Free Essay

Is404 Week 1 Lab

In:

Submitted By kinduh
Words 1093
Pages 5
Week 1 Lab Part 1 - Assessment Worksheet

Assess the Impact on Access Controls for a Regulatory Case Study

Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings.

Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean?
Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong

2. Why would you add permissions to a group instead of the individual?
It is more resourceful and less time consuming.

3. List at least 3 different types of access control permissions available in Windows.
Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder?
Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security?
Enforce password history, minimum password age, maximum password age, minimum password length, and store passwords using reversible encryption. 6. Is using the option to ‘Store passwords using reversible encryption’ a good security practice? Why or why not? When should you enable the option to ‘Store passwords using reversible encryption’?
This option should be a last resort if there is no other alternative because gaining the password would be too easy. 7. What’s the difference between a Local Group Policy and a Domain Group Policy?
The domain group policy is only available on a computer where Active Directory is installed and effects all computers in the group to which it is attached. The local Policy is for the local computer and only affects the computer on which it is on.

8. In what order are all available Group Policies applied?
-Default Domain Controllers Policy
-Default Domain Policy
-Windows SBS Client - Windows XP Policy
-Windows SBS User Policy 9. What is an Administrative Template as it refers to Windows Group Policy Objects?
These are used to populate user interface settings within the Windows Group Policy Objects. 10. What is the GPMC?
The Group Policy Management Console

Week 1 Lab Part 2 – IT Domain Controls Assessment Worksheet

Design Infrastructure Access Controls for a Network Diagram

Overview
Fill in the following matrix with security controls to implement sound access controls throughout the seven domains of a typical IT infrastructure. Specify whether the security control achieves C-I-A and how it enhances security for that domain. IT Domain | Controls to Implement within Domains | IT Asset or Entity Requiring Security Controls | Are Confidentiality, Integrity, and Availability Achieved? | User domain | -Users | -Password-Access control | No | Workstation domain | -Computer | -Virus Scanning-Operating System Patching-Application-level Firewall | No | LAN domain | -Hub | - Intrusion detection/prevention system-Email scanning-Server-level virus scanning | Yes | LAN-to-WAN domain | -Firewall-Servers | -Firewall | Yes | WAN domain | -Firewall | -Traffic flow management- Broadcast filtering | Yes | Remote access domain | -Broadband internet | -IP tunneling-VPN | Yes | | | | | System/application domain | -Mainframe-Applications and web servers | -Patching on a regular basis | No |

Week 1 Lab Part 2 - Assessment Worksheet

Design Infrastructure Access Controls for a Network Diagram

Overview In this lab the student conducts research on the controls related to the common IT domains and the implementation of controls to enhance information security (confidentiality, integrity and availability of information and information systems). The primary objectives to review for this lab are listed below: * Review the seven domains of a typical IT infrastructure * Identify how access controls can achieve confidentiality, integrity, and availability throughout a typical IT infrastructure * Align risk exposure from unauthorized access to requirements for access controls * Design layered physical and logical access controls

Lab Assessment Questions & Answers 1. Why is it important to perform a risk assessment on the systems, applications, and data prior to designing layered access controls?
To ensure that everything is running correctly before taking the time and effort into upgrading and designing the layered access controls. 2. What purpose does a Data Classification Standard have on designing layered access control systems? information must be disclosed only to those people who have a legitimate business need for the information

3. You are tasked with creating a Microsoft Windows Enterprise Patch Management solution for an organization, but you have no budget. What options does Microsoft provide?
Free patch management tools are Numara Patch Management, PatchLink Security Patch and Vulnerability.

4. How does Monitoring the network and proper Incident Reporting help secure the infrastructure?
By monitoring the network it ensure that if something is to happen it will be immediately taken care of and reporting these things lets others know what to do in case the same problem occurs again. 5. Provide an example of multi-factor authentication.
Identity screening. 6. In what domain of a typical IT infrastructure would be the standard place to implement Anti-virus as a technical control? Explain.
The workstation domain because it’s where users work and it needs to be free and clear of any viruses, Trojans, worms, etc. 7. What is the difference between a Host-based Firewall and a Network-based Firewall? What domains would you deploy each of these? Explain.
An NIDS should best be describes as a standalone appliances that has network intrusion detection capabilities. Host intrusion detection systems are installed locally on host machines making it a very versatile system compared to NIDS. HIDS can be installed on many different types of machines namely servers, workstations and notebook computers. User domain, server/application domain, workstation domain, and LAN domain to help protect them from any intrusions. 8. Give at least 3 examples of Controls typically implemented in the User Domain. Explain these controls.
Access controls (who has to access to what), passwords (who can log into what files), and user authentication (which user has access to which account). 9. Provide 3 examples of encrypted remote access communications (i.e., remote access via Internet).
Features, security issues, and patents. 10. Which domain within a typical IT infrastructure is the weakest link in the entire IT infrastructure?
User domain.

Similar Documents

Premium Essay

It255

...ITT Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications ...

Words: 4114 - Pages: 17

Premium Essay

Seeking Help

...and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies for Web Applications & Social Networking IS316 Fundamentals of Network Security Firewalls & VPNs ...

Words: 4296 - Pages: 18