Lab- Threats, Risk, and Vulnerability in Workstation
Lab 5.1a
Based on the HIPAA website, the healthcare sector and the Department of Defence (DoD) have been established to differ in terms of compliance laws requirements and business drivers. For instance, the “Health Insurance Portability and Accountability Act” (HIPAA) is a public law within the healthcare sector. On the other hand, within the DoD sector, the laws that govern it are two-fold, namely the Defense Federal Acquisition Regulation Supplement (DFARS) and the Procedures, Guidance, and Information (PGI) (Choi & Williams, 2022). These laws protect confidential information within the department from unauthorized access. The difference between these sectors is exhibited in their utilization. For instance, the healthcare sector maintains a personal medical history of a list of people, while the defense department keeps sensitive information that requires the highest level of confidentiality.
The other difference is that laws in the incidence of healthcare uphold confidentiality through the utilization of e-health that is sustained electronically. However, within the DoD, the third party is mandated to approve the fulfillment of the DoD regulations before the commencement of any business activities (Choi & Williams, 2022). Also, while the healthcare rule is more strict regarding how personal health information can be shared among healthcare providers, the laws within the defense department are more inclusive of encryption to prevent it from landing in the wrong hands. Lastly, the firms that operate under the healthcare provider’s workstation domain include organizations and companies that offer healthcare products and services to customers (Choi & Williams, 2022). On the other hand, the DoD’s workstation domain includes the United States Army and the Department of Defense. The organizations under DoD work towards the fulfillment of DFARS and PGI laws.
Lab 5.1b
After navigating the website, I identified that the workstation domain comprises various risks, threats, and vulnerabilities that hinder operations from running swiftly. Some of these risks and threats include unauthorized access to the workstation, vulnerabilities on the desktop and portable devices, download of content from the internet that may have viruses, the use of portable devices that may contain malware that may end up affecting the entire workstation and user violation of instructions. The other vulnerabilities within the workstation include unauthorized access to applications and data, software patches and updates, and vulnerabilities in portable devices.
Listed below are some of the DoD’s desktop hardening guidelines:
Foster auditing.
Limit access to privileged accounts.
Sensitive data is encrypted.
Installation of individual firewalls.
Disabling unnecessary accounts and services.
Enabling host-based intrusion detection.
Lab 5.1c
An Appropriate Backup Strategy Does Not Exist For The Data
Attaining data integrity and availability requires an effective backup strategy. However, in many instances, a backup strategy often works for devices that are permanently stored at a designated location. For devices such as PCs that are moved from one location to another, it is generally impossible to have a backup plan in place because all the data is not stored in a single file server. A backup plan may require developers to have standalone copies of program code while alterations are being executed. Some of the recommendations that should be considered in implementing a backup policy include the storage of data files in a directory hierarchy, mission criteria data should be stored on file servers, and compact disk-recordable (CDR) should be used.
Open-Restricted File Type Properties
It has been established that allowing users to cancel the opening of a file provides sufficient levels of protection in most environments. This open confirmation property allows the user to open the file, save the file, or even cancel the opening process. Including this property as an extension adds additional value for the users as they can view the files before attempting to open them (Choi & Williams, 2022). Always showing an extension and confirming after the download gives users additional information regarding a file, informing their decision on whether to proceed with the opening.
Lab 5.1d
These security areas are as explained below;
SP 800-52 guides how to use the most secure TLS/SSL protocol. The incorrect configuration of the protocol negotiation provides leeway to unexpected attacks that may exploit weaknesses within this protocol. While this guideline applies to TLS gateways, it does not apply to VPN devices.
AADC-AG-000023: This requirement calls for the enabling of external logging for WAF data event messages. The users must create a server for every log server and then add the UDP port for every configuration. The port numbers should also be included on the external log server so that log messages can be listened to (Harris, 2020). In this regard, it is tough to correlate and investigate the events that may eventually lead to an attack without establishing where events occurred.
AADC-AG-000026: This is a requirement that works by sending alerts when ISSO connectivity to the Syslog servers is lost. The absence of this signal may prevent the security personnel from being informed of the impending failure as far as the system is running. Some of these processing failures may include software errors, failures in audit capturing strategies, or the inability of the system to note down the central audit log (Harris, 2020).
AADC-AG-000034: This guideline stipulates that information systems can provide various functions and services. Some are integrated within the system by default. As such, the firm must determine important functions for performing content filtering and other core functionality for every device aspect (Harris, 2020). While unnecessary capabilities are often overlooked and, hence, remain unsecured, attackers may capitalize on these loopholes in accessing confidential information stored on the platform.
AADC-AG-000035: This security measure outlines the unrelated proxy services that increase the complexity of securing the data stored within the device. In this regard, many application proxies can be installed on the devices to perform this function. The Global Server Load Balancing (GSLB) can operate in the proxy mode so that all the DNS queries arriving are forwarded to the DNS server. It can also operate in Server mode because the device directly responds to queries for particular service IP addresses within the GSLB zone.
Lab 5.1e
The common vulnerabilities and exposure listing is a database that lists all the known security vulnerabilities within the computer framework. The primary page within CVE provides users with the interface to search for specific information about the various software in use or regarding vulnerability issues. On the other hand, the workstation domain in OS is housed by CVE listing and works by tracking and identifying vulnerability issues along the system (Harris, 2020). The information about any existing vulnerability is then disseminated through the software versions for easy fixes. As such, the workstation domain OS and application software are housed within the CVE listing by assigning a unique identification code to each vulnerability reported. The assigned identification code is used to track and identify vulnerabilities across the system, making it easy for the management team to follow along.
It should also be noted that the National Vulnerability Database (NVD) can be accessed from the CVE homepage and encompasses information from the CVE listing and other sources. The significant role of NVD is that it avails additional data on vulnerabilities identified within the system, thus outlining their severity level. Therefore, CVE and NVD can be utilized as security control tools to identify and manage vulnerabilities within the system (Harris, 2020). These tools allow organizations to identify potential weaknesses and implement mitigation strategies. On the other hand, they can serve as an attack tool for hackers to identify vulnerabilities and capitalize on their preferred target (Harris, 2020). As such, it is significant that the organization stays updated with the existing vulnerabilities in its system and puts in place measures to manage them before hackers can utilize them for malicious intentions.
Lab 5.2
The workstation domain is significant because it works to protect confidential data from access by unauthorized parties. Some top risks within the workstation domain include unpatched vulnerabilities, malware, and lack of physical security. Malware includes viruses and ransomware that may infect the workstation and aid in stealing sensitive data. On the other hand, unpatched vulnerabilities may permit attackers to infiltrate the organization’s operating system. Finally, the lack of physical security grants attackers unauthorized access to the information belonging to the workstation. The implementation of a comprehensive security plan would necessitate mitigating these risks.
References
Choi, Y. B., & Williams, C. E. (2022). A HIPAA security and privacy compliance audit and risk assessment mitigation approach. In Research Anthology on Securing Medical Systems and Records (pp. 706–725). IGI Global.
Harris, C. D. (2020). Understanding Controls to Detect and Mitigate Malicious Privileged User Abuse (Doctoral dissertation, Capitol Technology University).
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
recognize the risks, threats, and vulnerabilities commonly found in the workstation domain
Lab- Threats, Risk, and Vulnerability in Workstation