Khozjainov Koins, a large BitCoin mining operation in Belgrade has contracted your computer consulting company to perform a variety of audits on their computer network. Due to the intangible nature of their products and the fact that their systems are all interconnected and potentially accessible from the Internet, there is an understandable level of concern about security. Furthermore, there have been a number of high profile breaches (or thefts) from similar operations in recent years. For this reason you are being asked to make recommendations on a variety of specific systems. These recommendations should be presented in a format suitable for a general technical audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Furthermore, the reports will also be read by upper management who may have less IT skill overall. There are three distinct tasks being requested in this phase of the audit. Each of these should be answered separately. Question 1 (40 marks) After performing enumeration test, you discover that the network includes these systems:  Windows Embedded Standard 2009 (5 systems)  Windows Server 2008 R2 for Embedded Systems (2 systems)  JetDirect (Various versions, 23 systems) Network appliances running Embedded Linux (Various versions, 5) Based on this information, write a memo to the IT manager outlining some suggestions on possible weaknesses and vulnerabilities in these systems. Your answer should cite specific CVE items and prioritize the most important issues. Question 2 (30 marks) You discover that some devices on the Khozjainov Koins network contain primitive data processing code that is vulnerable to a buffer overflow attack. The IT manager advises that this cannot be patched as the code is part of a mandatory tax reporting scheme and does not belong to the organization. What recommendations can you make to reduce the risk these systems pose? Question 3 (30 marks) In conducting your web systems testing you have found that the company configured one of the Windows Server 2008 machines as enterprise root CA server. You have also discovered that MD5 has been selected as the hashing algorithm for digital signatures. Based on this information, write a 1 page report explaining possible vulnerabilities caused by signing certificates with MD5. You should provide authoritative references about MD5 weaknesses and include recommendations for general systems as well as specific recommendations for Windows Server 2008