14 Aug homework 5 part 2
Hands-On Steps
1. From your computer workstation, create a new text document called Workstation Domain Lab #6.
2. Consider the following scenario:
You are a security consultant for an information systems security firm and have a new health care
provider client under HIPAA compliance. Your new client wants to know the requirements and
business drivers for securing the workstation domain in its health care environment. Your new client
requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client that also
wants you to perform a workstation domain compliance audit per DoD workstation hardening guidelines
and baseline requirements.
3. In your text document, discuss how the compliance law requirements and business drivers for the
health care provider’s workstation domain might differ from the DoD’s workstation domain security
compliance requirements.
4. Launch your Web browser and in the address box, type the Web address http://cve.mitre.org. Browse the
site, and then in your text document, identify the risks, threats, and vulnerabilities commonly found in
the workstation domain.
5. Change your Web address to http://iase.disa.mil/stigs/index.html. Review the Security Technical
Implementation Guides (STIGs) available and the proper implementation of security based on DoD’s
workstation/desktop hardening guidelines. In your text document, discuss three STIGs and the DoD’s
workstation/desktop hardening guidelines.
6. Change your Web address to http://iase.disa.mil/stigs/downloads/pdf/unclassified_Desktop
ApplicationsGeneral_V4R1_STIG.pdf. You will download the pdf document from the IASE/DISA website.
Review the Desktop Applications General Version 4, Release 1 document. In your text document, discuss
this document’s significant points. Then, review the following concepts from this overarching DoD
standards document for desktop hardening, and in your text document, discuss the significant points
of two of these topics:
a. Appropriate backup strategy does not exist
b. Public instant message clients are installed
c. Peer to Peer clients or utilities are installed
d. Execution Restricted File Type Properties
e. Open-restricted File Type Properties
7. Change your Web address to http://iase.disa.mil/stigs/os/index.html#. Review the Windows OS security
guidelines by clicking the +Windows tab toward the top of the page, clicking on Windows 7 and
Windows 2008, and then clicking on the Guidance Documents tabs. Determine which technical
controls are appropriate for Windows 7 and Windows 2008. Note these in your text document.
8. On the left side of the website, click the STIGs Master List (A to Z) link. Scroll down the list to locate and
then download the following Windows OS security guideline documents/zip files:
a. Windows 7 STIG (you will see several Windows 7 STIG options; click the one with only a Version
number and a Release number after STIG)
b. Windows 2008 STIG (you will see a couple of Windows 2008 STIG options; click the one with only
a Version number and a Release number after STIG)
Once you’ve downloaded the Windows 7 STIG ZIP file to your desktop, double-click the ZIP file to extract
the Windows 7 STIG folder. Double-click the folder to open it, double-click the Windows 7 Manual
STIG ZIP file to extract the Windows 7 Manual STIG folder, double-click the folder to open it, and then
double-click the Windows 7 STIG Manual XML file to open it. Review some of the following concepts.
In your text document, list each of these and discuss a significant point about each:
a. Display Shutdown Button
b. Clear System Pagefile
c. Removable media devices
Hands-On Steps 45
6
38412_Lab06_Pass1.indd 45 07/03/13 8:40 PM
d. Halt on Audit Failure
e. Security Configuration Tools
Next you will work with the Windows 2008 STIG ZIP file on your desktop. Double-click the ZIP file to
extract the Windows 2008 STIG folder. Double-click the folder to open it, double-click the Windows
2008 DC Manual STIG ZIP file to extract the Windows 2008 DC Manual STIG folder, double-click the
folder to open it, and then double-click the Windows 2008 DC STIG Manual XML file to open it. Review
some of the following concepts and vulnerabilities for configuring and hardening Windows 2008
Domain Controllers. In your text document, list each of these and discuss a significant point about
each:
a. System Recovery Backups
b. Caching of Logon Credentials
c. Dormant Accounts
d. Recycle Bin Configuration
e. Password Uniqueness
f. Printer Share Permissions
9. Change your Web address back to http://cve.mitre.org/. Review the National Cyber Security Division
of the U.S. Homeland Security Department’s CVE listing hosted by the Mitre Corporation. To access
the CVE listing, click CVE List in the left-hand column to reach the CVE List Main Page. In your text
document, discuss how workstation domain OS and application software vulnerabilities are housed
in the CVE listing. Next, click the National Vulnerability Database link on the CVE homepage or CVE List
Main Page. In your text document, discuss how vulnerabilities are housed in the National Vulnerability
Database. Discuss how this is both a security control tool and an attack tool used by hackers.
10. Write an executive summary to summarize the top workstation domain risks, threats, and vulnerabilities
and include a description of the risk mitigation tactics you would perform to audit the
workstation domain for compliance. Use the U.S. DoD workstation hardening guidelines as your
example for a baseline definition for compliance.
11. Submit the text document to your instructor as a deliverable for this lab.
46 Lab #6 | Auditing the Workstation Domain for Compliance
38412_
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Wridemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Place Order” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.