1.3Project Remediation Plan W1 - Risk and Compliance

docx

School

ECPI University, Manassas *

*We aren’t endorsed by this school

Course

225

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

9

Uploaded by sidorelakollcaku

Report
Security Operations: Project Implementation Plan Date: 1/5/24 Project Scope WEEK 1 Vulnerabilities to Remediate Windows/Linux - Lack of auditing, Automatic Updates not configured Project Lead Your FirstName LastName and ECPI User ID Technical Stakeholders Your Supervisor (Instructor) Primary Business Users Thomas Evans - IT Department Janet Adams - Human Resources Mary Wilder - Customer Service Project Summary To achieve compliance with the items discovered in the voluntary security audit, several changes are proposed to address the issues listed in the project scope. The requirements for the necessary changes have been defined and low-level details of the specific changes are listed including validation. Risk has been assessed for contingency and backout plan is defined to respond in the event of an impact. Task List 1. Create project implementation plan per system a. Identify pre and post execution procedures (specific changes to be made and method for validation, i.e., commands or screenshots) 2. *Notify Stakeholders (Peer review of changes) (Not required for this, for informational purposes.) 3. *Schedule project in scheduled maintenance calendar (Not required, for informational purposes.) 4. Capture screenshot of current configuration and environment (i.e, make sure you’re logged into the right system) 5. Apply changes (commands or screenshots) 6. Document applied settings (commands or screenshots) 7. Notify Validation Group environment is ready for testing. (For this, your instructor is your validation group, so this entails you submitting your results for grading – see Step 10 below.) 8. Summarize scope of remediated vulnerabilities with reference to the specific audit findings for Final Report. 9. Consider additional steps for Back-out plan. 10. Submit completed document in Canvas. VCASTLE Systems – Usernames and passwords 1. Windows 10 UN: cis230\administrator PW: Password1 172.16.10.10 2. Ubuntu UN: ecpi PW: Password1 172.16.20.20 3. Server 2019 UN: cis230\administrator PW: Password1 172.16.30.30 4. pfSense UN: admin PW: pfsense 172.16.100.1 1 of 9 E-MAGINE Biomedical
Security Operations: Project Implementation Plan Date: 1/5/24 Execution Procedures Note: All activities this week, except the Progress Summary will be done together with the instructor in Vcastle. Icon Legend You will see the following icons to indicate if the project step or activity will be done with the instructor, in your group, or independently. : This icon represents Instructor Led activities : This icon represents group activities : This icon represents individual activities : This icon represents a screenshot should be added Windows OS Execution Plan Enable Automatic Updates 1. Edit current Windows Updates settings on system Windows Server 2019 a. Go to Server Manager -> Tools -> Group Policy Management b. Expand tree -> Right-click on Default Domain Policy -> Edit c. Expand Computer Configuration section d. Expand Policies section e. Select Administrative Templates -> Windows Components -> select Windows Update Add a screenshot here . 2 of 9 E-MAGINE Biomedical
Security Operations: Project Implementation Plan Date: 1/5/24 2. Find Configure Automatic Updates in Setting, double click a. Set to auto download and schedule install b. Set schedule to every day at 7:00PM every week c. Click OK to save d. Close Group Policy Management console. 3. Open command prompt or PowerShell -> Command: gpupdate /force Add a screenshot here. 4. Run command prompt or PowerShell as Administrator a. Type gpresult b. Expand Computer Configuration section c. Take screenshot showing settings have applied successfully 3 of 9 E-MAGINE Biomedical
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Operations: Project Implementation Plan Date: 1/5/24 Audit Policy Remediation 1. Edit current Audit settings on system Windows Server 2019 a. Go to Server Manager -> Tools -> Group Policy Management b. Expand tree two levels -> Right-click on Default Domain Policy -> Edit c. Expand Computer Configuration - Policies section d. Expand Windows Settings -> Security Settings -> Local Policies -> Audit Policy 2. Enable auditing for all listed event types – Right click, select Properties – check all boxes, click OK. Add a screenshot here. 4 of 9 E-MAGINE Biomedical
Security Operations: Project Implementation Plan Date: 1/5/24 3. Close Group Policy Management Editor and Console 4. Open command prompt or PowerShell -> Command: gpupdate /force Linux OS Execution Plan Enable Automatic Updates in Ubuntu 1. Update Ubuntu package lists and install pending updates: a. Open terminal window b. sudo apt-get update c. sudo apt-get upgrade 2. Install the unattended-upgrades package with apt: a. sudo apt-get install unattended-upgrades Add a screenshot here. 3. Enable the unattended-upgrades function a. sudo dpkg-reconfigure --priority=low unattended-upgrades Add a screenshot here. 5 of 9 E-MAGINE Biomedical
Security Operations: Project Implementation Plan Date: 1/5/24 b. When prompted to automatically install stable updates, select YES 4. Verify unattended upgrade service is working: a. sudo unattended-upgrades --dry-run (2 dashes) Add a screenshot here. 5. Check Unattended Upgrades Log: a. tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log Add a screenshot here. 6 of 9 E-MAGINE Biomedical
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Operations: Project Implementation Plan Date: 1/5/24 Enable and configure Auditd for security events 1. Install and configure auditd: a. sudo apt install auditd audispd-plugins b. sudo systemctl -now enable --auditd (2 dashes) 2. Set the parameter on your bootloader to enable during bootup a. sudo nano /etc/default/grub i. Find the GRUB_CMDLINE_LINUX=”“ command line ii. Change value to: GRUB_CMDLINE_LINUX=” audit=1″ iii. Save and close Nano - Ctrl o, Ctrl x b. sudo update-grub Add a screenshot here. Windows Post-Execution and deliverables 2. Log on to Server 2019 as administrator 3. Execute steps from Execution Plan 4. Paste screenshots for steps in the Plan section, as appropriate 5. Log onto Window 10 client as a domain admin 6. Run command prompt or PowerShell as Administrator a. Type rsop.msc b. Expand Computer Configuration section c. Take screenshot showing settings have applied successfully Linux Post-Execution and deliverables 7 of 9 E-MAGINE Biomedical
Security Operations: Project Implementation Plan Date: 1/5/24 1. Log on to Ubuntu 2. Execute steps from the Execution Plan 3. Paste Screenshots of all configuration changes made through the CLI 4. Screenshot of log entries a. tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log b. tail -n 100 /var/log/audit/audit.log Follow-up 1. Update documentation for stakeholders by completing the following. Progress Summary Update your project implementation plan here with a summary of results and related audit findings that were remediated in this assignment. Use these system code abbreviations: LR – Linux Risk, WR – Windows Risk, FR – Firewall Risk. Testing Procedures Notify Validation Group environment is ready for testing. (Here, this means submitting this document) Back-out plan – update weekly Windows System: 1. Revert settings to original values 2. Run a gpupdate /force Linux System: 1. Remove automatic update a. sudo apt remove unattended-upgrades 2. Remove auditd a. sudo apt remove auditd audispd-plugins Project Notes Make sure you specify the systems that you are working on configuring as part of the change management process. Server Info: (Virtual) Server Name: Ubuntu-Server-01 OS: Ubuntu 20.04 IP Address: 172.16.30.30/24 Server Specs: 8 of 9 E-MAGINE Biomedical
Security Operations: Project Implementation Plan Date: 1/5/24 VM CPU/RAM/STORAGE/NETWORK: 2 vCPU, 2GB RAM, 9 of 9 E-MAGINE Biomedical
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

ISSC290 Week 1 Quiz.pdf
CYB 200 Assignment 5.pdf
Document9.docx
Homework 3.docx
SITHCCC041 Student Assessment Tasks.docx
SITHKOP009 Student Assessment Tasks.docx
1.4Performance Assessment 1_Session Hijacking and Evading IDS and Firewall.docx
W2.7 Guided Practice DHCP.docx
W1 Performance Assessment- Multiple Routers.docx
W1 Guided Practice Networking Review.docx
SITXHRM002 Roster Staff Written assessment STUDENT v2.2 30 May 2021.docx
Week 3 Case Study Essay Questions.docx