Lab Assignment: Managing Host Based Security

Purpose: To develop and verify system administration and vulnerability management procedures which implement host based security capabilities for Windows 8.1

Objectives

1. Develop systems administration procedures to configure and manage host-based security capabilities (firewalland anti-virus/anti-malware).
2. Develop systems management procedures to scan for and remediate software and configuration vulnerabilities in Windows 8.1 systems.

Overview

In this lab, our focus is uponimplementing and managing host-based security for Windows 8.1 systems using the following tools:

• Windows Defender
• Windows Firewall
• Microsoft Baseline Security Analyzer (MBSA)

Note: Windows Defenderand Windows Firewall are found under Control Panel. MBSA can be found using Windows Search (Windows Key + R).

For each tool, you will research and then write a step-by-step procedure to configure the tool according to security best practices for Windows 8.1 hosts. Each of these tools can be used as part of an overall information securityvulnerability management business process.

You will write three separate procedures for this lab:

(a) Managing Windows Defender
(b) Managing Windows Firewall
(c) Managing Vulnerabilities using Microsoft Baseline Security Analyzer

Each procedure will have the following major sections (see Figure 1):

• Title:
• Operating Environment:
• Description:
• Notes, Warnings, & Restrictions:
• Resources (Further Reading):
• Procedures:

Some procedures will contain a large number of steps. To make the procedures easier to read, you should divide your procedures into groups of related steps. Place a group heading (e.g. Scanning for Threats) at the beginning of each group. Each group heading should be followed by a brief paragraph that explains the purpose of the group (e.g. This group (or "section") contains step by step instructions for running scans using Windows Defender....)

Title:

Operating Environment:
1. Hardware
2. Software

Description:

Notes, Warnings, & Restrictions:

Resources (Further Reading):

1.
2.
3.

Procedures:

[Group Heading]

Brief introduction paragraph for this group of steps

1.
2.
3.

[GroupHeading]

Brief introduction paragraph for this group of steps

1.
2.
3.

Instructions

Part (a): Managing Windows Defender

1. Investigate the use of Windows Defender to protect a Windows 8/8.1 system against viruses, spyware, and other forms of malware. Your investigation should include researching best practices for configuring and using host-based anti-malware software.

2. Develop step by step procedures to implement best practices for protecting a Windows 8/8.1 system from malware. At a minimum, your procedures must accomplish the following:

a. Update anti-virus definition files
b. Configure real-time scanning
c. Full system scanning
d. Fast or quick scan for high vulnerability areas of the system
e. Removable media scanning
f. Reviewing scan results including reviewing any quarantined files or detected malware

3. As you run your tests, collect screen snapshots to illustrate key steps in your procedures. (Use the snipping tool on your local PC to snapshot portions of the VDA browser or client window.) Insert these snapshots at the appropriate points in your procedure. The snapshots must show the procedures as run in the VDA environment.

4. Incorporate your screen snapshots for key steps into the draft procedures. Each snapshot should be placed UNDER (after) the step to which it applies. Captions are not required.

5. Make any additional changes required to address issues found during testing of the step-by-step procedures.

Part (b): ManagingWindows Firewall

1. Investigate the use of Windows Firewallto protect a Windows 8/8.1 system from network-based intrusions or attacks.

2. Identify appropriate sources of information (e.g. Windows Help, Microsoft Technet, etc.) for instructions for configuring Windows Firewall for Windows 8/8.1. Using those sources, research the procedures required to perform the following tasks:

a. Use "Allow an app or feature through Windows Firewall" to allow an application to communicate externally (send/receive data via a network connection)

b. Use Advanced Settings to configure Windows Firewall to allow or block network access by software applications, utilities, and operating system components

3. Develop a systems administration procedure for Windows Firewall which can be used to allow a new application to communicate externally using the network connection. Use Internet Explorer as your example application. (Use the "Allow another app ..." button from the "Allow an app or feature ..." menu item.)

4. Develop a systems administration procedure for Windows Firewall which can be used to allow or blocka Windows 8/8.1 application,capability, or feature using the "Advanced Settings" menu item. Use "remote assistance" as your example capability to be blocked.

5. As you run your tests, collect screen snapshots to illustrate key steps in your procedures. (Use the snipping tool on your local PC to snapshot portions of the VDA browser or client window.) Insert these snapshots at the appropriate points in your procedure. The snapshots must show the procedures as run in the VDA environment.

6. Incorporate your screen snapshots for key steps into the draft procedures. Each snapshot should be placed UNDER (after) the step to which it applies. Captions are not required.

7. Make any additional changes required to address issues found during testing of the step-by-step procedures.

Part (c): Manage Vulnerabilities Using Microsoft Baseline Security Analyzer (MBSA)

Note: Before running MBSA, launch Internet Explorer to complete the "run once" setup. (This is a VDA requirement and should not be part of your procedure.) For some "drill down" links in the scan reports, MBSA launches Internet Explorer to display additional information (i.e. "How to correct this").

1. Investigate the use of MBSA to detect vulnerabilities in a Windows 8/8.1 system

2. Identify appropriate sources of information (e.g. Windows Help, Microsoft Technet, etc.) for instructions for configuring MBSA to scan a Windows 8/8.1 system. Using those sources, research the procedures required to perform the following tasks:

a. Configure MBSA to scan a system for vulnerabilitiesincluding:

i. Check for Windows administrative vulnerabilities
ii. Check for weak passwords
iii. Check for Internet Information Services (IIS) administrative vulnerabilities
iv. Check for SQL administrative vulnerabilities
v. Check for security updates (missing updates)

b. Use MBSA to scan a system

c. View reports from scans including reviewing individual vulnerabilities as reported by MBSA

d. Copy, save and print scan reports

3. Develop a systems administration procedure to accomplish the tasks listed in item #2. Note: your procedure should only apply to scanning the local host (the computer that MBSA is installed on). Do not include scanning multiple systems or scanning a remote target host.

4. As you run your tests, collect screen snapshots to illustrate key steps in your procedures. (Use the snipping tool on your local PC to snapshot portions of the VDA browser or client window.) Insert these snapshots at the appropriate points in your procedure. The snapshots must show the procedures as run in the VDA environment.

5. Incorporate your screen snapshots for key steps into the draft procedures. Each snapshot should be placed UNDER (after) the step to which it applies. Captions are not required.

6. Make any additional changes required to address issues found during testing of the step-by-step procedures.

Finalize Your Deliverable

1. Using the grading rubric as a guide, refine your step-by-step procedures. Your final products should be suitable for inclusion in an organization's Systems Administrator's Handbook. Remember that you are preparing multiple procedures which must be presented separately.

2. As appropriate, cite your sources using footnotes or another appropriate citation style.

3. Use the resources section to provide information about recommended readings and any sources that you cite. Use a standard bibliographic format (you may wish to use APA since this is required in other CSIA courses). Information about sources and recommended readings, including in-text citations,should be formatted consistently and professionally.

Additional Requirements for this Lab

1. Your target audience for these procedures will be Windows 8/8.1 SYSTEM ADMINISTRATORS. Do not write procedures for home users or individuals using their own computers.

2. Your step-by-step procedures should tell the reader where to find and how to launch the systems administration tools or applications used to change security configuration settings.

3. It is not necessary to specify every step that a system administrator must take to properly configure and run the software. But, you must address each major security configuration change separately and include enough detail that your reader will understand how to perform the required steps to implement each change.

4. Use screen snapshots to cue the reader to important steps or provide information required to complete check points for proper completion of a step or set of steps (e.g. including a snapshot which shows the "after" state for a group of security settings).

5. Make sure that your snapshots will enhance the reader's understanding of the procedure and required configuration changes. Too many snapshots or illustrations can make a procedure difficult to use.

6. All snapshots must be created by you for this lab using screen captures showing how you personally performed (tested) the systems administration procedure as written by you. You may not copy and paste images from help pages, manuals, or the Internet.

7. Images (screen snapshots) should be cropped and sized appropriately.

8. A screen snapshot belonging to a specific procedure step does not require a caption.

9. Make sure that the sources you cite or recommend (additional reading) are authoritative and are the best ones available.

10. Your Operating Environment section should identify the hardware, operating system, and/or software applications to which the procedure applies. For this lab, your procedures will apply to:

a. Hardware: Laptop or Desktop Computers
b. Operating System: Windows 8.1 Professional

11. The Notes, Warnings, & Restrictions section should include important information that is not found elsewhere in the procedures document. For example, this section could include information about alternatives to the selected security configuration settings. Or, this section could include information about related security procedures or policies.This section should also include important information about harm or risk that could occur if the procedure is not correctly followed or implemented. If there are no such warnings then this section should so state.

12. The procedures that you write for this lab will become part of the final project for this course (System Administration Manual).