ISSC421 Lab 3

JARAD KRUM
ISSC421
AMU

 List five types of system information that can be obtained from the Windows Task Manager? How can you use this information to confirm the presence of malware on a system? (Hint: Look at the bandwidth and CPU utilization.)
Services, Performance, applications, processes, networking, users.
You can use it to see if there are any unidentified processes being run in the back ground without your knowledge.

 Windows Task Manager and Windows Computer Manager both provide information about system services. Compare and contrast the types of information (about system services) that can be obtained from these tools.

Task manager shows what programs are running currently along with any active back ground software. While computer management shows us ALL of the soft and hard ware that is operational on the computer at any given time active or not.
 Explain how you could use one or more of the Windows log files to investigate a potential malware infection on a system. What types of information are available to you in your chosen log file?
You can use the log files to ID malware form the incidence logs. They should tell you when something was downloaded or uploaded to the computer. If you know some minor details about what it is you are looking for then you should be able to ID the malware file that was put on the computer.
 Should you filter log files during an investigation into a security incident? Why or why not?
No you shouldn’t filter anything unless you are sure you know what you are looking for. There is no telling what might me important when you are searching for a virus.
 Should remote desktop services be enabled on employee workstations for use by IT Help Desk personnel? Why or why not?
Yes they should this will allow the IT staff to be able to interface with a potential threat when dealing with malware. It must however be used responsibly when dealing with Remote access.
 How does Microsoft Baseline Security Analyzer (MBSA) differ from Windows Update? Why are Shares a source of system vulnerabilities?
MBSA is easer to use and helps IT professionals determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Windows update focuses mostly un driver updates. Shares are a sources of system vulnerability because infected material can be easily passed on through them. Shares are not suggested in a business setting unless the information put in them is guaranteed clean.