Free Essay

Is3340

In:

Submitted By asligh
Words 2606
Pages 11
Introduction
Course: IS3340 Week: 1 Lab: Using NTFS to Secure Files and Folders Assignment
In this lab you will use NTFS and share permissions to control access to files and folders.

Story
You're part of the IT support team in the New York office of a nationwide travel services company called USA Travel. You have three other offices in Dallas, San Francisco, and Chicago. All the offices have a separate Windows 2003 Active Directory domain. The domain for the New York office, the root domain for the organization, is named usatravel.com. One afternoon you receive a call from Larry Drake, one of the two sales supervisors in your office. He and the other sales supervisor, Marta Vasquez, both have new Windows XP Professional computers, and they've created a few folders structures on both computers to hold important files. They'd like you to come to their desks and set whatever permissions you need to make sure their sales employees have the different levels of access they'll need to the folders. He then proceeds to give you the following information. There are two sales teams. The first team, led by Larry himself, has two members: Cindy Williamson and Lew Ferrell. The second team, led by Marta Vasquez, also has two members: Tammy Dobson and Juanita Dawson. The Sales department also has an administrative assistant named Markie Chung. The network administrator for your office created three security groups (which you later find out are domain local groups) for the Sales department. SalesAdmin has four members: Larry Drake, Marta Vasquez, Markie Chung, and the Administrator account. Sales1 (Larry's direct reports) has two members: Cindy Williamson and Lew Ferrell. Sales2 (Marta's direct reports) also has two members: Tammy Dobson and Juanita Dawson. On Larry's computer, PRO21, he has created two different folder hierarchies. The first parent folder is named Accounts1. In that folder he has two subfolders, Profiles1 and Reports1. He needs you to give all three sales groups access to the Accounts1 folder. He also needs the Sales1 and Sales2 groups to be able to read information in the Profiles1 folder but not make any changes. Additionally, he needs his direct reports to add files to the Reports1 folder but not delete any files in the folder. He does need full control over both folders, as do Marta and Markie.

Marta has a folder on her computer (PRO23) named Expenses. She needs all the sales staff to be able to add and change and delete documents in the Expenses folder. However, there's a document named Budget in the Expenses folder that only she and Larry need to have access to. Markie should not be able to access the Budget document. Finally, nobody outside the Sales department should have any access to any of the folders on PRO21 and PRO23.

Conditions
You have a network with one Windows 2003 domain controller and two Windows XP Professional workstations that are members of the domain.

Notes
The Administrator password is password. As you perform the various steps of the lab, update your lab report. You will send the lab report to your online instructor for evaluation after you quit the lab. Submit the following screenshots to your online instructor for evaluation: 1) A screenshot showing change permissions for Sales 1 and Sales 2 groups. 2) A screenshot showing NTFS permissions for the Reports1 folder. 3) A screenshot showing full control NTFS permissions for Larry Drake and Marta Vasquez. These screenshots map to the evaluation criteria. Therefore, submit all screenshots to get the points assigned to all evaluation criteria.

Diagram

Connecting to your lab
In this module you will be working on the following equipment to carry out the steps defined in each exercise.    DC1 PRO21 PRO23

Each exercise will detail which console you are required to work on to carry out the steps. To start simply click on the named Server from the device list (located on the left hand side of the screen) and click the Power on from the in tools bar. In some cases the devices may power on automatically. During the boot up process an activity indicator will be displayed in the name tab:    Black - Powered Off Orange - Working on your request Green - Ready to access

If the remote console is not displayed automatically in the main window (or popup) click the Connect icon located in the tools bar to start your session. If the remote console does not appear please try the following option:  Switch between the HTML 5 and Java client versions in the tools bar.

In the event this does not resolve your connectivity problems please visit our Help / Support pages for additional resolution options.

Sample Solution
Task Index
Task 1 On PRO21, share the Accounts1 folder and grant the Sales1 and Sales2 groups Change share permissions. Grant the SalesAdmin group Full Control share permissions. Remove Everyone from the access control list. Task 2 On PRO21, stop NTFS permissions inheritance on the Accounts1 folder. Assign the SalesAdmin group Full Control NTFS permissions on the Accounts1 folder, and assign the Sales1 and Sales2 groups the Read and Write NTFS permissions to the Accounts1 folder. Then deny the Sales1 and Sales2 groups Write NTFS permissions to the Profiles1 folder, and verify that Sales1 group has Read and Write NTFS permissions to the Reports1 folder. Deny the Sales2 group Read and Write NTFS permissions on the Reports1 folder. Task 3 On PRO23, share the Expenses folder. Give the Sales1, Sales2, and SalesAdmin groups Full Control share permissions. Remove Everyone from the access control list by preventing permissions inheritance. Give the Sales1 and Sales2 groups Modify NTFS permissions to the Expenses folder. Remove NTFS permissions inheritance from the Budget document. Grant Larry Drake and Marta Vasquez Full Control NTFS permissions to the document.

Task 1 - Granting share permissions
On PRO21, share the Accounts1 folder and grant the Sales1 and Sales2 groups Change share permissions. Grant the SalesAdmin group Full Control share permissions. Remove Everyone from the access control list. Hint: You assign share permissions to a file or folder using the Sharing tab in the file's or folder's Properties dialog box.

Step 1: Log on to PRO21 and open Windows Explorer.
Action: 1) Log on to PRO21 as Administrator with a password of password 2) Open Windows Explorer. Result: You're logged on to PRO21 and Windows Explorer is open.

Step 2: Share the Accounts1 folder.
Action: 1) In Windows Explorer, expand My Computer in Folder pane and select the C drive, right-click on the Accounts1 folder and choose Sharing and Security. 2) Select Share This Folder and use the default Share name. Click Apply. Result: The Accounts1 folder is shared with the default share name Accounts1.

Step 3: Assign the Sales1 and Sales2 groups Change share permissions, assign the SalesAdmin group Full Control share permissions, and remove Everyone from the access control list.
Action: 1) In the Accounts1 Properties dialog box, on the Sharing tab, click Permissions. 2) Click Add and then Advanced tabs. Click the Find Now button and scroll through the results to find the Domain Admins, SalesAdmin, Sales1, and Sales2 groups. Click on the groups and select OK to add them one at a time. Click OK once they have been added to the objects name box. Click OK.

3) Select SalesAdmin and Domain Admins in the Name list, and in the Allow Column, check Full Control. 4) Select the Sales1 group, and in the Allow column, check Change. Then select the Sales2 group, and in the Allow column, check Change. 5) Select Everyone in the Name list and click Remove. 6) Take a screenshot to show that Sales1 and Sales2 have change share permissions to the Accounts1 folder. 7) Click OK to close the Permissions For Accounts1 dialog box. Result: The Sales1 and Sales2 have Change share permissions to the Accounts1 folder. The SalesAdmin group has Full Control share permissions to the Accounts1 folder, and the group Everyone has been removed from the access control list.

Task 2 - Stop NTFS permissions inheritance
On PRO21, stop NTFS permissions inheritance on the Accounts1 folder. Assign the SalesAdmin group Full Control NTFS permissions on the Accounts1 folder, and assign the Sales1 and Sales2 groups the Read and Write NTFS permissions to the Accounts1 folder. Then deny the Sales1 and Sales2 groups Write NTFS permissions to the Profiles1 folder, and verify that Sales1 group has Read and Write NTFS permissions to the Reports1 folder. Deny the Sales2 group Read and Write NTFS permissions on the Reports1 folder. Hint: A file or folder on an NTFS volume inherits permissions from its parent object: either another folder or the volume itself if the folder is at the volume's root. You can use permissions inheritance to simplify NTFS permissions assignments, but be careful that files and folders aren't inheriting the wrong NTFS permissions.

Step 1: Stop NTFS permissions inheritance on the Accounts1 folder. Action:
1) In the Accounts1 Properties dialog box, select the Security tab. At the bottom of the Security page click Advance. 2) In the Advanced security dialogue box uncheck Inherit parent the permission entries that apply to child objects. Click the Remove option the security dialogue box. 3) Click OK to return to the Security tab. Result: The Accounts1 folder is no longer inheriting NTFS permissions from the C drive.

Step 2: Assign the SalesAdmin group Full Control NTFS permissions and the Sales1 and Sales2 groups Read and Write permissions to the Accounts1 folder.
Action: 1) On the Security page, click Add and then Advanced tabs. Click the Find Now button and scroll through the results to find the Domain Admins, SalesAdmin, Sales1, and Sales2 groups. 2) Click on the groups and select OK to add them one at a time. Click OK once they have been added to the objects name. 3) Select the Domain Admins and SalesAdmin group in the Name list, and in the Allow column, check Full Control.

4) Select the Sales1 group, in the Allow column, uncheck Read & Execute and List Folder Contents. In the Allow column, check Write. Apply the same permissions to the Sales2 group. When you're done, click OK. Result: The SalesAdmin group has Full Control NTFS permissions on the Accounts1 folder. The Sales1 and Sales2 groups have Read and Write NTFS permissions on the Accounts1 folder. The Profiles1 and Reports1 folders inside the Accounts1 folder inherit these NTFS permissions.

Step 3: Deny the Sales1 and Sales2 groups Write NTFS permissions to the Profiles1 folder, and verify that Sales1 group has Read and Write NTFS permissions to the Reports1 folder. Deny the Sales2 group Read and Write NTFS permissions on the Reports1 folder.
Action: 1) In the Accounts1 folder, right-click on the Profiles1 folder and choose Properties. Select the Security tab. Verify that the Profiles1 folder is inheriting NTFS permissions from the Accounts1 folder. Select the Sales1 group, and in the Deny column, check Write. Do the same thing for the Sales2 group. 2) Select the SalesAdmin group and verify that the group has Full Control NTFS permissions. Click OK. Click Yes to close the Security message box. 3) In the Accounts1 folder, right-click on the Reports1 folder and choose Properties. Select the Security tab. Verify that the SalesAdmin group has Full Control and the Sales1 group has Read and Write NTFS permissions. Take a screenshot showing NTFS permissions for the Reports1 folder. 3) Select the Sales2 group, and in the Deny column, check Read and Write. Click OK and click Yes to continue. Result: The SalesAdmin group has full control over the Profiles1 and Reports1 folders. The Sales1 and Sales2 groups have Read NTFS permissions to the Profiles1 folder. The Sales1 group has Read and Write NTFS permissions to the Reports1 folder, however, the Sales2 group cannot access the Reports1 folder.

Task 3 - Modify NTFS permissions
On PRO23, share the Expenses folder. Give the Sales1, Sales2, and SalesAdmin groups Full Control share permissions. Remove Everyone from the access control list by preventing permissions inheritance. Give the Sales1 and Sales2 groups Modify NTFS permissions to the Expenses folder. Remove NTFS permissions inheritance from the Budget document. Grant Larry Drake and Marta Vasquez Full Control NTFS permissions to the document. Hint: Remember, when share and NTFS permissions are combined, the most restrictive of the two sets of permissions applies.

Step 1: On PRO23, share the Expenses folder.
Action: 1) Log on to PRO23 as Administrator with a password of password 2) Open Windows Explorer on the C drive, right-click on the Expenses folder and choose Sharing and Security. 2) Select Share This Folder, and use the default share name. Click Apply. Result: On PRO23, the Expenses folder is shared with the default share name of Expenses.

Step 2: Give Sales1, Sales2, and SalesAdmin Full Control share permissions to the Expenses share.
Action: 1) On the Sharing tab, click Permissions. Add the three sales groups and Domain Admins to the Name list. Give each group full control, and then remove Everyone from the list. Result: The Sales1, Sales2, SalesAdmin and Domain Admins groups have Full Control share permissions to the Expenses share.

Step 3: Give the Sales1 and Sales2 groups Modify NTFS permissions and the SalesAdmin group Full Control NTFS permissions.
Action: 1) In the Expenses Properties dialog box, select the Security tab. At the bottom of the Security page click Advance.

2) In the Advanced security dialogue box uncheck Inherit parent the permission entries that apply to child objects. Click the Remove option the security dialogue box. Click OK. 3) Add the Sales1 and Sales2 groups to the Name list. Give both groups the Modify NTFS permission. Add the SalesAdmin and Domain Admins group and give it Full control. Result: The Expenses folder is not inheriting NTFS permissions from the C drive. The Sales1 and Sales2 groups have Modify NTFS permission on the Expenses folder. The SalesAdmin group has full control.

Step 4: Remove NTFS permissions inheritance from the Budget document. Grant Larry Drake and Marta Vasquez Full Control NTFS permissions to the document.
Action: 1) In the Expenses folder, right-click on the Budget document, choose Properties, and select the Security tab. 2) Uncheck Allow Inheritable Permissions From Parent To Propagate To This Object. Click Remove. 3) Add both Larry Drake's and Marta Vasquez's user accounts to the Name list. Assign them both Full Control permissions. 4) Take a screenshot showing full control NTFS permissions for Larry Drake and Marta Vasquez. Result: Only Larry Drake and Marta Vasquez can open and modify the Budget document in the Expenses folder. Check Results You can check share permissions on any share by right-clicking on the shared folder, choosing Sharing, and clicking Permissions on the Sharing tab. You can check a shared folder's NTFS permissions by selecting the Security tab in the same dialog box. To check the NTFS permissions on any file or folder, right-click the object, choose Properties, and select the Security tab.

You could also experiment with permissions in this lab by logging on to PRO21 as a specific user and seeing if they have the permissions to the Accounts1 share and its subfolders. For example, you could log on as Tammy Dobson, a member of the Sales2 group, and verify that she can read the contents of Profiles1 but not the contents of Reports1.You could log on as the various users in the Sales OU to see if the effects of the share and NTFS permissions are what you expect.

Summary
In this lab, you completed the following tasks: Task 1 - Grant group Full Control share permissions Task 2 - Stop NTFS permissions inheritance Task 3 - Modify NTFS permissions to the Expenses folder

Similar Documents

Free Essay

Is3340

...IS3340 Final Questions Marvin Ruff 08/11/14 1. Which windows encryption options do you enable using object properties dialog? 2. What protocol encrypts data? 3. Which element in a pki infrastructure authorizes a client to request a certificate? 4. What entity issues and validates digital certificates? 5. What type of malware is a self-contained program? 6. What antivirus feature protects computers from infected emails? 7. How often should anti malware check for updates? 8. What part of an operating systems provides essential services? 9. What is the process of proving that identity credentials are valid and correct? 10. The ability to run a backup is an example of which windows feature? 11. What is the best reason to define security groups while configuring access right for users in a network? 12. What is the best reason to use AD? 13. How often should you scan computers for malware? 14. What can you do to stay malware free? 15. Where are local GPO settings stored? 16. Which container should you link to a gpo to apply a gpo to apply the GPO to a logical group of sites? 17. What tools shows the affect applying GPS will have for a specific user? 18. The MBSA does not scan what? 19. What scanner helps to extend the MBSA? 20. What the principal of least privilege? 21. What process would a user use to enter a token generated password? 22. What is windows to us to store access control rules? ...

Words: 288 - Pages: 2

Premium Essay

Is3340 Unit 1

...Unit 1 Assignment1: Adding Active Directory Robert Hanke ITT Tech IS3340 Windows Security Dr. Joseph Martinez 3/27/14 Unit 1 Assignment1: Adding Active Directory Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, the system admins will create Organizational Groups (OU). These OU’s can then can have restriction or Group Policy Objects (GPOs) put in to place that will restrict what a user can and can’t access. An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. Using organizational units, you can create containers within a domain that represent the hierarchical, logical structures within your organization. You can then manage the configuration and use of accounts and resources based on your organizational model (techNet, 2005). With the users assigned to group accounts or OU’s, you can use to assign a set of permissions and rights to multiple users simultaneously, along with making any changes that are needed to individual users. Computer accounts provide a means for authenticating and auditing computer access to the network and to domain resources. Each computer account must be unique. Once the conversion has taken place, the local users on the client computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation...

Words: 430 - Pages: 2

Premium Essay

Is3340 Final Exam

...IS416 Securing Windows Platforms and Applications FINAL EXAMINATION 1. Scope This exam covers all Units and is based on the content from the textbook. 2. Answer Key |Question Number |Correct Answer |Course Objective(s)|Reference | | | |Tested | | |1. |c |1.1 |Security Strategies in Windows Platforms and Applications, Pages 22–23 | |2. |b |1.2 |Security Strategies in Windows Platforms and Applications, Page 27 | |3. |d |1.3 |Security Strategies in Windows Platforms and Applications, Page 31 | |4. |c |1.4 |Security Strategies in Windows Platforms and Applications, Page 32 | |5. |a |1.5 |Security Strategies in Windows Platforms and Applications, Page 32 | |6. |c |2.1 |Security Strategies in Windows Platforms and Applications, Page 42 | |7. |a |2.2 |Security Strategies in Windows Platforms and Applications, Page 44 | |8. ...

Words: 2305 - Pages: 10

Free Essay

Is3340 Week 4

...KAMRAN JAN WK4 Assignment 1 Security policy statements: 1. Previous attempts to protect user accounts have resulted in users writing long passwords down and placing them near their workstations. Users should not write down passwords or create passwords that attackers could easily guess. Require all personnel attend a lunch and learn session on updated security policies. 2. Every user, regardless of role, must have at least one unique user account. A user who operates in multiple roles may have multiple unique user accounts. Users should use the account for its intended role only. Create a set of new user accounts with administrator privileges and disable all ‘administrator’ user accounts. 3. Anonymous users of Ken 7 Web application should only be able to access servers located in the demilitarized zone (DMZ). No anonymous Web application users should be able to access any protected resources in the Ken 7 infrastructure Place a firewall between your Web server and your internal network. . 4. To protect servers from attack, each server should authenticate connections based on the source computer and user. Implement Kerberos authentication for all internal servers. 5. Passwords should not be words found in the dictionary. Enforce password complexity. 1. The ERP software vendor reports that some customers have experienced denial-of-service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web...

Words: 344 - Pages: 2

Free Essay

Is3340 Lab 1

...Lab 1 Worksheet 1. Active Directory and the configuration of access controls achieve C-I-A for folders and data because it controls who can access certain files and folders. This keeps the data confidential since only authorized users can access the files as well as keeping the integrity of the data as it is not able to be modified by unauthorized users. It also meets the accessibility requirements of C-I-A since the authorized users are able to access the resource through proper configuration of the Active Directory Domain Services. 2. It is not a good practice to include the user name in the password since authentication protocols may only transmit the password in cipher text but the user name as plain text, this makes it easy to intercept a user name and if that user name is part of the password, it makes it that much easier to break. 3. Password length and complexity requirements will ensure users are forced to have strong passwords to their accounts and password length and history will ensure the passwords are changed in reasonable increments of time as well as not being able to use the same password when a password change is required. 4. No, a user outside of the domain cannot access a shared drive within a domain. 5. Yes, a prompt requesting login credentials will appear when attempting to access a shared drive. 6. By default, the guests group has the least amount of implied privileges within the Active Directory structure. 7. Implementing controls...

Words: 407 - Pages: 2

Free Essay

Is3340 Unit 6 Assignment 1

...IS3340 Unit 6 Assignment 1 1. How much data has been modified between the last backup and the time of failure? No data should have been lost since nothing was change since the last backup and the backup would have been completed before the error occurred. 2. What images are necessary to recover the workstation? The images that are necessary would be the reimaging image along with the latest back up image available. 3. What are the steps necessary to fix the problem that cause the data loss? Verify what caused the loss by reading the logs. Determine the fix for the issue. Reimage the computer. Restore the computer to last backup state and disable the issue that caused the data loss. 4. What steps should Ken 7 take to avoid a reoccurrence of this issue in the future? Read the logs to find out what caused the issue that caused the data lose.   Right a procedure guide to prevent the issue from occurring. Alert users of the occurrence of the issue and the way to prevent the issue. (Soloman, 2001) Procedure Guide: 1. Read logs to decide what cause the issue to occur. 2. Re-Image the computer to default configuration. 3. Restore to first available backup of the system. Restore Process: 1. Right-click on your Computer desktop icon (or click Start and right-click on the Computer tab on the right pane of the menu). 2. Click on Properties. 3. Locate the System protection tab in the System Properties menu. 4. Select the hard disk that you...

Words: 393 - Pages: 2

Premium Essay

Is3340 Unit 4 Assignment 1

...Identifying Types of Malware Infection 1) You notice that your computer is getting slower each day. You have terminated unneeded programs, disabled unneeded services, and have recently defragmented the disks. Your computer has plenty of memory but it still seems slow. Since it only started getting slow within the last two weeks, you suspect a malware attack. You have carefully examined each of the programs running but there are no unusual programs. However, you do notice that there is substantial disk activity, even when no programs are running that should be using the disk. What kind of malware do you think is present in your computer? Rootkit and likely another type of malware – Closing all programs and still seeing disk usage would suggest that a rootkit has installed and is actively hiding the actual program running. The rootkit would hide the program while a virus or worm is likely behind the scenes wreaking havoc. 2) You download a new program to display the current weather on your desktop. Since you installed the weather application you noticed a lot of network activity and your computer is getting slow. When you terminate the weather application your computer speeds up. What kind of malware do you think is present in your computer? Trojan Horse – Acting as a useful program, it actually infects and runs amuck inside of the pc and network. 3) Within a week after ordering a new widescreen television (TV) from an online retailer, you start getting many email...

Words: 407 - Pages: 2

Free Essay

It Computer

.../1724144-IS3340/ Looking for help with IS 3340 at ITT Tech Flint? Course ... IS 3340 - Windows Security - ITT Tech Flint Study Resources ...... Quality answers or your money back. IS3340 Lab Unit 5 Assignment 1 : WINDOWS SE IS3340 ... www.coursehero.com/file/8721414/IS3340-Lab-Unit-5-Assignment-1/ Jan 26, 2014 - MOST POPULAR MATERIALS FROM WINDOWS SE IS3340. 1 Page ... IS3340 Lab Unit 5 Security Assessment Potential Risk ... Access Security > Ali > Notes > IS4670_15_Syllabus.pdf ... www.studyblue.com/notes/note/n/is4670_15_syllabuspdf/.../9759518 Feb 7, 2014 - Find and study online flashcards from Access Security. ... IS3350 Security Issues in Legal Context IS3230 Access Security IS3340 Windows Security IS3440 .... Don?t assume there is only one correct answer to a question ? You've visited this page 2 times. Last visit: 5/28/14 [DOC] Assignment www.webonthecloud.com/is3340/Assignments.docx This assignment builds on the scenario of Ken 7 Windows Limited, which was ... Provide the answers to the following questions to satisfy the key points of ... IS3340 Windo ws Security STUDENT COPY: Graded Assignment Requirements. [DOC] Syllabus - ITT Tech. www.webonthecloud.com/is3340/Syllabus.docx IS3340. Windows Security. Instructor name. Francisco Morales .... Don't assume there is only one correct answer to a question. § Don't be afraid to share your ... Is3340 windows security answers - free ebook downloads www.freebookez.com/is3340-windows-security-answers/ Is3340 windows...

Words: 287 - Pages: 2

Premium Essay

Movies

...IS3340 —Windows Security E-mail: E-mail: VShafer@itt-tech.edu Cell Phone#: 865-236-1869 Title: Analyzing Windows Application Software for Security Vulnerabilities Learning Objective ▪ Design techniques to protect given Windows application software from security vulnerabilities. Key Concepts ▪ Vulnerabilities to Microsoft server and client applications ▪ Strategies for securing Microsoft server and client applications ▪ Procedures for securing Microsoft applications Class/Content Outline: 5:00pm – 5:50pm Theory 7 (50 min.) 1. Roll / Lesson Plan / Handouts 2. Review/ Discuss Unit 8 ~ ▪ Chapter 12 “Microsoft Application Security”; pp. 271-296 3. In Class IS3340.U8.GA1 ~ Unit 8 Assignment 1: Policy for Securing Windows Environment ▪ You will select from the list of security controls that best addresses to each given ERP vulnerabilities. (*Note: You will refer to the Unit 1 case scenario IS3340.U1.TS3.doc for the Ken 7 Windows Limited details.) We will discuss the correct answers in class 6:00pm – 7:40pm Lab 1 (100 min.) 4. Lab 8 ~ Apply Security Hardening on Windows Microsoft Server & Microsoft Client Applications; pp. 68-73 8:00pm – 9:40pm Theory 7 (100 min.) & 9:50pm – 10:45pm Theory 7 (55 min.) 5. IS3340.U8.GA2 ~ Unit 8 Assignment 2: Best Procedures to Secure Windows Applications ▪ To complete IS3340.U8.GA2.doc ~ You will write a Windows application policy and define its procedure for...

Words: 630 - Pages: 3

Free Essay

Active Directory

...IS3340: Week 1 Assignment 1: Adding Active Directory Bob Johnson IS3340: Windows Security 11/02/2014 Arthur Salmon When evaluating the current set up for all of the PCs that we have at Ken 7 Windows and the purchase of a new enterprise resource planning (ERP) software package, I would definitely recommend that we use Active Directory (AD). There are several reasons to use AD. I will give a few reasons why we should use AD. My first reason is that with the purchase of the new servers we have a wider area to protect. With this being that, we have purchased several new servers that need to be more secure and restrict access to the key people or groups of people that need access to pertinent information. Secondly, by doing this we can activate a more secure password criteria. Making passwords of no less than eight characters long and they must contain a capital letter, a number, and a special character. These passwords will be set to renew anywhere from 30 – 90 days. The most common setting for this feature is 90 days. A notification will sent to the user 14 days prior to the password’s expiration and prompt the user to change their password. Thirdly, special access tokens will be used to insure the identity of the user. A smart card will be in place. This smart card slips into a slot and read a magnetic strip, a microchip that is imbedded into the card, or a by a bar code on the back of the card. Using the bar code will be the less expensive route to take. The...

Words: 469 - Pages: 2

Premium Essay

Lab3

...56 Lab #3 | Configure BitLocker and Windows Encryption LAB #3 – ASSESSMENT WORKSHEET Configure BitLocker and Windows Encryption Course Name and Number: IS3340 Windows Security Student Name: Daniel Longo Instructor Name: Dakrouni Lab Due Date: 10/4/2013 Overview In this lab, you used the Microsoft® Encrypting File System (EFS) to encrypt files and folders on a Windows Server 2008 machine. You documented the success or failure of your encryption efforts. You also installed Microsoft® BitLocker Drive Encryption, a data protection feature that is used to resist data theft and the risk of exposure from lost, stolen, or decommissioned computers. You encrypted a data drive on the server and created a recovery key. Lab Assessment Questions & Answers 1. Within a Microsoft® Windows 2008 server R2 environment, who has access rights to the EFS features and functions in the server? 2. What are some best practices you can implement when encrypting BitLocker drives and the use of BitLocker recovery passwords? 38542_Lab03_Pass2.indd 56 3/2/13 10:01 AM Assessment Worksheet 3. What was the recover key created by BitLocker in this lab? 57 4. BitLocker secured drives. How would you grant additional users access rights to your EFS encrypted folders and data files? 5. What are the main differences between EFS and BitLocker? 6. The customer privacy data policy in your company’s data classification standard requires encryption in 3 ...

Words: 279 - Pages: 2

Premium Essay

Test

...ITT Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110...

Words: 2305 - Pages: 10

Free Essay

Unit 2 Assignment 1

...IS3340-WINDOWS SECURITY | Recommendations for Access Controls | Unit 2 Assignment 1 | | [Type the author name] | 4/3/2014 | | Access Control is the defined as “the selective restriction of access to a place or other resource”, in the RFC 4949. “The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.” Simply put the ability to read, write, modify, or deleting information or files is what Access Control is. It is more than this, in the permissions (authorization) granted to each Security Group or Individual User. The permissions mentioned in the previous paragraph are rights that a user is allowed to access, create, modify, or delete the file(s) inside a file folder, or objects. These are all permissions (authorizations) controlled by the Authorized Windows Security Personnel of the file structure. We will list some examples of how this outlined and what the impact would be, but first understand that requirements for the permissions is controlled from the Group Level, other than by Individual User, because it is easier to control from a security standpoint when you want to modify these abilities. There are four folders created (D:\ERPdocuments, D:\ERPdocuments\HRfiles, D:\ERPdocuments\SFfiles, D:\ERPdocuments\MGRfiles) which we want to allow specific permissions for certain functions (tasks). For example; by modifying the permissions under the specific user account for HRmanager to include...

Words: 436 - Pages: 2

Free Essay

Best Practices in Managing Chances to Windows Systems and Applications

...IS3340-WINDOWS SECURITY | BEST PRACTICES IN MANAGING CHANCES TO WINDOWS SYSTEMS AND APPLICATIONS | UNIT 10 DISCUSSION 1 | | | 5/29/2014 | | Just as Ken 7 Windows Limited is experiencing Denial of Service attacks, many corporate websites have suffered from illegal DoS attacks more than once. Companies that learn how to turn these experiences to their advantage go a long way to ensuring it doesn't happen again. The summary of what is being seen on the infrastructure is thus; * Denial of Service (DoS) attacks on the Web Servers supporting Ken 7 Windows clients. * Remote clients report connection failures/difficulty accessing Ken 7 Windows planning and order management software application The events of a network attack can uncover some very important mistakes and provide more than a few lessons. Turning these lessons into best practices is where the rewards of such adversity are realized. Ken 7 Windows can arrive at these best practices by asking: "How are we vulnerable?" The following best practices are a sample of some of the common conclusions following a DoS attack. 1. Create a virtual private network (VPN) for authenticated user. 2. Separate authentication an anonymous users on separate servers (some on different subnets). 3. Use firewall rule to close all ports except 80 (HTTP-Hypertext Transfer Protocol) & 443 (HHTPS-Hypertext Transfer Protocol over TLS/SSL). 4. Restrict all anonymous user accounts. 5. Use Kerberos...

Words: 435 - Pages: 2

Premium Essay

Unit 4 Assignment 1

...IS3340-WINDOWS SECURITY | Auditing Tools for Windows System | Unit 4 Assignment 1 | | | 5/1/2014 | | 1. You want to schedule a weekly analysis for the Windows servers in your data center. The command should run as a scheduled job and report any available patches for the Windows Server 2008 R2 operating system, Internet information services (IIS) Web server, or structured query language (SQL) server that have not been installed. Which tool would be the best choice?. MBSA command line interface 2. You like the way MBSA presents scan results but you need to scan for vulnerabilities in older Windows products, including Microsoft Office 2000. Which tool provides extended scanning and the ability to use MBSA to view scan reports? Security Configuration and Analysis (SCA) 3. Your organization wants to encourage its employees and contractors to use vulnerability scanners at home as well as at work. You want to select a single vendor that can provide scanner software products for home and enterprise computers. A single vendor product line can streamline coordinating and analyzing scan results from many different computers. Which set of tools would be the best choice? Secunia Security Analyzers 4. You have developed several templates that consist of security settings for several types of computers, including desktop workstations, laptops, and various servers. You want to quickly compare a computer’s settings to its corresponding template to see if any...

Words: 271 - Pages: 2