| Student Name: | Aisha Tate |
| Date: | 8-Oct-19 |
| This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission |
| Project 2: Requires the Following THREE Pieces | Areas to Improve |
| 1. Security Assessment Report (including relevant findings from Lab) |
| 2. Non-Technical Presentation Slides (Narration Not Needed) |
| 3. Lab Experience Report with Screenshots |
| 1. Security Assessment Report |
| Defining the OS |
| Brief explanation of operating systems (OS) fundamentals and information systems architectures. |
| 1. Explain the user's role in an OS. | good |
| 2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user. | good |
| 3. Describe the embedded OS. | missing |
| 4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture. | missing |
| Include a brief definition of operating systems and information systems in your SAR. |
| Other outstanding information |
| OS Vulnerabilities |
| 1. Explain Windows vulnerabilities and Linux vulnerabilities. | good |
| 2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices. | good |
| 3. Explain the motives and methods for intrusion of MS and Linux operating systems. | missing |
| 4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems. | missing |
| 5. Describe how and why different corporate and government systems are targets. | missing |
| 6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections | missing |
| Preparing for the Vulnerability Scan |
| 1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. | good |
| 2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS. | good |
| 3. Include a description of the applicable tools to be used, limitations, and analysis. | good |
| 4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS. | good |
| 5. In your report, discuss the strength of passwords | good |
| 5a. any Internet Information Services' | good |
| 5b. administrative vulnerabilities, | missing |
| 5c. SQL server administrative vulnerabilities, | missing |
| 5d. Other security updates and | good |
| 5e. Management of patches, as they relate to OS vulnerabilities. | good |
| Vulnerability Assessment Tools for OS and Applications (Lab) |
| Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA): | good |
| 1. Determine if Windows administrative vulnerabilities are present. | good |
| 2. Determine if weak passwords are being used on Windows accounts. | good |
| 3. Report which security updates are required on each individual system. | missing |
| 4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. | missing |
| 5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML. | missing |
| Utilize the OpenVAS tool to complete the following: | missing |
| 1. Determine if Linux vulnerabilities are present. |
| 2. Determine if weak passwords are being used on Linux systems. | missing |
| 3. Determine which security updates are required for the Linux systems. | missing |
| 4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping. | missing |
| 5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment | missing |
| 3. Presentation Slides |
| Title Slide | good |
| Use of Readable Fonts and Color | good |
| Summarizes Findings and Recommendations at High Level | good |
| Presentation Slides Feedback |
| 4. Lab Experience Report |
| Summarizes the Lab Experience and Findings | good |
| Responds to the Questions | good |
| Provides Screenshots of Key Results | good |
| Lab Experience Report Feedback |