Details of this Paper

homework 5 part 2

Description

solution


Question

Hands-On Steps;1. From your computer workstation, create a new text document called Workstation Domain Lab #6.;2. Consider the following scenario;You are a security consultant for an information systems security firm and have a new health care;provider client under HIPAA compliance. Your new client wants to know the requirements and;business drivers for securing the workstation domain in its health care environment. Your new client;requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client that also;wants you to perform a workstation domain compliance audit per DoD workstation hardening guidelines;and baseline requirements.;3. In your text document, discuss how the compliance law requirements and business drivers for the;health care provider?s workstation domain might differ from the DoD?s workstation domain security;compliance requirements.;4. Launch your Web browser and in the address box, type the Web address http://cve.mitre.org. Browse the;site, and then in your text document, identify the risks, threats, and vulnerabilities commonly found in;the workstation domain.;5. Change your Web address to http://iase.disa.mil/stigs/index.html. Review the Security Technical;Implementation Guides (STIGs) available and the proper implementation of security based on DoD?s;workstation/desktop hardening guidelines. In your text document, discuss three STIGs and the DoD?s;workstation/desktop hardening guidelines.;6. Change your Web address to http://iase.disa.mil/stigs/downloads/pdf/unclassified_Desktop;ApplicationsGeneral_V4R1_STIG.pdf. You will download the pdf document from the IASE/DISA website.;Review the Desktop Applications General Version 4, Release 1 document. In your text document, discuss;this document?s significant points. Then, review the following concepts from this overarching DoD;standards document for desktop hardening, and in your text document, discuss the significant points;of two of these topics;a. Appropriate backup strategy does not exist;b. Public instant message clients are installed;c. Peer to Peer clients or utilities are installed;d. Execution Restricted File Type Properties;e. Open-restricted File Type Properties;7. Change your Web address to http://iase.disa.mil/stigs/os/index.html#. Review the Windows OS security;guidelines by clicking the +Windows tab toward the top of the page, clicking on Windows 7 and;Windows 2008, and then clicking on the Guidance Documents tabs. Determine which technical;controls are appropriate for Windows 7 and Windows 2008. Note these in your text document.;8. On the left side of the website, click the STIGs Master List (A to Z) link. Scroll down the list to locate and;then download the following Windows OS security guideline documents/zip files;a. Windows 7 STIG (you will see several Windows 7 STIG options, click the one with only a Version;number and a Release number after STIG);b. Windows 2008 STIG (you will see a couple of Windows 2008 STIG options, click the one with only;a Version number and a Release number after STIG);Once you?ve downloaded the Windows 7 STIG ZIP file to your desktop, double-click the ZIP file to extract;the Windows 7 STIG folder. Double-click the folder to open it, double-click the Windows 7 Manual;STIG ZIP file to extract the Windows 7 Manual STIG folder, double-click the folder to open it, and then;double-click the Windows 7 STIG Manual XML file to open it. Review some of the following concepts.;In your text document, list each of these and discuss a significant point about each;a. Display Shutdown Button;b. Clear System Pagefile;c. Removable media devices;Hands-On Steps 45;6;38412_Lab06_Pass1.indd 45 07/03/13 8:40 PM;d. Halt on Audit Failure;e. Security Configuration Tools;Next you will work with the Windows 2008 STIG ZIP file on your desktop. Double-click the ZIP file to;extract the Windows 2008 STIG folder. Double-click the folder to open it, double-click the Windows;2008 DC Manual STIG ZIP file to extract the Windows 2008 DC Manual STIG folder, double-click the;folder to open it, and then double-click the Windows 2008 DC STIG Manual XML file to open it. Review;some of the following concepts and vulnerabilities for configuring and hardening Windows 2008;Domain Controllers. In your text document, list each of these and discuss a significant point about;each;a. System Recovery Backups;b. Caching of Logon Credentials;c. Dormant Accounts;d. Recycle Bin Configuration;e. Password Uniqueness;f. Printer Share Permissions;9. Change your Web address back to http://cve.mitre.org/. Review the National Cyber Security Division;of the U.S. Homeland Security Department?s CVE listing hosted by the Mitre Corporation. To access;the CVE listing, click CVE List in the left-hand column to reach the CVE List Main Page. In your text;document, discuss how workstation domain OS and application software vulnerabilities are housed;in the CVE listing. Next, click the National Vulnerability Database link on the CVE homepage or CVE List;Main Page. In your text document, discuss how vulnerabilities are housed in the National Vulnerability;Database. Discuss how this is both a security control tool and an attack tool used by hackers.;10. Write an executive summary to summarize the top workstation domain risks, threats, and vulnerabilities;and include a description of the risk mitigation tactics you would perform to audit the;workstation domain for compliance. Use the U.S. DoD workstation hardening guidelines as your;example for a baseline definition for compliance.;11. Submit the text document to your instructor as a deliverable for this lab.;46 Lab #6 | Auditing the Workstation Domain for Compliance;38412

 

Paper#64499 | Written in 18-Jul-2015

Price : $22
SiteLock