Library and Internet

Question: Conduct research using the library and Internet for information about tools for operating system security threat detection. Answer: Introduction: It is must for an operating system to protect itself from the security breaches which includes denial of services, memory- access violations and the violations related to stack flow. There are various tools for the threat detection and security purposes. Cryptography can be used as a security tool. Nmap, Wireshark, Cain Abel, Sysinterals, inSSIDer, Maltego, MBSA, GnuPG, TrueCrypt, OWASP Mantra and Malwarebytes are Standalone tools. Out of these OWASP Mantra is started for the firebox version. Wireshark: is used to analyze the network protocol. Lynis: this is An open source auditing tool which is used to determine security on unix and linux. AircrackNg: security of wireless network is tested using this tool. THC-Hydra: it is used to attack remote authentication services. John the Ripper: is used for the detection of weak passwords. Nmap: For the checking of computers, applications and devices that they are running or not, it is certainly used tool. Snort: this tool gives the idea about traffic analysis and packet logging. MBSA: MBSA is an active security tool and its focus is only on window operating system. MBSA is easy to use and it provides a modernize method to identify the misconfiguration related to security and missing security updates. There are inbuilt checks in the MBSA to detect the presence of windows administrative vulnerabilities. It determines the updates for security for individual system. The important feature of MBSA is that it can scan the computers by using the domain or IP address range. After the detection it gives a complete report and instructions that helps in turning the system towards more secure environment. It displays the individual computer reports in graphical user in the HTML. Use in real life: The user must be a window user to use it. users can select any or all of the following, from the MBSA menu: Weak passwords IIS administrative vulnerabilities SQL Server administrative vulnerabilities Updates related to security It also provides an expanded list that is helpful during scripting, scanning on particular computers and managing the security scans. List contains: Listfile is used to Create list of machines to scan Cabpath gives idea to Choose the location of the offline catalog Rd option is used to share complete report to a particular directory Using xmlout feature compact version can be used for local computers instead of entire package. Next to the selection of suitable option, MBSA automatically update Microsoft for the latest cataog. MBSA scanning is completed using the WSUS admin. In the absence of internet connectivity, MBSA use offline catalog for scanning purposes. A complete scan report following the scanning displays the WSUS server used and the date on which the offline catalog is used. If it is found during scan in the MBSA report that it is older than 7 days, then report will tell that a new scan must be performed to get an up to date security. References: Edwards, J.,(2008), The 10 Best Free Security Tools, https://www.itsecurity.com/features/10-best-free-security-tools-011708/ Matthew, P., Top five free enterprise network intrusion-detection tools, https://searchsecurity.techtarget.com/tip/Top-five-free-enterprise-network-intrusion-detection-tools Murphy, M.(2015), https://www.slideshare.net/MarkMurphy15/markmurphycs652ip5 Rains, T.,(2012) Chief Security Advisor, Microsoft Worldwide Cybersecurity Data Protection, https://blogs.microsoft.com/cybertrust/2012/10/22/microsoft-free-security-tools-microsoft-baseline-security-analyzer/