User Account

All Pages

Windows hardening recommendations

Assignment Help Basic Computer Science
Reference no: EM133025458

Part 2

Windows Hardening Recommendations

Scenario

As a security administrator for Always Fresh, you have been instructed to ensure that Windows authentication, networking, and data access are hardened. This will help to provide a high level of security.

The following are issues to be addressed through hardening techniques:

- Previous attempts to protect user accounts have resulted in users writing long passwordsdown and placing them near their workstations. Users should not write down passwords or create passwords that attackers could easily guess, such as words founds in thedictionary.

- Every user, regardless of role, must have at least one unique user account. A user whooperates in multiple roles may have multiple unique user accounts. Users should use the account for its intended roleonly.

- Anonymous users of the web server applications should only be able to access servers located in the demilitarized zone (DMZ). No anonymous web application users should be able to accessany protected resources in the Always Fresh ITinfrastructure.

- To protect servers from attack, each server should authenticate connections based on thesource computer anduser.

Tasks

Create a summary report to management that describes a hardening technique that addresses each issue listed above. Provide rationale for each selection.

Part 1

Secure Windows Applications Policy

Scenario

One of the security improvements for the Always Fresh IT environment is to ensure all workstations and servers run secure applications. The company needs policies that set security requirements for the software. These policies will guide administrators in developing procedures to ensure all client and server software is as secure as possible.

Specifically, you will write two policies to ensure web server software and web browsers are secure. Your policy statements will describe the goals that define a secure application.

Consider the following questions for web server software and web browsers:

1. What functions should this software applicationprovide?

2. What functions should this software applicationprohibit?

3. What controls are necessary to ensure this applications software operates asintended?

4. What steps are necessary to validate that the software operates asintended?

Tasks

Create two policies-one for web server software and one for web browser clients. Remember, you are writing policies, not procedures. Focus on the high-level tasks, not the individual steps.

Use the following as a guide for both policies:

- Type of applicationsoftware

- Description of functions this software shouldallow

- Description of functions this software shouldprohibit

- Known vulnerabilities associated withsoftware

- Controls necessary to ensure compliance with desiredfunctionality

- Method to assess security controleffectiveness

Part 3

Evidence Collection Policy

Scenario

After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.

Consider the following questions for collecting and handling evidence:

1. What are the main concerns when collectingevidence?

2. What precautions are necessary to preserve evidencestate?

3. How do you ensure evidence remains in its initialstate?

4. What information and procedures are necessary to ensure evidence is admissible incourt?

Tasks

Create a policy that ensures all evidence is collected and handled in a secure and efficient manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not the individual steps.

Address the following in your policy:

- Description of information required for items ofevidence

- Documentation required in addition to item details (personnel, description of circumstances,and soon)

- Description of measures required to preserve initial evidenceintegrity

- Description of measures required to preserve ongoing evidenceintegrity

- Controls necessary to maintain evidence integrity instorage

- Documentation required to demonstrate evidenceintegrity.

Reference no: EM133025458

Questions Cloud

Network plan you are investigating and researching : Make sure that for this network plan you are investigating, researching, and brainstorming stakeholder needs
How many units would need to be sold : If the selling price is reduced by 5%, variable costs per unit reduced by $1.00, and fixed costs increased to a total of $40,750, how many units would need sold
Data warehousing and multi-dimensional data models : Data Warehousing, Multi-Dimensional Data Models and OLAP or Systems for machine learning and model management.
What is the book value per share : What is the book value per share assuming that the company has 30,000 shares of common stock outstanding throughout the year 2020
Windows hardening recommendations : Create a summary report to management that describes a hardening technique that addresses each issue listed above. Provide rationale for each selection.
Review software license agreements : Review software license agreements in your textbook and research them online.
Common model for security is called defense in depth : A common model for security is called "Defense in Depth."
Learn about the cryptolocker virus : "Research a security threat. Learn about the CryptoLocker Virus. What advice would you give users about whether to pay the ransom demanded?
About the cryptolocker virus : "Research a security threat. Learn about the CryptoLocker Virus. What are the symptoms that a PC has been infected by the CryptoLocker Virus?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd