Project Part 1: Current Security Threats

Scenario

It is your first day at the job in the information security department, and you are called for a meeting. In the meeting the need for strengthening the information security for the University is discussed, and everyone agrees that the first step in this direction is to identify the top five threats that are a potential risk to Marymount University.

The Universities administrative staff and faculty run the latest version of Microsoft Windows on their primary workstations, whereas students’ laptops may run Windows or macOS. The college’s web servers run on Linux; however, all other servers are Windows Server-based. Student, staff, and faculty mobile devices, such as tablets and smartphones, run on iOS or Android; all mobile devices can connect to the campus network.

Tasks

You have been given the responsibility to determine the top five threats that Marymount University faces. You asked your supervisor for support in this task and he gave you the following resources that might be useful in your research and analysis:

• Microsoft Security Advisories and Bulletins (https://docs.microsoft.com/en-us/security-updates/)
• Common Vulnerabilities and Exposure (CVE) database search (http://cve.mitre.org/find/index.html)
• Security organizations, such as Secunia (http://secunia.com/)

Your supervisor has also asked you to consider the following questions as you shortlist the threats:

• What threats are new this year, and which have become more prevalent?
• Why are these threats more common and why are they important?
• What threats remain constant from year to year? Why?
• What threats do you believe will become more critical in the next 12 months? Why
• What is the likelihood of an exploit affecting Marymount University, and which operating system(s) does it target?

With these considerations in mind, write a summary report of the top five threats to Marymount University’s President Dr. Irma Becerra. Briefly explain why you have selected them and what effect they might have on the institution or its students, employees, graduates, or other communities on campus.

Submission Requirements

Format: Microsoft Word (or compatible)

Font: Times New Roman, size 12, double-space

Citation Style: APA

Length: 2 to 3 pages (without citations)

Project Part 2: Identify Vulnerabilities in IT Security

Scenario

Marymount University has been the target of focused attacks from a variety of attackers. Your manager, Professor Pendleton has assigned you the task to review the port and vulnerability scan data recently gathered from a typical system to determine what ports and services are exposed to attackers, and what vulnerabilities exist on that system.

Required Resources

Access to the Internet

Text sheet: Zenmap Intense Scan Results

Tasks

1. Analyze the results of the Zenmap scan. Your report must answer the following questions:

What are the first five open ports as identified by the Zenmap scan?

Include the port number

Include the service name

nclude a brief description of how each is used

2. The Nessus scan identified two critical vulnerabilities, identified as ID 32314 and ID 33850.

Research the vulnerabilities against the Common Vulnerabilities and Exposure (CVE) database.

Include the name and a brief description of each vulnerability.

3. Determine what can be done to protect the system and defend the campus network against attempts to gather data, and to resolve vulnerabilities. Also determine which ports and services likely need to remain open.

4. Write a report targeted at IT management and systems administration staff explaining the vulnerabilities and protection mechanisms that Aim Higher College should adopt, which will be applied to all similar systems at the college.

Submission Requirements

Format: Microsoft Word (or compatible)

Font: Times New Roam, size 12, double-space

Citation Style: APA

Length: 2 to 4 pages