Background
Your company is re-evaluating its operations. It
uses a very large number of applications running on different computers. You
are given the task of providing information security about vulnerabilities in
applications so that IT management can consider which applications should be
disabled, disconnected from the network or restricted to special workstations
in order to reduce the possibility of attacks.
Your manager thinks the company relies on
outdated protection and wants an update on recent malware, and also asks you to
recommend a new antivirus program for the Windows desktop machines. You need to
support your proposal with facts and arguments.
Tasks
Task 1.1
Using your skills learnt in lab 2, select a
recent (not older than two months) vulnerability from the National
Vulnerability Database and analyse it from the following aspects:
i. Criticality level (Check Secunia, Screenshot
Accepted)
ii. Impact including CVSS Score. (Screenshot
Accepted)
iii. Explain the purpose of using CVSS scores.
(Two valid bullet points expected.)
iv. Proposed Solution (Screenshot Accepted)
v. Which of the Australian DSD '35 Strategies can
be applied to mitigate the vulnerability. Include valid explanations for your
answer. (At least two if possible, one will suffice only in rare cases.)
Ensure that you also provide a detailed
description of the vulnerability.
Task 1.2
Search a number of antivirus companies’ (e.g.
Symantec, McAfee, Kaspersky, F-Secure, AVG, Bit Defender, Webroot, ESET,
G-Data, Avira) websites. Find at least four sites that publish malware
listings, and compare the latest malware lists.
i. List the four sites.
ii. Discuss how descriptive and informative are
the sites.
iii. Discuss the time difference between the
listings.
Hint: Take a subset of malware listings and
compare the time difference. This information should be presented in a tabular
grid and a small paragraph at the end that summarises your findings. (Here you
select specific malware issues and check the different sites to see when they
are listed.)
iv. Which site is the most up-to-date and why?
Hint: Over a two week period compare the malware
listings that are reported. Statistically analyse the data set, possibly by
giving the malware a weight based on the criticality and the date/time of the
listing. This information should be presented in a tabular grid and a small
paragraph at the end that summarises which site is the most up-to-date. Data in
your grid should serve as proof of your 4 / 7
statement.
(This date is different from the previous question as here you select a
specific time period instead of looking exclusively for specific malware.)
Task 1.3
Select a recent vulnerability from an antivirus
company’s database system , and analyse it from the same aspects as in task 1.1. (Note:
No need to explain the purpose of using CVSS scores again.)
Select three recent, different threats from an
antivirus company’s database. Describe for each
i. How it spreads (attack strategy)
ii. The target of malicious activity
(information, resource etc)
iii. The way of hiding inside the victim’s computer.
Programming Assignment
Help provides plagiarism free assignments i.e.
all our solutions are genuine and written by best technical assignment writers
who have years of experience. Get a quote now.
No comments:
Post a Comment