Syllabus This course is an overview of information assurance and security topics for network administrators who must impleme
Syllabus
This course is an overview of information assurance and security topics for network administrators who must implement security strategies to protect their organization from exposure to the Internet; network designers also create security-conscious designs. Learners identify and apply strategies to guard against hackers and forms of viruses, use firewalls and gateways, and build authentication skills and encryption techniques. Learners identify methods for attacking a network system and validate defenses against them.
This course introduces information security assurance concepts and practices appropriate for beginning IT professionals whose job it is to implement security strategies that protect organizations from exposure to system threats and vulnerabilities.
Topics explore ways for IT professionals to incorporate security-conscious designs for various aspects of organizational security. Labs require you to employ strategies designed to guard against hackers and viruses, affording the opportunity for hands-on exploration of access control, authentication and encryption techniques, common methods for attacking a network system, and related topics.
Assessment 3 – Instructions.docx
Overview
Assessment 3
Principio del formulario
Final del formulario
Eliminating Threats With a Layered Security Approach
Overview
There are many key concepts of information assurance and security, but one important fact to note is that eventually, over time, a single security control will eventually fail. This is what makes layered security defenses a very important part of this concept, so that when a single control does indeed fail, there are other controls in place that will together help mitigate the risk of the failed control.
In this assessment you complete and submit screen captures from the Eliminating Threats With a Layered Security Approach lab and write policies for Password Management and Logging Standards.
Preparation
Do the following using items found in the Resources:
· Download the Assessment X Template. You will use this Word template for assessment submission.
· Open the Eliminating Threats With a Layered Security Approach lab, found in this unit, and read the introduction.
· Review the Course Security Scenario document found in the Resources for context when writing your security policies in Part 2.
Kaltura
For Part 2 of this assessment, you may choose to create your presentation using Kaltura. To learn how to use Kaltura, refer to the Using Kaltura tutorial linked in the Resources.
Note: If you require the use of assistive technology or alternative communication methods to participate in these activities, please contact Disability Services to request accommodations.
Instructions
Part 1 – Eliminating Threats With a Layered Security Approach Lab
Note: Not all sections mentioned in the lab's directions are required for this assessment.
Do the following:
1. Complete "Section 1: Hands-on Demonstration" and save the following screenshots:
. Part 1 Steps 18 and 27.
. Part 2 Step 9.
. Part 3 Steps 8 and 17.
· Complete "Section 2: Applied Learning" and save the following screenshots:
. Part 1 Steps 6, 8 and 13.
. Part 2 Step 5.
. Part 3 Steps 6 and 8.
· Based on the specific actions taken in the lab, interpret the importance of disabling unneeded services and the potential detriment if these efforts are not taken.
Part 2 – Security Planning: Password Management and Logging Standards Presentation
Consider the following policies using information found in the Course Security Scenario as context.
1. Password Management.
2. Logging Standards.
Create a 10–15 minute presentation (using a common presentation software of your choice) that describes Password Management and Logging Standards policies that you would recommend to stakeholders interested in organizational security for the company described in the Course Security Scenario. Your presentation must include audio narration with supporting visual depictions.
Consider the following scoring guide criteria as you complete your assessment:
· Provide required screenshots that document lab completion.
· Create a password management policy that is appropriate for the Course Security scenario.
· Create a logging standards policy that is appropriate for the Course Security scenario.
· Interpret the importance of disabling unneeded services and the potential detriment if this is not done.
· Create a presentation that accurately communicates a security plan to stakeholders.
Additional Instructions
Place your written work and all screenshots from Part 1 (make sure to include the step number associated with each screenshot) in the Assessment X Template. Submit a zip file containing both the Assessment X Template and the Part 2 presentation file.
Assessment 3- OverView.docx
Overview
OVERVIEW
Complete and submit screen captures from the Eliminating Threats with a Layered Security Approach lab and write policies for Password Management and Logging Standards.
By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and assessment criteria:
· Apply general information assurance and security concepts.
. Create an appropriate password management policy that is appropriate for the Course Security scenario.
. Create a Logging Standards policy that is appropriate for the Course Security scenario.
· Design mechanisms that control unauthorized access to private information.
. Provide required screenshots that document lab completion.
. Interpret the importance of disabling unneeded services and the potential detriment if this is not done.
· Communicate effectively.
. Create a presentation that accurately communicates a security plan to stakeholders.
CONTEXT
Examples, Guides, and Templates
. Provides background and context for writing your security policies in Part 2 of the course assessments.
. Refer to this guide if you choose to use Kaltura for your presentation later in this assessment.
Suggested Resources
The resources provided here are optional and support the assessment. They provide helpful information about the topics. You may use other resources of your choice to prepare for this assessment; however, you will need to ensure that they are appropriate, credible, and valid. The Supplemental Resources and Research Resources, both linked from the left navigation menu in your courseroom, provide additional resources to help support you.
· Computer Security Incident Response Team. (n.d.). InfoSec password policy [DOC] . Retrieved from http://www.csirt.org/sample_policies/sans/Password_Policy.doc
. This is a policy template for password management and construction.
· Shenk, J. (2013). Layered security: Why it works [PDF] . Retrieved from https://www.sans.org/reading-room/whitepapers/analyst/layered-security-works-34805
. This whitepaper covers the importance of layered security defenses.
· Masters, G. (2017). Shift in password strategy from NIST . Retrieved from https://www.scmagazine.com/shift-in-password-strategy-from-nist/article/663269
. This article outlines the change in view of password complexity by NIST.
· Kim, D., & Solomon, M. G. (2018). Fundamentals of information systems security (3rd ed.). Burlington, MA: Jones & Bartlett.
. Chapter 4, "The Drivers of the Information Security Business," pages 115–131.
cf_assessment_X_template.docx
IT-FP4803 – System Assurance Security
Assessment [number here] Template
Part 1: Lab Exercise
|
Screenshots: Insert and title (with step number) all screenshots in the same order as the order specified in the assessment directions. |
Part 1.3 Response: |
Part 2: Security Planning
|
[Enter content for Part 2 of the assessment here – make sure to label your work appropriately)] [Item 2.1]:[Item 2.2]: |
1
2
cf_Course_Security_Scenario.docx
IT-FP4803 – Systems Assurance Security
Course Security Scenario
Course assignments require you to address security assurance issues. Use the information in scenario below to complete your course security policy planning assignments. The scenario is relatively simple, so make sure to state any assumptions that you make to fill in gaps when necessary for substantiating positions taken in your assignment work.
Background
You have been hired as an information assurance and compliance consultant at a large health system called Laskondo Healthcare. The organization is comprised of three (3) hospitals, 1,000 licensed beds, 8,000 employees, of which 1,750 are medical staff, and over 2,000 volunteers.
As a healthcare system, Laskondo manages and transmits a considerable amount of confidential data, including protected health information (PHI) on behalf of its patients. This data is often transmitted between and with external healthcare professionals and offices, as well as suppliers and vendors, as needed. Additionally, data is often shared within the three system hospitals.
Upon starting the job, you quickly understand that information security and compliance have not been properly implemented or governed.
Laskondo is lacking organization-wide standardized policies and strategic plans that adequately address system security assurance. In a recent audit, there were findings that the security controls in place at all three hospital facilities were lacking from a HIPAA-compliant perspective. Additionally, proper business continuity efforts have yet to be developed, implemented or tested, leaving the organization with unwanted risk of major disruption or incident.
The CIO has recognized that there are systemic policy weaknesses and has asked you to draft new organizational system assurance security policies that adequately guide the organization in the areas listed below using modern systems assurance security policies, practices and techniques.
Policy Areas:
· Acceptable Use.
· Workstation Security.
· Password Management.
· Logging Standards.
· Vulnerability Management.
· Patch Management.
· Logical Access Control.
· Physical Access Control.
· Separation of Duties.
· Change Control Management.
· Monitoring.
· Access Request Approvals.
· Business Continuity Planning.
· Incident Response Procedures.
· Encryption Usage in a regulated healthcare environment.
· Remote Access.
· Network Device Security.
· Intrusion Detection.
· Application Security and Testing.
Technical Details
The high-level technical infrastructure details of the organization are as follows:
· Networking devices
· Firewalls (1 in each hospital)
· Routers / Switches (multiple in each hospital)
· Servers
· Baremetal – VMware ESX 5.5 (5).
· Baremetal – CentOS 7.3 (Qty 15).
· Baremetal – Windows Server 2012 R2 (Qty 35).
· Virtual – CentOS Linux (Qty 50).
· Virtual – Windows Server 2012 R2 (Qty 125).
· Workstations
· Windows 10 desktop systems, various models (Qty 250).
1
2
Eliminating_Threats_with_a_Layered_Security_Approach – LAB.pdf
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Before You Begin
Welcome! The Virtual Security Cloud Labs are your opportunity to gain valuable hands-on experience with professional-grade tools and techniques as you work through the guided lab exercises provided in the on-screen lab manual. The use of virtualization enables you to perform all of the tasks in the lab manual in a live environment without putting your personal device or institution's assets at risk. Before you begin the guided lab exercises, please review the following preparation checklist.
1. Run the System Checker. The System Checker will confirm that your browser and network connection are ready to support virtual labs.
2. Review the Common Lab Tasks document. This document provides an overview of the virtual lab environment and outlines several of the recurring tasks you may need to complete your lab exercise.
3. When you've finished, use the Disconnect button to end your session and create a StateSave. To end your lab session and save your work, click the Disconnect button in the upper-right corner of the Lab View toolbar. When prompted, assign a name for your StateSave (we recommend using the Section, Part, and Step number where you stopped) and click Continue. Please note that a StateSave will preserve any changes written to disk in your lab session. A StateSave will not preserve any open windows or active processes, similar to restarting your computer. If you close your browser window without disconnecting, your lab session will automatically end after 5 minutes.
4. Technical Support is here to help! Our technical support team is available 24/7 to help troubleshoot common issues. Please note that the 24/7 support team is Level 1 only, and cannot assist with questions about lab content or the array of software used in the labs. If you believe you’ve identified an error in the lab guide or a problem with the lab environment, your ticket will be escalated to the Jones & Bartlett Learning product team for review. In the meantime, we recommend resetting the lab (Options > Reset) or reaching out to your instructor for assistance.
Page 1 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Introduction
Perhaps the most reiterated and fundamental concept in computer and network security is Defense in Depth (DID). The main principle of Defense in Depth is to build layers of redundant and complementary security tools, policies, controls, and practices around the organization’s information and assets. The primary assumption of Defense in Depth is that no one single tool or practice will completely deter a resolved attacker. Normally a great deal of thought and planning goes into securing the perimeter. Firewalls, Access Control Lists (on border routers), intrusion prevention systems, and network isolation all work hand in hand to “secure the border” and help keep out the unwanted. Internally Web application firewalls, security information and event management systems, access controls, network security monitoring, and change controls help to keep the “soft center” from becoming an easy target when the perimeter fails. However, no security program is complete without host-based security measures. Some of the more important host-based security measures include anti-virus (and anti-malware), host- based firewall, system hardening (removing unwanted services), change control, and log management. While the aforementioned security protocols are commonly implemented on servers, administrators can find that the user’s laptops and workstations are more politically charged. For example, users often complain that security measures make their systems “slow” and hard to use. Unless stringent security is mandated by policy, the security practitioner must always balance security with functionality and user adoption. In this lab, you will use AVG, an anti-virus scanning program, to identify malware found on a compromised system. You will also examine the services available on the Windows LandingVM machine and disable an unnecessary service. In addition, you will configure the Windows Firewall, enable ICMP traffic, and create a new rule for the FileZilla Server application.
Learning Objectives
Upon completing this lab, you will be able to:
1. Identify the risks associated with viruses, malware, and malicious software on a Windows server
2. Apply security countermeasures to mitigate the risk caused by viruses, malware, and malicious software
3. Enable AVG as an anti-virus, malware, and malicious software security countermeasure on a Windows server
4. Disable unnecessary services in a Windows workstation
Page 2 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
5. Configure a Windows workstation internal firewall to enable ports, applications, and services
Lab Overview
Each section of this lab is assigned at your instructor’s discretion. Please consult your instructor to confirm which sections you are required to complete for your lab assignment. SECTION 1 of this lab has three parts, which should be completed in the order specified.
1. In the first part of the lab, you will run a virus scan and detect malware.
2. In the second part of the lab, you will document existing services and disable unwanted services.
3. In the third part of the lab, you will enable ports and applications within the Windows Firewall.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will create an outbound rule and restrict the scope of the rule to a specific subnet. Finally, you will explore the virtual environment on your own in SECTION 3 of this lab. You will answer questions and complete challenges that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.
Topology
This lab contains the following virtual machines. Please refer to the network topology diagram below.
vWorkstation (Windows Server 2016) TargetWindows02 (Windows Server 2016)
Page 3 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Tools and Software
The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab.
FileZilla Windows Firewall AVG Anti-Virus Windows Services
Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your instructor: SECTION 1:
1. Lab Report file including screen captures of the following;
Virus details; Emptied Quarantine area (Virus Vault); Updated services list; Updated File and Printer Sharing rule in the firewall; Inbound FileZilla Server rule;
Page 4 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
2. Files downloaded from the virtual environment:
none;
3. Any additional information as directed by the lab:
none;
4. Lab Assessment (worksheet or quiz – see instructor for guidance)
SECTION 2:
1. Lab Report file including screen captures of the following:
Scan Summary (Detection) page; Emptied Quarantine area (Virus Vault); Updated services list; Updated Email and accounts rules in the firewall; Outbound FileZilla Server rule;
2. Files downloaded from the virtual environment:
none;
Page 5 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
3. Any additional information as directed by the lab:
Record the threat level for the JS:Agent-AXQ [Trj] threat.
SECTION 3:
1. Analysis and Discussion 2. Tools and Commands 3. Challenge Exercise
Page 6 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Section 1: Hands-On Demonstration
Note: In this section of the lab, you will follow a step-by-step walk-through of the objectives for this lab to produce the expected deliverable(s).
1. On your local computer, create the Lab Report file. Frequently performed tasks, such as how to create the Lab Report file, make screen captures, and download files from the lab, are explained in the Common Lab Tasks document. You should review these tasks before starting the lab.
2. Proceed with Part 1.
Part 1: Using AVG Business Edition to Perform a Virus Scan
Note: Malware consists of unwanted programs like Trojans and Viruses. Signs of malware include degraded system performance, unusual services and network traffic, altered or removed system logs, missing or inactive anti-virus, and any number of application anomalies. Trojans and viruses impact all three tenets of information systems security.
Confidentiality: Malware can grant unauthorized access to the compromised machine and network. Integrity: Malware is able to steal and modify data. Availability: Viruses and malware tend to slow performance and availability to applications and data.
A Trojan will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a “back door” allowing additional hack tools and access to the system. A standard “virus” is a program that will spread from one computer to another in any variety of means, taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay undetected. In the next steps, you will use AVG, an anti-virus program, to scan a folder on the TargetWindows02 machine to see how AVG and similar software programs identify malware. First, you will locate the malware file in the folder structure before running the scan.
Page 7 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
1. On the vWorkstation desktop, double-click the Connections folder.
2. In the Connections folder, double-click the TargetWindows02 RDP shortcut to open a remote connection to the TargetWindows02 machine. If prompted, type the following credentials and click OK.
Username: Administrator Password: [email protected]!
The remote desktop opens with the IP address of TargetWindows02 (172.30.0.10) in the title bar at the top of the window.
3. On the TargetWindows02 taskbar, click the File Explorer icon to open a new File Explorer window.
4. In the File Explorer window, navigate to the ISSA_TOOLS folder (Local Disk (C:) > ISSA_TOOLS). The password-protected prodrev.zip archive file has been infected with malware. Continue the lab to discover how malware is identified.
Page 8 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Infected archive file
5. Minimize the File Explorer window.
6. On the TargetWindows02 desktop, double-click the AVG Business Security icon to launch the AVG antivirus application.
Page 9 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
AVG Status
Note: Many new malware and viruses are detected every day. Usually, anti-virus vendors update their anti-virus signature files at least several times per week. To ensure you have coverage on the most recent malware and malicious software, it is recommended that you update your anti-virus signature files prior to performing a system scan. For the purposes of this lab, updates to anti-virus signature files have been blocked to restrict software updates that could potentially alter the application functionality. Ordinarily, you could easily update the virus definitions using the reverse arrow icon in the lower-right corner.
7. On the AVG Home page, click the Configuration button (the gear icon to the right of the Scan Computer button) to open the Other Scans page.
Page 10 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Scan options configuration
8. On the Other Scans page, click the Scan Specific Files and Folders button to open the Select the areas window and choose the files and/or folders to include in your AVG scan.
Page 11 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Other Scans page
9. In the Select the areas window, navigate to the ISSA_TOOLS folder (C:ISSA_TOOLS) and expand the folder.
10. In the Select the areas window, click the ISSA_TOOLS checkbox to select that folder and all of its subfolders.
Page 12 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Select the areas
11. In the Select the areas window, click OK to begin the scanning process and remove any identified threats. When the scan is completed, AVG will display a screen indicating any threats that it identified. Notice that the tool did not identify the prodrev.zip file because anti-virus software cannot open encrypted files for scanning. Hackers will often send zipped and encrypted files and attachments, as they will often reach the recipient unless there is a mail rule blocking encrypted and/or zipped files.
Page 13 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Scan results
12. On the TargetWindows02 taskbar, click the File Explorer icon to restore the ISSA_TOOLS folder.
13. In the ISSA_TOOLS folder, right-click the prodrev.zip file and select Extract All from the context menu.
Page 14 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Extract the archive file
14. In the resulting window, click the Extract button to unpack the zip file in the same folder.
15. When prompted for the file's password, type password123 and click OK to decrypt the zipped file and begin the unpacking process.
Page 15 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Password prompt AVG's File Shield feature, which is running in the background, will detect the virus within the file and display an alert message.
Detection warning
16. In the AVG Detection window, click the See Details link to show additional details about the threat and what was done to secure it. AVG provides information about the actual name of the virus (JS:Pdfka-fc) and reports that the infected file (productreview.pdf, part of the prodrev.zip file) has been deleted and the virus has been moved to the Quarantine area (Virus Vault).
Page 16 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Threat removal details screen
17. Make a screen capture showing the virus details and paste it into your Lab Report file.
Note: The Quarantine area (previously referred to as the Virus Vault) is where all removed files, virus infected or suspicious, are stored until you take action on them. All of the files in the vault are encrypted and cannot do your computer any harm. The main purpose of the Quarantine area is to keep any deleted file for a certain period of time, so that you can make sure you do not need the file any more. If you find out that the missing file is causing problems, you can send it for analysis, try to heal it, or restore it to the original location.
Page 17 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
18. Close the Threat Detection window. In the File Explorer, the prodrev folder should be empty, verifying that AVG did indeed remove the infected file.
19. Close the prodrev File Explorer window.
20. Close the ISSA_TOOLS File Explorer window.
21. On the Scan Summary page, click the Done button to return the AVG Home page.
AVG Done button
22. On the AVG Home page, click the Menu icon, then select Quarantine from the available options to open the Quarantine area.
Page 18 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Security, Third Edition – Lab 09
Options menu
23. On the AVG Quarantine page, click the Select All Viruses checkbox to select all viruses currently in the Quarantine area.
Page 19 of 42
Eliminating Threats with a Layered Security Approach Fundamentals of Information Systems Se
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
All Rights Reserved Terms and Conditions
College pals.com Privacy Policy 2010-2018