Davonte Brown

Unit 2 assignment 1
6-25-14
ITT Technical Institute
3825 West Cheyenne Avenue, Suite 600
North Las Veas, Neva!a 8"032
NT2580 Intro!uction to In#or$ation Security
Wee% 2, &nit 2 ' A((lication o# Security Counter$easures to )itiate )alicious Attac%s
Graded Assignment
Unit 2 Assignment 1: Calculate the Window of Vulnerability
Learnin *+,ectives an! *utco$es
You will learn how to calculate a window of vulnerability !o"#$
Assin$ent -e.uire$ents
You are reviewing the security status for a small %icrosoft wor&grou' ()*$ +he wor&grou' contains many distinct
se'arations in the networ& determined by grou' membershi's$ )n e,am'le of the networ& divisions is as follows-
Win!o/s la(to(s0 +raveling sales'eo'le. remote su''liers. branch offices
Win!o/s !es%to(s0 )ccounting grou'. develo'er grou'. customer service grou'
Win!o/s servers0 )dministrative server. %icrosoft /hare0oint server. /erver %essage Bloc& /%B# server
) security breach has been identified in which the /%B server was accessed by an unauthori1ed user due to a security
hole$ +he hole was detected by the server software manufacturer the 'revious day$ ) 'atch will be available within three
days$ +he ()* administrator needs at least one wee& to download. test. and install the 'atch$ 2alculate the !o" for the
/%B server$
-e.uire! -esources
*one
Su+$ission -e.uire$ents
3ormat- %icrosoft !ord
3ont- )rial. /i1e 12. Double-/'ace
(ength- 1 'age
Due By- Unit 4
Sel#1Assess$ent Chec%list
5 have accurately calculated the !o"$
*+2567 5ntro to 5nformation /ecurity 0age 1 of 2 !ee& 2. Unit 2
/teve +odd
Davonte Brown
Unit 2 assignment 1
6-25-14
5f you want 'erfection in calculating the !ov for a /%B server then you8ll be doing wor& for a cou'le
of days$ 5f you want to &now the direct amount of days then here you go it will be 11 days of
vulnerability !ov$ +hreats. ris&s. and vulnerabilities negatively im'act the confidentiality. integrity.
and availability 25)# triad$ 2onfidentiality is breached when an attac&er discloses 'rivate information.
integrity is bro&en when an attac&er modifies 'rivileged data. and availability is ruined when an
attac&er successfully denies service to a mission-critical resource$ +he length of time these
vulnerabilities are 'resent creates a window of vulnerability !o"#. the 'eriod within which defensive
measures are reduced. com'romised. or lac&ing$
+he !o" covers a timeline from the moment vulnerability is discovered and identified by the
vendor$ 5t also includes the time ta&en to create. 'ublish. and finally a''ly a fi, to the vulnerability$
0roblems arise as fi,es can be disru'tive to business o'erations and the delay between discovering
and 'atching a hole leaves sufficient time for an attac&er to intrude$ )t any given time. a system or
networ& will 'otentially have several overla''ing !o"s. not all of which may be immediately
identified$ 9emember. not all vulnerabilities are e,'loitable$ /ome e,'loits cause disru'tion such as
Do/. while others may e,'ose sensitive information or allow an attac&er to ta&e control$ +hat was my
essay ho'e you en:oyed and learned something new$ htt'-;;www$term'a'erwarehouse$com;essay-
on;!indows-<f-"ulnerability;1=1461
*+2567 5ntro to 5nformation /ecurity 0age 2 of 2 !ee& 2. Unit 2
/teve +odd