AS-7-DISCUSSIONS,ASSIGNMENTS Please Read the Instructions Carefully in the body of this post and in the Project 9.docx, Project 10.docx files attache -

AS-7-DISCUSSIONS,ASSIGNMENTS
Please Read the Instructions Carefully in the body of this post and in the Project 9.docx, Project 10.docx files attached below.
Also Attached the required ppt slides and textbook for reference
Discussion-1 400 words minimum (topic : Cloud Application Security ):
APA Format, need References
Microsoft adheres to a defense-in-depth principle to ensure protection of its cloud services, such as Microsoft Office 365. Built-in security features include threat protection to reduce malware infections, phishing attacks, distributed denial of service (DDoS) attacks, and other types of security threats.
Answer the following question(s):
Would an organization need to apply security controls to allow safe use of those applications? Why or why not?

Discussion-2 400 words minimum (topic : Incident Response Communication ):
APA Format, need References
Communication is a key part of a successful incident response plan. Assume you are the CSIRT team lead of a large corporation that just experienced a significant security breach.
Answer the following question(s):

Don't use plagiarized sources. Get Your Custom Assignment on

AS-7-DISCUSSIONS,ASSIGNMENTS Please Read the Instructions Carefully in the body of this post and in the Project 9.docx, Project 10.docx files attache

From as Little as $13/Page

Should you inform the chief executive officer (CEO) immediately when the breach is discovered? Why or why not?

2.Should customers be informed immediately? Why or why not?

Assignments ( minimum 3 pages content each):
APA Format, need References, Font: Arial, size 12, double-space
Assignment Question is attached below (file names: Project 9.docx, Project 10.docx)

Security Strategies in Windows Platforms and Applications

Lesson 13
Microsoft Windows Incident Handling
and Management

2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Cover image Sharpshot/Dreamstime.com

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Learning Objective(s)
Perform incident handling by using appropriate methods.

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Key Concepts
Windows incidents
Windows incident handling tools
Acquiring and managing evidence
Incident response plan

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Handling Security Incidents Involving Microsoft Windows OS and Applications
Event
Any observable occurrence within a computer or network
Incident
Any event that:
Violates security policy
Poses an imminent threat to security policy

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Securing resources involves defining activities that are both appropriate and inappropriate, and ensure that you only allow appropriate activities. Any action that occurs within a computing environment is called an event. Any event that either violates security policy or poses an imminent threat to your security policy is called a security incident.

There are many types of security incidents, from minor to major incidents. An incident can be as simple as too many failed login attempts or as complex as coordinated attempts to compromise a database that contains confidential information. Examples of security incidents include but are not limited to:

Excessive bandwidth use caused by the compromise of a system
Commercial use of IT resources
Compromised computers
Copyright infringement
Digital harassment
IP spoofing
Intruder activity
Network attack or denial-of-service condition
Virus or Internet worm activity

Handling Security Incidents Involving Microsoft Windows OS and Applications
Examples of incidents
Virus or Internet worm activity
Internet protocol (IP) spoofing
Intruder activity
Network attack or denial of service (DoS) condition
The first step in responding to an incident is to recognize that an incident has occurred.

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Handling Security Incidents Involving Microsoft Windows OS and Applications
To minimize number and impact of incidents:
Develop, maintain, and enforce a clear security policy that management supports and promotes.
Conduct routine vulnerability assessments to discover vulnerabilities that could lead to incidents.

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Handling Security Incidents Involving Microsoft Windows OS and Applications
To minimize number and impact of incidents:
Ensure all computers and network devices have the latest available patches installed.
Train all computer system users on acceptable and unacceptable behavior.
Establish frequent and visible security awareness reminders.

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Handling Security Incidents Involving Microsoft Windows OS and Applications
To minimize number and impact of incidents:
Enforce strong passwords throughout your environment.
Frequently monitor network traffic, system performance, and all available log files to identify any incidents or unusual events.

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Handling Security Incidents Involving Microsoft Windows OS and Applications
To minimize number and impact of incidents:
Ensure you have a solid business continuity plan (BCP) and disaster recovery plan (DRP) that you test at least annually.
Create a computer security incident response team (CSIRT).

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Formulating an Incident Response Plan

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Plan

Computer Security Incident Response Team (CSIRT)

Plan for communication

Plan for security

Test plan

Revise procedures

Handling Incident Response

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Preparation

Identification

Containment

Eradication

Recovery

Lessons learned

Sample Incident Reporting Form

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

All evidence you present in a court of law must exist in the same condition as it did when you collected it. Evidence cannot change at all once you collect it; it must be in pristine condition.

Youll be required to prove to the court that the evidence did not change during the investigation. Youll have to provide your own evidence that all collected evidence exists without changes as it did when it was collected.

The documentation that provides details of every move and access of evidence is called the chain of custody. The chain starts when you collect any piece of evidence.

Since you dont know if youll have to present evidence in court, you should collect all evidence during an incident investigation as if you will take it to court. If you carefully preserve the chain of custody and do not go to court, you just have well documented evidence. This type of information is great for analyzing incidents for the lessons learned step of incident response. On the other hand, if you are careless in the way you collect evidence and then end up going to court, your carelessness will likely result in having your evidence rejected by the court. Without the evidence you need to prove your case you may not be able to prevail. Always treat each investigation as if it will end up in court.
12

Incident Handling and Management Tools for Microsoft Windows and Applications
Two basic types:
Tools that help manage the CSIRTs activities and gather information about the incident response process
Tools that collect information about the incident itself

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

CSIRT Responsibilities

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Tracking incidents

Reporting on incidents

Archiving incident reports

Communicating incident information

Investigating Microsoft Windows and Applications Incidents
Collect technical information to support incident investigation and resolution
Collect evidence of incident activity to discover what happened, why it happened, how to stop it from happening again
Discover traces of past activity in memory, stored on disks, or in log files
Find evidence of incident activity

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Questions to Ask During an Investigation
What happened?
Who did it?
When did it happen?
Where did the incident originate and where was its target?
Why did the attacker attack this system?
How did it happen?

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

What happened?Gather as much information about the incident as possible.

Who did it?Discover as much information as possible about the source of the attack.

When did it happen?Collect information on when the incident started and when it stopped.

Where did the incident originate and where was its target?Discover the sources location and the target of the attack.

Why did the attacker attack this system?Discover the attacks purpose and goal.

How did it happen?Attempt to understand how the attacker compromised your security controls and accessed your system.

Acquiring and Managing Incident Evidence
Treat investigation as if it will end up in court
Investigation should produce evidence of an incident and possibly support action against an attacker
Evidence may be pictures, executable files, log files, other

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Types of Evidence
Most common types of evidence in computer incidents:
Real evidencephysical object
Documentary evidencewritten evidence or file contents
Required to prove accusation

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Chain of Custody
Only original evidence is useful
Evidence that has not changed since the incident
Collection methods can change evidence
Handling methods can change evidence

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

All evidence you present in a court of law must exist in the same condition as it did when you collected it. Evidence cannot change at all once you collect it; it must be in pristine condition.

The documentation that provides details of every move and access of evidence is called the chain of custody. The chain starts when you collect any piece of evidence.
19

Sample Chain of Custody Log

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Evidence Collection Rules
Each state and local jurisdiction may impose slightly different rules
Familiarize yourself with local laws and policies
Different rules govern different types of evidence
Contact local law enforcement to learn how they approach investigations
Contact your organizations legal representatives, beginning with your CSIRT team legal representative

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Best Practices for Handling
Incidents
Harden operating systems and software to avoid incidents.
Assess computers periodically to expose vulnerabilities.
Validate BCPs and DRPs.
Get full management support for a CSIRT.
Create a CSIRT.
Conduct a risk assessment to identify potential incidents that require attention first.

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Best Practices for Handling Incidents (Cont.)
Develop an incident response plan around the six steps to handling incidents.
Create an incident reporting form and procedures.
Distribute and publicize the incident reporting form and procedures.
Test the incident response plan before attackers do.
Identify and acquire incident management software.
Identify and acquire incident investigation software.
Train key CSIRT members on proper evidence collection and handling.

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Summary
Windows incidents
Windows incident handling tools
Acquiring and managing evidence
Incident response plan

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

24 Project Part 10: Evidence Collection Policy

Scenario
After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.

Consider the following questions for collecting and handling evidence:
1. What are the main concerns when collecting evidence?
2. What precautions are necessary to preserve evidence state?
3. How do you ensure evidence remains in its initial state?
4. What information and procedures are necessary to ensure evidence is admissible in court?

Tasks
Create a policy that ensures all evidence is collected and handled in a secure and efficient manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not the individual steps.

Address the following in your policy:
Description of information required for items of evidence
Documentation required in addition to item details (personnel, description of circumstances, and so on)
Description of measures required to preserve initial evidence integrity
Description of measures required to preserve ongoing evidence integrity
Controls necessary to maintain evidence integrity in storage
Documentation required to demonstrate evidence integrity

Required Resources
Internet access
Course textbook

Submission Requirements
Format: Microsoft Word (or compatible)
Font: Arial, size 12, double-space
Citation Style: Follow your schools preferred style guide
Length: 1 to 2 pages

Self-Assessment Checklist
I created a policy that addressed all issues.
I followed the submission guidelines. Project Part 9: Secure Windows Applications Policy

Scenario
One of the security improvements for the Always Fresh IT environment is to ensure all workstations and servers run secure applications. The company needs policies that set security requirements for the software. These policies will guide administrators in developing procedures to ensure all client and server software is as secure as possible.

Specifically, you will write two policies to ensure web server software and web browsers are secure. Your policy statements will describe the goals that define a secure application.

Consider the following questions for web server software and web browsers:
1. What functions should this software application provide?
2. What functions should this software application prohibit?
3. What controls are necessary to ensure this applications software operates as intended?
4. What steps are necessary to validate that the software operates as intended?

Tasks
Create two policiesone for web server software and one for web browser clients. Remember, you are writing policies, not procedures. Focus on the high-level tasks, not the individual steps.
Use the following as a guide for both policies:
Type of application software
Description of functions this software should allow
Description of functions this software should prohibit
Known vulnerabilities associated with software
Controls necessary to ensure compliance with desired functionality
Method to assess security control effectiveness

Required Resources
Internet access
Course textbook

Submission Requirements
Format: Microsoft Word (or compatible)
Font: Arial, size 12, double-space
Citation Style: Follow your schools preferred style guide
Length: 1 to 2 pages

Self-Assessment Checklist
I created two policies that addressed all issues.
I followed the submission guidelines. Security Strategies in Windows Platforms and Applications

Lesson 12
Microsoft Application Security

2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Cover image Sharpshot/Dreamstime.com

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Learning Objective(s)
Describe threats to Microsoft Windows and applications.
Describe techniques for protecting Windows application software.

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Key Concepts
Principles of Microsoft application security
Procedures for securing Microsoft client applications
Procedures for securing Microsoft server applications

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Principles of Microsoft Application Security
Application security
Covers all activities related to securing application software throughout its lifetime
Application software
Any computer software that allows users to perform specific tasks
Examples: sending and receiving email, browsing the web, creating a document or spreadsheet

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Principles of Microsoft Application Security (Cont.)
Ensuring application software security includes ensuring security during:
Design
Development
Testing
Deployment
Maintenance
Retirement
Protects C-I-A of data

Page #
Security Strategies in Windows Platforms and Applications
2021 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Client Application Software Attacks

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Malformed input

Inputs that application doesnt expect

Privilege escalation

Adds more authority to current session than the process should possess

Denial of service (DoS)

Slows application

Inputs that can cause unexpected results

Assuming another users identity

Identity spoofing

Direct file or resource access

Extra-application data access

Exploits holes in access controls

Accesses applications data outside the application

Crashes applications

Application Hardening Process

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Install the application using only the options and features you plan to use.
After installing the application, remove any default user accounts and sample data, along with any unneeded files and features.
Configure the application according to the principle of least privilege.
Ensure your application has all of the latest available security patches applied.
Monitor application performance to verify that your application adheres to security policy.

Minimal install

Unneeded accounts and files

Least privilege

Security patches

Monitoring

Securing Key Microsoft Client Applications

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Web browser

Internet Explorer

Outlook

Productivity software

Microsoft Office

Email client

File transfer software

File Transfer Protocol/Internet Protocol (TCP/IP)

AppLocker

Software Restriction Policies (SRP)

Group Policy

Web Browser
Web browser attacks:
Infect with malware
Intercept communication
Harvest stored data

Page #
Security Strategies in Windows Platforms and Applications
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

Web browserThis program allows users to access World Wide Web resources. Some application software have embedded web browser capability but stand-alone web browsers are by far the most common. Popular web browsers are:
Microsoft Internet Explorer
Mozilla Firefox
Google Chrome
Apple Safari
Opera

Web Browser
Set Internet zone security level to High
Add specific, trusted sites to Trusted Sites list
Configure setting to prompt for first- party and third-party cookies
Disable third-party browser extensions
Enable show encoded addresses setting
Disable playing of sounds in web pages

Internet Options Dialog Box in Internet Explorer 11

Email Client
Limit malicious code that may be attached to email messages
Install anti-malware software on each computer
Will scan all incoming and outgoing messages for malware
Safeguard message privacy by requiring use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) when connecting to your mail server to ensure message exchanges are encrypted

Email clientThis program allows clients to send and receive email. Depending on the type of mail server connection and protocol used, the email client may store email locally on the client. Microsoft Outlook is an example of an email client.

Productivity Software
Install anti-malware software that integrates with productivity software
Use EFS or BitLocker to encrypt folder or drive that contains productivity software documents and databases
Never open a file unless the source is trusted
Ensure productivity software has the latest security patches installed

Productivity softwareSoftware that supports many office functions. Most workstations allow users to perform some administrative of creative functions and productivity software supports these efforts. Productivity software includes these functions:
Word processing-Microsoft Word
Spreadsheet-Microsoft Excel
Lightweight database-Microsoft Access
Presentation-Microsoft PowerPoint
Project scheduling/management-Microsoft Project
Publishing-Microsoft Publisher

File Transfer Software
File Transfer Protocol (FTP) is insecure
Use:
FTP over a Secure Shell (SSH)
Secure FTP (SFTP)
Virtual private network (VPN)

AppLocker
A feature in Windows that allows you to restrict program execution using Group Policy
Provides ability to whitelist applications
Define path rules, hash rules, and publisher rules using Group Policy to restrict which applications computers can run

Securing Client Applications

Update software to the latest patch

Remove or disable unneeded features

Use principle of least privilege

Use encrypted communication

Common Server Applications

Web server

Internet Information Services (IIS)

Exchange

Database server

Structured Query Language (SQL) server

Email server

Common Server Applications (Cont.)

Enterprise Resource Planning (ERP) software

Enterprise project management

Unique user accounts

Strong authentication

Restricted access

Encrypted connections

Line of Business (LoB) software

Workflow control

Service technician tracking and scheduling

Securing Server Applications

Use server roles in Windows Server

Update software to the latest patch

Remove or disable unneeded services

Filter network traffic

Encrypt communication

Add Roles Wizard, Windows Server

Add Roles Wizard for adding Web Server (IIS) role to Windows Server
20

Select Role Services, Windows Server

Select Role Services for adding Web Server (IIS) role to Windows Server
21

Cloud-Based Software
Microsoft cloud-based products: Microsoft Office 365, Microsoft Azure, and Microsoft OneDrive
Many issues related to securing applications are the same on-premises and in the cloud
To secure cloud applications:
Review options and settings, and configure software to run the way you need it to run
Harden software
Do not assume cloud-based software is secure by default

Best Practices for Securing Microsoft Windows Applications
Harden the operating system.
Install only necessary services.
Use server roles when possible.
Use SCT to adhere to Microsoft baseline guidelines.
Remove or disable unneeded services.
Remove or disable unused user accounts.
Remove extra application components.
Open only the minimum required ports at the firewall.
Define unique user accounts.
Use strong authentication.

Best Practices for Securing Microsoft Windows Applications (Cont.)
Use encrypted connections for all communication.
Encrypt files, folders, or volumes that contain private data.
Develop and maintain a BCP and DRP.
Disable any unneeded server features.
Ensure every computer has up-to-date anti-malware software and data.
Never open any content or files from untrusted sources.
Validate all input received at the server.
Audit failed logon and access attempts.
Conduct penetration tests to discover vulnerabilities.

Summary
Principles of Microsoft application security
Procedures for securing Microsoft client applications
Procedures for securing Microsoft server applications

25 World Headquarters
Jones & Bartlett Learning
5 Wall Street
Burlington, MA 01803
978-443-5000
[emailprotected]
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online
booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or
visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available
to corporations, professional associations, and other qualified organizations. For details and
specific discount information, contact the special sales department at Jones & Bartlett Learning
via the above contact information or send an email to [emailprotected]

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized
in any form, electronic or mechanical, including photocopying, recording, or by any information
storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors
and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product,
process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply
its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not
be used for advertising or product endorsement purposes. All trademarks displayed are the
trademarks of the parties noted herein. Security Strategies in Windows Platforms and Applications,
Second Edition is an independent publication and has not been authorized, sponsored, or otherwise
approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse,
represent, or participate in the activities represented in the images. Any screenshots in this product
are for educational and instructive purposes only. Any individuals and scenarios featured in the case
studies throughout this product may be real or

Related Questions:

Related questions