: In this project, you will explore both CVE and NVD. : Answer the following questions and upload to the Blackboard tab. Vulnerability feeds are available to provide updated information

: In this project, you will explore both CVE and NVD. : Answer the following questions and upload to the Blackboard tab. Vulnerability feeds are available to provide updated information to scanning software about the latest vulnerabilities. One of the most highly regarded vulnerability feeds is the Mitre Common Vulnerabilities and Exposures (CVE). 1. Open your web browser and enter the URL . 2. Hover over and click on 3. This page gives a brief overview of CVE. Read through the information regarding CVE. 4. Next Hover over , click , and click on . Now that you have a better idea of what the CVE list is designed for let’s use it to cross-reference a current security situation in the United States. The SolarWinds massive security hack took place throughout 2020. This attack compromised thousands of US government-owned systems, among countless other systems where the software was integrated. SolarWinds has been a highly valued company for many years and is known for some of the best Network Management software on the market. SolarWinds is a top performer in their field. The Orion platform, which they produce, is designed to manage many different infrastructure areas under the hood of a single piece of software. Orion is what was in the heat of the controversy. The SolarWinds actual supply chain was compromised, and a nation-state threat actor was able to insert a modified .dll file into their source code repository. When updates got pushed out to their users, the infected files were then brought over to systems worldwide. At that point, the remote attacker could bypass authentication and execute API commands on the software. Linked below is a high-level overview of how the attack took place. I recommend reading the article, it’s very interesting. 5. Navigate back to the CVE Mitre site and scroll up to the top of the page. Click . 6. Search “SolarWinds Orion” to display the CVE entries. 7. Locate : CVE-2020-10148 and click into it. The CVE will provide a brief overview of the vulnerability and provide references supporting its release. A lot of the time this will be an official statement provided by the company. 8. Under click on “CONFIRM:https://www.solarwinds.com/securityadvisory” to read more about the advisory notice released by SolarWinds along with fixes. 9. Navigate back to the SolarWinds CVE record. Notice next to the CVE-ID it says, “Learn more at National Vulnerability Database (NVD)” This is where you can find more detailed information and version numbers of the software that has been affected. to view this database and how it relates to the CVE. The National Vulnerability Database (NVD) is managed by the U.S. government as a repository for security checklists, vulnerability management data, software flaws, misconfigurations, product names, and their impacts. This data enables automation of vulnerability management, security measurement, and compliance. 10. Navigate to the National Vulnerability Database home page. 11. Click the plus sign next to General. 12. Click FAQ. 13. Click General FAQs. 14. Read through the material. 15. Return to the home page and again click the plus sign next to General. 16. Click NVD Dashboard to view the latest information. 17. Scroll through the Last 20 Scored Vulnerability IDs & Summaries. 18. Return to the home page and again click the plus sign next to General. 19. Click Visualizations to display graphical information. 20. Click Vulnerabilities – CVE. 21. Click Description Summary Word to display a bar graph of the most common words used as part of a vulnerability description. Hover over the three highest bars to view the three most frequent words used. 22. Return to the NVD Visualizations page: . Click Products – CPE. View other vendors by hovering over the bars. 23. Return to the home page. and click the plus sign next to “Other Sites”. 24. Click Checklist (NCP) Repository. 25. This page displays a form you can use to search for checklists, benchmarks, and secure configuration guides. This repository provides guidance on applying these security configurations and best practices to operating systems and applications. Now let’s look at the Department of Defense (DOD) recommend best practices for applying and modifying Group Policy Objects on Windows Server 2019. Group policy is what defines user/computer configurations and security access of an operating system. These group policy objects (GPOs) control what the computer is allowed to do and what the user is allowed to do in the OS. 26. Click the dropdown box and select Microsoft Windows Server 2019. 27. Under resources click on 28. Download the check list resource and unpackage the zip file by double clicking on it. Open the folder. 29. Open the folder. Open folder. 30. Open: 31. Under expand expand This is the recommended password guidance for the most secure environment. It shows the recommended length and setting that should be applied to Windows Server 2019. This is just one example of many thousands of GPOs that can be imported into any OS. By adopting and applying these policies to an operating system, you are creating a more secure environment. 32. Finally navigate the GPO list and find three other policies you find important from this list.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.


Click Here to Make an Order Click Here to Hire a Writer