IS4680 Unit 6 Lab questions

Unit 6 Lab Questions

IS4680

  1. What are some common risks, threats, and vulnerabilities commonly found in the Workstation Domain that must be mitigated through a layered security strategy?
  2. Viruses, Email Attachments, Trojan Horses, and worms are examples of things that could be mitigated through layered security.
  1. File sharing utilities and client-to-client communication applications can provide the ability to share files with other users (i.e., Peer-to-Peer Networking or Sharing). What risks and/or vulnerabilities are introduced with these applications?
  2. P2P could result in the same as above regarding viruses and other malicious threats such as that, but P2P can also introduce other big risks like prosecution from pirating software and other things.
  1. Explain how confidentiality can be achieved within the Workstation Domain with security controls and security countermeasures.
  2. Confidentiality can be achieved with many different things, including virus-scanning software. Being able to password protect computers is another must have, as well as learning to never give out personal information, and keeping a workstation regularly updated.
  1. Explain how data integrity cab be achieved within the Workstation Domain with security controls and security countermeasures.
  2. Integrity can be achieved by using the same things as above, but integrity is more revolved around making sure that files have not been changed or touched by people who aren’t allowed to have access to them, as well as making sure that whatever you get from someone is legit, and that what they gave you was the real deal and that they were not an imposter.
  1. Explain how availability can be achieved within the Workstation Domain with security controls and security countermeasures.
  2. Availability can be achieved by having the security controls in place to protect it and to have countermeasures in place to keep it running or to quickly get it back up in case something goes wrong. Such as backup power in case of a power outage, but doing this also involves having to continually fight Denial of Service attacks.
  1. Although users of desktop applications may not be creating mission critical data, all their data represents a resource that, if lost, could result in a permanent loss of information or productivity. Explain what countermeasures and best practices should be implemented to avoid this potential disaster.
  2. The type of countermeasure to create daily backups, determine the cost impact to the productivity and loss of information. The best practice is to create a business continuity plan.
  1. What is the purpose of the Microsoft Windows Security Configuration and Analysis Snap-In? Explain.
  2. The purpose of it is to make sure that you have the correct securities put into place and that they are in working order. The snap-in also has built in templates so that you may compare what securities you have compared to ones specified for your needs in a security template.
  1. How would you go about updating the Windows Security options File? Explain how this option can help mitigate risk within the Workstation Domain.
  2. Open the file and make changes accordingly.
  1. What does the Microsoft Windows executable GPResult.exe do and what general information does it provide? Explain how this application helps mitigate the risks, threats, and vulnerabilities commonly found in the Workstation Domain.
  2. A command-line tool you run on a computer to get general information about group policy.
  1. What is the risk involved in caching logon credentials on a Microsoft Windows system?
  2. The risk would be that a hacker could steal this information and use it against the original user, but according to windows, if this information is kept, windows will encrypt this information.
  1. What is the current URL for the location of the DISA military STIGs on Microsoft Windows 7 Operating Systems?
  2. http://iase.disa.mil/stigs/
  1. Within the Windows 7, Security Technical implementation Guide (STIG) Version 1, Release 5, dated July 29, 2011, what are the 3 Vulnerability Security Code Definitions defined?

Vulnerability Severity Codes

Category I

Vulnerabilities that allow an attacker immediate access into a machine, allow superuser access, or bypass a firewall. i.e. 

Granting unnecessary accounts the User Right Act as part of the Operating System as an example with Windows

Category II

Vulnerabilities that provide information that have a high potential of giving access to an intruder. i.e. Not requiring password complexity would increase the risk of an intruder gaining access.

Category III

Vulnerabilities that provide information that potentially could lead to compromise. i.e. Allowing users to install printer drivers could potentially lead to compromise with unapproved drivers.

  1. From the Windows 7, Security Technical Implementation Guide (STIG) Version 1, Release 5, where can Windows 7 – File & Registry Settings be reviewed and audited on a Windows 7 workstation?
  2. Section 4.2
  1. DumpSec is a tool used by System Administrators performing Information Assurance on a Microsoft Windows 7 workstation. What is the purpose of this tool?
  2. DumpSec is a light and easy-to-use software application that shows you multiple reports containing very detailed information about your system's security configuration, permissions, audit settings and other related aspects regarding your file system, printers, registry, and other critical areas of your Windows operating system.
  1. As per DoD and Information Assurance procedures, who must be notified if any exceptions to DoD STIDs standards for Workstation configurations are to be implemented?
  2. IAO Information Assurance Officer