Riyad ITE2301 Assignment 01

MMM.RIYAD
E07410073

ASSIGNMENT 01

ITE 2301
Riyad ITE2301 Assignment 01

a) Give your company a name.

Robusta solutions PVT LTD.

(b) List the computer services that you will provide to the home users.

Antivirus services

Cabling services.

Firewall services.

After sale configuration services.

24/7 hotline services.

Vulnerability assessment.

Security training services.

Consulting services.

Anti spying

Anti spamming

Backup services

Secure cleaning services.

(c) List the computer services that you will provide to the companies.

Security consulting services

Security training services

Antivirus services

Firewall services

Networking and configuration services

Encrypted email services

Network intrusion and prevention services

Anti spamming
Riyad ITE2301 Assignment 01

Anti spying

Network monitoring services.

Decrypting and decoding.

Secure cleaning

Network IP scanning

Protocol analyzing

(d) Provide a list of software programs that you will use. Indicate the type of service that you will
provide using each software program. You may also use more than one software program to provide
same service.

• Antivirus services
AVG free editions.
Avast !home editions.
Clamwinfree antivirus.
• Firewall services
Untangle firewall services
Sygate personal firewall.
Zone alarm free.
• Encrypted email services
SBwave encryption service.
• Anti spamming
Mail washer
• Anti spying
Ad-awarefree
Apybot (S&D)
• Network monitoring services.
Check host.
Corner bowl log manager.
• Secure cleaning
Free windows cleaner.
Bleach bit
• Network IP scanning
UDP flood 2.0
Blast 2.0
• Protocol analyzing.
Smart shift 1.5
• Network vulnerability assessment.
SSA (security system analyzer).

(e) Provide the National Archives with a report specifying what they have to do when
they setup their data center.
Riyad ITE2301 Assignment 01

From: Riyad
To : Manager national archives
Subject: process of setting up a data center.
Date: 19-09-09

1. Feasibility study:
Since the national archives are focusing data integrity with this project it has to do a
feasibility studies. On this matter it can use several tools like PESTEL, SWOT analysis.PESTEL is
Where the data center or the project has to be looked in context of
poltical,economical,social,Technical,ecological and legal aspects. It has to analyze each of these
tools and come to a conclusion with a viable report.

ROI:
Further national archive center should look into the return on the investment since it is
gona charge a fee on its content and the duration of the payback also should be considered.

2. Cost of the data center:

Another important aspect that national archive should consider is the cost of the project
and the availability of the funds to go ahead with the project. When we say cost it is the cost of
hiring employees buying servers and setting a lab to keep the servers and other security
installation cost which helps to prevent from vulnerability. They should ensure a availability of
fund to make the data center success.

3. Infrastructure of the data center:

Here we have to look into the premised suitable for setting up a data center. Do we
need to buy new premises? Or do we have to upgrade our old premises. When it comes to up
gradation we have to consider about the wiring of network cables, wiring of the electrical
systems and its vulnerability on long run. Further we have to look the location for the sever
installation are there are secured places? And so on.

4. End user Flexibility:

This is a key aspect when setting up a data center. The national archive should look into
the end users convenient of accessing and it should consider the latest technological
revolutionaries to be implemented.

5. Implementing the above analysis:

Once the national archives are done with its analysis it has to implement the outcome
to setup the data center. It has to buy the relevant equipment including servers and other
routers and other electrical items like air conditioners. Once the purchasing the fixed assets is
done it can outsource the data cabling and the networking to a third party or itself can do the
cabling part. Further when buying a servers National archives should consider its existing
database and should match with that so it can be implemented with more backup and data
access facilities. Further it has to setup a project team with a manager and with a deadline in
order to get a robust output of the project. National archive should look into the legal
Riyad ITE2301 Assignment 01

requirements as well with the relevant departments.

6. Monitoring and evaluation:

Once the implementation is on process national archive center should look into the
progression of the project and its output. There should be a cyclical evaluation to determine its
security threats and vulnerability .In order to do those national archives can set up project
milestones and measures it easily.

7. Security aspects:
The national archive should adopt strict security policies to prevent data centre from
unwanted attacks and intrusion. It can be in the form of malicious attacks, hacking, theft and
physical damages. There should be proxy firewalls to disable unwanted access to the system and
proper anti viruses need to be installed. Further there should be proper passwords and user
rights for the user to prevent theft and data migrations. Further to avoid from physical damages
there should be proper server rooms with fully equipped anti fire system and etc.Further there
should be anti spy spamming services to protect the network from unwanted accesses and
damages. Another important aspect is network monitoring to view the unauthorized access
from hacker and crackers. Further there national archive should implement security aspects to
ensure data integrity, reliability, and redundancy. Another important aspect is data privacy, the
national archive should install software’s like max pc privacy software to maintain the privacy of
the information among the users.

8. Completion of the project:

Finally it should run a test on user requirement match and close the data center
project and start its operations. Further national archive should train its staff on the data center
operations in order to deliver a precise service.

(f) Provide the National Archives with a report specifying how they can classify their
information. You must pay specific attention to different kinds of information handled by the
National Archives.

From: Riyad
To : Manager national archives
Subject: classification of the information of national archive.
Date: 19-09-09

• Confidential information
These are information which gives authorizations to irrelevant parties. in national
archive center we can see Technical and Scientific advice on conservation and
restoration of records is confidential information. These advices should be relevant to
the individual organizations and others should not be able to access it. Other access on
this information can lead to reputation as well as legal damage. Further under this
category national archive can classify advices on research and research taking also since
it has some confidentiality on its information with relevant to the organizations.
Riyad ITE2301 Assignment 01

• Restricted information
These are information like Advising to public offices on microfilming of records. It should
restrict other department from accessing the information within the public office which
can lead to financial as well as legal damages. Hence the national archive should classify
this accordingly.
• Secret information
These are highly secret information which can lead to severe damage in financial legal
and other attributes of an organization. In national archive center we can classify
producing documents in Courts and giving evidence on request as secret information.
• Unclassified information
These are information anyone can view without any restrictions like providing historical
and administrative information, prepare publications on professional themes, and
conduct lectures on archives and records management and conservation classified
under this category. Anyone would be able to access this since this doesn’t carry
sensitive information.

(g) Explain in a step-by-step manner how you would do the network mapping

The national archive has 3servers, 7computers, 3laptops,2 printers, 2scanners and one related
networks connected to the network. It has internal network, partner network and a wireless
network.

First we need to connect the whole network to the internet through a router. The router should
be connected to a firewall to prevent from unwanted access of malicious and other attacks.
Once we are connected to the firewall we need to connect the switch for the internal network
and from the switch we need to connect the pcs related to the internal network directly to the
switch and the printer which we need to use in the internal network. Further we have to
connect the scanner as well to the switch.

The DNS server should be connected to the internal network of national archives to translate
the IP addresses into the relevant names. Further we have to connect to SMTP server for the
national archives for mail services.

Once we mapped the internal network we have to connect the partner network using a router
and we have to connect the FTP server for file sharing to that router.

Further with a switch we have to connect a wifi router to connect the research teams’ laptops in
the network with password option.

Using internet and a router the national archive can connect to the relevant division of its which
is on the other locations.

Basically the above mapping is done by using routers, switches, and a firewall for the entire
system.

We can use software’s like packet tracer for mapping purpose.

Riyad ITE2301 Assignment 01

( h) Identify a free and open source (FOSS) software program that you can use for this
purpose.

The national archive network can assess its vulnerability using the SSA security system
analyser.Our company Robusta uses the version 1.5.2 which give the assessment result on html
format.

(i) Explain in a step-by-step manner how you would do the vulnerability assessment.

Vulnerability assessment can be done using vulnerability scanners or software as I mentioned

earlier. Basically vulnerability is the process of identifying, quantifying and prioritizing the
vulnerability in the system. When the scanner runs the assessment it looks into the risk area of
the system, assigning quantifiable value, identifying vulnerability and threats and mitigating the
most vulnerable areas of the system.

With the vulnerability scanner we have to install the software and simply run the scanner. Once
the scan completed simply we can view the report from the report option.

(j) Using the above selected software program, conduct a vulnerability assessment of your
own computer. Provide a detailed report on the assessment.

Please find the vulnerability assessment report below.

OVAL Results Generator Information

OVAL Definition Generator Information
Schema Version Product Name Product Version Date Time
Schema Version Product Name Product Versio
OVAL
2009- ThreatGuard,
5.3 Definition 5.3 Build: 20 00:58:46 5.2
09-20 Inc.
Interpreter

System Information
Host Name riyad.icl.group
Operating System Microsoft Windows XP Professional Service Pack 3
Operating System
5.1.2600
Version
Architecture INTEL32
Interface Intel(R) PRO/Wireless 2915ABG Network Connection -
Name Packet Scheduler Miniport
IP Address 0.0.0.0
Interfaces MAC Address 00-12-F0-9E-62-54
Interface
WAN (PPP/SLIP) Interface
Name
IP Address 123.231.61.254
Riyad ITE2301 Assignment 01

MAC Address
00-53-45-00-00-00
OVAL System Characteristics Generator Information
Schema Version Product Name Product Version Date Time
5.3 OVAL Definition Interpreter 5.3 Build: 20 2009-09-20 00:58:46
Oval Definition Results
True False Error Unknown Not Applicable Not Evaluated
OVAL ID Result Class

oval:org.mitre.oval:def:521 true inventory

oval:org.mitre.oval:def:105 true inventory

oval:org.mitre.oval:def:563 true inventory c

oval:org.mitre.oval:def:627 false inventory c

http://www.microsoft.com/technet/security/bulletin/MS07-03
2007-
oval:com.threatguard:def:427 false patch
033oval:org.mitre.oval:def:1902oval:org.mitre.oval:def:1396o

oval:org.mitre.oval:def:229 false inventory c

oval:org.mitre.oval:def:325 false inventory

oval:org.mitre.oval:def:565 false inventory c

Riyad ITE2301 Assignment 01

oval:org.mitre.oval:def:1935 false inventory c

oval:org.mitre.oval:def:228 false inventory

oval:com.threatguard:def:263 false patch http://www.microsoft.com/techn

oval:com.threatguard:def:260 false vulnerability

oval:com.threatguard:def:259 false inventory

oval:org.mitre.oval:def:165 false inventory cp

oval:org.mitre.oval:def:480 false inventory