Questions (Provide a minimum 100-word, fact-based response for each question. Be quantitative, show lab results, and show in-line citations, where appropriate. Include overall reference list at the end.)
1. Focus on the overall "security assessment" risk rating that appears at the top of your report. Considering what security measures you (or the computer owner) have undertaken for your computer, does the assessment surprise you? Why or why not? What measures should you plan to undertake if the green checkmark did not appear?
2. a. What does MBSA do to check for weak local account passwords? b. Why is it important to have a strong password on local user accounts especially in a corporate environment? c. Explain why it is important to have a password expiration policy set.
3. Malware can affect a computer in multiple ways. Having automatic updates turned off, not allowing Windows to update, and disabling the Windows firewall and setting exceptions in the Windows firewall are all tell-tale signs of this. Explain a. how malware is able to accomplish this, and b. also what type of malware could be used. Please be as specific and fact-based as possible regarding types of malware using credible references to support your answers. (Answer must be APA compliant)
4. On local machines (home) computers, it is traditionally acceptable to have Windows automatically update the system with patches. In a corporate environment, typically system administrators will set domain computers to manually install updates. Through this process, the administrators will decide if a patch is necessary for their environment 's standard operation expectancy (SOE).
Typically they would use Windows Server Update Services (WSUS) to push out the updates to the computers, which is a highly time consuming process. Conficker is one of the most recent examples of an infection that leveraged a vulnerability that could have been avoided through a patch had already been released. Yet, it spread like wildfire, infecting millions of corporate environments.
· Explain what Conficker is, which systems were vulnerable, which vulnerability it exploited, which Microsoft patch fixed the vulnerability, and the reason(s) that it is necessary to test new patches as they are released. Please be as specific and fact-based as possible regarding types of malware using credible references to support your answer. (Answer must be APA compliant)
· How would MBSA be used to detect the missing patch in a corporate environment?
If you were preparing the next version of MBSA, what new feature would you add? Why?