Premium Essay

Lab Access Control

In:

Submitted By calendarmonthmay
Words 300
Pages 2
Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system with layered defense-in-depth protection.

Instructions:
For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls (listed after the scenarios) for the given scenario and justify your recommendation.

Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail.

Access Controls * Administrative controls: Policies approved by management and passed down to staff, such as policies on password length. * Logical/technical controls: Control access to a computer system or network, such as a username and password combination * Hardware controls: Equipment that checks and validates IDs, such as a smart-card for or security token for multifactor authentication. * Software controls: Controls embedded in operating system and application software, such as NTFS

Similar Documents

Premium Essay

Lab 3 Enable Windows Active Directory and User Access Control

...Enable Windows Active Directory and User Access Control 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication and Authorization 2. What two access controls can be set up for Windows Server 2003 folder and authentication? Authentication and Access Control 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Folder Contents. The access control best fitting would be security policy. 4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access? This would fall under Group Policies. 5. What is two-factor authentication and why is it an effective access control technique? It is a two different type of identification process. Like an ID card and a pin code. 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs departmental folders, and data. The security details are created in the directory domain 7. It is a good practice to include the account or user name in the password? Why or why not? This is definitely not a good or suggested practice because this is a common starting place for hackers to start when attempting to log...

Words: 385 - Pages: 2

Premium Essay

Audit

...Auditing Standard 5: Information Technology General Controls Testing This assignment addresses Objective 1: Overall Security, in Chapter 11: Auditing Computer-based Information Systems. It requires testing some form of access authorization control, typically called an IT General Control (IT GC). You will find posted on the course site AS 5 PowerPoint presentation. Please review as you do this assignment. Chapter 11 also plays a part in this assignment. Required: A. Select a resource that is subject to access authorization control to access a resource. The resource can be anything, including hard assets or soft (information) assets. Also, it could be a non-financial or financial (accounting) resource. Examples: Access to a dorm or an apartment building, access to controlled parking lots, buildings (such as a hospital, especially outside normal hours of operation, including weekends), cafeteria, a controlled ATM facility, library or lab facilities, computer operating room, a restricted event, class rooms (such as BA 111), fitness center. It could even be something quite unique. For example, on the back of my credit card, in place of the signature, I have “Request ID.” I could track all charge card transactions and track failures to ask for my ID, that is, incidences where I used the card but the provider of products or services did not request my ID (some businesses do not care if the charge is less than $25). Another example: Compliance test of a check on...

Words: 880 - Pages: 4

Premium Essay

Is4550 Week 5 Lab

...Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance gone...

Words: 1625 - Pages: 7

Premium Essay

Lab 24 Science

...# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing...

Words: 426 - Pages: 2

Premium Essay

Week 5 Nt 2580

... Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. GROUP ACTIVITY Discuss and complete the following worksheet: ------------------------------------------------- IT2580: Unit 3 Types of Authentication Instructions: In the following table, identify the type of authentication for the given authentication methods. Authentication Method | Authentication Type (Knowledge, Ownership, or Characteristic) | Password | | Smart card | | Fingerprint | | Personal identification number (PIN) | | Token | | Badge | | Signature | | ------------------------------------------------- DISCUSSION ------------------------------------------------- IT2580: Unit 3 Access Controls Discussion: Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system...

Words: 716 - Pages: 3

Premium Essay

Access Control

...Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access control...

Words: 1611 - Pages: 7

Premium Essay

Enable Windows Active Directory and User Access Controls

...50 LAB #3 | Enable Windows Active Directory and User Access Controls LAB #3 – ASSESSMENT WORKSHEET Enable Windows Active Directory and User Access Controls Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview This lab provided students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrated how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins were used to create users, groups, and configure role-based access permissions and controls on objects and folders in a Windows Server 2003 Active Directory system. Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be set up for Windows Server 2003 folders and authentication? Authentication and Access control. 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Assessment Worksheet 4. What is the mechanism on a Windows server where you can administer granular policies and 51 permissions on a Windows network using role-based access? 5. What is two-factor authentication...

Words: 478 - Pages: 2

Premium Essay

Company Security Policy

...Industry Threats 15 1.6 Policy Enforcement 16 2 Credit Card Security Policy 17 2.1 Introduction 17 2.2 Scope of Compliance 17 2.3 Requirement 1: Build and Maintain a Secure Network 17 2.4 Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 18 2.5 Requirement 3: Protect Stored Cardholder Data 19 2.6 Requirement 4: Encrypt Transmission of Cardholder Data across Open and/or Public Networks 20 2.7 Requirement 5: use and Regularly Update Anti-Virus Software or Programs 20 2.8 Requirement 6: Develop and Maintain Secure Systems and Applications 21 2.9 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know 21 2.10 Requirement 8: Assign a Unique ID to Each Person with Computer Access 22 2.11 Requirement 9: Restrict Physical Access to Cardholder Data 22 2.12 Requirement 10: Regularly Monitor and Test Networks 23 2.13 Requirement 11: Regularly Test Security Systems and Processes 25 2.14 Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors 26 2.15 Revision History 29 3 Acceptable Use Policy 30 3.1 Overview 30 3.2 Purpose 30 3.3 Scope 30 3.4 Policy 31 3.5 Policy Compliance 35 3.6 Related Standards, Policies and Processes 35 3.7 Definitions and Terms 35 3.8 Revision History 36 4 Ethics Policy 37 4.1 Overview 37 4.2 Purpose 37 4.3 Scope 37 4.4 Policy 38 4.5 Policy Compliance 39 ...

Words: 26545 - Pages: 107

Free Essay

It Computer

...test√1, Windows Security Features. Chapter 1; Chapter 2. 2, Secure Access Control. Chapter 3. Lab 1; Assignment 1. 3, Windows Encryption. Chapter 4. IS 3340 - Windows Security - ITT Tech Flint Study Resources www.coursehero.com/sitemap/schools/1177-ITT.../1724144-IS3340/ Looking for help with IS 3340 at ITT Tech Flint? Course ... IS 3340 - Windows Security - ITT Tech Flint Study Resources ...... Quality answers or your money back. IS3340 Lab Unit 5 Assignment 1 : WINDOWS SE IS3340 ... www.coursehero.com/file/8721414/IS3340-Lab-Unit-5-Assignment-1/ Jan 26, 2014 - MOST POPULAR MATERIALS FROM WINDOWS SE IS3340. 1 Page ... IS3340 Lab Unit 5 Security Assessment Potential Risk ... Access Security > Ali > Notes > IS4670_15_Syllabus.pdf ... www.studyblue.com/notes/note/n/is4670_15_syllabuspdf/.../9759518 Feb 7, 2014 - Find and study online flashcards from Access Security. ... IS3350 Security Issues in Legal Context IS3230 Access Security IS3340 Windows Security IS3440 .... Don?t assume there is only one correct answer to a question ? You've visited this page 2 times. Last visit: 5/28/14 [DOC] Assignment www.webonthecloud.com/is3340/Assignments.docx This assignment builds on the scenario of Ken 7 Windows Limited, which was ... Provide the answers to the following questions to satisfy the key points of ... IS3340 Windo ws Security STUDENT COPY: Graded Assignment Requirements. [DOC] Syllabus - ITT Tech. www.webonthecloud.com/is3340/Syllabus.docx IS3340. Windows Security...

Words: 287 - Pages: 2

Premium Essay

Post Implementation

...adequate security of data and programs. In addition to access security, procedures for backup, recovery, and restart had been reviewed. 5.1 Data Security Unleashed as an online system, has transaction logging for us to review the adequacy of its data safeness. We do have concern of data security as the implementation group mentioned, the system only asks for user name and password for access. We suggest we add a feature that after entering user name and password on the website, each authorized user need to click on a link which generates a random security code which is sent to the phone (SMS) and email registered with theirs accounts. They need to enter this security code before they are allowed access. The code expires in 10 minutes. (Hall, 2011) 5.2 Disaster Recovery Unleash is an online software which brings out our concern about data recovery, data might get corrupt if the client is experiencing internet traffic or reginal blackout. Thus fore, we suggest Unleash backups transfer only new or changed blocks—shrinking the backup windows, minimizing network traffic, and reducing disk capacity requirements. Because it’s not moving or storing redundant data, the client can back up more often on hourly basis, for instance, while reducing their storage footprint. We do recommend the client download Master Data and Transaction Data on a daily basis, store these data in their local server, the users will have read-only access. We also recommend the client download our system user...

Words: 1170 - Pages: 5

Free Essay

Best Practice Guide for a Ddos Attack

...Running head: Best Practice Guide Best Practice Guide for a DDoS Attack WGU – LOT2 Hacking Task 2 Abstract This paper will accompany a PowerPoint presentation about best practices for preventing a DDoS attack. This will be the best practice guide and will be mentioning and elaborating all of the points in the slideshow. Best Practice Guide for a DDoS Attack It is important to have a plan in place when dealing with a DDoS attack. This guide will serve as the best practice guide for the university. Outlined will be some of the best practices to help prevent a DDoS attack and will be followed by the university. The first thing that the university needs to do is create a response plan and practice the plan over and over. The worst thing that could happen is a DDoS attack starts to occur and nobody knows what to do or what their role is in stopping this attack. A team must be formulated and assignments can be broken down between team members to divide and conquer this attack. It is better to have five different people working on five different tasks or ways to stop the attack instead of five people working on one. The best way to understand the attack is to attack yourself and find the weak spots. Performing a vulnerability assessment on your network will give you a better understanding how your networks functions and where you can find single points of failure. Redundancy is being able to still continue working...

Words: 935 - Pages: 4

Premium Essay

Lab 7

...Antonio Johnson Class: Access Security Unit: IS3230 September 25, 2014 Lab 2 Design Infrastructure Access Controls for a Network Diagram Lab 2 Answers 1. To check it there I any malware, updates where it be made, and to know if any other viruses are the system or application 2. help to cut down storage and backup cost, to meet legal regulatory requirements for retrieving specific information within a set timeframe. Data strategies are different types and volume. 3. Have backup/ restore for the patch management 4. Networking monitoring allows real-time communication to take place on a data path that’s established and does change. Performances monitoring is circuit-switched networks known for stability and reliability with industry standards, it alarms the network engineers of new attack protocols. It also helps secure IT infrastructure be increasing storage needs 5. I think passwords and PIN are required for multi-factor authentication 6. Systems/Application domain because attackers will target that first. 7. Network-based firewall is a computer network firewall operating at the application layer protocol stack. Hose-based firewall is monitoring any application input, output, or systems services calls are made from. I put in the implementation, the firewall will block out malware and it let me know when the firewall needs to be updated. 8. Consuming Entering Using All 3 controls use permission called authorization which gives users right to...

Words: 323 - Pages: 2

Premium Essay

Rules

...will be subject to users being banned from using the facilities, to disciplinary procedures, or to prosecution under South African law. If any aspect of the regulations is not understood, please approach the Lab Consultant or Information & Communication Technology (ICT) division for clarification. The actions of users must be in compliance with the South African law and the rules of the University of KwaZulu-Natal (UKZN). 2. 2.1 General rules University computer facilities, including printers, may only be used for official University purposes. Private or personal work may not be undertaken without the permission of the Director, ICT. Users may not create a disturbance or interfere with other users. No smoking, eating or drinking is permitted in the computer laboratories. Users shall not litter, cause any mess or leave the laboratories in an untidy state. Users shall obey all reasonable instructions of Lab Consultants. 2.2 2.3 2.4 2.5 3. 3.1 3.2 3.3 3.4 Rights of Use Users shall only gain access to the computer facilities by producing a UKZN student or staff card, or written authorisation to use the facility. Users shall produce proof of identity at the request of the Lab Consultant or a University official. Users shall not share, distribute or use access identifications or passwords other than those assigned to...

Words: 894 - Pages: 4

Premium Essay

Nt2580 Unit 3 Assignment & Lab

...Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that...

Words: 477 - Pages: 2

Free Essay

None

...Injection can result in data loss or corruption, lack of accountability, or denial of access. Broken Authentication and Session Management - uses flaws in the authentication or session management functions to impersonate users. Flaws may allow some or even all accounts to be attacked. Cross-Site Scripting (XSS) - sending text- based attack scripts that exploit the interpreter in the browser. Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content. Insecure Direct Object References - an authorized system user, simply changes a parameter value that directly refers to a system object to another object the user isn’t authorized for. Flaws can compromise all the data that can be referenced by the parameter Security Misconfiguration - accessing default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain unauthorized access. Flaws frequently give attackers unauthorized access to some system data or functionality Sensitive Data Exposure - stealing keys, do man-in-the- middle attacks, or steal clear text data off the server, while in transit. Failure frequently compromises all data that should have been protected. Missing Function Level Access Control - Attacker, who is an authorized system user, simply changes the URL or a parameter to a privileged function. This allows attackers to access unauthorized functionality. Cross-Site Request Forgery (CSRF) - creates forged HTTP requests...

Words: 312 - Pages: 2