Free Essay

Securing Internet Client and Server Applications on Windows Systems

In:

Submitted By Shaneebee
Words 398
Pages 2
Securing Internet Client and Server Applications on Windows Systems

Assessment Worksheet

Note: This tab is for reference only. Please see your instructor to determine the assessment they wish you to use.
Overview

Both IIS and Internet Explorer can be hardened to improve confidentiality, integrity, and availability (CIA). In this lab, you identified security hardening opportunities for the IIS application, then made those changes on a Windows Server 2012 machine. Next, you will identified and modified the Internet Options for the Internet Explorer browser. Finally, you documented the changes you made and provided an explanation for how each change helps achieve CIA.
Lab Assessment Questions & Answers

1. What are the steps you took to harden IIS?
Disabled services not used by functional roles and blocked ports that were not in use. These steps are necessary because servers proved one or more specific services on the network.
2. What are the steps you took to harden the Internet Explorer browser?
Opened only minimum required ports at the firewall; use encrypted connections for all communications; disabled any unneeded server features on the Web server. These are important because they heighten security.
3. As a result of this lab, which changes will you implement on your own Internet browser? Why?
Disable any features that are not being used. Also turn on pop-up blocker.
4. Why should you change the directory where the log is stored?
You should change the directory where the login is stored because it makes it more difficult for attackers to obtain the login information and gain access to the network.
5. Should the security updates for IIS, and the server it is hosted on, be installed as soon as they are available?
The updates should be evaluated first and then applied if needed.
6. List some best practices for hardening IIS.
Ensure antivirus/anti-malware software is installed and up-to-date; review all running services and programs and disable ones that are not needed; ensure Windows firewall settings only allow network traffic for the services and applications really needed; and create separate password-protected user accounts.
7. List some best practices for hardening Internet Explorer.
Do not click on popup boxes unless it is the little red X up in the corner to close them. Have Explorer Prompt user to run activeX. Disable any addons that will not be used. Continuously clear out unneeded extensions.

Similar Documents

Free Essay

Servers

...Organizations all over the world are linking their systems across networks in order to increase their expose to customers, competitors, browsers and hackers on the internet and in their own companies. Online banking make life simpler. You can check your account balance, deposit checks, pay bills, and make transfers. In order to make web applications more secure and less vulnerable, there are three top areas of risk to a company that wants to expand their systems web servers, databases server, and file servers. The web servers are applications that make information available on the internet. Web servers protect client information, client logins and passwords, and other client information that is not meant to be viewed by the public. Securing the database servers will keep persons or employees from accessing account holder contact information or changing account balances. Database servers are used by most companies. An unsecured database can have excessive and unused privileges. Keeping a database server secured will increase customer satisfaction and peace of mind. File servers are designed to keep out online threats from your Microsoft Windows documents safe and secure. Securing the file server would deny employees access from changing or viewing loan applications and other personal data to inflict damage. In closing, the web servers, database servers, and file servers are all designed to make customers feel at ease about online banking. They were built to keep hackers...

Words: 262 - Pages: 2

Premium Essay

Hello

...Securing Cisco Routers (SECR) Glossary A AAA ABEND Access Access attacks Authentication, Authorization, Accounting. Allows all facets of user security to be defined on a central server. Abnormal END. Abnormal termination of software. 1.) In dealing with network security it is an all-encompassing term that refers to unauthorized data manipulation, system access, or privileged escalation. An all-encompassing term that refers to unauthorized data manipulation, system access, or privileged escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Limiting the flow of information from the resources of a system to only the authorized persons or systems in the network. See ACE. access control Access Control Entry access control list See ACL. access device access layer Access Method Hardware component used in your signaling controller system: access server or mux. The point at which local end users are allowed into the network. 1.) Generally, the way in which network devices access the network medium. 2.) Software within an SNA processor that controls the flow of information through a network. Defines access rights and privileges for the network users. The access policy should provide guidelines for connecting external networks, connecting devices to a network, and adding new software to systems. The remote computer system which connects a personal computer to the Internet. Access Virtual...

Words: 23221 - Pages: 93

Premium Essay

Re: Week 5 Discussion 1

...communication at Westwood Resort, address the current network status and how to improve network capabilities throughout the resort. The goal of the company is to provide free Wi-Fi access to guests and at the same time ensure that the internal network remain secure. In addition, the resort wants to provide better cell phone access in the Fitness Center. Westwood Resort is located in Atlanta GA; it is a single building structure which is composed of ten stories, 500 guest rooms, two banquet halls, seven meeting rooms, hotel lobby, reception, coffee shop, fitness center, and poolside. The Business Center and half the guest rooms are wired for internet access with a dedicated T-1 connection. The hotel currently runs an Ethernet network at 10Mbps with Linux as their primary application, and is a dedicated hotel property management system. The Westwood Resort is operating on wired network and has decided to implement a complete Wi-Fi solution in order to remain competitive and provide...

Words: 2827 - Pages: 12

Premium Essay

Windows Servers

...Topics |Securing Windows 7 |Installing Windows Server 2008 | |Password and Account Lockout Policies |What Defines a Server | |Windows Firewall Configuration |Server Hardware | |Encrypting File System (EFS) |Windows Server 2008 Editions | |Remote Access Technologies |Server Roles in Windows Server 2008 | |Backup and Restore |Method of Installing Windows Server 2008 | |System Restore Points |Server Configuration | | |IP Address Settings | | |Management of Devices and Device Drivers | | |Microsoft Management Console (MMC) ...

Words: 2079 - Pages: 9

Free Essay

Client and Server Security

...Table of Contents Project Outline 3 Security Requirements 4 Perimeter Security 5 Client and Server Security 10 Database Security 10 Server Security 12 Wireless and Remote Access Security 15 Security Configuration Management 19 References 23   Project Outline Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees is located in Columbus, Georgia, and employs 10 people full time, and 4 persons part time. The third location is located in Washington, DC, and employs 15 people. The fourth location located in Richmond, Virginia is the smallest of all the locations employing 5 persons full time. Tiger Tees is a fast growing company in dire need of a secure network that will ensure that the confidentiality, integrity, and availability of client information remain confidential. All transactions completed are sent to the organizational headquarters in Beckley, WV and processed there. In the past these orders and transactions have been completed by telephone and e-mail. A secure wide area network would streamline this process making the transactions more secure, and providing faster service to the customers...

Words: 5336 - Pages: 22

Premium Essay

Myrtle & Associates/Bellview Law Group to Mab Law Firm Network Integration

...White Paper: This white paper discusses how to choose the integration approach best fitting the needs of Myrtle & Associates and Bellview Law Group in their merging into one law firm: MAB Law Firm. Assumptions: 1. Both Myrtle & Associates & Bellview Law Group Utilized Access To the Internet via a Digital Subscribers Line(DSL) 2. Myrtle & Associates & Bellview Law Group are separated by a considerable geographical distance. 3. Current Novell Servers Used by Bellview Law Group are Old. 4. All internal hard cabling runs will be wired with CAT 5e. Current Network Diagram Please See Exhibit (A-1 & A-2) Diagram of Proposed Network Integration Please See Exhibit (B) Challenges to Integrating the Current LANs, Challenges integrating the Myrtle & Associates and Bellview Law Group networks will be presented by the following: * The geographical distance between the two offices (L2TP/IPsec) * Bellview Law Group use of Novell and IPX/SPX instead of TCP/IP Integrating these two networks will be faced by the geographical distance between the two offices where the law firms reside. One solution would be to lease a dedicated line however; this option would be a very expensive one and is unnecessary due to new Virtual Private Network (VPN) technologies such as Layer 2 Tunneling Protocol (L2TP). Layer 2 Tunneling Protocol (L2TP) is a VPN technology allows for communication between two LAN segments separated by geographic...

Words: 2057 - Pages: 9

Free Essay

Simplify and Enhance Management of Windows Server 2008

...has introduced numerous administrative tools to simplify and enhance management of Windows Server 2008. One of the functions is Active Directory Federation Services. Active Directory Federation Services (ADFS for short) is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. In AD FS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity. On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to...

Words: 1556 - Pages: 7

Free Essay

Research Paper

...Research Paper 3 Active Directory Federation Services is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Windows Server 2008, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization. Active Directory Lightweight Directory Service (AD LDS), formerly known as Active Directory Application Mode, can be used to provide directory services for directory-enabled applications. Instead of using your organization’s AD DS database to store the directory-enabled application data, AD LDS can be used to store the data. AD LDS can be used in conjunction with AD DS so that you can have a central location for security accounts (AD DS) and another location to support the application configuration and directory data (AD LDS). Using AD LDS, you can reduce the overhead associated with Active Directory replication, you do not have to extend the Active Directory schema to support the application, and you can partition the directory structure so that the AD LDS service is only deployed to the servers that need to support the directory-enabled application. Most organizations use certificates to prove the identity of users or computers, as well as to encrypt data during transmission across unsecured network connections...

Words: 791 - Pages: 4

Premium Essay

It140-1304b-04: Introduction to Operating Systems and Client/Server Environments

...Colorado Technical University IT140-1304B-04: Introduction to Operating Systems and Client/Server Environments Table of Contents Introduction to Operating System 3 Project Organization 3 Windows 3 Linux 5 Virtualization 6 Components of a Computer System 8 Managing Client – Server Environments 9 Securing Operating Systems 10 System Administrators 11 Configuring Windows 7 and Linux+ Prep LabSim Toolkit 12 Phase 1 LabSim 12 References 13 * Introduction to Operating System Project Organization ACME is a pharmacy based healthcare provider that has 25 physical locations across the state of Michigan. The company provides long term patient care to the community mental health organizations across the State of Michigan. The organization is an industry leader in a clinical pharmacy services and has grown tremendously over the past 10 years. The organization is privately held and the senior leadership team as well as the centrally managed and support IT infrastructure is located at a single headquarter facility. ACME’s network is comprised primarily of Windows Server 2008 R2 servers, Windows 7 and Windows XP workstations, Microsoft Exchange Server 2010 for messaging, Microsoft SharePoint server for intranet support and Microsoft SQL server as the database platform. The company also utilizes QS1 Data Systems as its primary patient care system and DocuTrack as the document management system. The ACME network is a spoke and hub topology with the headquarter...

Words: 1536 - Pages: 7

Premium Essay

Pc Security

...Improving Web Application Security Threats and Countermeasures Forewords by Mark Curphey, Joel Scambray, and Erik Olson Improving Web Application Security Threats and Countermeasures patterns & practices J.D. Meier, Microsoft Corporation Alex Mackman, Content Master Srinath Vasireddy, Microsoft Corporation Michael Dunner, Microsoft Corporation Ray Escamilla, Microsoft Corporation Anandha Murukan, Satyam Computer Services Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, BizTalk, IntelliSense, MSDN, Visual Basic, Visual C#, Visual C++, and Visual Studio are either registered trademarks or trademarks of Microsoft...

Words: 83465 - Pages: 334

Free Essay

Student

...Exams & Answer Keys Exams & Answer Keys Networking Application Services and Security Course Revision Table Footer Date: 09/30/07 10/10/07 Section: All All Reason for Change: New Curriculum QA Edits Implementation Date: December 2007 December 2007 © ITT Educational Services, Inc. Date: 10/10/07 Exams & Answer Keys [Exam I —Unit 6] DATE: ________________________________ STUDENT NAME: ________________________________ COURSE NUMBER: ________________________________ INSTRUCTOR: ________________________________ ITT COLLEGE: ________________________________ General Instructions: 1. This is a closed-book, closed-notes Exam. No reference material (including assignments and lab) will be permitted for use during the exam session. 2. The exam contains true/false and multiple choice types of questions. 3. Please use the separate answer sheet provided to you for marking your answers. 4. Each question is worth two points. Good luck! © ITT Educational Services, Inc. Date: 10/10/07 Exams & Answer Keys 1. The most common cause of security breaches is ______. a. no alarm system b. weak passwords c. untrained security guards d. poor perimeter lighting 2. Windows Server administrators should not use the Administrator account for everyday activity. They should use the ________ command, only when performing administrative functions. a. super user b. run as c. task manager d. power user 3. For organizations with wireless networks, deployment of ________ is necessary...

Words: 3277 - Pages: 14

Premium Essay

Lab 8 Assessment

...critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no attackers can penetrate your web application before the Web App goes live. It is critical to perform a penetration test on a Web application because the Web application is running on an Application Server or a Web Server, if an attacker is able to access the application code for how the database is called, it may be able to retrieve information about the database (name, attributes, IP address, etc.) and or access the Web Server and attempt a DoS attack. If a Web form cannot handle the unexpected data and fails to return the expected outcome. You have uncovered a vulnerability in this form; penetration testing in this area help IT security identify the vulnerabilities a Web Application may have.  2. What is a cross-site scripting attack? The goal of an XSS attack is see if the Web Application allows the attacker to have administrative read/write access to the functionality of the Web Application. This attack is a type of computer security vulnerability typically found inweb applications that enables attacks to inject client-side script into web pages viewed and accessed by other users. 3. What is a reflective cross-site scripting attack? If the attacker can type a script in a text field and the script alters or creates a pop-up display, the attacker can use these windows to navigate users off the Web Application pages and to constructed pages with malicious...

Words: 849 - Pages: 4

Premium Essay

Soft Ware End

...SECURITY ESSENTIALS IMPACT OF SECURITY BREACHES • Security breaches affect organizations in a variety of ways. They often result in the following: • Loss of revenue • Damage to the reputation of the organization • Loss or compromise of data • Interruption of business processes • Damage to customer confidence • Damage to investor confidence • Legal Consequences -- In many states/countries, legal consequences are associated with the failure to secure the system—for example, Sarbanes Oxley, HIPAA, GLBA, California SB 1386. • Security breaches can have far-reaching effects. When there is a perceived or real security weakness, the organization must take immediate action to ensure that the weakness is removed and the damage is limited. • Many organizations now have customer-facing services—for example, websites. Customers may be the first people to notice the result of an attack. Therefore, it is essential that the customer-facing side of the business be as secure as possible. SECURITY RISK MANAGEMENT DISCIPLINE (SRMD) PROCESSES In this topic, we will discuss security risk management discipline (SRMD). Specifically, we will discuss: The three processes of SRMD - • Assessment • Development and implementation • Operation Assessment involves • Asset assessment and valuation. • Identifying security risks with STRIDE. • Analyzing...

Words: 6837 - Pages: 28

Premium Essay

Rapport

... Many companies want a lot of functionality over the web. Is it possible to achieve the same functionality on the web compared to an ordinary windows application? Our work aims towards evaluating which one of the solutions that is the best. Many customers wants a standalone application rich of functionality and demands to have the same functionality on the web. Is it always possible to achieve the costumer’s requirements on a web based solution or do you have to settle with an implementation of a standalone application? There are some factors that the answer depends on: performance, security, usability and implementation. The application that will be tested is developed in .Net and is a maintenance application for Business Intelligence (BI). We will have a short introduction to the Business Intelligence field to make you understand the purpose of the application. Keywords: Data Warehouse, web based, standalone, .NET, Business Intelligence Contents Abstract i Contents ii 1 Introduction 1 2 Background 3 2.1 Business Intelligence 3 2.1.1 The different steps in a Business Intelligence solution 4 2.2 Data Warehouse 4 2.3 Standalone vs. web based application 5 2.3.1 Standalone application 5 2.3.2 Web based application 5 2.3.3 Web or not from a Business Intelligence perspective 7 3 Method 9 3.1 Implementation 9 3.2 Performance 9 3.3 Security 9 3...

Words: 9000 - Pages: 36

Free Essay

Technology Project

...ANALYSIS ON HOW TO SECURE REMOTE ACCESS FOR ENTERPRISE NETWORK SYSTEM Submitted to: Jacky Chao Min By: MARTHE M. NSABA 300682552 TABLE OF CONTENTS INTRODUCTION | 3 - 6 | PROTECTION OF CPE DEVICES | 7 - 9 | SECURE REMOTE ACCESS THROUGH DIFFERENT AUTHENTICATION | 10 - 15 | SECURE REMOTE ACCESS FOR MOBILE UTILIZATION | 16 - 17 | BIBIOGRAPHY | 18 | INTRODUCTION In this developing environment, we note that varying business utilise different kinds of networks according to the business structures and policies, so managing access to all those networks can be complicated and security threatening. It is a key objective that for an enterprise to operate efficiently, its accessibility should be unlimited and this is when remote access is introduced. As the volume of enterprise information and data is increasing exponentially, it is an expectation that this data is easily accessed and shared among each other. To enable this, smarter network access called Remote access was introduced to deliver various degrees of data efficiently through mobile devices, applications and machines in order to stimulate productivity. There are three main types of remote access, namely Basic, Advances and Enterprise. In this paper, we will focus on Enterprise Remote access. Some of the advantages of Enterprise Remote access are; Increased high availability required for different and high volume application Remote access maintains and controls the high usage of the network. It...

Words: 3060 - Pages: 13