Lab #4 – Assessment Worksheet
Using Group Policy Objects and Microsoft Baseline Security Analyzer
(MBSA) for Change Control
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
11/26/2014
Lab Due Date: ________________________________________________________________
Overview
There are many tools and suites designed to aid the security practitioner and the organization in implementing and managing change management. In this lab, you explored two such tools for the Windows platform: Group Policy Objects (built into the Windows operating systems) and the
Microsoft Security Baseline Analyzer (provided free of charge). You used Group Policy Objects to strengthen the organization’s password policy by adding complexity and minimum password length requirements. You scanned the Windows server with the Microsoft Baseline Security
Analyzer (MBSA) to assess its security state, and you examined the results of the Microsoft
Baseline Security Analyzer in detail.
Lab Assessment Questions & Answers
1. Define why change control management is relevant to security operations in an organization. Keeping up with technology advances, newly discovered vulnerabilities, and system updates are done through change control management.
2. Name six (6) policies you could enable in a Windows Domain.
Enforce password history, Maximum Password Age, Minimum Password Age, Minimum Password Length,
Store Password using reversible encryption and Password must meet complexity requirements.
3. What is the minimum password length enforced by the Password must meet complexity requirements policy?
Six
4. What sources could you use as a source to perform the MBSA security state?
Computer by Name or IP and multiple Computers by Domain or IP Range
5. What are some of the options that you can exercise when initiating the MBSA scan?
You can check for Windows administrative vulnerabilities and for security updates
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION
2
You can check for Windows administrative vulnerabilities and for security updates
You May Also Find These Documents Helpful
-
On the basis of the following data for Seller Co. for 2008 and the preceding year ended December 31, 2007, prepare a statement of cash flows. Use the indirect method of reporting cash flows from operating activities. Assume that equipment costing $125,000 was purchased for cash and equipment costing $85,000 with accumulated depreciation of $65,000 was sold for $15,000; that the stock was issued for cash; and that the only entries in the retained earnings account were net income of $51,000 and cash dividends declared of $13,000.…
- 618 Words
- 6 Pages
Satisfactory Essays -
Samuel Aggor CSC 1100 3/3/16 Assignment 5 Problem 1 a. Output: 3.94 b. Output: 6.67 c. Output: 15.00 d. Output: -35.00 e. Output: 0 Problem 2 a. Output: 62 b. Output: 20160 c. Output: 20 213837312 d. Output: 1 Problem 3 a. Func1 has two parameters. Func1 is an integer function. b. Func2 has three parameters. Func2 is a double function.…
- 188 Words
- 1 Page
Satisfactory Essays -
and detailed work strategies, monitoring progress, and determining issues solutions. Finally, organizations should dedicate a team of security analysts directed by the expertise of a Chief information security office (CISO) that reports to the Chief information office (CIO) and provides detailed security information to management for assessment and further expansion opportunities to the security infrastructure. Thus, management and a team of dedicated security experts measure system goals, develop strategies towards a more secure organization environment that prevents risks of any magnitude by safeguarding every corner.…
- 853 Words
- 4 Pages
Good Essays -
10. Sends signals to the brain in response to hair cell stimulation in the inner ear…
- 3617 Words
- 15 Pages
Satisfactory Essays -
10. Explain a scenario where an organization can use MBSA, WSUS and Windows Update in a combined strategy to maintain systems across an enterprise up-to-date.…
- 952 Words
- 4 Pages
Satisfactory Essays -
Wallace Design Group owned by Kevin Wallace is an architectural services company. The location is in Farmers Branch, Texas. Kent Wallace, the marketing director, resides in California and remotely operates in the office. The organization is very small, yet group communication is very poor.…
- 1193 Words
- 4 Pages
Better Essays -
Ancient'Egyptian'and'Mesopotamia' ' Changes'in'Neolithic'Revolution'(8000'BCE'–'5000'BCE)' Because'of'the'climate'changes'–'growing'degree'of'permanent'' Depends'on'agriculture'' ' Grain'and'seed' ' Diversity'create'economic' ' Impact/'characteristic'of'Neolithic' 1. Permanent'Settlement'–'Civilization'' a. Vehicle'to'human'advancement' b. Degree'of'permanent'' c. Civilization'create' i. Tradition'' ii. Religions' iii. Interest'in'Art' 2.…
- 2886 Words
- 45 Pages
Satisfactory Essays -
With your team members, develop a training plan to increase the effectiveness of groups and teams through a discussion of the challenges and benefits of group and team communication, collaboration, and conflict management. This is not to be submitted. After developing the plan, individually, in a 1,050 word, APA formatted and referenced paper consider ways to apply the training program your team developed to the organization you researched in Week One. Describe how the program would work in that organization and how it would help or could have helped the organization succeed instead of fail. What unique challenges could the plan address for that organization?…
- 370 Words
- 2 Pages
Satisfactory Essays -
3) In order to enhance the strength of user passwords, what are some of the best practices to implement for user password definitions in order to maximize confidentiality?…
- 518 Words
- 2 Pages
Good Essays -
One such program is called metasploit. This program is used by cyber security personnel to help advise clients of possible vulnerabilities against their own systems. Metaslpoit is owned by Rapid7, who provides security data and analytic…
- 838 Words
- 4 Pages
Better Essays -
In this lab, you implemented a portion of your organization’s BCP. Based on the BIA, the…
- 314 Words
- 2 Pages
Satisfactory Essays -
The review results were positive with a suggestion for an improvement. The team found that RedSeal product provides the intelligence necessary to improve defenses, maintain continuous compliance and mitigate real-world risks by identifying the available paths of access and exposed vulnerabilities present across a network (Stephenson, 2012). The RedSeal solution is either a hardware appliance or software product and is architected for a fast and efficient means of implementing the system (Stephenson, 2012). The design will provide the most secure, scalable, and dependable deployment possible (Stephenson, 2012). Continuous monitoring focuses on correlating IT, network, and vulnerability feeds (Stephenson, 2012). The system identifies risk associated with the business’s security effectiveness as opposed to policy and compliance driven tools (Stephenson, 2012). RedSeal provides a large library of supported vendor products, allowing security and vulnerability data to be quickly and easily imported into the system. The system automatically builds network maps and correlates the map data with configuration and vulnerability data, which creates a threat reference library. RedSeal finds and eliminates gaps in businesses security controls and prioritizes the impact of those gaps. RedSeal is not an assessment or audit tool, but it does correlate risk to various controls for compliance regulations, creating reports that show gaps in deployed configurations/controls (Stephenson, 2012). The team would have liked to have seen more integration with governance, risk, and compliance solutions (Stephenson, 2012). The product only provided a piece of the risk picture. The piece is important, and one that a number of assessment and audit driven tools do not deliver and could leverage (Stephenson,…
- 1317 Words
- 6 Pages
Better Essays -
Psychological Medicine is made up of a number of teams including Perinatal, general liaison, A & E liaison older people’s liaison and chronic fatigue service. As part of the admin team I work as medical secretary to the Older People’s Team and Consultant. This consists of four nurses, one team leader (on long term sick) and one Consultant.…
- 3062 Words
- 13 Pages
Powerful Essays -
Article #3: The Microsoft Security Org Chart Article #5: Microsoft Security Toolbox Article #6: Microsoft’s Security Response Article #7: Evolution of the Microsoft SDL Article #8: Microsoft SDL Investigation: The Wrap Up…
- 2896 Words
- 12 Pages
Powerful Essays -
BCS IT User – Syllabus Version 1.0 – Sample Test Security for IT Users - Level 1 Version SampleMQTB/1.0/SI1/v1.1…
- 2612 Words
- 11 Pages
Satisfactory Essays