Windows Hardening Recommendations

profileknvk5678
Question.docx
Home>Computer Science homework help>Windows Hardening Recommendations

Part1

Windows Hardening Recommendations

Scenario

As a security administrator for Always Fresh, you have been instructed to ensure that Windows authentication, networking, and data access are hardened. This will help to provide a high level of security.

The following are issues to be addressed through hardening techniques:

1. Previous attempts to protect user accounts have resulted in users writing long passwords down and placing them near their workstations. Users should not write down passwords or create passwords that attackers could easily guess, such as words founds in the dictionary.

1. Every user, regardless of role, must have at least one unique user account. A user who operates in multiple roles may have multiple unique user accounts. Users should use the account for its intended role only.

1. Anonymous users of the web server applications should only be able to access servers located in the demilitarized zone (DMZ). No anonymous web application users should be able to access any protected resources in the Always Fresh IT infrastructure.

1. To protect servers from attack, each server should authenticate connections based on the source computer and user.

Tasks

Create a summary report to management that describes a hardening technique that addresses each issue listed above. Provide rationale for each selection.

Required Resources

1. Internet access

1. Course textbook

Submission Requirements

1. Format: Microsoft Word (or compatible)

1. Font: Times New Roman, size 12, double-space

1. Citation Style: APA

1. Length: 3 pages

Part2 Secure Windows Applications Policy

Scenario

One of the security improvements for the Always Fresh IT environment is to ensure all workstations and servers run secure applications. The company needs policies that set security requirements for the software. These policies will guide administrators in developing procedures to ensure all client and server software is as secure as possible.

Specifically, you will write two policies to ensure web server software and web browsers are secure. Your policy statements will describe the goals that define a secure application.

Consider the following questions for web server software and web browsers:

1. What functions should this software application provide?

1. What functions should this software application prohibit?

1. What controls are necessary to ensure this applications software operates as intended?

1. What steps are necessary to validate that the software operates as intended?

Tasks

Create two policies—one for web server software and one for web browser clients. Remember, you are writing policies, not procedures. Focus on the high-level tasks, not the individual steps.

Use the following as a guide for both policies:

1. Type of application software

1. Description of functions this software should allow

1. Description of functions this software should prohibit

1. Known vulnerabilities associated with software

1. Controls necessary to ensure compliance with desired functionality

1. Method to assess security control effectiveness

Required Resources

1. Internet access

1. Course textbook

Submission Requirements

1. Format: Microsoft Word (or compatible)

1. Font: Times New Roman, size 12, double-space

1. Citation Style: APA

1. Length: 3 pages

Part3

Evidence Collection Policy

Scenario

After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.

Consider the following questions for collecting and handling evidence:

1. What are the main concerns when collecting evidence?

1. What precautions are necessary to preserve evidence state?

1. How do you ensure evidence remains in its initial state?

1. What information and procedures are necessary to ensure evidence is admissible in court?

Tasks

Create a policy that ensures all evidence is collected and handled in a secure and efficient manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not the individual steps.

Address the following in your policy:

1. Description of information required for items of evidence

1. Documentation required in addition to item details (personnel, description of circumstances, and so on)

1. Description of measures required to preserve initial evidence integrity

1. Description of measures required to preserve ongoing evidence integrity

1. Controls necessary to maintain evidence integrity in storage

1. Documentation required to demonstrate evidence integrity

Required Resources

1. Internet access

1. Course textbook

Submission Requirements

1. Format: Microsoft Word (or compatible)

1. Font: Times New Roman, size 12, double-space

1. Citation Style: APA

1. Length: 3 pages