Saint COM520 Full Course Latest November 2018

Question # 00712761 Posted By: rey_writer Updated on: 11/21/2018 12:28 PM Due on: 11/21/2018
Subject General Questions Topic General General Questions Tutorials:
Question
Dot Image

COM520 Systems Security Management

Module 1 Discussion

Attacks on MS Windows

There were many published attacks on Microsoft Windows in the last two decades. Research online to find any one attack published after 2000 and explain it in detail. The example should not duplicate the ones given in the book.

 

COM520 Systems Security Management

Module 2 Discussion

Security Measures

Select one of the topics below, research it on the Internet (excluding Wikipedia, which is not considered a valid reference by any regional accrediting body), and write a report of at least two paragraphs on it to the class. Show your references for your classmates to use.

You may not duplicate someone else’s topic, so check before you research. Duplicate topics (determined by date/time posted) will be given a 0 grade. In addition, respond to at least two of your classmates’ postings.

If a topic is already chosen and you'd like to write about it, you need to find a sub-topic within it to work on.

• Access Control List

• Access Controls

• Microsoft Windows Security Features

• Vulnerabilities of Microsoft Windows Operating Systems

• Auditing and Security Policy

• Group Policy

• Microsoft Baseline Security Analyzer (MBSA)

• Security Audit

 

 

COM520 Systems Security Management

Module 3 Discussion

Cryptographic Protocols

Pick any one cryptographic protocol (e.g., SSL, TLS, IKE, Kerberos, SSH, PPTP, WEP, WPA, TKIP etc.). In your initial discussion post, please explain the working and details of the protocol clearly (no copy+paste). Wikipedia is not acceptable. When responding to someone’s post, please provide any missing details of the protocol that was explained, with particular emphasis on attacks/limitations of the protocol.

 

COM520 Systems Security Management

Module 4 Discussion

System Profiling

Assume you are all working as the security team in the IT department of a company. The upper-level management is considering the use of an effective approach to analyze and profile their systems. Possibly with the help of online research, post something about a strategy, tool, or issue related to this that can aid the company in making a decision.

 

COM520 Systems Security Management

Module 5 Discussion

Threats to Applications

As you may have realized from this module’s contents, almost every application is vulnerable to attacks. Pick an application (e.g., browser, email client), explain the strongest threat for it and any existing solutions to prevent it.

 

 

 

 

 

 

COM520 Systems Security Management

Module 6 Discussion

System Hardening

In this module, you have been exposed to hardening security in many aspects of Windows systems. Pick any one aspect (e.g., password policy) and explain why you consider it important to harden it. Please include any realistic threats in that aspect and also possible remedies.

 

COM520 Systems Security Management

Module 7 Discussion

Computer Forensics

Share with other students your experience or knowledge of a computer forensics case that you found interesting. Make sure to mention as to what constitutes an incident and the evidence in your selected case.

 

COM520 Systems Security Management

Module 8 Discussion

Protection Rules

You have learnt that there are many basic rules to follow in order to protect Microsoft Windows systems. Pick any one rule that you think is very important according to you and justify it in your own words.

 

COM520 Systems Security Management

Module 1 Written Assignment

COM520 Written Assignment 1

Assignment: Adding Active Directory

In this assignment, you will answer questions relating to the impact of adding Active Directory to the Ken

7 Windows Limited environment.

Assignment Requirements

This assignment builds on the scenario of Ken 7 Windows Limited given as the last section of this

document. For this assignment, imagine yourself to be a security administrator working for Ken 7

Windows Limited. You have been asked to evaluate the option of adding the Active Directory to the Ken 7

Windows network. Here are some facts to help you work on this assignment.

Ken 7 has just purchased a new enterprise resource planning (ERP) software package and will place the

workstation computers which will use this ERP software at eight different locations on the shop floor. The

ERP software requires two database servers, four application servers, and two Web servers, all of which

run a Windows operating system. All above-mentioned servers and the shop floor workstations are new,

but there are 22 workstations, already in place, which work with an older software that Ken 7 used to

manage the manufacturing and accounting processes. The existing 22 workstations are grouped into

three workgroups: accounting, planning, and purchasing. Before you add the Active Directory to the

network, you have been asked to examine the effects of the Active Directory in several key areas.

Tasks

Provide the answers to the following questions to satisfy the key points of interest to the Ken 7 Windows

Limited management regarding the addition of the Active Directory to the network.

1. Currently, system administrators create Ken 7 users in each computer where users need access.

In the Active Directory, where will system administrators create Ken 7 users?

2. How will the procedures for making changes to the user accounts, such as password changes, be

different in the Active Directory?

3. What action should administrators take for the existing workgroup user accounts after converting

to the Active Directory?

4. How will the administrators resolve the differences between the user accounts defined on the

different computers? In other words, if user accounts have different settings on different

computers, how will the Active Directory address that issue?

5. How will the procedure for defining access controls change after converting to the Active

Directory?

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have described with proper justification that the Active Directory user rights and permissions

take precedence over the local user accounts.

? I have explained with proper justification that the Active Directory and local users have different

security identifiers (SIDs)—even if the user accounts names are the same.

COM520 Written Assignment 1

Case Scenario for Rationale: Importance of Windows Access Control and Authentication

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

? Raw material costs

? Labor costs

? Materials and labor requirements for products

? Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

? Administrators—maintain ERP data and system operation.

? Planners—run planning software and generate requirements reports.

? Shop Floor users —enter operational data (receiving, shipping, and product progress

during manufacturing).

? Managers—manage department personnel.

? Purchasing users—generate purchasing documents based on planning requirements.

? Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

? Cost information—raw materials and labor costs, including the cost of finished goods.

? Manufacturing details—cost, amount of labor, and time required to produce finished

goods.

? Purchasing requirements—rules for determining when raw materials, components, or

supplies should be purchased.

Through access control:

? Cost information can be viewed only by Accounting users.

? Manufacturing details can be viewed only by Shop Floor users.

? Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

? Accounting users are able to login to shop floor computers.

? Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

? Create an organizational unit (OU) in Active Directory for shop floor computers.

? Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

? Define data access controls in the ERP software to deny access for all non-HR users to

restricted data.

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.

 

 

COM520 Systems Security Management

Module 2 Written Assignment

COM520 Written Assignment 2

Assignment: Recommendations for Access Controls

Assignment Requirements

In the lab for Module 1, Configure Active Directory and implement Departmental and User Access

Controls, you defined the groups, users, and listed access controls necessary to fulfill specific access

requirements. In this assignment, you will evaluate how each control affects users’ access to files and

folders. You will also examine how changing access controls can affect your users’ ability to access files

and folders.

Here are the users and groups you defined in the lab:

User Member of Groups

SFuser01 ShopFloor

SFuser02 ShopFloor

SFmanager ShopFloor, Manager

HRuser01 HumanResources

HRuser02 HumanResources

HRmanager HumanResources, Manager

In the lab, you considered access requirements for four folders:

? C:\ERPdocuments – This folder will contain miscellaneous shared files for the ERP software.

? C:\ERPdocuments\HRfiles – Folder for shared HumanResources user files.

? C:\ERPdocuments\SFfiles – Folder for shared ShopFloor user files.

? C:\ERPdocuments\MGRfiles – Folder for shared Manager user files.

Here is a suggested list of access controls with basic permissions for each of the four folders your users

will need to access:

Folder Who Can Modify

Who Can Read and

Execute

Who Can List Folder

Contents

C:\ERPdocuments Manager Manager Manager, ShopFloor,

HumanResources

C:\ERPdocuments\HRfiles HumanResources Manager,

HumanResources

Manager,

HumanResources

C:\ERPdocuments\SFfiles Manager, ShopFloor Manager, ShopFloor Manager, ShopFloor

C:\ERPdocuments\MGRfiles Manager Manager Manager

Based on the requirements stated above, answer the following questions:

1. The access requirements in the table above are based on reference groups. However, should

Windows access controls to implement these requirements be based on groups or individual

users? Explain.

2. How would you provide a human resource (HR) manager with the ability to modify files in

C:\ERPdocuments\HRfiles without giving the same ability to other managers?

3. Describe what would happen if you removed HR from the ‘List folder contents’ permission for

C:\ERPdocuments\HRfiles?

4. Describe what would happen if you added Shop Floor to the ‘Modify’ permission for

COM520 Written Assignment 2

C:\ERPdocuments\HRfiles?

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have explained how access controls affect the ability of different users to access objects.

? I have explained with proper reasoning the impact of changes made in the worksheet on users’

access and which users would encounter problems if the changes were implemented.

 

 

COM520 Systems Security Management

Module 3 Written Assignment

COM520 Written Assignment 3

Assignment: Identifying Types of Malware Infection

Assignment Requirements

You have learned that any computer or device can be vulnerable to malware. Vulnerabilities differ

depending on how the computer or device is used and what software is installed. For each of the

scenarios listed on the worksheet, select the most likely type of malware that is present on the computer

or device and provide a rationale for doing so.

Select from:

a. Virus

b. Worm

c. Trojan horse

d. Rootkit

e. Spyware

Suspected malware scenarios:

_________ 1. You notice that your computer is getting slower each day. You have terminated

unneeded programs, disabled unneeded services, and have recently defragmented

the disks. Your computer has plenty of memory but it still seems slow. Since it only

started getting slow within the last two weeks—you suspect malware. You have

carefully examined each of the programs running but there are no unusual programs.

However, you do notice that there is a substantial disk activity, even when no

programs are running that should be using the disk. What kind of malware do you

think is present in your computer?

_________ 2. You downloaded a new program to display the current weather on your desktop.

Since you installed the weather application, you noticed a lot of network activity, and

your computer is getting slow. When you terminate the weather application your

computer speeds up. What kind of malware do you think is present in your computer?

_________ 3. Within a week after ordering a new widescreen television (TV) from an online retailer,

you start getting many e-mail messages advertising products related to TVs. What

kind of malware do you think is present in your computer?

_________ 4. You downloaded a new game to your personal mobile device that runs Windows

Mobile. You notice on your mobile service bill that several charges appeared for calls

to premium numbers that started three days after loading the new game. What kind

of malware do you think is present in your computer?

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have matched correctly each type of malware with each scenario.

? I have provided a sound rationale for each answer.

 

 

COM520 Systems Security Management

Module 4 Written Assignment

COM520 Written Assignment 4

Assignment: Security Audit Procedure Guide

Assignment Requirements

This assignment requires you to prepare a procedure guide for a security audit in Ken 7 Windows Limited.

Ken 7 Windows Limited has acquired several new servers and workstations to support the new enterprise

resource planning (ERP) software. You want to ensure the new computers comply with Microsoft’s initial

secure baseline. You choose to use the Microsoft baseline security analyzer (MBSA) tool to assess the

basic security for all of your Windows computers. MBSA will identify many of the basic vulnerabilities

found in Windows environments. MBSA’s vulnerability report provides a good starting point for securing

new and existing Windows computers. You need to develop procedures to ensure that each computer in

your environment has no reported vulnerabilities.

Using the format below, describe the steps to follow to scan multiple computers for security vulnerabilities

using MBSA. Include steps to research and address any reported vulnerabilities. Assume you plan to run

MBSA on a new server that does not have MBSA installed.

Fill in the details for each procedural step to audit each computer and address discovered vulnerabilities.

1) Acquire and install MBSA.

2) Scan computers.

3) Review scan results.

4) Identify vulnerabilities you need to address.

5) Document the steps to address each vulnerability.

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have properly organized the steps necessary for malware-free environment.

? I have given a proper justification of the following steps in the security audit procedure guide:

o Download and install MBSA.

o Use MBSA to scan multiple computers.

o Review the scan results.

o Identify vulnerabilities to mitigate.

o Document the steps necessary to mitigate selected vulnerabilities.

COM520 Written Assignment 4

Case Scenario:

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

• Raw material costs

• Labor costs

• Materials and labor requirements for products

• Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

• Administrators—maintain ERP data and system operation.

• Planners—run planning software and generate requirements reports.

• Shop Floor users —enter operational data (receiving, shipping, and product progress during

manufacturing).

• Managers—manage department personnel.

• Purchasing users—generate purchasing documents based on planning requirements.

• Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

• Cost information—raw materials and labor costs, including the cost of finished goods.

• Manufacturing details—cost, amount of labor, and time required to produce finished goods.

• Purchasing requirements—rules for determining when raw materials, components, or supplies

should be purchased.

Through access control:

• Cost information can be viewed only by Accounting users.

• Manufacturing details can be viewed only by Shop Floor users.

• Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

• Accounting users are able to login to shop floor computers.

• Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

• Create an organizational unit (OU) in Active Directory for shop floor computers.

• Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

• Define data access controls in the ERP software to deny access for all non-HR users to restricted

data.

COM520 Written Assignment 4

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.

 

 

 

 

 

COM520 Systems Security Management

Module 5 Written Assignment

COM520 Written Assignment 5

Assignment: Network Security Controls

Assignment Requirements

Securing Windows networks requires recognizing potential vulnerabilities and selecting the best control to

address that vulnerability. You as a network administrator working for Ken 7 Windows Limited have been

given the task of reviewing the current network security policy and recommending the best network

security control to satisfy the policy. You can select from a short list of network security controls.

For each policy statement, select the best control to ensure Ken 7 Windows Limited fulfills the stated

requirements and provide a rationale.

Required Resources

? Case Scenario for Rationale: Importance of Windows Access Control and Authentication (see

below)

? Worksheet: Network Security Requirements Policy (see below)

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA

? Length: 1–2 pages

Self-Assessment Checklist

? I have selected appropriate network security controls for each domain of the Ken 7 IT

environment.

? I have provided rationale for my choices by explaining how each control makes the environment

more secure.

? I have followed the submission requirements.

COM520 Written Assignment 5

Case Scenario for Rationale: Importance of Windows Access Control and Authentication

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

• Raw material costs

• Labor costs

• Materials and labor requirements for products

• Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

• Administrators—maintain ERP data and system operation.

• Planners—run planning software and generate requirements reports.

• Shop Floor users —enter operational data (receiving, shipping, and product progress during

manufacturing).

• Managers—manage department personnel.

• Purchasing users—generate purchasing documents based on planning requirements.

• Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

• Cost information—raw materials and labor costs, including the cost of finished goods.

• Manufacturing details—cost, amount of labor, and time required to produce finished goods.

• Purchasing requirements—rules for determining when raw materials, components, or supplies

should be purchased.

Through access control:

• Cost information can be viewed only by Accounting users.

• Manufacturing details can be viewed only by Shop Floor users.

• Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

• Accounting users are able to login to shop floor computers.

• Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

• Create an organizational unit (OU) in Active Directory for shop floor computers.

• Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

• Define data access controls in the ERP software to deny access for all non-HR users to restricted

data.

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.

COM520 Written Assignment 5

Worksheet: Network Security Requirements Policy

Securing Windows networks requires recognizing potential vulnerabilities and selecting the best control to

address that vulnerability. You as a network administrator working for Ken 7 Windows Limited have been

given the task of reviewing the current network security policy and recommending the best network

security control to satisfy the policy. You can select from a short list of network security controls.

For each policy statement, select the best control to ensure Ken 7 Windows Limited fulfills the stated

requirements and also provide a rationale at the end of the table.

Select from these security controls:

a. Place a firewall between the Internet and your Web server.

b. Place a firewall between your Web server and your internal network.

c. Enforce password complexity.

d. Implement Kerberos authentication for all internal servers.

e. Require encryption for all traffic flowing into and out from the Ken 7 Windows environment.

f. Separate wired and wireless network entry points into separate logical networks.

g. Require all personnel attend a lunch and learn session on updated network security policies.

Security policy statements:

1. More and more users are using the Ken 7 Windows network to access social media sites

during business hours, causing the network to slow down. Users should not use Ken 7

network resources for social media access.

2. Most Ken 7 personnel own mobile phones and PDAs that can connect to the Internet. Ken

7 network administrators are concerned that personal device access may pose a security

threat to Ken 7 network resources. Personal devices must not be allowed to connect to

the Ken 7 Windows network.

3. Anonymous users of Ken 7 Web application should only be able to access servers located

in the demilitarized zone (DMZ). No anonymous Web application users should be able to

access any protected resources in the Ken 7 infrastructure.

4. Users who print confidential reports must not be allowed to send reports to unsecured

printers.

5. Passwords should not be words found in the dictionary.

 

 

 

COM520 Systems Security Management

Module 6 Written Assignment

COM520 Written Assignment 6

Assignment: Policy for Securing the Windows Environment

Assignment Requirements

Securing Windows applications requires hardening each application to prevent vulnerabilities from being

exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You

have been given the task of reviewing security policies and recommending appropriate security controls

to respond to vulnerabilities identified by the security team in the new ERP software.

You will be provided a list of security controls to detect or prevent each stated threat. For each

vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to

secure its application software.

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have properly selected the best security control that best satisfies each ERP vulnerability.

? I have provided a proper justification of choosing each security controls.

Required Resources

? Text Sheet: Case Scenario for Rationale: Importance of Windows Access Control and

Authentication (see below)

? Worksheet: Security Controls and Vulnerabilities (see below)

COM520 Written Assignment 6

Case Scenario for Rationale: Importance of Windows Access Control and Authentication

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

• Raw material costs

• Labor costs

• Materials and labor requirements for products

• Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

• Administrators—maintain ERP data and system operation.

• Planners—run planning software and generate requirements reports.

• Shop Floor users —enter operational data (receiving, shipping, and product progress during

manufacturing).

• Managers—manage department personnel.

• Purchasing users—generate purchasing documents based on planning requirements.

• Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

• Cost information—raw materials and labor costs, including the cost of finished goods.

• Manufacturing details—cost, amount of labor, and time required to produce finished goods.

• Purchasing requirements—rules for determining when raw materials, components, or supplies

should be purchased.

Through access control:

• Cost information can be viewed only by Accounting users.

• Manufacturing details can be viewed only by Shop Floor users.

• Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

• Accounting users are able to login to shop floor computers.

• Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

• Create an organizational unit (OU) in Active Directory for shop floor computers.

• Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

• Define data access controls in the ERP software to deny access for all non-HR users to restricted

data.

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.

COM520 Written Assignment 6

Worksheet: Security Controls and Vulnerabilities

You can select from a short list of security controls to detect or prevent each stated threat. For each

vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to

secure its application software.

Select from these security controls:

a. Place a firewall between the Internet and your Web server.

b. Place a firewall between your Web server and your internal network.

c. Remove the mail server service.

d. Require encrypted connections for all remote ERP clients.

e. Apply the latest security patches.

f. Use a packet sniffer to view the contents of network packets.

g. Require all personnel attend a lunch and learn session on updated security policies.

Identified ERP software vulnerabilities:

1. The ERP software vendor reports that some customers have experienced denial-ofservice

(DoS) attacks from computers sending large volumes of packets to mail servers

on the Web server computers.

2. Users that leave their workstations logged in during long durations of inactivity could

allow attackers to hijack their session and impersonate them in the application.

3. Attackers with packet sniffers and proxy software could potentially intercept exchanges

of private data.

4. Four software vulnerabilities in previous ERP software versions could allow attackers to

escalate their permissions and assume administrator privileges.

5. Incorrect Web server configuration may allow unencrypted connections to exchange

encrypted information.

 

 

 

 

COM520 Systems Security Management

Module 7 Written Assignment

COM520 Written Assignment 7

Assignment: Windows Incident Handling Tools

Assignment Requirements

Responding to incidents in an efficient and repeatable manner depends on having the right tools in place

before incidents occur. While there are many types of tools and utilities available for different purposes,

some tools support incident handling tasks well. As a security administrator for Ken 7 Windows Limited,

you have been given the task of evaluating various software tools for computer security incident response

team (CSIRT) use.

You should recommend at least one tool for each of the main CSIRT categories of functional needs. You

can select from the list of functional needs given below. For each software tool you should select the most

appropriate functional need(s), it best meets.

Review the text sheet titled Tool Summary (provided below). After you identify the functional needs each

tool fulfills, describe which tool, or tools, you would recommend for the Ken 7 Windows Limited CSIRT.

Explain the reasons for your choice.

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

Self-Assessment Checklist

? I have identified the correct function to secure incidents of Ken 7 Windows Limited.

? I have explained and given proper reasoning for my choice of tools.

Required Resources (provided below)

? Text Sheet: Case Scenario for Rationale: Importance of Windows Access Control and

Authentication

? Text Sheet: Tools Summary

? Worksheet: Match Tools to CSIRT Functional Needs

Case Scenario for Rationale: Importance of

Windows Access Control and Authentication

© 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Page 1

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

? Raw material costs

? Labor costs

? Materials and labor requirements for products

? Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

? Administrators—maintain ERP data and system operation.

? Planners—run planning software and generate requirements reports.

? Shop Floor users —enter operational data (receiving, shipping, and product progress

during manufacturing).

? Managers—manage department personnel.

? Purchasing users—generate purchasing documents based on planning requirements.

? Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

? Cost information—raw materials and labor costs, including the cost of finished goods.

? Manufacturing details—cost, amount of labor, and time required to produce finished

goods.

? Purchasing requirements—rules for determining when raw materials, components, or

supplies should be purchased.

Through access control:

? Cost information can be viewed only by Accounting users.

? Manufacturing details can be viewed only by Shop Floor users.

? Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

? Accounting users are able to login to shop floor computers.

? Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

? Create an organizational unit (OU) in Active Directory for shop floor computers.

? Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

? Define data access controls in the ERP software to deny access for all non-HR users to

restricted data.

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.

Tools Summary

© 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Page 1

? Archer Incident Management:

http://www.emc.com/security/rsa-archer/rsa-archer-incident-management.htm

“Archer Incident Management centralizes and streamlines the complete case management

lifecycle for cyber and physical incidents and ethics violations. Archer’s web-based solution

allows you to capture organizational events that may escalate into incidents, evaluate incident

criticality, and assign response team members based on business impact and regulatory

requirements. You can also consolidate response procedures, manage investigations end-to-end,

and report on trends, losses, recovery efforts and related incidents. Powered by the Archer

SmartSuite Framework, the Incident Management software solution allows you to effectively

handle incidents that occur anywhere you do business from detection through analysis and

resolution.”

? D3 Incident Reporting:

http://www.d3security.com/products/incident-reporting

“The Incident Reporting Software module is at the core of D3’s end-to-end integrated security

management technology or virtual Security Operations Center (vSOC). The incident reporting

application is easy-to-use and fully customizable. The flexible customization options allow

incident forms, tasks and analysis reports to be designed to your organizations unique

requirements. This greatly reduces unnecessary incident form fields, streamlines adoption of the

system by staff and ensures the appropriate information is being collected.”

? Application for Incident Response Teams (AIRT):

http://airt.leune.com/

“AIRT is a web-based application that has been designed and developed to support the day to

day operations of a computer security incident response team. The application supports highly

automated processing of incident reports and facilitates coordination of multiple incidents by a

security operations center.”

Tools Summary

© 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Page 2

? Request Tracker for Incident Response (RTIR):

http://www.bestpractical.com/index.html

“RT for Incident Response helps your CERT or CSIRT team to efficiently track computer security

incidents big and small. Collaborating with staff from top Incident Response teams, we've built a

tool designed to help you manage your entire incident handling workflow. RTIR builds on RT to

track Incident Reports, Incidents which tie together those reports and your Investigations into root

causes and ideal remediation’s. RTIR extends RT with custom data extraction, reporting and

workflow tools as well as a user experience centered around the Incident handling process. Best

Practical offers a full suite of customization, training, deployment and support services for RTIR.

Please contact us for more information.”

? BMC Remedy Action Request System:

http://www.bmc.com/products/product-listing/22735072-106757-2391.html

“Build powerful business workflow applications for Web, Windows, UNIX, and Linux environments

AR System provides a consolidated Service Process Management platform for automating and

managing Service Management business processes.

? Replace outdated manual systems with process automation that speeds the handling of

unique processes

? Out-of-the-box workflow modules commonly used in automating service processes, such as

notifications, escalations and approvals

? Integrate processes with systems across the enterprise

? Adapt and evolve your processes to continually align with the needs of the business

? Manage business process performance in real-time

? Rapidly prototype, deploy, maintain, and iterate service management applications

? Capture and track critical business data”

Web References: Links to Web references in this document are subject to change without prior notice.

These links were last verified on June 26, 2013.

Match Tools to CSIRT Functional Needs

© 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Page 1

Responding to incidents in an efficient and repeatable manner depends on having the right tools in place

before incidents occur. While there are many types of tools and utilities available for different purposes,

some tools support incident handling tasks well. As a security administrator for Ken 7 Windows Limited,

you have been given the task of evaluating various software tools for CSIRT use. You should recommend

at least one tool for each of the main CSIRT categories of functional needs. You can select from the list of

functional needs given below. For each software tool you should select the most appropriate functional

need(s), it best meets.

Review the text sheet titled Tool Summary given to you as a handout. After you identify the functional

needs each tool fulfills, describe which tool, or tools, you would recommend for the Ken 7 Windows

Limited CSIRT. Explain the reasons for your choice.

Select from these CSIRT functional needs:

a. Tracking incidents

b. Reporting on incidents

c. Archiving incidents

d. Communicating incident information

e. Managing an incident’s tasks and activities

Software tools (note which CSIRT functional needs each product meets):

1. Archer Incident Management

2. D3 Incident Reporting

3. Application for Incident Response Teams (AIRT)

4. Request Tracker for Incident Response (RTIR)

5. BMC Remedy Action Request System

Which of the tools listed would you recommend for Ken 7 Windows Limited CSIRT? Why?

 

 

COM520 Systems Security Management

Module 8 Written Assignment

COM520 Written Assignment 8

Assignment: Best Procedures to Secure Windows Applications

Assignment Requirements

Part of implementing Ken 7 Windows Limited new enterprise resource planning (ERP) software is

ensuring all workstations and servers run secure applications. Since the ERP software is new, Ken 7

Windows Limited needs a new policy to set security requirements for the software. This policy will guide

administrators in developing procedures to ensure all client and server software is as secure as possible.

The goal is to minimize exposure to threats to any part of the new ERP software or resources related to it.

Using the format below, describe the goals that define a secure application. Specifically, you will write two

policies to ensure Web browsers and Web servers are secure. All procedures and guidelines will be

designed to fulfill the policies you create.

Answer the following questions for Web browser and Web server software:

1. What functions should this software application provide?

2. What functions should this software application prohibit?

3. What controls are necessary to ensure this applications software operates as intended?

4. What steps are necessary to validate that the software operates as intended?

Once you have answered the questions above, fill in the following details to develop your policies to

secure application software. Remember, you are writing policies, not procedures. Focus on the high-level

tasks, not the individual steps.

? Type of application software

? Description of functions this software should allow

? Description of functions this software should prohibit

? Known vulnerabilities associated with software

? Controls necessary to ensure compliance with desired functionality

? Method to assess security control effectiveness

You will write two policies—one for Web server software and one for Web browser software.

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have provided all requirements necessary to secure application software.

? I have explained and gave a proper reasoning for each step to secure application software.

COM520 Written Assignment 8

Case Scenario for Rationale

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

• Raw material costs

• Labor costs

• Materials and labor requirements for products

• Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

• Administrators—maintain ERP data and system operation.

• Planners—run planning software and generate requirements reports.

• Shop Floor users —enter operational data (receiving, shipping, and product progress during

manufacturing).

• Managers—manage department personnel.

• Purchasing users—generate purchasing documents based on planning requirements.

• Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

• Cost information—raw materials and labor costs, including the cost of finished goods.

• Manufacturing details—cost, amount of labor, and time required to produce finished goods.

• Purchasing requirements—rules for determining when raw materials, components, or supplies

should be purchased.

Through access control:

• Cost information can be viewed only by Accounting users.

• Manufacturing details can be viewed only by Shop Floor users.

• Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

• Accounting users are able to login to shop floor computers.

• Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

• Create an organizational unit (OU) in Active Directory for shop floor computers.

• Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

• Define data access controls in the ERP software to deny access for all non-HR users to restricted

data.

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.

 

 

COM520 Systems Security Management

Module 1 Lab Assignment

Configure Active Directory and Implement Departmental and User Access Controls

Complete Lab 1 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 1-21.

 

 

COM520 Systems Security Management

Module 2 Lab Assignment

Implement Access Control to Secure Folders and Read/Write/Access to Files

Complete Lab 2 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 23-37

 

COM520 Systems Security Management

Module 3 Lab Assignment

Configure BitLocker and Windows Encryption

Complete Lab 3 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 39-57.

In the lab for this module, you will work with Encrypting File System, or EFS, and BitLocker Drive Encryption. EFS is a Windows feature that enables you to encrypt files and folders. BitLocker, which is available only in certain versions of Windows, enables you to encrypt an entire drive or volume. Only those users with the proper password or encryption key can decrypt the data files obtained from a shared drive or volume protected by BitLocker.

You will begin the lab by using EFS to encrypt files and folders on a Windows Server 2008 machine and document the success or failure of your encryption efforts. You will then install BitLocker on a data drive on a server in the virtual lab environment and create a recovery key.

 

 

COM520 Systems Security Management

Module 4 Lab Assignment

Create a Backup and Restore a Windows Environment

Complete Lab 6 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 89-105.

 

 

 

COM520 Systems Security Management

Module 5 Lab Assignment

Secure Windows Systems Using a Security Configuration Wizard and Manual Settings

Complete Lab 7 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 107-120.

In the lab for this module, Secure Windows Systems Using a Security Configuration Wizard and Manual Settings, you will learn how to harden a Windows 2008 Server network by identifying unnecessary roles and options and defining security policies using the Windows Security Configuration Wizard. You will also research services running on a Windows workstation to determine which services are not necessary. You will use the Services component in Administrative Tools to disable those services. Then you will research Windows Firewall rules for the workstation to determine which rules can be modified to harden the firewall. You will use the Advanced Settings section of Windows Firewall to make the changes.

 

COM520 Systems Security Management

Module 6 Lab Assignment

Secure Windows Server and Client Applications

Complete Lab 8 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided

by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 121-134.

 

COM520 Systems Security Management

Module 7 Lab Assignment

Protect Digital Evidence, Documentation, and the Chain of Custody

Complete Lab 9 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 135-148.

In the lab for this module, you will learn how to perform security audits and collect evidence using applications and tools running on Windows Server 2008. You will begin by accessing the Windows Event Viewer and identifying failed logon attempts, which could indicate a possible intrusion by an unauthorized user. You will create a Windows Event Viewer report listing the failed login attempts and use the report to explain containment and remediation steps. Then you will generate your own errors by attacking the Windows server. You will review the IIS logs to find those errors and recommend remediation steps.

 

COM520 Systems Security Management

Module 8 Lab Assignment

Use Microsoft® Baseline Security Analyzer to Harden a Windows Server

Complete Lab 10 in the lab manual. This assignment uses the Virtual Security Cloud Lab (VSCL) provided by J&B Learning. Instructions for this assignment can be found in the lab manual, pages 149-159.

 

 

 

Dot Image
Tutorials for this Question
  1. Tutorial # 00712991 Posted By: rey_writer Posted on: 11/21/2018 12:29 PM
    Puchased By: 2
    Tutorial Preview
    The solution of Saint COM520 Full Course Latest November 2018...
    Attachments
    Saint_COM520_Full_Course_Latest_November_2018.ZIP (18.96 KB)

Great! We have found the solution of this question!

Whatsapp Lisa