Any topic (writer's choice)

Instructions

InstructionsThe purpose of this lab is to recognize the risks, threats, and vulnerabilities commonly found in the workstation domain. You will identify known vulnerabilities and exploits on the Common Vulnerabilities and Exposures (CVE) database listing. You will describe how risks, threats, and vulnerabilities or misconfigurations at the operating system level in the workstation domain might expose that workstation. You will also identify steps to harden the workstation domain operating system and applications installed on the users workstation for compliance and safeguarding of sensitive data and access to that data. Finally, you will apply Department of Defense (DoD) guidelines for securing the workstation domain, including the review and assessment of Windows 7 and Windows 2008 security guidelines. Participate in each section of the lab and follow the instructions for the exercises in each section. You will use a text document to develop your homework assignment by completing the sections listed below:Lab 5.1aReview the following scenario:You are a security consultant for an information systems security firm and have a new healthcare provider client under the Health Insurance Portability and Accountability Act (HIPAA) compliance. Your new client wants to know the requirements and business drivers for securing the workstation domain in its healthcare environment. Your new client requires compliance with HIPAA. Similarly, your firm has a DoD client that also wants you to perform a workstation domain compliance audit per DoD workstation hardening guidelines and baseline requirements.In your homework assignment, discuss how the compliance law requirements and business drivers for the healthcare providers workstation domain might differ from the DoDs workstation domain security compliance requirements.Lab 5.1bLaunch your Web browser. Navigate to the following website: http://cve.mitre.org. Review the site, and then in your homework assignment, identify the risks, threats, and vulnerabilities commonly found in the workstation domain.Launch your Web browser. Navigate to the following website: http://iase.disa.mil/stigs/Pages/index.aspx. Review the Security Technical Implementation Guides (STIGs) available and the proper implementation of security based on DoDs workstation/desktop hardening guidelines.In your document, discuss three STIGs and the DoDs workstation/desktop hardening guidelines.  Lab 5.1cLaunch your Web browser. Navigate to the following website: https://www.computer.org/cms/s2esc/s2esc_excom/Minutes/2005-03/DISA%20STIGs/Desktop-Application-STIG-V2R1.pdfBy clicking the link above, you will be able to access the Desktop Application Security Technical Implementation Guide (Version 2, Release 1) document from the IASE/DISA website.Review the following concepts from this overarching DoD standards document and, in your homework assignment, discuss the significant points of two of these topics:Appropriate backup strategy does not existPublic instant message clients are installedPeer-to-Peer clients or utilities are installedExecution Restricted File Type PropertiesOpen-restricted File Type PropertiesLab 5.1dLaunch your Web browser. Type the following Web address: http://iase.disa.mil/stigs/os/Pages/index.aspxReview the Windows OS security guidelines by clicking the +Windows tab toward the top of the page, clicking on Windows 7 and Windows 2008, and view the STIGS. Determine which technical controls are appropriate for Windows 7 and Windows 2008.Note these in your text document.The STIGs Master List (A to Z) link can be found at this link: http://iase.disa.mil/stigs/Pages/a-z.aspx. Scroll down the list to locate and then download the following Windows OS security guideline documents/zip files:Windows 7 STIG (you will see several Windows 7 STIG options; click the one with only a Version number and a Release number after STIG).Windows 2008 STIG (you will see a couple of Windows 2008 STIG options; click the one with only a Version number and a Release number after STIG).Once you have downloaded the Windows 7 STIG ZIP file to your desktop, double-click the ZIP file to extract the Windows 7 STIG folder. Double-click the folder to open it, double-click the Windows 7 Manual STIG ZIP file to extract the Windows 7 Manual STIG folder, double-click the folder to open it, and then double-click the Windows 7 STIG Manual XML file to open it.Review the following concepts. In your Microsoft Word document, list each of these and discuss a significant point about each one:display shutdown button,clear system pagefile,removable media devices,halt on audit failure, andsecurity configuration tools.Next, you will work with the Windows 2008 STIG ZIP file on your desktop. Double-click the ZIP file to extract the Windows 2008 STIG folder. Double-click the folder to open it, double-click the Windows 2008 DC Manual STIG ZIP file to extract the Windows 2008 DC Manual STIG folder, double-click the folder to open it, and then double-click the Windows 2008 DC STIG Manual XML file to open it. Review the following concepts and vulnerabilities for configuring and hardening Windows 2008 Domain Controllers. In your document, list each of these and discuss a significant point about each one:system recovery backups,caching of logon credentials,dormant accounts,recycle bin configuration,password uniqueness, andprinter share permissions.Lab 5.1eNavigate to the following website: http://cve.mitre.org/Review the National Cyber Security Division of the U.S. Homeland Security Departments CVE listing hosted by the Mitre Corporation. To access the CVE listing, click CVE List in the left-hand column to reach the CVE List main page. In your homework assignment, discuss how workstation domain OS and application software vulnerabilities are housed in the CVE listing. Next, click the National Vulnerability Database link on the CVE homepage or CVE List main page. In your text document, discuss how vulnerabilities are housed in the National Vulnerability Database.Discuss how this is both a security control tool and an attack tool used by hackers.Lab 5.2Write an executive summary to discuss the top workstation domain risks, threats, and vulnerabilities, and include a description of the risk mitigation tactics you would perform to audit the workstation domain for compliance. Use the U.S. DoD workstation hardening guidelines as your example for a baseline definition for compliance.Submit the document to your instructor as a deliverable for this homework assignment.NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 5.1a, Lab 5.1b, Lab 5.1c, Lab 5.1d, Lab 5.1e, Lab 5.1f and Lab 5.2 within your submission by labeling those sections within your homework assignment.Your homework assignment should be a minimum of three pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.

Answer