Professional Documents
Culture Documents
PBT1
PBT1
PBT1
Security Audit
Report
prepared By:
Elveenia Fong Shuen Wen
Thressie Dika
Welthienna Umyrra Kong
3-29-2020
Table of Contents
1.0 Executive Summary …………………………………………………………………………………………… 2
2.0 Introduction ……………………………………………………………………………………………………… 2
2.1 About Microsoft …………………………………………………………………………………………… 2
2.2 Organization Chart ………………………………………………………………………………………. 2
2.3 Organization Job Scope ………………………………………………………………………………… 3
3.0 Observation & Finding ………………………………………………………………………………………. 3
3.1 Identification of security related risk/threats ……………………………………………….. 3
3.2 Potential risk ………………………………………………………………………………………………. 4
4.0 Mitigation Action ……………………………………………………………………………………………… 5
4.1 Recommendation/Suggestions ……………………………………………………………………. 6
5.0 Conclusion ……………………………………………………………………………………………………….. 7
6.0 References ……………………………………………………………………………………………………….. 7
1
1.0 Executive Summary
Security auditing is a powerful tool you can use to maintain the integrity of your
system. Auditing should identify attacks (successful or not) that pose a threat to
network, and attack against resources that you have determined to be valuable in
your risk assessment. The purpose of the audit was to assist the executive team in
developing a strategy for managing the company security.
2.0 Introduction
2.1 About Microsoft
Microsoft Corporation is an American technology company headquartered in
Redmond, Washington, that supports the invention, manufacturing, and
licensing of goods and services related to computing. It was registered in
New Mexico in 1976 after being formed the year before by two childhood
friends.
Kurt DelBene
Peggy Johnson Phil Spencer Kathleen Hogan EVP, Corporate
EVP Business EVP Gaming EVP HR Strategy, Core
Development Services Engineering
and Operations
2
2.3 Organization Job Scope
The Microsoft company:
1. Provide data entry support to superiors.
2. To prepare communications, reports, presentations, and other products
by operating Microsoft Word, Excel, PowerPoint.
3. To oversee the clerical support function of an office, business or based on
client specific requirements.
4. To schedule reviews, meetings, and conferences as, and when, required
by business or client.
5. To perform time-based office work related to finance, administrations,
and other departments.
6. To coordinate backup for the front desk.
7. To monitor and respond to email communications.
3
iii. Weak Security Administration
Weak administrative passwords being misused to steal data or
compromise the systems.
Weak user passwords allowed in the system and applications, leading to
unauthorized access and information misuse.
Inappropriately configured systems and applications, leading to errors,
wrong processing, or corruption of data.
Non-restricted administrative access on the local machines and/or
network, leading to misuse of the system or infection of the systems.
3.2Potential risk
Code Injection
Hackers are sometimes able to exploit vulnerabilities in applications
to insert malicious code. Often the vulnerability is found in a text input
field for users, such as for a username, where an SQL statement is
entered, which runs on the database, in what is known as an SQL
Injection attack. Other kinds of code injection attacks include shell
injection, operating system command attacks, script injection, and
dynamic evaluation attacks.
Malware Infection
Most businesses are aware on some level of the security threat posed
by malware, yet many people are unaware that email spam is still the
main vector of malware attack. Because malware comes from a range
of sources, several different tools are needed for preventing infection.
A robust email scanning and filtering system is necessary, as are
malware and vulnerability scans. Like breaches, which are often
caused by malware infection, employee education is vital to keep
businesses safe from malware. Any device or system infected with
malware must be thoroughly scrubbed, which means identifying the
hidden portions of code and deleting all infected files before they
replicate. This is practically impossible by hand, so requires an
effective automated tool.
Malicious Insiders
Preventing damage from insider attacks is largely about limiting the
amount of access a malicious insider has. This means setting logical
access control policies to implement the principle of least privilege
and monitoring the network with audit and transaction logs. If a
malicious insider attack is detected, the insider’s access privileges
should immediately be revoked. That done, the police should be
contacted to prevent that person from carrying out further actions
that could damage the business, such as selling stolen data.
4
4.0 Mitigation Actions
A mitigation action is a specific action, project, activity, or process taken to reduce or
eliminate long-term risk to people and property from hazards and their impacts.
Implementing mitigation actions helps achieve the plan’s mission and goals. The actions
to reduce vulnerability to threats and hazards form the core of the plan and are a key
outcome of the planning process.
5
Increase threat monitoring and anomaly detection activities. Evaluate
incident response from an attacker’s perspective. For example, attackers
often target credentials.
4.2 Suggestion
i. Windows Defender SmartScreen helps prevent malicious application
from being downloaded
Window Defender SmartScreen can check the reputation of a downloaded
application by using a service that Microsoft maintains. The first time a
user runs an app that originates from the Internet (even if the user copied it
from another PC), SmartScreen checks to see if the app lacks a reputation
or is known to be malicious, and responds accordingly
ii. Credential Guard helps keep attackers from gaining access through
Pass-the-Hash or Pass-the-Ticket attacks.
Credential Guard uses virtualization-based security to isolate secrets, such
as NTLM password hashes and Kerberos Ticket Granting Tickets, so that
only privileged system software can access them.
iii. Device Health Attestation helps prevent compromised devices from
accessing an organization’s assets.
Device Health Attestation (DHA) provides a way to confirm that devices
attempting to connect to an organization's network are in a healthy state,
not compromised with malware. When DHA has been configured, a
device’s actual boot data measurements can be checked against the
expected "healthy" boot data. If the check indicates a device is unhealthy,
the device can be prevented from accessing the network.
6
5.0 Conclusion
In conclusion, Microsoft company must have windows defender smart screen, credential
guard and device health attestation to make sure the data is secure. Besides that, Microsoft
company also must take the mitigation action for security risk such as Implement Multi-
Factor Authentication (MFA), update patching, manage security posture and evaluate threat
detection and incident response. This can make the company free from threats.
6.0 References
https://www.liquidweb.com/blog/five-common-web-security-problems/
https://ebrary.net/26640/computer_science/security_threats
https://theorg.com/org/microsoft
https://www.fieldengineer.com/skills/microsoft-office-specialist
https://www.microsoft.com/security/blog/2020/01/20/how-companies-prepare-
heightened-threat-environment/
Mark M. Burnett, James C.Foster(2004). Hacking the Code