority installations were made within the
previous couple of decades; The challenges for industrial players are complex, etc. As a result, various
sectors are being put in danger by these threats and challenges.
Question 5
I) iP Scan and attack
Scan attacks: enemies scan devices on HIS to collect network information for these devices
before launching complex attacks to undermine HIS security. Scanner techniques are widely
used to collect computer network data including IP address scanning, port scanning, and
version scanning.
In addition to the standard IP address and port scanning techniques (e.g. address and TCP
SYN scanners) to collect server IP addresses and open ports for HL7 messaging, adversaries
can also make read phase attacks to read the message, personal identifiers, order numbers,
or patient visit details for specific HL7 messages
2) Web Browsing
The web browser is undoubtedly the foremost common site for users to access the web for any given
list of clients or business purposes. New developments have allowed many traditional "crowded" clients
to get replaced by the browser, improving its usability and quantity. Easy-to-use features like browsing
history, archiving, and improving visitor engagement through cookies have all helped the browser
become a one-stop shopping experience.
1. Access to Browser History
2. Saved login name harvest
A threat is often anything that would take the chance to be in peril of violating security and badly alter,
erase, damage an object or objects of interest.
Software Attack means Attack of Viruses, Worms, computer virus etc. Many users believe that malware,
viruses, worms, bots are all an equivalent . But they're not an equivalent , the sole similarity is that
they're all malicious software that behaves differently.
3) Unprotected Shares
In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an
attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To
exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect
to a system weakness. In this frame vulnerabilities are also known as the attack surface.
A security risk is often incorrectly classified as a vulnerability. The use of vulnerability with the same
meaning of risk can lead to confusion. The risk is the potential of a significant impact resulting from the
exploit of a vulnerability.
4) Mass mail
Ans: Mass Mailer Attack may be a sort of social engineering attack during which an outsized number of
emails are sent to the victim to fill his or her email inbox and crash it. this is often most ordinarily
employed by hackers when important email arrives on the victim's device and therefore the victim is
unaware of it.
Q6:
Scenario: working as a Client Server Security Admin with XXL LLC, your major job
responsibility is to develop client server security policies. Evaluate security requirements
for the Data Center which will secure the Client Server Infrastructure for the business
operations of XXL LLC
Solution;
Client-server architecture, architecture of a network during which many purchasers (remote
processors) request and receive service from a centralized server (host computer). Client
computers provide an interface to permit a person to request services of the server and to
display the results the server returns. Security requirement Servers await requests to arrive
from clients then answer them. Ideally, a server provides a uniform transparent interface to
clients in order that clients needn't remember of the specifics of the system (i.e., the hardware
and software) that's providing the service. LLC Clients are often situated at workstations or on
personal computers, while servers are located elsewhere on the network, usually on more
powerful machines. This computing model is particularly effective when clients and therefore
the server each have distinct tasks that they routinely perform. In XXL processing , for instance ,
a client computer is often running an application for entering patient information while the
server computer is running another program that manages the database during which the
knowledge is permanently stored. many purchasers can access the server’s information
simultaneously, and, at an equivalent time, a client computer can perform other tasks, like
sending e-mail. Because both client and server computers are considered intelligent devices,
the client-server model is totally different from the old “mainframe” model, during which a
centralized mainframe performed all the tasks for its associated “dumb” terminals.
Question 7
Scenario: You have been told to evaluate the primary concerns of System Oriented Architecture
(SOA), accomplish this task and report the concerns?
SOLUTION:
A service-based architecture (SOA) is a fashionable software program delivery space is provided with a
variety of software components, via network communication protocol. The SOA provider is a separate
operating unit that can be remotely accessed and processed and up to date independently, such as
obtaining online deposit card verification. SOA in particular should be impartial in retailers, retailers and
technologies.
The provider has 4 homes according to one of the many definitions of SOA:
It logically represents the entertainment of a business with its intended effect.
It is independent.
It is a dark container for its customers which means that the customer no longer needs to know the
internal functioning of the service. There can also be a variety of services below.
Different contributions can be used jointly to provide great software application functionality SOA law
shares a modular system. The design of the function includes distribution each of the components of
the software being stored and used. It is powered by the help of applied technologies and requirements
that facilitate verbal exchange and network communication especially over an IP network.
SOA is associated with the concept of programming interface (API) interface or speech protocol among
the unique features of portable software that have been simplified to create and maintain software. An
API can be the concept of a service with SOA a structure that allows the provider to operate.
Question 8
With reference to Application and vulnerabilities, evaluate and describe the below requirements to
be considered for security.
l. Fault Injection
Fault injection is a trying out approach which aids in appreciation how a [virtual/real] machine behaves
when burdened in uncommon ways.[1] This approach is based totally on simulation's or experiment's
result, as a consequence it can also be extra legitimate (or nearer to reality) in contrast to statistical
methods.
In software program testing, fault injection is a method for enhancing the insurance of a take a look at
by means of introducing faults to check code paths, in specific error dealing with code paths, that may in
any other case not often be followed
2. White Box testing
White-box checking out goes by using various exclusive names, such as clear-box, open-box, auxiliary
and logic-driven testing. It falls on the contrary give up of the spectrum from black-box testing:
penetration testers are given full get entry to to supply code, structure documentation and so forth. The
most important assignment with white-box checking out is sifting thru the big quantity of information
handy to perceive practicable factors of weakness, making it the most time-consuming kind of
penetration testing.
Unlike black-box and gray-box testing, white-box penetration testers are capable to function static code
analysis, making familiarity with supply code analyzers, debuggers and comparable equipment
necessary for this kind of testing. However, dynamic evaluation equipment and methods are
additionally vital for white-box testers when you consider that static evaluation can pass over
vulnerabilities brought by way of misconfiguration of goal systems.
3. Input path tracing
Input tracing is a very whole however tedious method for monitoring what is taking place with person
includes putting breakpoints at the places the place person statistics are general in a program, and th
forward. To keep some time you can use name tracing tools, manipulate glide tools, and reminiscence
break techniques are described in greater element in Chapter three For the following workout we use
path.
Question 9
Develop a technical report on the Client Server model.
Note. - Students need to the Of Hardware, Software. Web services and clients.
SOLUTION:
System architectural patterns cowl the bodily agency of factors and tactics over a disbursed
infrastructure. They supply a set of reference fashions for the deployment of such structures and assist
engineers no longer solely have a frequent vocabulary in describing the bodily plan of structures
however additionally shortly perceive the fundamental benefits and drawbacks of a given deployment
and whether or not it is relevant for a particular classification of applications. In this section, we
introduce two indispensable reference styles: client/server and peer-to-peer.
Client/server
This structure is very famous in allotted computing and is appropriate for a large range of applications.
As depicted in Figure 2.12, the client/server mannequin elements two fundamental components: a
server and a client. These two aspects have interaction with every different via a community connection
the usage of a given protocol. The conversation is unidirectional: The patron troubles a request to the
server, and after processing the request the server returns a response. There ought to be a couple of
purchaser elements issuing requests to a server that is passively ready for them.
Hardware:
Hardware safety is vulnerability safety that comes in the shape of a bodily machine as a substitute than
software program that is hooked up on the hardware of a pc system. Hardware safety can pertain to a
system used to scan a device or display community traffic. Common examples encompass hardware
firewalls and proxy servers
Software:
Software safety is an concept applied to guard software program in opposition to malicious assault and
different hacker dangers so that the software program continues to characteristic successfully
underneath such plausible risks. Security is integral to furnish integrity, authentication and availability.
WEB server:
Web server packages in use today: Apache HTTP Server, Microsoft Internet Information Server (IIS), and
Sun Java System Web Server (JSWS) (often referred to as through its former names, Sun ONE, I Planet
Enterprise Server, and Netscape Enterprise Server). These reputation rankings have been amassed thru
surveys performed by way of Netcraft, a networking consulting corporation in Bath, England, recognised
all through the world for its Web server survey. Knitcraft conducts chronic surveys to tally the wide
variety of Web websites in existence and measure the relative recognition of Internet Web server
software
Question 10
Scenario: The security of the Data Center 's critical to organizations business objective. To achieve
high level of security, develop data Center Security Framework for organization.
Solution:
Data center security refers broadly to the array of technologies and practices want to protect a facility’s
physical infrastructure and network systems from external and internal threats. On a really basic level,
data center security is all about restricting and managing access. Only authorized personnel should be
ready to access critical infrastructure and IT systems. Data center security includes both the “things” put
in situ to accomplish that goal (such as locked access points, surveillance systems, or security personnel)
and therefore the “controls” that manage them (such as security policies, access lists, or rules for
handling data).
To Secure a knowledge Center:
Today’s data centers are much more complex than a warehouse space crammed with servers. they're
often designed from the bottom up with security best practices in mind. Every element of a knowledge
center’s physical security should be implemented with other elements in mind in order that they form
an interlocking network of security measures, all enhancing the effectiveness of the others. However,
no amount of physical security will provide much protection without a holistic security policy to manage
it all. Protocols and procedures for common and weird contingencies got to be in situ to supply data
center personnel with clear guidelines for a way data center operations should be administered .
These controls got to be developed beforehand and frequently tested to make sure that everybody
knows how (and why) to stay the power secure from potential threats. By implementing a “Zero Trust”
security philosophy, data centers can greatly reduce the danger of unauthorized access because most
are subjected to an equivalent high level of scrutiny and must verify their identity and reason for
accessing assets at every turn. like all other data center policy, these processes should be audited
regularly to make sure their effectiveness.
Data Center Tiers and Security
While data center tiers don’t directly reflect security standards, higher tier facilities (Tier 3 or 4) are
typically larger and more complex environments. As a result, they have a tendency to include more
sophisticated and extensive security measures. Higher tier data centers have more redundant
infrastructure, all of which must be protected so as to make sure high levels of uptime reliability. within
the case of enterprise-grade facilities, there are often more extensive compliance requirements which
will necessitate more robust controls for managing access and data.
Important Data Center Security Standards
Here are a couple of critical data center physical security standards and technologies every colocation
customer should evaluate when they’re looking to partner with a facility.
Layered Security Measures
Every aspect of a knowledge center’s security should add concert with other elements as a part of a
comprehensive, layered system. the thought is that a possible intruder should be forced to breach
several layers of security before reaching valuable data or hardware assets within the server room.
Should one layer prove ineffective, other layers will likely prevent the intrusion from compromising the
whole system.