CISC180 - Project 3

.docx

School

Northampton County Area Community College *

*We aren’t endorsed by this school

Course

180

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by HighnessMeerkat3580

CISC180 – Project 3 Part 1: using the Microsoft online Security Bulletins Time Microsoft has made its security bulletins available in a searchable online database. All security professionals need to be familiar with using this database. In this project, you will explore the online database. 1. Open your web browser and enter the URL https://portal.msrc.microsoft.com/en-us/ . (The location of content on the Internet may change without warning. If you are no longer able to access the program through this URL, use a search engine to search for “Microsoft Security Response Center.”) 2. Click read the Security update Guide FAQ. 3. Click expand all to read through the information. 4. Click the link https://www.icasi.org/cvrf/ (or enter it into another tab in your browser). What is the Common Vulnerability Reporting Framework (CVRF)? How is it used? The CVRF is a standardized format for conveying information regarding software vulnerabilities. The Forum of Incident Response and Security Teams (FIRST) created it to give a common vocabulary and structure for reporting vulnerabilities, allowing businesses to share and understand vulnerability information more easily. 5. Return to the Microsoft Security Update Guide and then the MSRC main page. 6. Click the Go to the Security update Guide button. 7. If no security updates appear, adjust the From date to the first day of the previous month. 8. Scroll through the list of security updates. 9. Click the first link under Article. 10. Read through this information. 11. Now return to the previous page and select another article to read. 12. How useful is this information? Is it presented in a format that is helpful? I feel like the information is useful because it covers what has been fixed in the new update. And the format is good because it is short and to the point. 13. Now click the CVE link under details and read this information. Note the detail of this information. 14. Read the information under exploitability Assessment (if the exploit you selected does not list an Exploitability Assessment, then select another that does include the assessment). What does this mean? Open another tab on your web browser, and search for Microsoft exploitability Index. Read through the description that you find and keep this tab open. 15. Return to the Microsoft Security Update Guide and view the exploitability Assessment. How serious is this security vulnerability? 16. How important is this information to a security professional? How easy is this online database to use? 17. Now compare the Microsoft database with Apple’s. Enter the URL https://support.apple.com/en-us/HT201222 . (The location of content on the Internet may change

CISC180 – Project 3 without warning. If you are no longer able to access the program through the above URL, use a search engine to search for “Apple Security Updates.”) 18. Scroll down through the list of Apple security updates. How does this list compare with the updates from Microsoft? 19. Select a recent event under Name and information link 20. Read the information about the update. How does this information compare with Microsoft’s information? Why is there such a difference? Which provides better information for security professions? 21. Close all windows. Part 2: Software to Locate a Missing Laptop If a mobile device is lost or stolen, there are several different security features that can be used to locate the device or limit the damage. Many of these can be used through an installed third-party app. If you have Windows 10, there is a built-in location tracker, although it might be turned off. 1. Open your web browser and enter the URL https://account.microsoft.com/devices 2. Log in with your Microsoft account (if you have one). What are the limitations for enabling device tracking? Next, go to https://preyproject.com/ What does this software do? Do you think this would be useful in an enterprise environment? Why or why not? Part 3: Installing and configuring Snort rules on Windows Snort is an open-source IDS. Snort rules can be defined on any operating system. Here, we will configure Snort rules on Windows. (You can use Splashtop and install on the classroom computer if necessary.) Step one The first step is to download Snort itself After you have downloaded Snort, download Snort rules Because these rules are community rules, you can download without having to sign up. If you go for subscription rules (which will cost you around $30 a year for an individual), you can expect the greatest Snort rules and updates for new sets of rules. There is not much difference between the community rules and the subscribers' rules—they have the same structure, but you will get updates for new Snort rules very quickly if you are a subscriber.

CISC180 – Project 3 When installing Snort in root directory, a popup will appear for installing Winpcap. Install it if it’s not already installed in your Windows. To check whether Snort has successfully installed, Open Command Prompt and go to Snort Directory. cd Snort Check if there is a bin directory created under directory folder. Now, go to Bin directory and check Snort version. cd bin Snort -V Extract all the Snort rules folders that you downloaded before, and from there, copy all the content from the folder to c:\Snort\rules . Similarly, copy all the content from the preproc_rules folder to c:/Snort/preproc_rules . If it asks to overwrite the files, say yes to all. It will replace all the old versions with new preproc rules. After you have copied all the contents, the main task starts here. Go to c:/Snort/etc and open Snort.conf with notepad. CONF stands for configure. Snort.conf has nine different sections. First, we will set the variables. The first variable we have is HOME_NET . You can leave this to any, but it is preferred to put your machine IP address. In my case, the IP is 172.16.234.3. EXTERNAL_NET leave any line as it is. If you have a DNS SERVER, make changes in the DNS_SERVERS line by replacing $HOME_NET with your DNS server IP address. Otherwise, leave it blank. Now, scroll down to RULE_PATH , and replace ../rules with c:\Snort\rules and replace ../so_rules with c:\Snort\so_rules . At last, replace ../preproc_rules with c:\Snort\ preproc_rules Also, change the WHITE_LIST_PATH and BLACK_LIST_PATH from ../rules to c:\Snort\rules Now, navigate to c:\Snort\rules and create two text files named whitelist and blacklist and change their file extension from .txt to .rules, . If a pop up appears, click yes. Step two

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version