Well Known NYC Media Company

Total Page:16

File Type:pdf, Size:1020Kb

Well Known NYC Media Company Well Known NYC Media Company InVision Assessment PREPARED FOR WELL KNOWN NYC MEDIA COMPANY n Version 2.0 n April 30, 2020 Confidentiality Notice This document contains confidential and proprietary information of CPP Associates and Well Known NYC Media Company, except as noted in this paragraph, may not be shared with any other party. Well Known NYC Media Company may copy or disclose the information contained herein (with the exception of any pricing) as needed for the purpose of providing this information to the end user customer identified in this Assessment Report, provided that any such disclosure of information is accompanied by a requirement to maintain the confidentiality of such information. Except as expressly authorized in the preceding sentence, Well Known NYC Media Company may not copy or disclose without the prior written permission of CPP Associates. Table of Contents Executive Summary ...................................................................................................... 4 1.1 Scope ................................................................................................................ 6 1.2 Network Infrastructure ..................................................................................... 7 1.3 Windows Infrastructure .................................................................................... 8 1.4 Overall Client Risk ........................................................................................... 11 1.5 Servers ........................................................................................................... 14 1.6 SQL Server Risk & Health Report ..................................................................... 18 1.6.1 Identified Web Servers .............................................................................. 19 1.6.2 Time Servers ............................................................................................. 24 1.6.3 Exchange Servers ...................................................................................... 24 1.6.4 SQL Servers ............................................................................................... 25 1.7 Network Printers ............................................................................................ 27 1.8 Key Security Risks ........................................................................................... 30 1.9 Security Management Plan ............................................................................. 33 1.10 Office 365 ....................................................................................................... 35 1.11 Backup ........................................................................................................... 38 1.12 Power ............................................................................................................. 39 1.13 Proactive Maintenance ................................................................................... 40 1.14 Summary ........................................................................................................ 41 1.15 Vmware Lifecycle ............................................................................................ 42 1.16 Microsoft Product Lifecycles ........................................................................... 44 1.16.1 Windows Server OS .................................................................................. 44 1.16.2 SQL Server Product Lifecycle ..................................................................... 57 1.16.3 Windows DesKtop OS Lifecycles ............................................................... 62 1.16.4 Microsoft Bitlocker Management Lifecycles ............................................. 66 1.17 Installed Applications ..................................................................................... 67 Executive Summary CPP Associates conducted a basic vulnerability assessment for The Well Known NYC Media Company and this document will provide a summary of our findings and recommendations. During the assessment, CPP Associates personnel did their best to uncover information about specific IT practices currently in use in your business, and we have listed them in this document. The assessment conducted by our team is a technical review of your IT network and systems. It is important to note that this is not an audit from a security risk perspective. Although we look for evidence of controls and adherence to a set of specifications or control framework, it is a valuation of your practices. Our main objective is to provide you with a professional opinion and insight as to the technical soundness of your IT environment from the perspective of conventional practices utilized in the industry. The methodology used by us for this assessment consisted largely of a comparison of your environment as we interpreted it against industry best practices. Information collected by us about your environment consisted of documents provided to us from you at the on-set of the engagement as well as information we collected while onsite and through communications with your personnel. A good portion of the information we gather is first-hand through the onsite examination of servers, workstations, and network infrastructure. The specific applications and business processes are identified by you. We look at a sample of the workstations to get an understanding of how these applications and processes utilize the IT systems as well as the performance as experienced by the end user. During the assessment CPP Associates found Well Known NYC Media Company infrastructure needs important changes to their environment to improve efficiency for both network and Systems. Well Known NYC Media Company daily operations are at significant risk while running with the current hardware configuration. We have determined storage, switching, and security as our paramount concerns. These areas are highlighted below. This executive summary provides an overview of the issues, and the remainder of the document outlines in detail what those issues are and the remediation plan to go forward. Many, if not all the issues found, are deficiencies or diversions from best practices on equipment and solutions delivered from the previous partner. Issues found outside of the relationship with the previous partner are standard issus that CPP sees across most, if not all environments that are the result of the urgent often crowding out the important. The following list is not comprehensive; just a high-level overview. Detail is outlined in the full report that follows. • Well Known NYC Media Company currently did not provide network diagrams supporting servers, workstations and wireless. • Windows 7, Windows 2003, 2003 R2, 2008, and 2008 R2 are unsupported and highly recommended to upgrade to Windows 10 (for desktops), and Windows Server 2016 or 2019. Staying with unsupported platforms creates unnecessary operational and security risks. If these platforms are required, they should be migrated to a non-routable VLAN with limited internal access and restricted to zero internet access. • Complex and secure passwords are a critical step in protecting confidential company data. During the assessment, CPP Associates discovered that passwords on numerous devices did not conform to a recommended Password Security Policy. Passwords may not be changed during the transition of support staff and should be updated on a regular basis. An additional security risk, from an internal perspective, centers around user accounts that are active but not used and the lack of password complexity and scheduled change requirements associated with the accounts. • There is a legacy environment that is end of life and end of support, including the underlying hardware, hypervisor, and operating systems. CPP believes that many of these issues can be remediated in both a project based and time/materials/consulting retainer basis. Many of the issues will be resolved as part of the onboarding process with InVision, CPP’s managed services platform. Our mission is to provide Well Known NYC Media Company with the ability to grow and execute projects at the rate the business requires and mitigate the day to day that creates the roadblocks that prevent those critical tasks from being executed or implemented. Thank you for this opportunity to earn your business. 1.1 Scope Well Known NYC Media Company has contracted with CPP Associates, to perform a basic vulnerability assessment that discovers, reviews, and documents the following: • Network Infrastructure • Servers & Server Virtualization • Windows Infrastructure • Microsoft O365 • Darkweb ID Scan • Other Identified Concerns This document addresses current architecture, hardware life and life expectancy, general infrastructure services and core components, key applications and services, and the current software used in the Cisco equipment at Well Known NYC Media Company. This document also outlines recommended upgrades based on software vulnerabilities, hardware warranty status and issues, and any end-of-life announcements. If CPP is not able to access specific devices, networks, or solutions and does not have or is not provided with any supporting documentation, those items will be noted as such and excluded from this report. Throughout this document are areas that identify issues. These issues are highlighted with the following text: Identified Issue. The recommendations will be highlighted with the following text: Recommendation. This document
Recommended publications
  • Building Openjfx
    Building OpenJFX Building a UI toolkit for many different platforms is a complex and challenging endeavor. It requires platform specific tools such as C compilers as well as portable tools like Gradle and the JDK. Which tools must be installed differs from platform to platform. While the OpenJFX build system was designed to remove as many build hurdles as possible, it is necessary to build native code and have the requisite compilers and toolchains installed. On Mac and Linux this is fairly easy, but setting up Windows is more difficult. If you are looking for instructions to build FX for JDK 8uNNN, they have been archived here. Before you start Platform Prerequisites Windows Missing paths issue Mac Linux Ubuntu 18.04 Ubuntu 20.04 Oracle Enterprise Linux 7 and Fedora 21 CentOS 8 Common Prerequisites OpenJDK Git Gradle Ant Environment Variables Getting the Sources Using Gradle on The Command Line Build and Test Platform Builds NOTE: cross-build support is currently untested in the mainline jfx-dev/rt repo Customizing the Build Testing Running system tests with Robot Testing with JDK 9 or JDK 10 Integration with OpenJDK Understanding a JDK Modular world in our developer build Adding new packages in a modular world First Step - development Second Step - cleanup Before you start Do you really want to build OpenJFX? We would like you to, but the latest stable build is already available on the JavaFX website, and JavaFX 8 is bundled by default in Oracle JDK 8 (9 and 10 also included JavaFX, but were superseded by 11, which does not).
    [Show full text]
  • Darktable 1.2 Darktable 1.2 Copyright © 2010-2012 P.H
    darktable 1.2 darktable 1.2 Copyright © 2010-2012 P.H. Andersson Copyright © 2010-2011 Olivier Tribout Copyright © 2012-2013 Ulrich Pegelow The owner of the darktable project is Johannes Hanika. Main developers are Johannes Hanika, Henrik Andersson, Tobias Ellinghaus, Pascal de Bruijn and Ulrich Pegelow. darktable is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. darktable is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with darktable. If not, see http://www.gnu.org/ licenses/. The present user manual is under license cc by-sa , meaning Attribution Share Alike . You can visit http://creativecommons.org/ about/licenses/ to get more information. Table of Contents Preface to this manual ............................................................................................... v 1. Overview ............................................................................................................... 1 1.1. User interface ............................................................................................. 3 1.1.1. Views ..............................................................................................
    [Show full text]
  • Build Prerequisites
    Build Prerequisites Table of Contents 1 Overview 2 Introduction 3 IDE 4 Download 5 Installation 5.1 Git for Windows 5.2 TortoiseGit 5.3 YASM (since MP 1.25 Final, YASM is provided as nuget package, you can skip this ) 5.4 NuGet Package Manager 5.5 NSIS 6 Configuration 6.1 .Net Framework 3.5 6.2 Windows and DirectX SDK Environment Variables 6.3 TortoiseGit 7 Next Steps 8 Changelog Overview How to setup your system with the required software to access and use or contribute to the MediaPortal source code, particularly for compiling and building an installer.. Introduction In order to reduce the size of the MediaPortal Git repository and simplify merging branches and testing, C++ sourced binaries have been removed from the repository as of April, 2013. This change affects the way in which you setup your system to compile and build MediaPortal. This guide is written for anyone who wants access to our MediaPortal source code repository to compile and build individual branches for testing or development, using either Windows 7 or Windows 8. Note: You should have already installed the Required software for MediaPortal on the system where you install Git, see Requirements > System Components IDE Our source repository contains Microsoft Visual Studio 2013 solutions. We recommend using Visual Studio 2013 Community Edition but any commercial edition should work too. Download Let's start with downloading the required software: Git for Windows (get the latest Full Installer) TortoiseGit (32bit or 64bit depends on your OS) Visual Studio 2015 Community
    [Show full text]
  • ACCESSING DATA with FLEX 2 Accessing Data Services Overview
    Accessing Data with ADOBE® FLEX® 4.6 Legal notices Legal notices For legal notices, see http://help.adobe.com/en_US/legalnotices/index.html. Last updated 12/3/2012 iii Contents Chapter 1: Accessing data services overview Data access in Flex compared to other technologies . 1 Using Flash Builder to access data services . 3 Data access components . 4 Chapter 2: Building data-centric applications with Flash Builder Creating a Flex project to access data services . 7 Connecting to data services . 8 Installing Zend Framework . 19 Using a single server instance . 21 Building the client application . 21 Configuring data types for data service operations . 25 Testing service operations . 29 Managing the access of data from the server . 29 Flash Builder code generation for client applications . 33 Deploying applications that access data services . 39 Chapter 3: Implementing services for data-centric applications Action Message Format (AMF) . 43 Client-side and server-side typing . 43 Implementing ColdFusion services . 43 Implementing PHP services . 50 Debugging remote services . 61 Example implementing services from multiple sources . 64 Chapter 4: Accessing server-side data Using HTTPService components . 71 Using WebService components . 80 Using RemoteObject components . 97 Explicit parameter passing and parameter binding . 113 Handling service results . 121 Last updated 12/3/2012 1 Chapter 1: Accessing data services overview Data access in Flex compared to other technologies The way that Flex works with data sources and data is different from applications that use HTML for their user interface. Client-side processing and server-side processing Unlike a set of HTML templates created using JSPs and servlets, ASP, PHP, or CFML, Flex separates client code from server code.
    [Show full text]
  • Winframe API SDK Programmer's Guide
    WFAPI SDK Programmer's Guide Introduction The Citrix WFAPI functions enable application programs to perform tasks that are unique to XenApp and XenDesktop. Appropriate hotfixes and service packs may be needed for the functions defined here to execute properly. In this document XenApp and XenDesktop will be referred to as Citrix VDA. XenApp (RDS VDA) runs on server OSs, Microsoft Windows 2008R2 (Win 7 server) and Windows 2012R2 (Win 8.1 server) and XenDesktop (WS VDA) runs on workstation OSs, Windows 7, Windows 8.1, Windows 10. This SDK allows software developers to programmatically access features specific to Citrix VDAs. For example: • Enumerating servers, sessions, and processes • Managing servers, sessions, and processes • Accessing Citrix-specific user data • Sending messages to a session • Using virtual channels • Waiting on system events The WFAPI SDK comprises a set of function calls to the Wfapi.dll dynamic link library (DLL) for 32- bit applications and Wfapi64.dll for 64-bit applications. These DLLs are available on servers running XenApp and on Windows Workstation platforms running XenDesktop. Example programs are included to assist developers. Using the WFAPI SDK The WFAPI SDK is intended for use by OEMs and customers who need to write applications that directly call WFAPI functions, using Microsoft Visual C++, Version 12.0 (Visual Studio 2013). System Requirements The WFAPI SDK must be installed and built on a Windows 7, Windows 8.1, Windows 10, Windows Servers 2008R2 or 2012R2 computer with sufficient disk space. The SDK does not need more than a few megabytes of disk space; however, third-party development tools (for example, Microsoft Visual C++) may require a substantial amount of disk space.
    [Show full text]
  • Ranger Environment Documentation
    Ranger Environment Documentation Drew Dolgert May 18, 2010 Contents 1 Introduction 2 1.1 Ranger Hardware ....................................... 2 2 Connect 3 2.1 Login Nodes ........................................... 3 2.2 Exercise: Use SSH to Connect ................................ 3 2.2.1 SSH from Linux or Mac ................................ 3 2.2.2 SSH from Windows .................................. 3 2.3 Starting: Read Examples of Sessions ............................ 4 2.4 Further Exercise: Using X-Windows to Connect ...................... 5 2.4.1 Opening a Connection From Mac .......................... 5 2.4.2 Opening a Connection From Linux ......................... 6 2.4.3 Opening a Connection From Windows ....................... 6 2.5 Exercise: Connect with VNC ................................. 9 2.6 Further Exercise: Choose Your Shell ............................ 9 2.7 Advanced: Make Login Faster ................................ 10 2.7.1 Making Shortcuts on Windows ............................ 10 2.7.2 Setup SSH Keys for No Password Login ....................... 10 3 Using Module 10 3.1 About the Module Command ................................. 10 3.2 Discussion Exercise: Learn Modules ............................ 11 3.3 Modules List .......................................... 11 3.4 Exercise: Compilation with Modules ............................ 15 3.5 Further Exercise: Module Dependencies .......................... 15 4 Running in Batch 17 4.1 Text Editors ........................................... 17 4.1.1 VI Cheat Sheet
    [Show full text]
  • Adobe Trademark Database for General Distribution
    Adobe Trademark List for General Distribution As of May 17, 2021 Please refer to the Permissions and trademark guidelines on our company web site and to the publication Adobe Trademark Guidelines for third parties who license, use or refer to Adobe trademarks for specific information on proper trademark usage. Along with this database (and future updates), they are available from our company web site at: https://www.adobe.com/legal/permissions/trademarks.html Unless you are licensed by Adobe under a specific licensing program agreement or equivalent authorization, use of Adobe logos, such as the Adobe corporate logo or an Adobe product logo, is not allowed. You may qualify for use of certain logos under the programs offered through Partnering with Adobe. Please contact your Adobe representative for applicable guidelines, or learn more about logo usage on our website: https://www.adobe.com/legal/permissions.html Referring to Adobe products Use the full name of the product at its first and most prominent mention (for example, “Adobe Photoshop” in first reference, not “Photoshop”). See the “Preferred use” column below to see how each product should be referenced. Unless specifically noted, abbreviations and acronyms should not be used to refer to Adobe products or trademarks. Attribution statements Marking trademarks with ® or TM symbols is not required, but please include an attribution statement, which may appear in small, but still legible, print, when using any Adobe trademarks in any published materials—typically with other legal lines such as a copyright notice at the end of a document, on the copyright page of a book or manual, or on the legal information page of a website.
    [Show full text]
  • Aplicaţii De Tip Site Builder Şi Şabloane Web
    Aplicaţii de tip Site Builder şi şabloane Web Mihaela Brut Facultatea de Informatică Universitatea « AL. I Cuza » Iaşi, România, [email protected] http://www.infoiasi.ro/~mihaela E-Learning Cuprins Aplicaţii de tip Site Builder Dezvoltarea unui sit Web Şabloane de situri Web Personalizarea unui şablon Publicarea sitului pe Web E-Learning Web Site Builder www.atomicshops.com Situl ofera posibilitatea de dezvoltare facila a paginilor web De asemenea, ofera gazduirea sitului contra cost (gratuit - perioada de proba de 10 zile) E-Learning INREGISTRARE www.atomicshops.com Etape: 1. Alegere template (poate fi modificat ulterior) 2. Alegere pagini - initial maxim 5 3. Denumire sit si introducere informatii administrator E-Learning EDITARE Dupa inregistrare se trece imediat in faza de editare. Pentru editari ulterioare este nevoie de logare (folosind numele sitului si parola alese in faza de inregistrare) E-Learning Site Builder Ortodox http://www.orthodoxwebbuilder.com/ Se urmează un număr de paşi E-Learning Site Builder Ortodox E-Learning Site Builder Ortodox E-Learning Binkster http://websitebuilder.brinkster.com/we bsite_builder.aspx E-Learning http://www.beep.com/ După completarea unui formular: E-Learning Alte resurse http://www.bluevoda.com/download.htm necesită specificarea adresei de e-mail se descarcă şi se instalează local http://www.diywebkit.com/ se cere adresă de e-mail on-line demo: http://www.diywebkit.com/demo/demo.html http://www.diywebkit.com/quicktour/quicktour.htm l http://www.diywebkit.com/download/diy30/diytutor
    [Show full text]
  • Introduction to Programming Systems an X Window System COS 217 Computing Environment
    Princeton University COS 217: Introduction to Programming Systems An X Window System COS 217 Computing Environment The handout from the first precept entitled A Minimal COS 217 Computing Environment describes how to create and use a computing environment that is sufficient for COS 217. If you're satisfied with that environment, then you can ignore the rest of this document. The minimal computing environment has some disadvantages. Probably the biggest is that it can't handle input from pointing devices (mice, touchpads, and so forth). In particular, you might find it difficult to get comfortable with Emacs editing in the absence of a pointing device. A reasonable alternative to the minimal environment is the X Window System environment. Essentially, the X Window System integrates the local computer's windowing system with a remote Linux system. The web page http://en.wikipedia.org/wiki/X_Window_System provides details. The biggest advantage of the X Window System environment is that it allows you to use a pointing device when editing with Emacs. Its biggest disadvantages are that (1) setup is more difficult, and (2) it doesn't work well off campus, that is, with a lower-bandwidth network. The instructions given below describe how to connect your computer to CourseLab using the X Window System environment. When thus connected to CourseLab: Issuing a command of the form emacs filename displays a new window for Emacs. You can use a pointing device to manipulate that window. The shell hangs until you terminate your Emacs session. Issuing a command of the form emacs filename & (note the trailing ampersand) displays a new window for Emacs.
    [Show full text]
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage
    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
    [Show full text]
  • Adobe® Coldfusion® Builder™ 2
    Adobe ColdFusion Builder 2 Marketing Copy for Channel Partners Adobe® ColdFusion® Builder™ 2 The following marketing copy can be used in web pages, catalogs, print ads, or other promotional materials for Adobe® ColdFusion® Builder™ 2 software. HOW TO USE THIS DOCUMENT Here is a step-by-step guide for copying content and eliminating the PDF formatting: 1. Open the PDF file in Adobe Acrobat® 8, 9, or X. In the toolbar, click the Select tool and highlight the section of text you want to copy. 2. Right-click the highlighted text and select Copy. Do not select Copy With Formatting, unless you want to copy the format as well. 3. Navigate to the file in which you want to paste the text . 4. Place your cursor where you want to insert the text. 5. Right-click and select Paste. ADOBE® COLDFUSION® BUILDER™ 2 TAGLINE Choose the professional tool for serious developers ShORT PRODUCT DESCRIPTION Develop, test, and deploy Adobe® ColdFusion® applications in less time with a professional, customizable IDE. Take advantage of integrated workflows and features between Adobe ColdFusion Builder™ 2 and Adobe Flash® Builder™ 4.5 software to rapidly build complete rich Internet applications. “WhaT IS ADOBE® COLDFUSION® BUILDER™ 2?” ShORT PRODUCT DESCRIPTION Adobe® ColdFusion® Builder™ 2 software is the only professional IDE for quickly and easily building Adobe ColdFusion applications. Customize your work environment to improve workflow, and easily expand functionality with extensions written in CFML. PRODUCT HIGHLIGHTS Use these product highlights only when space is limited. Otherwise use “Top reasons to upgrade” and “Top reasons to buy” feature lists.
    [Show full text]
  • Oracle 12C Installation Guide
    Oracle > Installation Installation Oracle 12c Release 1 Table des matières 1. Install SUSE Linux Server for SAP Applications 12 SP2 ...................................................................................................... 3 1.1 SUSE Customer Center .............................................................................................................................................. 3 1.2 SSD for the Operating System................................................................................................................................... 3 1.3 Partitioning for the Operating System (stage 1) ....................................................................................................... 3 1.4 Boot Loader Settings ................................................................................................................................................. 5 1.5 Hard Disk for the Database ....................................................................................................................................... 5 1.6 Partitioning for the Database (stage 2)..................................................................................................................... 6 1.6.1 Setting the Partition Type (MBR or GPT) .............................................................................................................. 7 1.6.2 Adding the Partitions of Type Linux LVM ............................................................................................................. 7 1.6.3 Initializing
    [Show full text]