Fluent Essays

Note: You need to complete only first section of the lab(section 2 & 3 can be ignored)Your lab instructions are attached below.Click on the lab link below this assignments to complete the following labs. Then, upload your each lab report file with the screenshots as requested in section 1 part. winsec_v4_ism_lab06.pdf winsec_v4_ism_lab05.pdf Unformatted Attachment Preview Auditing Windows Systems for Security Compliance Introduction In today’s IT environments, it just isn’t possible to manually check each computer and device to make sure each one is secure. To help identify vulnerabilities as efficiently as possible, system administrators and security practitioners use a variety of automated tools to determine where vulnerabilities may exist and identify potential mitigations. The process is part of auditing IT infrastructures for security compliance. These tools range from basic system utilities that report on the performance and configuration of a single computer or device to enterprise-wide tools capable of scanning systems, identifying vulnerabilities and actions to make computers and devices more secure, also known as hardening. Two tools for the Windows environment are Microsoft Policy Analyzer and the Open Vulnerability Assessment Scanner (OpenVAS). Microsoft Policy Analyzer is a simple, but powerful utility included as part of Microsoft’s Security Compliance Toolkit. It allows you to analyze and compare sets of Group Policy Objects (GPOs). The Policy Analyzer tells you if any settings in the set of GPOs you are analyzing are redundant or pose inconsistencies. It also makes it easy to compare GPOs with local policy settings and registry settings. The real power of the Policy Analyzer is to help identify security settings that deviate from your standard policies. Most organizations that use the Policy Analyzer start with a set of the many available baselines (collections of standard GPOs) and then customize them for their own environment. These custom baselines then provide the standard against which domain GPOs, local policies, and even local registry settings are compared to highlight any differences. The Open Vulnerability Assessment System (OpenVAS), from Greenbone networks, is an open source framework of a collection of tools and services. These tools and services work together to scan multiple computers, identify known vulnerabilities on these computers, and provide a set of tools for reporting on and managing the mitigation of identified vulnerabilities. Many vulnerability assessors, auditors, penetration testers, and hackers use OpenVAS to search for security vulnerabilities. The OpenVAS framework is free to use and is frequently updated to identify the latest vulnerabilities. You can use OpenVAS to scan many computers, including those running Microsoft and non-Microsoft operating systems. The framework is very good at identifying the underlying operating system for any target and then tailoring the scans for that operating system. OpenVAS is currently undergoing somewhat of a rebranding process which incorporates the Greenbone name more prominently in its product references. In fact, the front-end you’ll use for the OpenVAS scanner is called the Greenbone Security Manager (GSM). Whenever you see a reference to GSM, that manes you’re using the front-end user interface for the OpenVAS scanner. In this lab, you will use Policy Analyzer and OpenVAS to complete a security baseline audit scan of a Windows server. In the first part of the lab, you use the Policy Analyzer to identify inconsistencies between the default domain policy and local registry, then take steps to correct the inconsistency. Next, you will use OpenVAS to conduct a vulnerability scan, review the vulnerabilities reported by the scan, and research possible mitigations. Lab Overview Each section of this lab is assigned at your instructor’s discretion. Please consult your instructor to confirm which sections you are required to complete for your lab assignment. SECTION 1 of this lab has two parts: 1. In the first part of the lab, you will use the Policy Analyzer tool to identify inconsistencies between the default domain policy and local registry on a Windows Server 2019 machine. 2. In the second part of the lab, you will use OpenVAS and the Greenbone Security Manager to scan a Windows Server 2019 machine, identify vulnerabilities, and research possible mitigations. SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will use an older tool, Microsoft Baseline Security Analyzer, to assess the security posture of a Windows Server 2012 machine. You will also scan the Windows Server 2012 machine using OpenVAS and implement changes to mitigate an identified vulnerability. Finally, you will explore the virtual environment on your own in SECTION 3 of this lab. You will answer questions and complete challenges that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation. Learning Objectives Upon completing this lab, you will be able to: 1. Audit Group Policy using the Microsoft Policy Analyzer 2. Identify and remediate inconsistencies between password policies 3. Launch and analyze security vulnerability scans with Greenbone Security Manager and OpenVAS 4. Identify and remediate reported vulnerabilities using OpenVAS 5. Section 2: Analyze a Windows Server 2012 machine using Microsoft Baseline Security Analyzer 6. Section 2: Perform post-remediation scans to demonstrate the effectiveness of remediation efforts Topology This lab contains the following virtual machines. Please refer to the network topology diagram below. • TargetWindows01 (Windows Server 2019) [Domain Controller] • TargetWindows03 (Windows Server 2012) • OpenVAS (Linux) Tools and Software The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • Greenbone Security Manager (GSM) • Microsoft Baseline Security Analyzer (MBSA) • OpenVAS (Open Vulnerability Assessment Scanner) • Security Compliance Toolkit (SCM) - Policy Analyzer Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: SECTION 1: 1. Lab Report file including screen captures of the following; • Password Policy in the GPO report; • current PasswordAge settings in the Policy Viewer; • updated PasswordAge settings in the Policy Viewer; • Tasks list with the completed scan of 172.30.0.15; • Vulnerabilities from the completed scan of 172.30.0.15; 2. Any additional information as directed by the lab: • describe remediation steps for the vulnerability you selected; 3. Lab Assessment (see instructor for guidance). SECTION 2: 1. Lab Report file including screen captures of the following: • number of missing security updates for the Windows Security Updates issue; • Vulnerabilities from the completed scan of 172.30.0.17; • Windows Firewall once it is running; • Vulnerabilities from the latest completed scan of 172.30.0.15 (without the DCE/RPC vulnerability listed); 2. Any additional information as directed by the lab: • describe the security issue for the missing update; SECTION 3: 1. Analysis and Discussion 2. Tools and Commands 3. Challenge Exercise Section 1: Hands-On Demonstration Part 1: Audit a Windows System using Policy Analyzer 19. Make a screen capture showing the MaximumPasswordAge settings in the Policy Viewer and paste it into the Lab Report file. 20. Make a screen capture showing the updated MaximumPasswordAge setting in the Policy Viewer and paste it into the Lab Report file. Part 2: Audit a Windows System using OpenVAS 8. Make a screen capture showing the Tasks list with the completed scan of 172.30.0.15 and paste it into the Lab Report file. 11. Make a screen capture showing the vulnerabilities from the completed scan of 172.30.0.15 and paste it into the Lab Report file. 13. In the Lab Report file, describe remediation steps for the vulnerability you selected. Below is an example for each; Answers may vary by student. DCE/RPC or MSRPC services running on remote host can be enumerated via port 135, with the appropriate queries (the resulting scan shows all DCE/RPC services that are possible vectors if this enumeration of 135 took place). The suggested solution is to filter incoming traffic to port 135. Exposing this port to the internet allows a bad actor to enumerate various services he/she can use to exploit a target. Host is running a VNC server which entails one or more weak cryptographical Security Types. Not for use on untrusted networks. Since this is a claim of weak cryptography, the recommended solution is to run this session over an encrypted channel, provided by (for example) IPsec[RFC4301] or SSH[RFC4254]. Section 2: Applied Learning Part 1: Audit a Windows System using MBSA 11. Make a screen capture showing the MBSA scan results and paste it into your Lab Report file. 16. In the Lab Report file, describe the security issue for this missing update. Below is an example; Answer may vary by student. I chose MS15-101. It patches a vulnerability in the .NET framework that could permit privilege escalation with a specially crafted .NET application. Part 2: Audit a Windows System using OpenVAS 7. Make a screen capture showing the vulnerabilities from the completed scan of 172.30.0.17 and paste it into the Lab Report file. 17. Make a screen capture showing the active Windows Firewall and paste it into the Lab Report file. 21. Make a screen capture showing the vulnerabilities from the latest completed scan of 172.30.0.15 (without the DCE/RPC vulnerability listed) and paste it into the Lab Report file. Section 3: Challenge and Analysis Note: The following challenge questions are provided to allow independent, unguided work, similar to what you will encounter in a real situation. You should aim to improve your skills by getting the correct answer in as few steps as possible. Use screen captures in your lab document where possible to illustrate your answers. Part 1: Analysis and Discussion In what context would you consider using the Microsoft Baseline Security Analyzer to conduct a security audit? In your opinion, is it worth using MBSA at all? Or are there similar, more effective tools that could be used in the same context? Use the Internet to research MBSA and alternative tools. Below is an example; Answer may vary by student. As the lab claims, it seems wise to employ several scanners (even MBSA) to cover the most ground. We’ve seen that MBSA picks up things that OpenVAS did not, but this is likely because MBSA doesn’t scan for specific vulnerabilities, but rather for missing patches, security updates, service packs, and looks for administrative configuration issues. For this reason, it’s perhaps a good idea to include this in your toolkit; however, probably only for small businesses with fewer hosts, since with this deprecated tool comes a higher chance of false reporting. It may require tweaking to be of use on a larger scale, lest you spend a bunch of time on the red herrings it reels in. Alternatives would depend on your budget, but there are some powerful enterprise scanners that might be worth consideration, such as SolarWinds Network Configuration Manager or Retina Network Security Scanner. There are also several other free (but powerful) scanners that would make good additions, like OpenVAS, or the Retina Network Community edition (the free version of the aforementioned Retina product). Part 2: Tools and Commands Use the Advanced Task Wizard in the Greenbone Security Manager to configure a scan of the entire subnet in this lab environment. Make a screen capture showing your results. Part 3: Challenge Exercise Use Windows Update on TargetWindows03 to download and install one of the Windows Server 2012 R2 security updates identified by MBSA. Make a screen capture showing the update confirmation on TargetWindows03. Below is an example; Answer may vary by student. I chose the critical KB2919355 update (security bulletin MS14-018). See below for pre-update screenshot. And the screenshot below confirms it was installed. Next, use MBSA to run a new scan of TargetWindows03. Make a screen capture showing the results. Assessment Quiz 1. Policy Analyzer is part of: a. the Security Configuration Wizard. b. Microsoft Baseline Security Analyzer. c. the Security Compliance Wizard. d. the Security Compliance Toolkit. ANS: D REF: Introduction 2. OpenVAS is developed by: a. Tenable b. Microsoft c. Greenbone Networks d. Avast ANS: C REF: Introduction 3. Policy Analyzer will compare groups of: a. Group Policy Objects b. Active Directory Users c. Domain Controllers d. Security Policies ANS: A REF: Note introducing Section 1, Part 1 4. Security baselines are: a. packages of vulnerability signatures. b. security procedures. c. groups of recommended configuration settings. d. applications for assessing the security posture of networks ANS: C REF: Note introducing Section 1, Part 1 5. Policy Analyzer can help identify: a. vulnerabilities. b. suspicious activity. c. missing service updates. d. differences between GPOs or local registry settings. ANS: D REF: Note introducing Section 1, Part 1 6. OpenVAS is an open source fork of: a. Nmap b. Burp Suite c. MBSA d. Nessus ANS: D REF: Note introducing Section 1, Part 2 7. The front-end user interface used to run OpenVAS scans is: a. the Greenbone Scan Assistant b. the Greenbone Security Manager c. the Greenbone Security Master d. the Greenbone Visual Scanner ANS: B REF: Note introducing Section 1, Part 2 8. OpenVAS is licensed under the: a. GNU General Public License b. MIT license c. GNU Lesser General Public License d. 3-clause BSD license ANS: A REF: Note introducing Section 1, Part 2 9. The simplest way to create an OpenVAS scan is to use the: a. Scan Manager. b. Task Wizard. c. Scan Wizard. d. Vulnerability Planner. ANS: B REF: Note following Section 1, Part 2, Step 4 10. The scan of TargetWindows01 reported: a. two Medium Severity vulnerabilities. b. three Medium Severity vulnerabilities. c. four Medium Severity vulnerabilities. d. five Medium Severity vulnerabilities. ANS: A REF: Note following Section 1, Part 2, Step 10 Managing Group Policy within the Microsoft Windows Environment Introduction Today’s computing environments are quickly becoming more diverse and integrated. Fewer environments are composed of isolated and unconnected personal computers. Windows environments, both home and office, are becoming more dependent on shared resources. Even the smallest home networks commonly share printers, storage devices, and network access devices. Enterprises of all sizes rely on shared resources to increase usability and decrease cost. While defining access permissions for small home networks with a limited number of users might be easy, without automated tools managing the same for a large enterprise would be impossible. The Windows Group Policy feature provides a centralized set of rules that govern the way Windows operates in enterprise environments. It provides the ability to define and apply both general and security configuration changes to one or more computers. Using the Group Policy Management Console (GPMC) to define Group Policy Objects (GPO) can make administration easier than having to write scripts or individually secure basic security settings. When a member computer boots up or logs on to the network, Windows looks up and applies the GPOs for that computer and user. In addition to checking for updated policies at boot or logon time, Windows checks for new or updated GPOs every 90 to 120 minutes by default, automatically applying updates, often without requiring users to log off or reset their computer. Group Policy by itself is only a tool; what makes it truly powerful is its ability to enable security administrators to enforce the organization’s security policy, to allow management to meet security responsibilities to protect the corporate assets, and to ensure that there are no gaps or unnecessary controls in the security policy. When the Group Policy conforms to the security policy, it is important to audit the GPOs with reports that document the existing settings. In this lab, you will use the Group Policy Management Console (GPMC) to create and link Group Policy Objects (GPO) to domain computers and deploy policies across the domain. You will also edit the Default Domain Policy and generate policy audit reports to verify your changes. Lab Overview Each section of this lab is assigned at your instructor’s discretion. Please consult your instructor to confirm which sections you are required to complete for your lab assignment. SECTION 1 of this lab has three parts which should be completed in the order specified. 1. In the first part of the lab, you will use the Group Policy Management Console (GPMC) to create and link Group Policy Objects (GPO) to manage Windows desktop security. 2. In the second part of the lab, you will use the Group Policy Management Console (GPMC) to modify Group Policy Object (GPO) settings. 3. In the third part of the lab, you will generate audit reports using the GPMC and the Resultant Set of Policy (RSoP) tool from the Windows Command Prompt. SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables. You will also learn about Enforced GPOs, Security Filters, and forcing distribution of updated GPOs. Rather than using the Group Policy Management Editor to change Password Policy settings, you will use a series of commands in PowerShell. Finally, if assigned by your instructor, you will explore the virtual environment on your own in SECTION 3 of this lab to answer a set of questions and challenges that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation. Learning Objectives Upon completing this lab, you will be able to: 1. Explore Active Directory Group Policy Objects (GPO) using the Group Policy Management Console (GPMC) 2. Create and link a new Group Policy Object using the Group Policy Management Console (GPMC) 3. Edit the Default Domain Policy using the Group Policy Management Console (GPMC) 4. Generate and analyze a GPO Report from the GPMC 5. Generate and analyze a Resultant Set of Policy (RSoP) report from the Windows command line 6. Section 2: Edit the Default Domain Policy using PowerShell 7. Section 2: Generate and analyze a GPO Report using PowerShell Topology This lab contains the following virtual machines. Please refer to the network topology diagram below. • TargetWindows01 (Windows Server 2019) [Domain Controller] Tools and Software The following software is required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • Group Policy Management Console (GPMC) • Group Policy Management Editor • PowerShell • Resultant Set of Policy (RSoP) Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: SECTION 1: 1. Lab Report file including screen captures of the following: • updated policy settings; • linked EventLogGPO; • policy changes you made in the Group Policy Management Editor; • policy changes you made in the RSoP; 2. Any additional information as directed by the lab: • explain why you made the changes you made, make note of any suggested changes that you accepted, and explain why you believe the Group Policy Management Editor recommended those changes; • compare the GPO Report and the RSoP Report; SECTION 2: 1. Lab Report file including screen captures of the following: • new Password Policy for the ContractorsGPO; • new Account Lockout Policy for the ContractorsGPO; • Contractors group in the ContractorsGPO; • c ... Purchase answer to see full attachment