CST 610 Project 1
Manny4747
Project1_SAR_Template-2231.docxRunning Head: Security Assessment Repot (SAR) 1
Security Assessment Report (SAR) 2
Project 1 – Windows and Linux OS Security Assessment Report (SAR)
CST 610
[Your Name]
[date]
[The Security Assessment Report (SAR) is one of the main documents included in a system authorization package, along with the System Security Plan (SSP) and Plan of Actions and Milestones (POA&Ms). The purpose of a SAR is to communicate the results of security assessments made on the information technology (IT) infrastructure including its people, processes, policies and information systems (NIST, 2018).
These documents are used to provide the Authorizing Official (AO) with necessary information on the security state and posture of the system so they can make a risk-based decision if the system should operate or continue operations as is. The SAR provides the overall state of security of the IT infrastructure (system) detailing the system’s ability to meet the Confidentiality, Integrity, and Availability (CIA) security objectives, when protecting the data that is transmitted, stored or processed by and through the IT infrastructure.
The SAR is a document that is a snapshot in time, of the security state of the information system. The SAR is updated whenever subsequent security assessments are performed or when significant changes to the system are made. The SAR is annotated with updated versions each time it is changed and these changes are annotated within the SAR itself, to support document revision.
The key elements to a system assessment report are outlined in (NIST, 2022). However, for this SAR only include: Operating System (OS) Overview, OS Vulnerabilities, Assessment Methodologies, and Recommendations based on actual lab results, per this template .]
1.0 INTRODUCTION
[Inject yourself into the given scenario and respond as the newly appointed lead cybersecurity engineer with your company in the oil and natural gas sector. Make this real, not theoretical. Provide a very short and concise summary of the scenario and what you did, what assumptions you making and what is included and what is not included.]
2.0 OS OVERVIEW
[Integrate information, research and findings from each step, including the lab, to describe and present an overview of the current security posture as it relates to your company in the scenario. Provide a brief definition and explanation of OSs and information systems in your company. (See Step 1, Items 1-4, repeated below.) Note that although these Items, and others to follow, may be specific questions, you are not necessarily just answering them. They are guidelines of important aspects to write about. You cover these aspects and others you believe are relevant in your writing, in the OS overview in this case. Keep this “tutorial” brief, however, since the focus of an SAR is results and action that is needed.]
1. Explain the user's role in an OS.
2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.
3. Describe the embedded OS.
4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture.
3.0 OS VULNERABILITIES
[Continue with a brief overview of the advantages, disadvantages, known vulnerabilities or security issues for each OS. (See the six Items in Step 2, repeated below.) A useful source for being very specific and less general is the MITRE compilation of CVEs for these OSs at https://cve.mitre.org/. Common Vulnerabilities and Exposures (CVEs) identify, define and catalog publicly disclosed, hence known, cybersecurity vulnerabilities.]
1. Explain Windows vulnerabilities and Linux vulnerabilities.
2. Explain the Mac OS vulnerabilities.
3. Explain the motives and methods for intrusion of the MS and Linux operating systems.
4. Explain the types of security awareness technologies, such as intrusion detection and intrusion prevention systems.
5. Describe how and why different corporate and government systems are targets.
6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections.
In addition to discussing the above items, you may wish to use a table, such as the one below, to summarize the OS discussion for Items 1 and 2.
|
OSs |
Advantages |
Disadvantages |
Known Vulnerabilities |
|
Windows |
|
|
|
|
Linux |
|
|
|
|
MAC |
|
|
|
|
Mobile Device OSs |
|
|
|
Table 3.1 OS Comparison
4.0 VULNERABILITY ASSESSMENT PLAN OF ACTION AND OPENVAS
4.1 Plan
[Continue with how you will determine the security posture of your company’s OSs. (See the 3 Items from Step 3, repeated below. Discuss these as well as the strength of passwords, any Internet Information Services' administrative vulnerabilities, SQL server administrative vulnerabilities and other security updates and management of patches, as they relate to OS vulnerabilities. Feel free to create tables as summaries of your discussion.]
1. A description of the methodology you propose to assess the vulnerabilities of the operating systems, including an explanation of how this methodology will determine the existence of those vulnerabilities in your company's OS.
2. A description of the applicable tools to be used and any limitations of the tools and analyses, including an explanation of how your proposed applicable tools will determine the existence of those vulnerabilities in your company's OS.
3. The projected findings from using these vulnerability assessment tools.
5.2 OpenVAS
[Provide an overview of the capabilities of the OpenVAS scanner using the following 5 Items as a guide to your discussion.]
1. OpenVAS pros and cons.
2. Specific types and categories of information provided by the tool
3. What types of issues could each of these indicate?
4. Why are each important? For example, what impact and how could they have on the company and beyond?
5. How can the reported information be used to improve security?
6.0 VULNERABILITY ASSESSMENT RESULTS
[Treat your lab experience as if you are scanning the two OSs (Windows and Linux) at your company. Addresses the two OSs which you scanned. Include the specific results and conclusions based on your lab data. You are also responsible for providing a lab report. You may wish to include that report including your printout of each OS scan results in the Lab Report Appendix to the SAR or in a separate Word file submission. Based on the detailed lab results, prepare professional tables, charts, graphs, etc. which list, describe, clarify, etc. the issues for your OS security and vulnerability. Don’t only question “issues” identified. Sometimes understanding why a result is accepted as positive can give important insight into security, as well. You may also wish to report the results in three categories: extremely important, lesser importance and those in the middle. That lends itself to a roadmap for addressing the issues. Keep in mind having dashboard summaries for use in the recommendations section as well as your narrated presentation. Being quantitative and specific also demonstrates that you have successfully and comprehensively complete the lab.]
6.1 Windows OS Vulnerability Scan Results
You should be able to:
1. Determine if Windows administrative vulnerabilities are present.
2. Determine if weak passwords are being used on Windows accounts.
3. Report which security updates are required on each individual system.
4. Scan one or more computers by domain, IP address range or other groupings. (The tool provides a dynamic assessment of missing security updates.)
OpenVAS will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.
6.2 Linux Vulnerability Scan Results
You should be able to:
1. Determine if Linux vulnerabilities are present.
2. Determine if weak passwords are being used on Linux systems.
3. Determine which security updates are required for the Linux systems.
4. Scan one or more computers by domain, IP address range or other groupings. (The tool provides a dynamic assessment of missing security updates.)
7.0 RECOMMENDATIONS
[Provide a detailed report and recommendations on how to make your system a more secure working environment. Your final recommendations should include which issues should be addressed, how they should be addressed, the order to address them and why (i.e., the roadmap). Convincing reasons are quantitative impact on the business vs. perhaps how “costly” it would be to take any action, i.e., risk. (See Step 6, Items 1-2, repeated below.). Consider using a summary table or tables for greater clarity than long written paragraphs. Your PowerPoint Presentation will be a non-technical summary of the SAR from which the company leadership can understand the issues and recommended actions.]
Your recommendations should
1. Provide the actual data from the tools, the status of security and patch updates, security recommendations and specific remediation guidance.
2. Include any risk assessments for each recommendation and propose ways to address the risk either by accepting it, transferring it, mitigating it, or eliminating it. Be sure you explain these 4 approaches to risk.
9.0 SUMMARY OF REFERENCES
[Provide your summary list of references using proper APA format. (Remember: You must also use in-line citations with proper APA format throughout the report.) I included my two references here (and inline within the SAR body) as a guide for you.]
NIST. (2018, December). Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, Special Publication 800-37 Revision 2 . National Institute of Standards and Technology. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
NIST. (2022, January). Assessing Security and Privacy Controls in Information Systems and Organization, Special Publication 800-53A Revision 4. National Institute of Standards and Technology. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final
APPENDIX-LAB REPORT
[Share your lab experience here or in a separate Word file submission, including screen prints and findings, to demonstrate that you performed the lab. You may wish to include printouts of each OpenVAS OS scan results.]
