Home » Lab1 | Computer Science homework help

Lab1 | Computer Science homework help

 

Lab Activity #1: Investigate Restore & Recover Tools for System Integrity

 

Purpose: Assess and Document Tools to Restore and Recover System Integrity for Windows 8.1 Workstations.

 

1.       Assess and document the uses of the Windows 8.1 System Restore utility as part of the incident response process.

 

2.       Assess and document the uses of the Windows 8.1 Programs and Features utility during the incident response process.

 

Overview:

 

For this activity, we will focus upon assessing and documenting tools that can be used in the preparation phase of the Incident Response Process (as defined in NIST SP 800-61r2). During this phase, incident responders create “images of clean OS and application installations for restoration and recovery purposes” (Cichonski, Millar, Grance, & Scarfone, 2012, p. 23). These tools are also used during the containment, eradication, and recovery phase to limit workstation access to resources (containment strategies), return workstations to known-good states (eradicate threats and restore system integrity), and restore system availability (recovery).

 

Situation Report:

 

Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon the company and its SCADA lab operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson SCADA lab, is protected from unauthorized disclosure. This information includes software designs and source code for Industrial Control Systems for which Sifers-Grayson is providing software support and maintenance. The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner.

 

The engineering and design workstations in the Sifers-Grayson SCADA Lab were upgraded from Windows XP to Windows 8.1 professional three years ago after the lab was hit with a ransomware attack that exploited several Windows XP vulnerabilities. A second successful ransomware attack occurred three months ago. The company paid the ransom in both cases because the lab did not have file backups that it could use to recover the damaged files (in the first case) and did not have system backups that it could use to rebuild the system hard drives (in the second case).

 

The SCADA Lab is locked into using Windows 8.1. The planned transition to Windows 10 is on indefinite hold due to technical problems encountered during previous attempts to modify required software applications to work under the new version of the operating system. This means that an incident response and recovery capability for the lab must support the Windows 8.1 operating system and its utilities.

 

Reference

 

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide (NIST SP 800-62 rev. 2). http://dx.doi.org/10.6028/NIST.SP.800-61r2

 

Your Task

 

Prepare draft incident response guidance to be included in the Sifers-Grayson Incident Responder’s Handbook. Your draft guidance will explain the use of Windows 8.1 operating system features (utilities) and describe how each could be used as part of an incident response process. The guidance documents to be completed under this task are:

 

(a)    Creating, Using, Removing System Restore Points and System Image Backups under Windows 8.1

 

(b)    Managing Windows 8.1 Programs and Features  

 

 

 

Instructions

 

Part (a): Creating, Using, Removing System Restore Points for Windows 8.1

 

1.       Identify appropriate sources of information and instructions for using the Windows 8.1 System Restore Point utility. Using those sources, research the procedures required to perform the following tasks:

 

a.       Create a system restore point for a Windows 8.1 system

 

b.       Use a system restore point to roll-back changes made to a Windows 8.1 system

 

c.       Remove system restore points from a Windows 8.1 system

 

2.       Identify how the tool could be used during the incident response and recovery process (it may be useful in more than one phase). Typical uses include:

 

a.       Prepare a known-good backup for operating system files and data structures (e.g. the system registry and the information stored within it)

 

b.       Remove unauthorized configuration changes

 

c.       Restore the system to full operating status after an attack or suspected attack

 

d.       Remove failed software installations and/or unwanted changes to the operating system, applications software, and/or files.

 

3.       Write a guidance document that identifies the tool, explains the capabilities it provides, and then lists and briefly describes the recommended uses identified under item #2. Add a list of resources that can be consulted for additional information. Next, summarize the procedures required to perform the tasks listed under item #1 (do not provide step-by-step instructions). Close your guidance document with a Notes / Warnings / Restrictions section that answers the question “Is there anything else the incident responder needs to be aware of when using this tool?” 

 

 

 

Part (b):  Managing Programs and Features for Windows 8.1

 

1.       Identify appropriate sources of information and instructions for using the Programs and Features tool. Using those sources, research the procedures required to perform the following tasks:

 

a.       Turn Windows Features On or Off

 

b.       Modify, Repair, or Uninstall a program from a Windows 8.1 system

 

c.       Select and Install Updates for Windows and Windows Applications, Find an installed Update, Remove an installed update

 

2.       Identify and research how the tool could be used during the incident response and recovery process. Typical uses include:

 

a.       Turn off undesired Windows features, e.g. location services or remote access

 

b.       Turn off features to implement a containment strategy

 

c.       Remove unauthorized programs

 

d.       Remove unwanted changes to operating system utilities or features, applications software, and/or patches / updates

 

3.       Write a guidance document that identifies the tool, explains the capabilities it provides, and then lists and briefly describes the recommended uses identified under item #2. Add a list of resources that can be consulted for additional information. Next, summarize the procedures required to perform the tasks listed under item #1 (do not provide step-by-step instructions). Close your guidance document with a Notes / Warnings / Restrictions section that answers the question “Is there anything else the incident responder needs to be aware of when using this tool?” 

 

 

 

Finalize Your Deliverable

 

1.       Using the grading rubric as a guide, refine your incident response guidance. Your final products should be suitable for inclusion in the Sifers-Grayson Incident Responder’s Handbook. Remember that you are preparing multiple guidance documents, which must be presented separately.

 

2.       As appropriate, cite your sources using footnotes or another appropriate citation style.

 

3.       Use the resources section to provide information about recommended readings and any sources that you cite. Use a standard bibliographic format (you may wish to use APA since this is required in other CSIA courses). Information about sources and recommended readings, including in-text citations, should be formatted consistently and professionally.

 

4.       Each file should start with a title page which lists the following information:

 

·         Lab Title and Number

 

·         Date

 

·         Your Name

 

5.       The CSIA 310 Template for Lab Deliverable.docx file is set up to provide the required title page and two incident response guidance templates.  Use the first template for your “System Restore Points” guidance. Use the second template for your “Managing Programs and Features” guidance.

 







Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more