Perform System Configuration Gap Analysis
I conducted a live lab on gap analysis to assess the current security posture of an organisation and identify areas for improvement. The live lab involved a comprehensive review of existing policies, procedures, and technical controls in place to safeguard information systems.
During the session, I utilised a systematic approach to identify discrepancies between the organisation's current practices and industry best practices. This involved examining frameworks and looking at requirement comparisons. By analysing the findings, it became evident where deficiencies existed in Minimum Password Length, Lockout Bad Count amongst others.
The outcome of the live lab was a detailed report highlighting specific gaps, alongside prioritised recommendations for enhancements. This process not only assisted in developing a roadmap for strengthening cybersecurity measures but also facilitated a deeper understanding of the organisational risks and the necessary steps to mitigate them effectively. I also learnt that it is essential to tailor baselines and frameworks according to an organisations security requirements and business goals.
Connecting to PC10 Virtual Machine
Here I selected Other User, and signed in as admin with the password.
Determining the build number using Winver
Using Winver I found out more details about the version as follows "Version 1809 (OS Build 17763.4377).”
Running Windows PowerShell as Administrator
Here I entered the command ‘copy D:\* C:\LABFILES’. This command copies PolicyAnalyzer.zip and Windows 10 Version 1809 and Windows Serve 2019 Securitv Baseline.zip from the read-only removable media virtual ontical disc (i.e. D:) to C:\LABFILES.
Using the ls command
I then entered the command ‘cd c:\LABFILES’ to change into the directory. Once in the directory I entered the command ‘Is’ to view the contents of the directory.
Here I found the PolicyAnalyzer.zip and Windows 16Version 1809 and Windows Server 2019 Security Baseline.zip in the list of files.
Opening the Policy Analyzer
The next steps included entering Expand-Archive commands to extract the contents of the zip files into their own sub categories. I then entered the command ‘C:\LABFILES\PolicyAnalyzer\PolicyAnalyzer’ to open the Policy Analyzer application.
I then selected ‘Policy Rule Sets’ in order to select the Documentation Folder.
Performing a View/Compare
Once the Documentation files were opened. I performed a View/Compare of MSFT-Win10-v1809 RC5_Ws2019-FINAL using Policy Analyzer by marking the MSFI-Win10-v1809-RS5-W52010-FINAL Checkbox, then selecting View/Compare.
Analysing the Policy Viewer
Here the Policy Viewer brought up a list of 393 items. They detailed the policy types, settings and baseline values. As can be seen here the LockoutBadCount baseline reads at 10. Moving further down the Minimumpasswordlength baseline value reads at 14.
Comparing to Effective State
Next I performed a Compare to Effective State of MSFT-Win10-v1809-RS5-WS2019-FINAL using Policy Anayzer by marking the MSFT-Win10-v1809-RS5-WS2019-FINAL checkbox. Then selecting Compare to Effective State.
This feature, Compare to Effective State, performs a gap analysis between the baseline security template file and the current in-use values of the local operating system.
Gap Analysis
The Policy Viewer window will he displayed showing a comparison between the various policy settings contained in the MSFT-Win10-v1809-RS5-WS2019-FINAL policy rule set and the current operating system (labeled as "Effective state"). Notice that many items are highlighted in yellow and these are where there are differences between the baseline file and the current effective state of the live operating system environment or PC10.
The MinimumPasswordLength on the effective state reads at 7 whereas the requirement is 14. Similarly The LockoutBadCount reads at 0 whereas the baseline value should be 10.
We can see from the gap analysis that PC10 is currently not compliant with the security baseline template and some enhancements need to be carried out. Here we established the differences between the intended or expected configuration of a system and its actual operating configuration.