System Assurance Security Syllabus This course is an overview of information assurance and security topics for network administrators who must implement s

System Assurance Security Syllabus

This course is an overview of information assurance and security topics for network administrators who must implement s

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.

 

Syllabus

This course is an overview of information assurance and security topics for network administrators who must implement security strategies to protect their organization from exposure to the Internet; network designers also create security-conscious designs. Learners identify and apply strategies to guard against hackers and forms of viruses, use firewalls and gateways, and build authentication skills and encryption techniques. Learners identify methods for attacking a network system and validate defenses against them.

This course introduces information security assurance concepts and practices appropriate for beginning IT professionals whose job it is to implement security strategies that protect organizations from exposure to system threats and vulnerabilities.

Topics explore ways for IT professionals to incorporate security-conscious designs for various aspects of organizational security. Labs require you to employ strategies designed to guard against hackers and viruses, affording the opportunity for hands-on exploration of access control, authentication and encryption techniques, common methods for attacking a network system, and related topics.

Assessment 3 – Instructions.docx

Overview

Assessment 3

Principio del formulario

Final del formulario

Eliminating Threats With a Layered Security Approach

Overview

There are many key concepts of information assurance and security, but one important fact to note is that eventually, over time, a single security control will eventually fail. This is what makes layered security defenses a very important part of this concept, so that when a single control does indeed fail, there are other controls in place that will together help mitigate the risk of the failed control.

In this assessment you complete and submit screen captures from the Eliminating Threats With a Layered Security Approach lab and write policies for Password Management and Logging Standards.

Preparation

Do the following using items found in the Resources:

· Download the Assessment X Template. You will use this Word template for assessment submission.

· Open the Eliminating Threats With a Layered Security Approach lab, found in this unit, and read the introduction.

· Review the Course Security Scenario document found in the Resources for context when writing your security policies in Part 2.

Kaltura

For Part 2 of this assessment, you may choose to create your presentation using Kaltura. To learn how to use Kaltura, refer to the Using Kaltura tutorial linked in the Resources.

Note: If you require the use of assistive technology or alternative communication methods to participate in these activities, please contact Disability Services to request accommodations.

Instructions

Part 1 – Eliminating Threats With a Layered Security Approach Lab

Note: Not all sections mentioned in the lab’s directions are required for this assessment.

Do the following:

1. Complete “Section 1: Hands-on Demonstration” and save the following screenshots:

. Part 1 Steps 18 and 27.

. Part 2 Step 9.

. Part 3 Steps 8 and 17.

· Complete “Section 2: Applied Learning” and save the following screenshots:

. Part 1 Steps 6, 8 and 13.

. Part 2 Step 5.

. Part 3 Steps 6 and 8.

· Based on the specific actions taken in the lab, interpret the importance of disabling unneeded services and the potential detriment if these efforts are not taken.

Part 2 – Security Planning: Password Management and Logging Standards Presentation

Consider the following policies using information found in the Course Security Scenario as context.

1. Password Management.

2. Logging Standards.

Create a 10–15 minute presentation (using a common presentation software of your choice) that describes Password Management and Logging Standards policies that you would recommend to stakeholders interested in organizational security for the company described in the Course Security Scenario. Your presentation must include audio narration with supporting visual depictions.

Consider the following scoring guide criteria as you complete your assessment:

· Provide required screenshots that document lab completion.

· Create a password management policy that is appropriate for the Course Security scenario.

· Create a logging standards policy that is appropriate for the Course Security scenario.

· Interpret the importance of disabling unneeded services and the potential detriment if this is not done.

· Create a presentation that accurately communicates a security plan to stakeholders.

Additional Instructions

Place your written work and all screenshots from Part 1 (make sure to include the step number associated with each screenshot) in the Assessment X Template. Submit a zip file containing both the Assessment X Template and the Part 2 presentation file.

Assessment 3- OverView.docx

Overview

OVERVIEW

Complete and submit screen captures from the Eliminating Threats with a Layered Security Approach lab and write policies for Password Management and Logging Standards.

By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and assessment criteria:

· Apply general information assurance and security concepts.

. Create an appropriate password management policy that is appropriate for the Course Security scenario.

. Create a Logging Standards policy that is appropriate for the Course Security scenario.

· Design mechanisms that control unauthorized access to private information.

. Provide required screenshots that document lab completion.

. Interpret the importance of disabling unneeded services and the potential detriment if this is not done.

· Communicate effectively.

. Create a presentation that accurately communicates a security plan to stakeholders.

CONTEXT

Examples, Guides, and Templates

·
Course Security Scenario.

.

Provides background and context for writing your security policies in Part 2 of the course assessments.

·
Assessment X Template.

·
Using Kaltura.

. Refer to this guide if you choose to use Kaltura for your presentation later in this assessment.

Suggested Resources

The resources provided here are optional and support the assessment. They provide helpful information about the topics. You may use other resources of your choice to prepare for this assessment; however, you will need to ensure that they are appropriate, credible, and valid. The Supplemental Resources and Research Resources, both linked from the left navigation menu in your courseroom, provide additional resources to help support you.

· Computer Security Incident Response Team. (n.d.). 
InfoSec password policy [DOC]
. Retrieved from http://www.csirt.org/sample_policies/sans/Password_Policy.doc

. ​This is a policy template for password management and construction.

· Shenk, J. (2013). 
Layered security: Why it works [PDF]
. Retrieved from https://www.sans.org/reading-room/whitepapers/analyst/layered-security-works-34805

. This whitepaper covers the importance of layered security defenses.

· Masters, G. (2017). 
Shift in password strategy from NIST
. Retrieved from https://www.scmagazine.com/shift-in-password-strategy-from-nist/article/663269

. This article outlines the change in view of password complexity by NIST.

· Kim, D., & Solomon, M. G. (2018). Fundamentals of information systems security (3rd ed.). Burlington, MA: Jones & Bartlett.

. Chapter 4, “The Drivers of the Information Security Business,” pages 115–131.

cf_assessment_X_template.docx

CU_Horiz_RGB IT-FP4803 – System Assurance Security

CU_Horiz_RGB

Assessment [number here] Template

Part 1: Lab Exercise

Screenshots: Insert and title (with step number) all screenshots in the same order as the order specified in the assessment directions.

Part 1.3 Response:

Part 2: Security Planning


[Enter content for Part 2 of the assessment here – make sure to label your work appropriately)]

[Item 2.1]:

[Item 2.2]:

1

2

cf_Course_Security_Scenario.docx

CU_Horiz_RGB IT-FP4803 – Systems Assurance Security

CU_Horiz_RGB

Course Security Scenario

Course assignments require you to address security assurance issues. Use the information in scenario below to complete your course security policy planning assignments. The scenario is relatively simple, so make sure to state any assumptions that you make to fill in gaps when necessary for substantiating positions taken in your assignment work.

Background

You have been hired as an information assurance and compliance consultant at a large health system called Laskondo Healthcare. The organization is comprised of three (3) hospitals, 1,000 licensed beds, 8,000 employees, of which 1,750 are medical staff, and over 2,000 volunteers.

As a healthcare system, Laskondo manages and transmits a considerable amount of confidential data, including protected health information (PHI) on behalf of its patients. This data is often transmitted between and with external healthcare professionals and offices, as well as suppliers and vendors, as needed. Additionally, data is often shared within the three system hospitals.

Upon starting the job, you quickly understand that information security and compliance have not been properly implemented or governed.

Laskondo is lacking organization-wide standardized policies and strategic plans that adequately address system security assurance. In a recent audit, there were findings that the security controls in place at all three hospital facilities were lacking from a HIPAA-compliant perspective. Additionally, proper business continuity efforts have yet to be developed, implemented or tested, leaving the organization with unwanted risk of major disruption or incident.

The CIO has recognized that there are systemic policy weaknesses and has asked you to draft new organizational system assurance security policies that adequately guide the organization in the areas listed below using modern systems assurance security policies, practices and techniques.

Policy Areas:

· Acceptable Use.

· Workstation Security.

· Password Management.

· Logging Standards. 

· Vulnerability Management.

· Patch Management.

· Logical Access Control.

· Physical Access Control.

· Separation of Duties.

· Change Control Management.

· Monitoring.

· Access Request Approvals.

· Business Continuity Planning.

· Incident Response Procedures.

· Encryption Usage in a regulated healthcare environment.

· Remote Access.

· Network Device Security.

· Intrusion Detection.

· Application Security and Testing.

Technical Details

The high-level technical infrastructure details of the organization are as follows:

· Networking devices

· Firewalls (1 in each hospital)

· Routers / Switches (multiple in each hospital)

· Servers

· Baremetal – VMware ESX 5.5 (5).

· Baremetal – CentOS 7.3 (Qty 15).

· Baremetal – Windows Server 2012 R2 (Qty 35).

· Virtual – CentOS Linux (Qty 50).

· Virtual – Windows Server 2012 R2 (Qty 125).

· Workstations

· Windows 10 desktop systems, various models (Qty 250).

1

2

Eliminating_Threats_with_a_Layered_Security_Approach – LAB.pdf

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Before You Begin

Welcome! The Virtual Security Cloud Labs are your opportunity to gain valuable hands-on experience
with professional-grade tools and techniques as you work through the guided lab exercises provided in
the on-screen lab manual. The use of virtualization enables you to perform all of the tasks in the lab
manual in a live environment without putting your personal device or institution’s assets at risk.

Before you begin the guided lab exercises, please review the following preparation checklist.

1. Run the System Checker. The System Checker will confirm that your browser and network
connection are ready to support virtual labs.

2. Review the Common Lab Tasks document. This document provides an overview of the virtual
lab environment and outlines several of the recurring tasks you may need to complete your lab
exercise.

3. When you’ve finished, use the Disconnect button to end your session and create a
StateSave. To end your lab session and save your work, click the Disconnect button in the
upper-right corner of the Lab View toolbar. When prompted, assign a name for your StateSave
(we recommend using the Section, Part, and Step number where you stopped) and click
Continue. Please note that a StateSave will preserve any changes written to disk in your lab
session. A StateSave will not preserve any open windows or active processes, similar to
restarting your computer.
If you close your browser window without disconnecting, your lab session will automatically
end after 5 minutes.

4. Technical Support is here to help! Our technical support team is available 24/7 to help
troubleshoot common issues.
Please note that the 24/7 support team is Level 1 only, and cannot assist with questions about
lab content or the array of software used in the labs. If you believe you’ve identified an error in
the lab guide or a problem with the lab environment, your ticket will be escalated to the Jones
& Bartlett Learning product team for review. In the meantime, we recommend resetting the lab
(Options > Reset) or reaching out to your instructor for assistance.

Page 1 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Introduction

Perhaps the most reiterated and fundamental concept in computer and network security is Defense in
Depth (DID). The main principle of Defense in Depth is to build layers of redundant and
complementary security tools, policies, controls, and practices around the organization’s information
and assets. The primary assumption of Defense in Depth is that no one single tool or practice will
completely deter a resolved attacker.

Normally a great deal of thought and planning goes into securing the perimeter. Firewalls, Access
Control Lists (on border routers), intrusion prevention systems, and network isolation all work hand in
hand to “secure the border” and help keep out the unwanted. Internally Web application firewalls,
security information and event management systems, access controls, network security monitoring,
and change controls help to keep the “soft center” from becoming an easy target when the perimeter
fails. However, no security program is complete without host-based security measures.

Some of the more important host-based security measures include anti-virus (and anti-malware), host-
based firewall, system hardening (removing unwanted services), change control, and log
management. While the aforementioned security protocols are commonly implemented on servers,
administrators can find that the user’s laptops and workstations are more politically charged. For
example, users often complain that security measures make their systems “slow” and hard to use.
Unless stringent security is mandated by policy, the security practitioner must always balance security
with functionality and user adoption.

In this lab, you will use AVG, an anti-virus scanning program, to identify malware found on a
compromised system. You will also examine the services available on the Windows LandingVM
machine and disable an unnecessary service. In addition, you will configure the Windows Firewall,
enable ICMP traffic, and create a new rule for the FileZilla Server application.

Learning Objectives

Upon completing this lab, you will be able to:

1. Identify the risks associated with viruses, malware, and malicious software on a Windows
server

2. Apply security countermeasures to mitigate the risk caused by viruses, malware, and malicious
software

3. Enable AVG as an anti-virus, malware, and malicious software security countermeasure on a
Windows server

4. Disable unnecessary services in a Windows workstation

Page 2 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

5. Configure a Windows workstation internal firewall to enable ports, applications, and services

Lab Overview

Each section of this lab is assigned at your instructor’s discretion. Please consult your
instructor to confirm which sections you are required to complete for your lab assignment.

SECTION 1 of this lab has three parts, which should be completed in the order specified.

1. In the first part of the lab, you will run a virus scan and detect malware.

2. In the second part of the lab, you will document existing services and disable unwanted
services.

3. In the third part of the lab, you will enable ports and applications within the Windows Firewall.

SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and
different deliverables, as well as some expanded tasks and alternative methods. You will create an
outbound rule and restrict the scope of the rule to a specific subnet.

Finally, you will explore the virtual environment on your own in SECTION 3 of this lab. You will answer
questions and complete challenges that allow you to use the skills you learned in the lab to conduct
independent, unguided work, similar to what you will encounter in a real-world situation.

Topology

This lab contains the following virtual machines. Please refer to the network topology diagram below.

vWorkstation (Windows Server 2016)
TargetWindows02 (Windows Server 2016)

Page 3 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Tools and Software

The following software and/or utilities are required to complete this lab. Students are encouraged to
explore the Internet to learn more about the products and tools used in this lab.

FileZilla
Windows Firewall
AVG Anti-Virus
Windows Services

Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

SECTION 1:

1. Lab Report file including screen captures of the following;

Virus details;
Emptied Quarantine area (Virus Vault);
Updated services list;
Updated File and Printer Sharing rule in the firewall;
Inbound FileZilla Server rule;

Page 4 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

2. Files downloaded from the virtual environment:

none;

3. Any additional information as directed by the lab:

none;

4. Lab Assessment (worksheet or quiz – see instructor for guidance)

SECTION 2:

1. Lab Report file including screen captures of the following:

Scan Summary (Detection) page;
Emptied Quarantine area (Virus Vault);
Updated services list;
Updated Email and accounts rules in the firewall;
Outbound FileZilla Server rule;

2. Files downloaded from the virtual environment:

none;

Page 5 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

3. Any additional information as directed by the lab:

Record the threat level for the JS:Agent-AXQ [Trj] threat.

SECTION 3:

1. Analysis and Discussion
2. Tools and Commands
3. Challenge Exercise

Page 6 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Section 1: Hands-On Demonstration

Note: In this section of the lab, you will follow a step-by-step walk-through of the objectives for this lab
to produce the expected deliverable(s).

1. On your local computer, create the Lab Report file.
Frequently performed tasks, such as how to create the Lab Report file, make screen captures,
and download files from the lab, are explained in the Common Lab Tasks document. You
should review these tasks before starting the lab.

2. Proceed with Part 1.

Part 1: Using AVG Business Edition to Perform a Virus Scan

Note: Malware consists of unwanted programs like Trojans and Viruses. Signs of malware include
degraded system performance, unusual services and network traffic, altered or removed system logs,
missing or inactive anti-virus, and any number of application anomalies. Trojans and viruses impact all
three tenets of information systems security.

Confidentiality: Malware can grant unauthorized access to the compromised machine and
network.
Integrity: Malware is able to steal and modify data.
Availability: Viruses and malware tend to slow performance and availability to applications
and data.

A Trojan will masquerade as a seemingly useful program while actually compromising system security
and possibly acting as a “back door” allowing additional hack tools and access to the system. A
standard “virus” is a program that will spread from one computer to another in any variety of means,
taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay
undetected.

In the next steps, you will use AVG, an anti-virus program, to scan a folder on the TargetWindows02
machine to see how AVG and similar software programs identify malware. First, you will locate the
malware file in the folder structure before running the scan.

Page 7 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

1. On the vWorkstation desktop, double-click the Connections folder.

2. In the Connections folder, double-click the TargetWindows02 RDP shortcut to open a
remote connection to the TargetWindows02 machine.

If prompted, type the following credentials and click OK.

Username: Administrator
Password: P@ssw0rd!

The remote desktop opens with the IP address of TargetWindows02 (172.30.0.10) in the title
bar at the top of the window.

3. On the TargetWindows02 taskbar, click the File Explorer icon to open a new File Explorer
window.

4. In the File Explorer window, navigate to the ISSA_TOOLS folder (Local Disk (C:) >
ISSA_TOOLS).

The password-protected prodrev.zip archive file has been infected with malware. Continue the
lab to discover how malware is identified.

Page 8 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Infected archive file

5. Minimize the File Explorer window.

6. On the TargetWindows02 desktop, double-click the AVG Business Security icon to
launch the AVG antivirus application.

Page 9 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

AVG Status

Note: Many new malware and viruses are detected every day. Usually, anti-virus vendors update their
anti-virus signature files at least several times per week. To ensure you have coverage on the most
recent malware and malicious software, it is recommended that you update your anti-virus signature
files prior to performing a system scan. For the purposes of this lab, updates to anti-virus signature
files have been blocked to restrict software updates that could potentially alter the application
functionality. Ordinarily, you could easily update the virus definitions using the reverse arrow icon in
the lower-right corner.

7. On the AVG Home page, click the Configuration button (the gear icon to the right of the
Scan Computer button) to open the Other Scans page.

Page 10 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Scan options configuration

8. On the Other Scans page, click the Scan Specific Files and Folders button to open the
Select the areas window and choose the files and/or folders to include in your AVG scan.

Page 11 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Other Scans page

9. In the Select the areas window, navigate to the ISSA_TOOLS folder (C:ISSA_TOOLS) and
expand the folder.

10. In the Select the areas window, click the ISSA_TOOLS checkbox to select that folder and all
of its subfolders.

Page 12 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Select the areas

11. In the Select the areas window, click OK to begin the scanning process and remove any
identified threats.

When the scan is completed, AVG will display a screen indicating any threats that it identified.
Notice that the tool did not identify the prodrev.zip file because anti-virus software cannot open
encrypted files for scanning. Hackers will often send zipped and encrypted files and
attachments, as they will often reach the recipient unless there is a mail rule blocking
encrypted and/or zipped files.

Page 13 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Scan results

12. On the TargetWindows02 taskbar, click the File Explorer icon to restore the ISSA_TOOLS
folder.

13. In the ISSA_TOOLS folder, right-click the prodrev.zip file and select Extract All from the
context menu.

Page 14 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Extract the archive file

14. In the resulting window, click the Extract button to unpack the zip file in the same folder.

15. When prompted for the file’s password, type password123 and click OK to decrypt the
zipped file and begin the unpacking process.

Page 15 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Password prompt

AVG’s File Shield feature, which is running in the background, will detect the virus within the file and
display an alert message.

Detection warning

16. In the AVG Detection window, click the See Details link to show additional details about the
threat and what was done to secure it.

AVG provides information about the actual name of the virus (JS:Pdfka-fc) and reports that the
infected file (productreview.pdf, part of the prodrev.zip file) has been deleted and the virus has
been moved to the Quarantine area (Virus Vault).

Page 16 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

Threat removal details screen

17. Make a screen capture showing the virus details and paste it into your Lab Report file.

Note: The Quarantine area (previously referred to as the Virus Vault) is where all removed files, virus
infected or suspicious, are stored until you take action on them. All of the files in the vault are
encrypted and cannot do your computer any harm. The main purpose of the Quarantine area is to
keep any deleted file for a certain period of time, so that you can make sure you do not need the file
any more. If you find out that the missing file is causing problems, you can send it for analysis, try to
heal it, or restore it to the original location.

Page 17 of 42

Eliminating Threats with a Layered Security Approach
Fundamentals of Information Systems Security, Third Edition – Lab 09

18. Close the Threat Detection window.

In the File Explorer, the prodrev folder should be empty, verifying that AVG did indeed remove
the infected file.

19. Close the prodrev File Explorer window.

20. Close the ISSA_TOOLS File Explorer window.

21. On the Scan Summary page, click the Done button to return the AVG Home page.

AVG Done button

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality