Cybersecurity Foundations

Securing a Computer
System
Securing a Computer System

Scenario

Congratulations!

You have been hired to audit the security for the PC used
at your friend’s business: Joe's Auto Body. Joe provides car
repair services throughout the tri-state area. He's had
previous employees use it for activities unrelated to work
(e.g., web browsing, personal email, social media, games,
etc.), and he now uses it to store his critical business
information. He suspects that others may have broken
into it and could be using it to transfer files across the
internet. He has asked that you secure it for him
according to industry best practices so that it can again
be used as a standard PC.

In this project, you have been given a “broken” Windows

10 PC and asked to figure out what’s wrong with it and
then make changes to fix and secure it. The process of
analyzing and applying security happens in workplaces
around the globe and is exactly what cybersecurity
professionals do daily. This project allows you to apply
what you’ve learned in the course by investigating a
Windows 10 PC. The same skills you use on one PC can be
applied to thousands.
Part 1:
Reconnaissance
Hardware
The first step in securing any system is to know what it
is, what’s on it, what it’s used for, and who uses it.
That’s the concept of systems reconnaissance and
asset inventory. In this step, you’ll document the
hardware, software, user access, system and security
services on the PC. Complete each section below.
1 Device Name

2 Processor

3 Install RAM

4 System Type

5 Windows Edition

6 Version

7 Installed on

8 OS build
Software
Another common early step in securing is taking an
inventory of software or applications installed on a
computer system. These are programs outside of the
standard operating system. Please list five applications
running on this PC.

5
Accounts
As part of your security assessment, you should know
the user accounts that may access the PC. Please list the
accounts, name, and access level for the accounts on
this PC.

Account Name Full Name Access Level

Security Services
Document the PC’s security settings status listed below.

Security Feature Status

Firewall product and status--Private

network

Firewall product and status--Public

network

Virus protection product and status

Internet Security messages

Network firewall messages

Virus protection messages

User Account Control Setting

Part 2:
Assessment
Baseline

Please answer the following question.

1 Think back on Critical Security Controls: from the Basic

Controls, Foundational Controls, or the Organizational
Controls, choose one control that having a security
framework or guidelines (baseline) covers. Explain your
answer in 2 to 3 sentences.
 Authentication
Consider the 5 factors of authentication: Knowledge,
Possession, Inherence, Location, and Behavior. In 3 to 5
sentences below, suggest and explain what type of
authentication would be appropriate for JoesPC.

1.
 Principles of Secure Design
Consider the OWASP Principles of Secure Design. Choose
two principles and describe in 2 to 3 sentences (total)
how they apply to what Joe can use on JoesPC to
accomplish a more secure environment.

1.
System and Security: Firewall

Please answer the following question.

1 In 1 to 2 sentences, explain what protection would

enabling the Windows Firewall provide.
System and Security: Virus and
Threat Protection
Scenario: You need to ensure the Windows Defender
anti-virus is enabled to always protect against current
threats. It should be set to continually scan the PC for
malicious software automatically. Please answer the
following questions.

1 In 1 to 2 sentences, explain what protection

enabling the Windows Firewall would provide.

After you have turned on messages about the Network

firewall and virus protection, you notice you have
mitigated--or gotten rid of the threat of--risks.

2 In 1 to 2 sentences, explain what CIS controls are

satisified by turning on messages and mitigating risks.
Part 3: Securing
Access
 Users - Part 1
Ensuring only specific people have access to a computer is a
common step in information security. It starts by
understanding who should have access and the rules or
policies that should be followed. Please review the following
users who should have access.

● JoesAuto
● Jane Smith (Joe’s Assistant)

It is your responsibility to create suggestions for securing

this computer. Use the next slide to give and explain
your recommendations. The slide following your
recommendations will have two questions regarding users
and privileges.
Users - Part 2
Fill in this table based on the guidelines you
would recommend to Joe. Recommendations do not
have to be in complete sentences. Explanations
must be at least one sentence.

Recommendatio Explanation
n
How should
users
authenticate
their identity?
What Access
Rights/Permission
s should Joe
have?
What Access
Rights/Permission
s should Jane
have?
Users- Part 3

Please answer the following two questions.

1 In 1 to 2 sentences, explain why it is important to

disable or remove unneeded accounts from a PC
or application.

2 Administrator privileges for too many users is a

security
challenge. Provide at least 3 risks associated with
users
having administrator rights on a PC.
1.
2.
3.
Part 4: Securing
Applications
Unnecessary Applications

Joe wants everyone to use the latest version of the

Chrome browser by default. There should be no games
or
non-work-related applications installed or downloaded.
Joe is also concerned that there are “hacking” programs
downloaded or installed on the PC that should be
removed. This PC is used for standard office functions.
1 List three applications that violate this policy.
1.
2.
3.

2 Name three vulnerabilities, threats, or risks to having

unnecessary applications.
1.
2.
3.
Patching and Updates

All applications should be up-to-date on patches or fixes

by the manufacturer. Any old version of software should
be uninstalled. List two applications on JoesPC that are
out of date.
1

2
Default Browser

Joe wants all users to use Chrome as their default

browser. Provide 2 risks or vulnerabilities associated
with using Internet Explorer as a default browser.

2
Part 5: Securing Files
Securing Files

Joe has some work files in his Business folder that he

wants to secure since they contain his customer
information. He wants to encrypt his work files with
the password “SU37*$xv3p1.”
1 What security fundamental does this password
provide?

2 The Center for Internet Security Controls lists

passwords like this as one of their steps for
security. Which step does this fulfill?
Standout Suggestions
Standout Suggestion 1
Joe has decided to allow least privilege access to
2 additional employees. He would like the
bookkeeper and the head mechanic to have access
to JoesPC. In 3 - 5 sentences total below, describe
the privileges these two employees should have,
and detail how they should authenticate their
identities.
1
Standout Suggestion 2
Joe believes one of his employee’s emails has been
compromised. What are the possible threats, risks, or
vulnerabilities, and how should he respond? Detail
your answer in 3 to 5 sentences.