Unit_5_WorkSheet_2

Unit 5 Security Assessment Procedure Instructions: Given a Request for Proposal (RFP) and a security analysis project plan, prepare a procedure to conduct a security assessment for the Workstation and System/Applications domains in the client’s information technology (IT) infrastructure. Provide sufficient details that would enable a person in a position of responsibility in each area to conduct a security assessment by following the steps in the procedure. It is not necessary to provide low-level details that would enable an untrained person to follow the steps in the procedure. Your procedure should address the major areas of concern in each domain. Each procedure step should include the following information: ▪ Procedure step: A brief description of the step ▪ Explanation: A narrative describing the step and its purpose ▪ Action: A narrative describing the action to take to carry out this step Procedure Step Explanation Action Credential Thef ● Theft of user login informations, can be passwords and usernames ect ● Require MFA ● Conduct security awareness training ● Update passwords regularly, ensure the use of different passwords per site Exposed Network Ports ● Computer communication channels set to open, this allows unwanted traffic to flow through ● Close unused ports ● Port scanners; Nmap, Zenmap, Ping Sweep ● Install firewalls and patch regularly ● Monitor open ports Privilege Escalation (Vertical and Horizontal) ● Network attack used to gain unauthorized access to critical systems ● Limit access to sensitive systems and applications ● Patch and update software ● Regularly scan network and ports ● Security awareness training ● Implement a strong incident response plan Anti-malware Bypass ● Obfuscation of malware, this hides ● Use secure authentication

Unit 5 Security Assessment Procedure Application Whitelist Bypass the malware in the form of another trusted program ● Encryption of malware so that antimalware software can’t detect the malware techniques ● Limit usage of Admin accounts ● Keep software updated ● Control access to systems ● Limit application privileges ● Implement email security and spam protection ● Security awareness training ● Install antivirus and antispyware software Security Patch ● The process of applying updates to software, drivers and firmware ● Establish asset management ● Prioritize vulnerabilities ● Development partnerships and support Assigned Permissions ● Determine the information users can access and the task they can perform ● Create roles ● Determine user privilege Group Policies ● Hierarchical infrastructure that allows network admins to implement specific configurations for users and workstations ● Do not modify the default domain policy and default domain controller policy ● Create a well-designed organizational unit ● Give GPOs descriptive names ● Add comments to GPOs ● Don’t set GPOs at the domain level ● Don’t disables GPOs Malware Identification and Analysis ● Identify and analyze malicious code ● Static and Dynamic ● Implement a triage for incidents ● Examine files for malicious intent Endpoint Device Security ● Implement and operate endpoint device security ● Utilize sandbox environment to investigate malware in a safe environment Cloud Based Security ● Operate and configure cloud security ● Use strong authentication ● Implement encryption