![Title:
Operating Environment:
1. Hardware
2. Software
Description:
Notes, Warnings, & Restrictions:
Resources (Further Reading):
1.
2.
3.
Procedures:
[Section Name]
Brief Introduction Paragraph
1.
2.
3.
[Section Name]
Brief Introduction Paragraph
1.
2.](https://image.slidesharecdn.com/cybersecurityprocessesamptechnologieslab2managinghostbasedsecurity-161110173017/85/CYBERSECURITY-PROCESSES-AMP-TECHNOLOGIES-LAB-2-MANAGING-HOST-BASED-SECURITY-3-320.jpg)
CYBERSECURITY PROCESSES & TECHNOLOGIES LAB #2: MANAGING HOST BASED SECURITY
- 1. Buy here: http://theperfecthomework.com/cybersecurity-processes -amp-technologies-lab-2-managing-host-based-security/ Cybersecurity Processes & Technologies Lab #2: Managing Host Based Security Purpose: To develop and verify system administration and vulnerability management procedures which implement host based security capabilities for Windows 8.1 Objectives 1. Develop systems administration procedures to configure and manage host-based security capabilities (firewall and anti-virus/anti-malware). 2. Develop systems management procedures to scan for and remediate software and configuration vulnerabilities in Windows 8.1 systems. Overview In this lab, our focus is upon implementing and managing host-based security for Windows 8.1 systems using the following tools: Windows Defender Windows Firewall Microsoft Baseline Security Analyzer (MBSA)
- 2. For each tool, you will research and then write a step-by-step procedure to configure the tool according to security best practices for Windows 8.1 hosts. Each of these tools can be used as part of an overall information security vulnerability management business process. Note: Windows Defender and Windows Firewall are found under Control Panel. MBSA can be found using Windows Search (Windows Key + R). Your deliverables for this lab will become part of the final project for this course (System Administration Manual). Deliverables (a) Step-by-Step System Administration Procedure to Manage Windows Defender (b) Step-by-Step System Administration Procedure to configure Windows Firewall for Windows 8.1 to (a) allow a new application and (b) block an application (c) Step-by-Step System Management Procedure to Manage Vulnerabilities using Microsoft Baseline Security Analyzer Submit your deliverables in a SINGLE FILE in MS Word format (.docx or .doc file types). Cybersecurity Processes & Technologies
- 3. Title: Operating Environment: 1. Hardware 2. Software Description: Notes, Warnings, & Restrictions: Resources (Further Reading): 1. 2. 3. Procedures: [Section Name] Brief Introduction Paragraph 1. 2. 3. [Section Name] Brief Introduction Paragraph 1. 2.
- 4. 3. Instructions Part (a): Managing Windows Defender 1. Investigate the use of Windows Defender to protect a Windows 8/8.1 system against viruses, spyware, and other forms of malware. Your investigation should include researching best practices for configuring and using host-based anti-malware software. 2. Develop step by step procedures to implement best practices for protecting a Windows 8/8.1 system from malware. At a minimum, your procedures must accomplish the following: a. Update anti-virus definition files b. Configure real-time scanning c. Full system scanning d. Fast or quick scan for high vulnerability areas of the system e. Removable media scanning f. Reviewing scan results including reviewing any quarantined files or detected malware 3. Test your draft procedures using the virtual machine provided in the online lab environment (UMUC’s VDA) or using a locally installed Virtual Machine (VM) running Microsoft Windows
- 5. Cybersecurity Processes & Technologies 8.1 Professional. As you run your tests, collect screen snapshots to illustrate key steps in your procedures. 4. Incorporate your screen snapshots for key steps into the draft procedures. Each snapshot should be placed UNDER (after) the step to which it applies. Captions are not required. 5. Make any additional changes required to address issues found during testing of the step-bystep procedures. Part (b): Managing Windows Firewall 1. Investigate the use of Windows Firewall to protect a Windows 8/8.1 system from networkbased intrusions or attacks. 2. Identify appropriate sources of information (e.g. Windows Help, Microsoft Technet, etc.) for instructions for configuring Windows Firewall for Windows 8/8.1. Using those sources, research the procedures required to perform the following tasks: a. Use “Allow an app or feature through Windows Firewall” to allow an application to communicate externally (send/receive data via a network connection) b. Use Advanced Settings to configure Windows Firewall to allow or block network access by software applications, utilities, and operating system components 3. Develop a systems administration procedure for Windows Firewall which can be used to
- 6. allow a new application to communicate externally using the network connection. Use Internet Explorer as your example application. (Use the “Allow another app …” button from the “Allow an app or feature …” menu item.) 4. Develop a systems administration procedure for Windows Firewall which can be used to allow or block a Windows 8/8.1 application, capability, or feature using the “Advanced Settings” menu item. Use “remote assistance” as your example capability to be blocked. 5. Test your draft procedures using the virtual machine provided in the online lab environment (UMUC’s VDA) or using a locally installed Virtual Machine (VM) running Microsoft Windows 8.1 Professional. As you run your tests, collect screen snapshots to illustrate key steps in your procedures. 6. Incorporate your screen snapshots for key steps into the draft procedures. Each snapshot should be placed UNDER (after) the step to which it applies. Captions are not required. 7. Make any additional changes required to address issues found during testing of the step-bystep procedures. Part (c): Manage Vulnerabilities Using Microsoft Baseline Security Analyzer (MBSA) 1. Investigate the use of MBSA to detect vulnerabilities in a Windows 8/8.1 system 2. Identify appropriate sources of information (e.g. Windows Help, Microsoft Technet, etc.) for
- 7. instructions for configuring MBSA to scan a Windows 8/8.1 system. Using those sources, research the procedures required to perform the following tasks: a. Configure MBSA to scan a system for vulnerabilities including: i. Check for Windows administrative vulnerabilities ii. Check for weak passwords Cybersecurity Processes & Technologies 3. 4. 5. 6. iii. Check for Internet Information Services (IIS) administrative vulnerabilities iv. Check for SQL administrative vulnerabilities v. Check for security updates (missing updates) b. Use MBSA to scan a system c. View reports from scans including reviewing individual vulnerabilities as reported by
- 8. MBSA d. Copy, save and print scan reports Develop a systems administration procedure to accomplish the tasks listed in item #2. Note: your procedure should only apply to scanning the local host (the computer that MBSA is installed on). Do not include scanning multiple systems or scanning a remote target host. Test your draft procedures using the virtual machine provided in the online lab environment (UMUC’s VDA) or using a locally installed Virtual Machine (VM) running Microsoft Windows 8.1 Professional. As you run your tests, collect screen snapshots to illustrate key steps in your procedures. Incorporate your screen snapshots for key steps into the draft procedures. Each snapshot should be placed UNDER (after) the step to which it applies. Captions are not required. Make any additional changes required to address issues found during testing of the step-bystep procedures. Finalize Your Deliverable 1. Using the grading rubric as a guide, refine your step-by-step procedures. Your final products should be suitable for inclusion in an organization’s Systems Administrator’s Handbook.
- 9. Remember that you are preparing multiple procedures which must be presented separately. 2. As appropriate, cite your sources using footnotes or another appropriate citation style. 3. Use the resources section to provide information about recommended readings and any sources that you cite. Use a standard bibliographic format (you may wish to use APA since this is required in other CSIA courses). Information about sources and recommended readings, including in-text citations, should be formatted consistently and professionally. 4. At a minimum, each systems administration or system management procedure document must include the following sections: a. Title b. Operating Environment c. Description d. Notes, Warnings, & Restrictions e. Resources (format as Bibliography or Reference list) f. Procedures Additional Requirements for this Lab 1. Your step-by-step procedures should tell the reader where to find and how to launch the systems administration tools or applications used to change security configuration settings.
- 10. Cybersecurity Processes & Technologies 2. It is not necessary to specify every step that a system administrator must take to properly configure and run the software. But, you must address each major security configuration change separately and include enough detail that your reader will understand how to perform the required steps to implement each change. 3. Use screen snapshots to cue the reader to important steps or provide information required to complete check points for proper completion of a step or set of steps (e.g. including a snapshot which shows the “after” state for a group of security settings). 4. Make sure that your snapshots will enhance the reader’s understanding of the procedure and required configuration changes. Too many snapshots or illustrations can make a procedure difficult to use. 5. All snapshots must be created by you for this lab using screen captures showing how you personally performed (tested) the systems administration procedure as written by you. You may not copy and paste images from help pages, manuals, or the Internet. 6. Images (screen snapshots) should be cropped and sized appropriately.
- 11. 7. A screen snapshot belonging to a specific procedure step does not require a caption. 8. Your procedures must be submitted to Turn It In for originality checking. You are encouraged to consult existing configuration instructions, guidance, and procedures for both content and format. Your work must be substantially your own, however, which means you should paraphrase whenever possible. Credit the sources of information used via footnotes and in your “Resources” section. 9. Make sure that the sources you cite or recommend (additional reading) are authoritative and are the best ones available. 10. Your Operating Environment section should identify the hardware, operating system, and/or software applications to which the procedure applies. For this lab, your procedures will apply to: a. Hardware: Laptop or Desktop Computers b. Operating System: Windows 8.1 Professional 11. The Notes, Warnings, & Restrictions section should include important information that is not found elsewhere in the procedures document. For example, this section could include information about alternatives to the selected security configuration settings. Or, this section
- 12. could include information about related security procedures or policies. This section should also include important information about harm or risk that could occur if the procedure is not correctly followed or implemented. If there are no such warnings then this section should so state.