• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.701 ■ Spring 2021 ■ Jose Gomez
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Cyberattack: The Maersk Global Supply-Chain Meltdown
    • Participation
    • Team Project
  • Harvard Coursepack
  • Gradebook

My question to discuss with my classmates

March 10, 2021 by Jose Gomez 51 Comments

Filed Under: 09 - Host Hardening Tagged With:

Reader Interactions

Comments

  1. Zibai Yang says

    March 12, 2021 at 10:48 am

    Why do we need to manage users and groups?

    Log in to Reply
    • Anthony Messina says

      March 16, 2021 at 8:32 am

      Users and groups need to be managed to ensure proper permissions are applied. We created user and groups to segment everyone’s access to resources. If we as security professionals did not create specific users and groups with specific permissions then it would just be a free-for-all as to what data people could access. This in turn would lead to a compromised system or environment relatively quickly.

      Log in to Reply
    • Austin Mecca says

      March 16, 2021 at 5:19 pm

      Without managing users and groups, you are leaving the door open for either mistake where either someone has permissions well above what they need or you may even have an account that is for an employee that no longer works there and if fit falls into the wrong hands can be used by an attacker without being detected due to it being an account on the network. Having users and groups also puts up internal borders so that teams can mainly only access the things they need and to access anything else they would need approval from a supervisor or clearance from security/compliance.

      Log in to Reply
    • Prince Patel says

      March 16, 2021 at 10:07 pm

      managing users and groups helps with access management, permissions management, authentication, assign roles. This is critical for the organization to function secure its information systems. Windows Active Directory is the industry leader that helps manage users and groups in the systems architecture of a domain network.

      Log in to Reply
  2. Wenyao Ma says

    March 12, 2021 at 11:30 am

    Do you think virtualizing servers can make them more secure?

    Log in to Reply
    • Zibai Yang says

      March 15, 2021 at 9:31 am

      There is no absolute security in the computer field, only relative security, and virtual machines are no exception. For example, Rootkit is a special kind of malicious software. Its function is to hide and designated files, processes, network links, and other information on the installation target. A rootkit is more commonly used in combination with Trojan horses, backdoors, and other malicious programs. Such attacks usually do not trigger automated network security control functions, such as intrusion detection systems.

      Log in to Reply
  3. Cami Chen says

    March 13, 2021 at 12:07 am

    What does the IT profession often ignore vulnerabilities in virtualization?

    Log in to Reply
    • Haozhe Lin says

      March 14, 2021 at 6:11 am

      IT industry often ignores some loopholes in virtualization, I list a few examples.
      1. VM Escape
      VM escape is a process that separates from its virtual machine and runs interactively on the host operating system. A virtual machine is “a client operating system that is completely isolated from the normal host operating system.” The risk of virtual machine escape mainly exists in the VMware SDK before 2020.
      2. VM sprawl
      When the number of virtual machines on the network reaches the level that administrators can no longer effectively manage them, virtualization sprawl will occur. There are two reasons for this: first, over-allocation of virtual resources (CPU, memory, or disk); second, unlimited virtual resource allocation strategy.
      3. Hyperjacking
      Hyperjacking attack enables hackers to control the virtual layer maliciously by creating a virtual environment in the virtual machine host. The target of the attack is the operating system under the virtual machine, which makes the attacker’s program run on the virtual machine, and makes the virtual machine completely ignore the existence of the running program.

      Log in to Reply
  4. Xinyi Zheng says

    March 13, 2021 at 1:30 am

    Why is it important to get approval in writing before conducting a vulnerability test?

    Log in to Reply
    • Anthony Wong says

      March 16, 2021 at 12:17 pm

      It is important to get approval before conducting a vulnerability test because this is the main difference between an ethical and unethical hacker. The approval will sign off on the rules of engagement and provide a scope for the ethical hacker to perform. The scope will detail what systems will be tested, the date and time the test will occur, what penetration tactics will be used, etc. Additionally, there are legal implications if approval is not received prior to conducting the test.

      Log in to Reply
  5. Humbert Amiani says

    March 13, 2021 at 3:10 am

    Do software-based/virtual router software offer comparable security to box-based routers with integrated hardware and software?

    Log in to Reply
    • Krish Damany says

      March 16, 2021 at 7:20 pm

      Depending on the size of the organization’s network, a software-based router could do the same job as a box-based router at a lower cost if the network is small as well. I would say that for the best security overall, hardware-based solutions would be better for larger networks and smaller networks alike. The cost factor has to align with the organization’s budget, however.

      Log in to Reply
  6. Haozhe Lin says

    March 14, 2021 at 6:04 am

    What would you say is easier to harden? A Windows Server or a Linux Server?

    Log in to Reply
    • Cami Chen says

      March 15, 2021 at 11:17 pm

      In my opinion, I would say Windows Server is easier. Since Windows has many users, we can find many solutions via the internet. Also, I have been using Windows for many years. When I try to set up something on my PC, I can easily find it out. However, I will need to research before I make changes to Linux. After having a little bit of experience in Linux Server, I feel like they have similar ways to build the system but use different formats, for example, both systems have an admin account, Windows is admin, which it can change the name and create a fake admin account, and Linux is the root, which it cannot change the name.

      Log in to Reply
    • Anthony Messina says

      March 16, 2021 at 8:46 am

      From a pure hardening standpoint, I think they are equal. You assign appropriate permissions to users in either OS, makes sure no vulnerable services are running, listening ports can be accessed by authorized users and services, ect. In the long run however, I think a Linux server would be easier to harden. Assuming you have fluent experience with both operating systems. The major reason being that more corporations use windows devices and servers. This means a majority of the exploits attackers are constructing will be geared towards Microsoft devices. This is not to say there are not attacks for Linux machines, because there are plenty. . Also, since everything on a Linux machine is a file, I believe it would be easier to locate malicious software on the machine with the proper training and methodology.

      Log in to Reply
    • Kelly Conger says

      March 17, 2021 at 4:45 pm

      I’d like to say Linux is easier to secure, but Microsoft is catching up. In the past few editions of MS Server, you have been able to install the OS in a server core mode that doesn’t install a GUI environment and is command-line only. It also installs the bare minimum services and applications to decrease the potential attack surface. While server core still has vulnerabilities, there are fewer than when the GUI (Desktop Experience) environment is installed as well. Also, windows server (and win10 as well) have windows update turned on by default and will even reboot the server when necessary. I agree with Anthony, it’s probably a flip of the coin right now as far as what OS is more secure out of the box. You also have to consider that Windows is a far more popular desktop OS and therefore has a Larger hacker audience.

      Log in to Reply
  7. Priyanka Ranu says

    March 14, 2021 at 3:35 pm

    What are the benefits of virtualization?

    Log in to Reply
    • Kyuande Johnson says

      March 14, 2021 at 11:49 pm

      Reduced capital and operating costs.
      Minimized or eliminated downtime.
      Increased IT productivity, efficiency, agility and responsiveness.
      Faster provisioning of applications and resources.
      Greater business continuity and disaster recovery.
      Simplified data center management.

      Log in to Reply
    • Wenyao Ma says

      March 15, 2021 at 4:43 am

      Good question. I think server virtualization can make more efficient use of resources, but the virtual server itself still needs to be set up with the same Settings as the actual hardware dedicated to the server. In addition, you also need to properly configure the hypervisor to ensure that the server is running safely.

      Log in to Reply
    • Zibai Yang says

      March 15, 2021 at 9:36 am

      Simply put, virtualization is to run multiple “virtual servers” on one physical server. This kind of virtual server is also called a virtual machine. On the surface, these virtual machines are independent servers, but they share the CPU, memory, hardware, network card, and other resources of the physical server. Currently, popular virtual machine software includes VMware and Virtual Box. Through virtual machine software, one or more virtual computers can be simulated on a physical computer. These virtual machines work exactly like a host, enabling users to allocate computer resources flexibly and efficiently.

      Log in to Reply
    • Xinyi Zheng says

      March 15, 2021 at 6:26 pm

      I think for most companies, the cost of virtualization is cheaper than installing a actual IT infrastructures. By virtualization, it don’t need to find a space and funding to create an on-site resource, just need to purchase the license or the access from a third-party provider. Besides, virtualization can help to increased productivity. With virtualization, admins don’t need to monitoring and check hardware and system anytime, balanced the internal IT resources.

      Log in to Reply
    • Junhan Hao says

      March 16, 2021 at 4:43 am

      Through server virtualization, more virtual servers can be virtualized on fewer servers, which greatly reduces the hardware costs of enterprises purchasing servers and arranging computer rooms. At the same time, from an environmental perspective, virtualization can reduce the power consumption of enterprises, because servers are generally turned on for 365 days, and costs such as air conditioning to cool the servers are accumulated over a long period of time.

      Log in to Reply
  8. Krish Damany says

    March 14, 2021 at 6:46 pm

    With the Internet becoming more prevalent, does Cloud Computing make sense for all applications of an organization?

    Log in to Reply
  9. Jonathan Castelli says

    March 14, 2021 at 7:58 pm

    What is the best vulnerability management software tool? Why?

    Log in to Reply
    • Kyuande Johnson says

      March 14, 2021 at 11:54 pm

      There isn’t necessary a best vulnerability management tool. The tools you decide to use will vary depending on your organizations goals and funding. The most popular vulnerability tool is Nessus and Qualys. Both of these Vulnerability Scanners help you reduce your organization’s attack surface and ensure compliance. They also features high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more.

      Log in to Reply
      • Jonathan Castelli says

        March 16, 2021 at 7:56 pm

        I set you up…I work for the company which makes Nessus and know the developers. We are the most accurate vulnerability assessment tool on the market.

        Log in to Reply
        • Kelly Conger says

          March 17, 2021 at 4:55 pm

          HA!! We use Nessus and love it. I have no idea how much it costs, but I’m assuming it’s not cheap.

          Log in to Reply
  10. Zhen Li says

    March 14, 2021 at 8:10 pm

    Based on the different access permission in the Windows and UNIX, which one is better?

    Log in to Reply
    • Junhan Hao says

      March 16, 2021 at 4:37 am

      Hi zhen, I think unix is better in granting access permission. The server process usually runs under a special user account on the Unix system, which means that after successful intrusion through the network, the intruder can only get the permissions of the user account corresponding to the service. In most cases, these users are ordinary users, and most malware requires an administrator account to work properly.

      Log in to Reply
  11. Anthony Wong says

    March 14, 2021 at 8:10 pm

    Is voice recognition an effective type of authetication?

    Log in to Reply
    • Priyanka Ranu says

      March 15, 2021 at 1:54 pm

      I am not sure if voice recognition is an effective of authentication, but it definitely offers some advantages. One of the advantages is increased security where the method of authentication acknowledges the voice, character, and other factors that affect the sound. This reduces fraud as the biometric channel can quickly identify a different voice. Another advantage is accuracy which is more reliable than the use of passwords that can be easily compromised. Voice cannot be changed, recreated, or forgotten as in the case of passwords. Voice authentication could be an effective method of user identity as it offers adequate layers of security but this can definitely be debatable.

      Log in to Reply
    • Austin Mecca says

      March 16, 2021 at 9:26 pm

      I think at the stage that voice recognition software is at, it is not currently an effective type of authentication. However I do believe that down the road as tech continues to improve that it can be an effective way, especially if your voice is initially captured and compares every time you go to authenticate to that initial voice. With that being said, just like the facial recognition video where a mask was able to bypass it, there are going to be ways to bypass this. I think its most useful position would be to have to voice command to obtain physical access where there is also a camera so someone can analyze the ID of the voice with the live feed of the camera.

      Log in to Reply
  12. Heather Ergler says

    March 14, 2021 at 10:18 pm

    Where are passwords stored in Windows vs Linux? Is either of their locations for storage a security concern? Why?

    Log in to Reply
  13. Anthony Messina says

    March 14, 2021 at 10:45 pm

    How do patch management servers help companies handle deploy updates/patches?

    Log in to Reply
    • Xinyi Zheng says

      March 15, 2021 at 6:08 pm

      In the most time, users an admins may ignored recommended patches, and it’s difficult to ensure all systems are adequately patched. Patch management servers can help users to ensures all updated and patched were implement on time, and check systems and devices to see which ones are secure and which are vulnerable. Software patches and updates are important, they can prevent software and systems from known vulnerabilities.

      Log in to Reply
  14. Mei X Wang says

    March 14, 2021 at 11:05 pm

    What are some techniques and tools that can be used to harden a system?

    Log in to Reply
    • Kyuande Johnson says

      March 15, 2021 at 12:01 am

      Operating System Security Harding includes:
      Automatically applying OS updates, service packs, and patches
      Removing or disabling non-essential software, drivers, services, file sharing, and functionality, which can act as back doors to the system
      Requiring all users to implement strong passwords and change them on a regular basis
      Logging all activity, errors, and warnings
      Restricting unauthorized access and implementing privileged user controls

      Log in to Reply
  15. Kyuande Johnson says

    March 14, 2021 at 11:20 pm

    What are some back up methods used to protect the availability of data?

    Log in to Reply
    • Xinyi Zheng says

      March 15, 2021 at 6:35 pm

      I think back up your data in the Cloud is a effective method. By Cloud, the data was stored in a remote location, we can access that at any time by network, and this is cheaper than some other physical backup. Also, the Cloud services keep data safe with end-to-end encryption, it increase the security of this method.

      Log in to Reply
    • Anthony Wong says

      March 16, 2021 at 12:30 pm

      One method is to use a redundant array of independent disks (RAIDs). RAIDs provide a way of storing the same data in multiple hard drives to help with data redundancy and the available of data. These disks can be located in a back up data center in case there’s an event of a disaster. .

      Log in to Reply
  16. Ting-Yen Huang says

    March 14, 2021 at 11:40 pm

    Is there a kind of server that needs very little backup?

    Log in to Reply
  17. Prince Patel says

    March 14, 2021 at 11:52 pm

    How can operating systems in servers be hardened?

    Log in to Reply
    • Zibai Yang says

      March 15, 2021 at 10:40 am

      Create a virtual security policy
      We usually have a security policy in a physical environment, but we also need this security policy in a virtual environment. Many of them can be used in combination, but many aspects are different from the physical environment’s security policy.
      Collaboration between departments
      Virtualization generally involves various departments of the entire enterprise, so it is also prone to security accidents. It is necessary to ensure that communication can be kept open and open to all company departments in conflicts and safety accidents.
      Create virtual endpoint security
      Traditional firewalls and intrusion prevention monitoring systems can play many roles in virtual environments and are transplanted to cloud architectures. Virtual firewalls and IPS need to be deployed at certain key architectural points. Similarly, we cannot ignore the monitoring and tracking of enterprise integrated security information and event management systems.
      Inherit administrator privileges
      Role-based access control can do a lot in virtual environments. Management access authority settings can continue to be adopted according to priority rules.

      Log in to Reply
  18. Austin Mecca says

    March 15, 2021 at 12:00 am

    What is the biggest benefit that Windows provides over Linux?

    Log in to Reply
    • Anthony Messina says

      March 16, 2021 at 8:51 am

      Honestly, from my personal stand point, I don’t think Windows offers any benefit over Windows. Bare in mind I have some familiarity with Linux. I am no expert in Linux, but the more I use it, the more I enjoy it over Windows. That said, for the masses, Windows offers one major benefit, EVERYONE uses it! I assume that 95% of most companies are Windows based. That means if a user has a Windows question, or an admin doesn’t know how to do something, there are plenty of people to ask for help, or plenty of sites on the web you can leverage to find an answer.

      Log in to Reply
    • Jonathan Castelli says

      March 16, 2021 at 7:59 pm

      I agree with Anthony. Linux is often my preference but Windows is definitely more user friendly. I think that’s the only benefit to using Windows vs Linux.

      Log in to Reply
  19. Vanessa Marin says

    March 15, 2021 at 12:00 am

    How would you manage the security configurations for servers that are in different countries across your organization?

    Log in to Reply
  20. Junhan Hao says

    March 15, 2021 at 2:24 am

    What is the name of Microsoft’s sever operating system? What security protections do recent version of this operating system offer?

    Log in to Reply
    • Zhen Li says

      March 16, 2021 at 5:22 pm

      Windows Server 2019 is the latest version of the Windows Server server operating system by Microsoft, as part of the Windows NT family of operating systems, developed concurrently with Windows 10 version 1809. There are security protections the Windows Server 2019 provide: 1. New Shielded VM Improvements.
      2. Device Guard Policy Updates without Reboot. 3. Kernel Control Flow Guard (CFG)
      4. System Guard Runtime Monitor. 5. Virtual Network Encryption. 6. Windows Defender ATP Agent Included OOB.

      Log in to Reply
  21. Kelly Conger says

    March 17, 2021 at 4:56 pm

    Speaking of User and Group security, What is your opinion on shared accounts?

    Log in to Reply
    • Vanessa Marin says

      March 21, 2021 at 10:28 pm

      A serious security threat. I don’t know of any company now that even engages in the idea of shared accounts. Accountability being the main reason. If the account is shared, how is it possible to identify who the current user is. I can’t even think of an example of where shared accounts are still used… Can you?

      Vanessa

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (2)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (6)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (6)
  • 11 – Data Protection (4)
  • 12 – Incident and Disaster Response (5)
  • 13 – Review (1)
  • 13 – Team Project Presentations and Review for Final (1)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in