This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Vulnerabilities of Windows and Linux Servers

This essay is written by:

Louis PHD Verified writer

Finished papers: 5822

4.75

Proficient in:

Psychology, English, Economics, Sociology, Management, and Nursing

You can get writing help to write an essay on these topics
100% plagiarism-free

Hire This Writer

Vulnerabilities of Windows and Linux Servers

Organizations are always faced with threats that make their server vulnerable. As the Information security officer at a medium-sized company, I will identify and describe three risks that may cause the Windows and Linux server of the company vulnerable. One of the vulnerabilities of the Windows server in the company is the Windows 10 Wi-Fi sense contact sharing (Sinha, 2019). Automatically, Windows 10 is prone to sharing Wi-Fi credentials to Facebook contacts, skype, and outlook, in an attempt of making Wi-Fi sharing and hotspot easier. Therefore, these contacts can get access to the Wi-Fi network without being authorized, thus leading to compromises of information of the company. Another Windows shortcoming is Win32k evaluation of privilege (Sinha, 2019). This shortcoming is present in the Windows 10 graphic user interface component, which allows the hackers to gain control of a Windows machine via privilege escalation. The third vulnerability of Windows is the redirect to the server message block (Sinha, 2019). This is a shortcoming that can impact all the versions of Windows. The Windows user gets redirected to a malicious server message block-based server, where their credentials are vulnerable to theft.

Linux servers in the company also have shortcomings. The first one includes programming defects (Sinha, 2019). Most of the security updates offered by Linux solve one or more programming defects. Each of these security updates offers different security risks to the Linux server. Another vulnerability of the Linux server in the company is weak configurations (Sinha, 2019). Software packages are known for coming with their setting. The configurations usually instruct the software on how it should be operated and what logic steps should be applied or avoided. While most of these default configurations are functional, some may negatively impact the security measures of the server. The third vulnerability is the CVE-2017-18202, which affects the before 4.14.4 versions (Sinha, 2019). The shortcoming lies in the file that helps kill a process when the memory runs low. The vulnerable version of the data might mishandle operations; therefore, opening doors to hackers, or possibly triggering a copy_to_user call.

Ways to Keep Up to Date on the Vulnerabilities

There are various ways to ensure that any case of Windows server and Linux server shortcomings are identified. Through installing high priority updates, I can be kept up to date on matters concerning the vulnerability of the servers (Feeser et al., 2019). Through these updates, any form of unauthorized access is made known; therefore, the server will be protected and is maintained to run smoothly. By installing and running a Microsoft baseline security analyzer, I can know about the shortcomings of the Windows server (Feeser et al., 2019). This software scans the Window-based computers for any security misconfigurations and eventually generates individual security reports for each node that it scams. Therefore, whenever there is any shortcoming with the windows server, it is reported through the scan and can be easily fixed. Through the use of the package manager, I can keep track of the shortcomings of the Linux server. The package manager will allow me to update the Linux server with one command; therefore, making me aware of any bridges of security.

Recommendation for a More Secure Server Infrastructure

The company should make a routine to run a network security audit. The audit should cover the firewall configurations and check whether the firewall configurations are up to date and protected from the exploitation by hackers. The review should also include asset identification, which is essential as it helps identify any potential weakness and identify ways of fixing it. The company should allow the staff to be trained in cybersecurity awareness. The training will help the employees to know the risks that exist and how to fix some of the risks. The organization should limit the number of people who can access the servers of the company. The employees should be restricted to having only minimum-level access to the servers; therefore, preventing unauthorized persons from stealing the organization’s data.

 

 

References

Sinha, S. (2019). Finding Command Injection Vulnerabilities. In Bug Bounty Hunting for Web Security (pp. 147-165). Apress, Berkeley, CA.

Feeser, C., & Spreha, C. A. (2019). U.S. Patent No. 10,430,209. Washington, DC: U.S. Patent and Trademark Office.

 

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask