Project package 1

Monroe College


Prof. Daneshmandnia


Project 1:

SANS Reading Room Objectives: Because of the complexity of information security, it is important for IT security workers to be skilled at researching a variety of topics, from specific threats and vulnerabilities to industry regulations and policies. In this lab, you become familiar with a reputable source for security information and investigate a type of attack called social engineering. After completing this lab, you will be able to:

A)-  Discuss the breadth of resources available in the SANS Reading Room

B)- Define social engineering

C)- Discuss the tactics and countermeasures associated with a survey-based social engineering attack

In this lab, you search the Internet for information related to organizational security.

  1. Open your web browser and go to
  2. In the search text field type Disney princess and then click the Which Disney© Princess are YOU? link.
  3. After reading the article, prepare an outline for a one-hour talk explaining social engineering in general and the specific types of attack discussed in the article.


Project 2) Which Is the “Safest” Operating System?

Objectives: Who makes the safest operating system? Perhaps it would be better to ask who makes the least-unsecure operating system. Security analysts and attackers are constantly exploring operating systems and the software that runs on them, looking for vulnerabilities to patch or exploit, respectively. It is a 24/7 job. There are many claims about which systems are most secure. Some of these claims are based on research, and some are based on word-of-mouth. In this lab, you explore some of the information available on operating system vulnerabilities. After completing this lab, you will be able to:

  • Research software vulnerabilities
  • Analyze vulnerability differences among operating systems
  • Assess web resources critically

In this lab, you search the Internet for information on the degree of security of several oper- ating systems.

  1. Open your web browser and go to to open the Secunia Yearly Report for 2011.
  2. Fill in the information (Name, Number of employees, Corporate email, Company, Phone, and Country).
  3. Click to uncheck Yes, I would like to receive latest news on product updates and announcements.
  4. Click the Download FREE report button.
  5. Click the blue text Secunia yearly report 2011 here
  6. Navigate to the Dissecting the archetypal software industry heading on page 9. Note the Top 20 vendors who represented 63% of the vulnerabilities in 2011. All of the most popular operating systems are present: Microsoft (Windows), Apple (Mac),, and Novell (Linux). Also note that the most popular web server, Apache Software Foundation, is on the list.
  7. Go to Figure 10 on page 20 and note twice as many third-party software as Microsoft programs are left unpatched.
  8. Go to Figure 11 on page 22, which shows the percentage of products with vulnera- bilities and the percentage of products with exploits. Note that 80% of the products with the market share between 90 and 100% had exploits, which made the software vulnerable.
  9. Go to and-Mac-OS-X-Bite-the-Dust-63069.shtml.
  10. Read this article and assess its credibility.
  11. Go to
  12. Read this article and assess its credibility.
  13. Go to
  14. Read this article and assess its credibility.
  15. Go to
  16. How many links to vulnerability reports are on. Bugtraq’s first page? Examine the dates of the links. On average, how many vulnerability reports are posted per day on Bugtraq?
  17. Browse through the pages until you find an operating system vulnerability report. This will give you an idea of the number of application vulnerabilities compared to the number of operating system vulnerabilities.


Project 3: Information Security Policies Objectives:

Information Security Policies are often instituted as an afterthought to other policies. Accept- able Use Policies and Computer Use Policies are created by organizations to handle individual actions and detail how devices should be used and handled. In this lab, you research various Information Security Policies.

After completing this lab, you will be able to:

  • Define the fundamental structure of an Information Security Policy
  • Determine what type of policy needs to be created for a given situation
  1. Open your web browser and go to
  2. Browse through the templates offered and identify key components of the templates.
  3. Open a web browser and go to the URL of your institution.
  4. Search your institution for its Information Security Policy; it may also be called a Computer Security Policy. Do not mistake this for an Acceptable Use Policy or a Computer Use Policy. You want the document that handles all information security.
  5. If you find an Information Security Policy (ISP), identify the structure of the document. Compare the policy with the templates you found on the SANS website. Does the ISP contain sections that are included in other policies? Do these policies match the tem- plates that are found on the SANS website?
  6. If you did not find an ISP, find the Computer Use Policy or the Acceptable Use Policy. Compare the policy to the templates on the SANS website. Are there similarities? Are there differences?



Get a 10 % discount on an order above $ 100
Use the following coupon code :