Lab Activity 1 CSIA 310 v2

User Generated

Qroerrpr

Computer Science

Description

Readings

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide (NIST SP 800-62 rev. 2). http://dx.doi.org/10.6028/NIST.SP.800-61r2

Microsoft. (2017a). Recovery options in Windows 10. Retrieved from https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options

Microsoft. (2017b). Windows 10 help. Retrieved from https://support.microsoft.com/en-us/products/windows?os=windows-10

Microsoft. (2017c). Windows Update FAQ. Retrieved from https://support.microsoft.com/en-us/help/12373/windows-update-faq

Unformatted Attachment Preview

CSIA 310: Cybersecurity Processes & Technologies Lab Activity #1: Investigate Restore & Recover Tools for System Integrity Purpose: Assess and Document Tools to Restore and Recover System Integrity for Windows 10 Workstations. 1. Assess and document selected uses of the Windows 10 Control Panel tool during the incident response process. 2. Assess and document selected uses of the Windows 10 Windows Settings tool during the incident response process. Overview: Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon Sifers-Grayson and its lab operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson R&D DevOps lab, is protected from unauthorized disclosure. This technical information includes software designs and source code for unmanned vehicles for which Sifers-Grayson is providing software support and maintenance. The contract requirements also mandate that SifersGrayson report cyber incidents to the federal government in a timely manner. As part of the reporting requirements, Sifers-Grayson must provide documentation about its Incident Response Processes and Procedures. The documentation that you will prepare for this lab will become part of the required Incident Response documentation. For this lab activity, you will assess and document tools that can be used in the preparation phase of the Incident Response Process (as defined in NIST SP 800-61r2). During this phase, incident responders create “images of clean OS and application installations for restoration and recovery purposes" (Cichonski, Millar, Grance, & Scarfone, 2012, p. 23). These tools are also used during the containment, eradication, and recovery phase to limit workstation access to resources (containment strategies), return workstations to known-good states (eradicate threats and restore system integrity), and restore system availability (recovery). Vendor documentation for Windows 10 (Microsoft, 2017a; Microsoft, 2017b; Microsoft 2017c) provides information about how to use the required features, tools, and utilities (see “Repair & Recovery” and “Windows Update FAQ”). During an incident, however, responders may not have time to search the vendor website and/or the Internet for information about tools and tool usage procedures. For this reason, customized incident response procedures are required to ensure that response is timely and that all incident responders have the information needed to execute their tasks. Copyright ©2018 by University of Maryland University College. All Rights Reserved. CSIA 310: Cybersecurity Processes & Technologies References Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide (NIST SP 800-62 rev. 2). http://dx.doi.org/10.6028/NIST.SP.800-61r2 Microsoft. (2017a). Recovery options in Windows 10. Retrieved from https://support.microsoft.com/enus/help/12415/windows-10-recovery-options Microsoft. (2017b). Windows 10 help. Retrieved from https://support.microsoft.com/enus/products/windows?os=windows-10 Microsoft. (2017c). Windows Update FAQ. Retrieved from https://support.microsoft.com/enus/help/12373/windows-update-faq Your Task: Prepare draft incident response guidance to be included in the Sifers-Grayson Incident Responder’s Handbook. Your draft guidance will explain the use of Windows 10 operating system features (utilities) and describe how each could be used as part of an incident response process. The guidance documents to be completed under this task are: (a) Creating, Using, and Removing System Restore Points and System Image Backups (b) Managing Installation, Removal, and Updating of Programs, Applications, and Operating System Features for Windows 10 Readings Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide (NIST SP 800-62 rev. 2). http://dx.doi.org/10.6028/NIST.SP.800-61r2 Microsoft. (2017a). Recovery options in Windows 10. Retrieved from https://support.microsoft.com/enus/help/12415/windows-10-recovery-options Microsoft. (2017b). Windows 10 help. Retrieved from https://support.microsoft.com/enus/products/windows?os=windows-10 Microsoft. (2017c). Windows Update FAQ. Retrieved from https://support.microsoft.com/enus/help/12373/windows-update-faq Copyright ©2018 by University of Maryland University College. All Rights Reserved. CSIA 310: Cybersecurity Processes & Technologies Instructions Part (a): Creating, Using, Removing System Restore Points for Windows 10 1. Identify appropriate sources of information and instructions for using the Windows 10 Control Panel and System Restore tool. Using those sources, research the procedures required to perform the following tasks: a. Create a system restore point for a Windows 10 system b. Use a specific system restore point to roll-back changes made to a Windows 10 system c. Delete system restore points from a Windows 10 system 2. Identify how the System Restore tool could be used during the incident response and recovery process (it may be useful in more than one phase). Typical uses include: a. Prepare a known-good backup for operating system files and data structures (e.g. the system registry and the information stored within it) b. Remove unauthorized configuration changes c. Restore the system to full operating status after an attack or suspected attack d. Remove failed software installations and/or unwanted changes to the operating system, applications software, and/or files. 3. Write a guidance document that identifies the tool, explains the capabilities it provides, and then lists and briefly describes the recommended uses identified under item #2. Add a list of resources that can be consulted for additional information. Next, summarize the procedures required to perform the tasks listed under item #1 (do not provide step-by-step instructions). Close your guidance document with a Notes / Warnings / Restrictions section that answers the question “Is there anything else the incident responder needs to be aware of when using this tool?” Part (b): Using Windows Features to Manage Installation, Removal, and Updating of Programs, Applications, and Operating System Features for Windows 10 1. Identify appropriate sources of information and instructions for using Programs and Features (accessed via Control Panel) and Update and Security (accessed via Windows Settings). Using those sources, research the procedures required to perform the following tasks: a. Turn Windows 10 Features On or Off b. Modify, Repair, or Uninstall a program or application from a Windows 10 system c. Control Installation of Updates for Windows 10 d. Control Installation of Updates for Windows 10 Applications 2. Identify and research how the Programs and Features and Update and Security tools could be used during the incident response and recovery process. Typical uses include: Copyright ©2018 by University of Maryland University College. All Rights Reserved. CSIA 310: Cybersecurity Processes & Technologies a. b. c. d. Turn off undesired Windows features, e.g. location services or remote access Turn off features to implement a containment strategy Remove unauthorized programs Remove unwanted changes to operating system utilities or features, applications software, and/or patches / updates e. Manually apply updates (“patches”) for installed programs 3. Write a guidance document that identifies the tool, explains the capabilities it provides, and then lists and briefly describes the recommended uses identified under item #2. Add a list of resources that can be consulted for additional information. Next, summarize the procedures required to perform the tasks listed under item #1 (do not provide step-by-step instructions). Close your guidance document with a Notes / Warnings / Restrictions section that answers the question “Is there anything else the incident responder needs to be aware of when using this tool?” Finalize Your Deliverable 1. Using the grading rubric as a guide, refine your incident response guidance. Your final products should be suitable for inclusion in the Sifers-Grayson Incident Responder’s Handbook. Remember that you are preparing multiple guidance documents, which must be presented separately. 2. As appropriate, cite your sources using footnotes or another appropriate citation style. 3. Use the resources section to provide information about recommended readings and any sources that you cite. Use a standard bibliographic format (you may wish to use APA since this is required in other CSIA courses). Information about sources and recommended readings, including in-text citations, should be formatted consistently and professionally. 4. Each file should start with a title page which lists the following information: • Lab Title and Number • Date • Your Name 5. The CSIA 310 Template for Lab Deliverable.docx file is set up to provide the required title page and two incident response guidance templates. Use the first template for your “System Restore Points” guidance. Use the second template for your “Managing Programs and Features” guidance. Copyright ©2018 by University of Maryland University College. All Rights Reserved.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hi, I have done your assignments :). Please see attachment

1

Creating, Using, Removing System Restore Points for Windows 10 #1
Date
Your Name

2

Introduction
Sometimes something just turns out badly. An introduce botched everything, or you were
tinkering and stuff isn't working right any longer. Obviously, you played out a full reinforcement
initially, yet Windows 10 additionally incorporates System Restore so you can undoubtedly
return framework changes without losing your documents. Framework Restore works by
recognizing framework changes, for example, in framework records and settings, Registry,
applications, and drivers, and sparing a working state as a "reestablish point." If because of a
mis-configuration your gadget encounters any issues, you would then be able to utilize a
reestablish point to fix the progressions to settle issues that might make your PC quit reacting or
influencing execution. As a matter of course, System Restore is debilitated on Windows 10,
however when empowered and designed effectively, it can consequently make checkpoints, yet
you can make reestablish focuses physically before rolling out any framework improvements. In
this Windows 10 control, we'll walk you through the means to design and utilize System Restore
to fix changes that might hurt your gadget.
1. Create a system restore point
Procedure:
➢ Open the System Restore: Scan for framework reestablish in the Windows 10
Search box and select Create a reestablish point from the rundown of results. At
the point when the System Properties discourse box shows up, tap the System
Protection tab and afterward tap the Configure catch.
➢ Empower System Restore: Snap to empower Turn on framework insurance and
afterward utilize the Max Usage slider to decide the amount of your hard drive to
use to store Restore Points — 5% to 10% is normally adequate — and click OK.
On the off chance that you ever need to make a reestablish Point physically (just
before you begin upsetting any framework settings, for instance), come back to
this discourse box and tap the Create… catch, generally Windows 10 will make
them naturally.
➢ Reestablish your PC: At whatever point you need to come back to a Restore
Point, open the System Properties exchange box, tap the System Protection tab
and after that tap the System Restore… catch. Take after the on-screen guidelines
and select the coveted Restore Point when provoked. You can likewise tap the
Scan for influenced programs catch before going any further, to perceive what
may change on your PC a short time later. When you're cheerful to continue, click
Next.

3

2. Utilization of specific system restore point to roll-back changes
Procedure:
➢ Open Control Panel. Look at that connected how-to if this is your first time, or
simply scan for it from the Windows 10 Cortana/Search box or the Windows
8/8.1 Charms Bar.
NOTE: We're attempting to get to the System applet in Control Panel, which should be
possible rapidly from the Power User Menu however it's just quicker that way in case
you're utilizing a console or mouse. Press WIN+X or right-tap on the Start catch and after
that snap System. Skip to Step 4 on the off chance that you wind up going along these
lines.
➢ Tap or tap on System and Security inside Control Panel.
Note: You won't see System and Security if your Control Panel see is set to either Large
symbols or Small symbols. Rather, discover System, tap or tap on it, at that point skip to
Step 4.
➢ In the System and Security window that is presently open, snap or tap System.
➢ On the left, snap or tap the System assurance interface.
➢ From the System...


Anonymous
Great! Studypool always delivers quality work.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags