Objeactive: The objective of this assignment is to explore Information Security and Assurance(IS&A)concepts, identification attacks, and setting account policies. Through this assignment, you are...

1 answer below »


Objeactive:


The objective of this assignment is to explore Information Security and Assurance(IS&A)concepts, identification attacks, and setting account policies. Through this assignment, you are required to do secondary research in addressing some of the challenge s you will encounter. The final submission must be in a report format (as per the sample p site d on blackboard).Deliverables: A single report document answering all listed questions or with results of activities. The final document must meet the submission requirements at the end of this document.



Part A:





.Based on the course content, class discussion, and other research materials, discuss the followingInformation Security Risk Concept or statement:a.The re Is No Such Thing As Abs olute Se curity. At a minimum, 1 paragraph –Maximum 1-pagedocument [5Marks]


b.Se curity Through Obs curity Is Not an Ans we r. Why is security through obscurity a lousyidea for the overall security of a system? At a minimum, 1 paragraph –Maximum 1-pagedocument [5Marks]c.Comple xity is the Ene my of Se curity. At a minimum, 1 paragraph –Maximum 1-pagedocument [5 Marks]d.Ope n Dis clos ure of Vulne rabilitie s Is Good for Se curity. At a minimum, 1 paragraph –Maximum 1-pagedocument [5 Marks]2.Visit www.opendns.com/phishing-quiz/ and take the “ThinkYou Can Outsmart Internet Scammer?” quiz. Provide a screenshot of your results and details of the site you failed to spot (refer to figure 1 and 2). In oneparagraph, discuss standardfeatures, whichhelp identify possible electronic fraud. At a minimum, 2 paragraphs –Maximum 1-pagedocument [15Marks







Part B


For the first part of this assignment,you will select an operating system you currently have access to (a VM is fine,e.g. “Windows 2008 Svr01”). You will document via screenshots and written instructions, the processes you use to harden the OS. You must perform tenspecific hardening tasks thatmay be drawn from the lecture notes and class discussions or your repository of IT security tips and tricks. You will compile the screenshots (or other images) and step-by-step instructions into a single document that should read like a security configuration manual for the OS. [ 30 marks].


@font-face {font-family:Mangal; panose-1:2 4 5 3 5 2 3 3 2 2; mso-font-charset:1; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:40963 0 0 0 1 0;}@font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-536870145 1107305727 0 0 415 0;}@font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-536859905 -1073732485 9 0 511 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:Mangal; mso-bidi-theme-font:minor-bidi; mso-bidi-language:AR-SA;}.MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-bidi-font-size:12.0pt; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:Mangal; mso-bidi-theme-font:minor-bidi; mso-bidi-language:AR-SA;}div.WordSection1 {page:WordSection1;}
Answered 5 days AfterMar 25, 2021

Answer To: Objeactive: The objective of this assignment is to explore Information Security and...

Ali Asgar answered on Mar 30 2021
144 Votes
Assignment report
Assignment report
Information Security and Assurance (IS&A) Concepts
Contents
Objective:    3
Part A    3
1.    Discussion on Information Security Risk Concept    3
a.    There is No Such thing as Absolute Security    3
b.    Security Through Obscurity is not an Answer. Why is security through Obscurity a lousy Idea for overall security of a system    3
c.    Complexity is the Enemy of Security.    4
d.    Open Disclosure of Vulnerabilities Is Good for Security.    4
2.    5
a.    Take the “Think You Can Outsmart Internet Scammer?” quiz    5
b.    Discuss standard features, which help identify possible electronic fraud    5
Part B    7
Perform Ten specific hardening tasks    7
1.    Account Lockout    8
2.    Enforce Password History    9
3.    Minimum Password Length    10
4.    Password Complexity    11
5.    Audit Logon Events    12
6.    Rename Administrator Account    13
7.    Interactive Logon    14
8.    Firewall    15
9.    App-locker policy    17
10.    Creating a standard user account    21
Objective:
The objective of this assignment is to explore Information Security and Assurance (IS&A) concepts, identification attacks, and setting account policies. This assignment consists of 2 parts.
Part A is a discussion of Information Security Risk Concept. While Part B is a Security manual for Hardening the operating system with respect to information security concepts.
Part A
1. Discussion on Information Security Risk Concept
a. There is No Such thing as Absolute Security
There is absolutely no such thing as Absolute security in terms of Information Security Risk. Security is an on-going process. Everyday new vulnerabilities are being detected in the information systems that are known as Zero-day vulnerabilities as they do not have a patch ready. Also, there is always a delay between the patch being made public and the time by which it can be implemented in a running system. This time delay may be due to information security policies of the organization or unavailability of downtime of a critical infrastructure. It is due to these constraints that a system vulnerability is exposed to attackers for exploitation.
Then there are some unknown exploits available in the 3rd party software being authorized to use in the organization that have vulnerabilities and the 3rd party software manufacturer is having a weak security policy that leads to an attack.
Also, even after extensive background checks for their employees and giving them trainings about information security, there is always a possibility of social engineering attacks that could compromise a system from the inside and allow attackers to access the system or plant a more permanent backdoor.
In the end, there is always some residual risk remaining in the system, that is either more expensive to fix than the underlying problem it may create or it may be that such risks have very low probability of exploitation thus making such risks acceptable.
b. Security Through Obscurity is not an Answer. Why is security through Obscurity a lousy Idea for overall security of a system
Security through Obscurity means securing a network or a system by means of hiding the details of its implementation. Although it sounds a very effective idea to simply hide all details of implementation or architecture of a system to prevent anyone from knowing how the components are placed inside the system and what components are being used, it is not the answer. Security through Obscurity or (STO) should not be used as a standalone mechanism but as a part of the overall security architecture known as Defense-in-Depth.
The one major flaw with STO is that the system is...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here