...Access control Basic concepts Access control • What can you do after authentication? • ”The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner” (ITU-T Recommendation X.800) AC concepts reference makes monitor request user or represented subject by ”principal” process, method, code… Authorization decision read, write, delete, create… object file, memory, device, process, method, code… protected entity is granted access (or not) active entity Auth… what? • Authentication: who made the request? • Authorization: is the subject authorized/ trusted to perform the operation? • Basic: observe, alter – very abstract, good for modeling Access operations • Concretely: depend on context & implementation ‣ memory: read, write, execute Examples, experience? ‣ files: … append, delete, change properties ‣ methods: … invoke, create, delegate… Access control matrix Matrix A subjects s in S bjorn amendra lila4711 rast1337 objects o in O assignment.txt read, write read read solution.txt read, write read grades.xls read, write read, write - s has right r on o if r in A[s,o] (define rights needed for each operation) rights R Matrix implementation bjorn adriaan lila4711 rast1337 assignment.txt read, write read read solution.txt read, write read grades.xls read, write read, write - Now consider 104 users, 107 files? Large, sparse matrix: impractical...
Words: 692 - Pages: 3
...select Local Server from the menu on the left. 7. Next to NIC Teaming click the Disabled link to configure NIC Teaming. 8. In the Teams panel, select Tasks > New Team. 9. Type the team name and select the adapters to be included in the team. 10. Click Additional Properties and configure as required. Click OK. 11. In Network and Sharing Center, click Change adapter settings. 12. Right-click the NIC Team adapter and select Properties. 13. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. * Select Use the following IP address and enter the configuration information recorded previously. * Select Use the following DNS server addresses and enter the DNS information recorded previously. 14. Click OK. 15. Click Close. Configure 192.168.0.10 for the IP address Configure 255.255.255.0 for the subnet mask Configure 192.168.0.5 for the gateway Configure 198.28.56.108 and 163.128.78.93 for the DNS server addresses 799.66 GB total space Total volume size: 1400 GB (800 GB Disk 1 + 600 GB Disk 2) Use 600 GB from Disk 2 Assign drive letter M Use NTFS File System Create the Data volume Create a Spanned volume Explanation To complete this lab, be aware of the following: * You can only extend a volume on a basic disk onto contiguous free space on the same disk. * You can only extend the System volume on the same disk. * A spanned volume uses space...
Words: 1683 - Pages: 7
...Introduction Course: IS3340 Week: 1 Lab: Using NTFS to Secure Files and Folders Assignment In this lab you will use NTFS and share permissions to control access to files and folders. Story You're part of the IT support team in the New York office of a nationwide travel services company called USA Travel. You have three other offices in Dallas, San Francisco, and Chicago. All the offices have a separate Windows 2003 Active Directory domain. The domain for the New York office, the root domain for the organization, is named usatravel.com. One afternoon you receive a call from Larry Drake, one of the two sales supervisors in your office. He and the other sales supervisor, Marta Vasquez, both have new Windows XP Professional computers, and they've created a few folders structures on both computers to hold important files. They'd like you to come to their desks and set whatever permissions you need to make sure their sales employees have the different levels of access they'll need to the folders. He then proceeds to give you the following information. There are two sales teams. The first team, led by Larry himself, has two members: Cindy Williamson and Lew Ferrell. The second team, led by Marta Vasquez, also has two members: Tammy Dobson and Juanita Dawson. The Sales department also has an administrative assistant named Markie Chung. The network administrator for your office created three security groups (which you later find out are domain local groups) for the Sales department...
Words: 2606 - Pages: 11
...Disk Partitions Disk Partitions An internal hard disk ( PATA, SATA, or SCSI) cannot be used until it is prepared for use. There are two steps involved in preparing a hard disk: Step 1. Creating partitions and logical drives Step 2. Formatting partitions and logical drives ( which assigns drive letters) A disk partition is a logical structure on a hard disk drive that specifies the following: ¦ Whether the drive can be bootable ¦ How many drive letters ( one, two, or more) the hard disk contains ¦ Whether any of the hard disk’s capacity is reserved for a future operating system or other use Although the name “ disk partition” suggests the drive is divided into two or more logical sections, every PATA, SATA, and SCSI hard disk must go through a parti-tioning process, even if you want to use the entire hard disk as a single drive letter. All versions of Windows support two major types of disk partitions: Primary— A primary partition can contain only a single drive letter and can be made active ( bootable). Only one primary partition can be active. Although a single physical drive can hold up to four primary partitions, you need only one primary partition on a drive that contains a single operating system. If you in-stall a new operating system in a dual- boot configuration with your current op-erating system, a new version of Windows can be installed in a different folder in the same drive, or can be installed in an additional primary partition. If you want to use a non- Windows...
Words: 2878 - Pages: 12
...File Management POS/355 Brandon Elizaldi Steven Kernan File Management File management and file systems are a core part of the user experience for most users. They provide many essential and necessary functions for the user as well as almost anyone else working with a computer system. They provide anything from long term existence to the ability to create and delete stored data. Some of the benefits to the user are long term existence, the ability to be shared between processes and structure. Long term existence is an important aspect because it can be stored and recalled in the future. Imagine being stuck in the days the original Nintendo for example. You could play a game and get deep into game play but if you didn’t have time to finish the game you had to start all over again. This was due to the fact that there was no file system built in due to the fact a storage device was not available for the system. This is one of the great things about current game systems that have file systems and storage capacity. Another benefit is the ability to share files between processes. This has streamlined new software creation because the program doesn’t have to be built as a standalone. This keeps programmers from having to reinvent the wheel every time they write a program making them cheaper and easier to write. This also saves disk space on the users system. The next benefit is structure which provides a hierarchy within a file system allowing for more complex structures...
Words: 705 - Pages: 3
...1. You have installed Windows Server 2008 and had to provide a new driver file for the disk drives in your computer. Now it seems like the disk drives are not responding as quickly as advertised. What can you do? Answer: b. Ensure that the DMA transfer mode is configured for the drives. 2. Each time that you access files on a disk, the monitor blinks or goes blank for several seconds. What might be the source of the problem and possible solution? Answer: d. There is an IRQ conflict and you need to use Device Manager to resolve the problem. 3. You have just used the servermanagercmd command to install two server roles. Which of the following commands can you use now to verify that the roles are installed? Answer: a. servermanagercmd -query 4. You want to confirm how space is allocated on the disk drives installed in your server. Which of the following tools enables you to do this? Answer: c. Server Manager 5. Which of the following can be installed using the Add Hardware Wizard? (Choose all that apply.) Answer: a. CD/DVD drive, b. keyboard, c. monitor, and d. disk drive 6. You’ve obtained a new driver from the Internet for your server’s NIC. What tool enables you to install the driver? Answer: a. Device Manager 7. You have noticed lately that your server is running very slowly, especially when switching between programs. You see that the C: partition is running low on space, limiting the size of your paging file. You have a second...
Words: 315 - Pages: 2
...Question 1. [Pg. 242] 1. [Challenge exercise 9.1.] Windows vulnerability (Passwords) One of windows vulnerabilities is that user accounts may have weak, nonexistent or unprotected passwords. The operating system and some third-party applications may create accounts with weak or nonexistent passwords. This in turn causes data to be vulnerable and with respect to user data it could be very damaging to a user’s organization if data is lost or removed without warning by an attacker. Also the connection of these systems to a shared network or perhaps the internet in the scenario of a business organization leaves the system vulnerable to an attacker. With respect to the data that is being sent across the network, there are certain countermeasures that could be taken, such as encrypting data that resides on the computer by using some well-known cryptographic algorithms currently being implemented to secure the system data even after password has been bypassed. Encrypting data provides a level of assurance that even if data is compromised, it is impractical to access the plaintext without significant resources, however controls should also be put in place to mitigate the threat of data exfiltration in the first place. Many attacks occur across a network, while others involve physical theft of laptops and other equipment holding sensitive information. Yet, in most cases, the victims are not aware that the sensitive data are leaving their systems because they are not monitoring...
Words: 2126 - Pages: 9
...What is the purpose of the command interpreter? Why is it usually separate from the kernel? Answer: It reads commands from the user or from a file of commands and executes them, usually by turning them into one or more system calls. It is usually not part of the kernel since the command interpreter is subject to changes. 2.6 What system calls have to be executed by a command interpreter or shell in order to start a new process? Answer: In Unix systems, a fork system call followed by an exec system call need to be performed to start a new process. The fork call clones the currently executing process, while the exec call overlays a new process based on a different executable over the calling process. 2.7 What is the purpose of system programs? Answer: System programs can be thought of as bundles of useful system calls. They provide basic functionality to users so that users do not need to write their own programs to solve common problems. 2.8 What is the main advantage of the layered approach to system design? What are the disadvantages of using the layered approach? Answer: As in all cases of modular design, designing an operating system in a modular way has several advantages. The system is easier to debug and modify because changes affect only limited sections...
Words: 1012 - Pages: 5
... 6. The is a Windows Server 2008 feature that allows you to create and manage logical unit numbers (LUNs) on both Fibre Channel and iSCSI disk storage subsystems that support VDS. 7. A(n) is a method of storing and organizing computer files so that you can easily find them and access them. 8. NTFS can support up to of storage space for each volume. 9. The program is the command interface to partition drives. 10. A(n) uses volumes stored on two separate physical disks to write data onto both disks simultaneously and redundantly. Lesson 6 1. To print to a printer, you need the permission. 2. The NTFS special permission that allows you to move through a folder to reach lower files or folders is . 3. The Windows component that allows you to manage shares and NTFS permissions is . 4. Permissions that flow from a parent object to a child object are called . 5. The are the actual permissions when a user logs in and accesses a file or folder. 6. The encrypting technology included in NTFS is . 7. For Windows Server 2008 to be seen on the network, you must enable . 8. A(n) share is not seen when browsed. 9. When some has...
Words: 308 - Pages: 2
...Exercise 4.2| Creating an Answer File| Overview| In Exercise 4.2, you use the Windows System Image Manager to create an answer file that partitions a computer’s disk during the Windows 7 installation procedure.| Completion time| 15 minutes| Question 1 | What will the properties you have just configured do when you include them in an answer file that you use to install Windows 7? With the properties that I just configured when included in the answer file , it will set a partition named Windows to be active with NTFS file system, the partition is the C drive with a partition. The selected partition will be set to those settings| 17.Take a screen shot of the Windows System Image Manager window by pressing Alt+Prt Scr and paste it into your Lab04_worksheet file in the page provided by pressing Ctrl+V. Exercise 4.3| Creating a Windows PE Boot Image| Overview| In Exercise 4.3, you use the tools provided with Windows 7 AIK to create a Windows PE boot image.| Completion time| 10 minutes| Question 2 | How can you use the Boot.wim image file to boot a workstation into Windows PE? The Boot.wim is am image of the Windows preboot environment files so if we booted our work station using the Boot.wim image would be able to open the PE .| Exercise 4.4| Capturing an Image| Overview| In Exercise 4.4, you boot your workstation with the Windows PE disk you created and use the Image.exe program to capture an image of the workstation’s drive.| Completion time| 30 minutes| ...
Words: 335 - Pages: 2
...Mark Kodak NT2670 Unit 1. Lab 1.1 Preparing a Virtual Server Image Unit 1. Lab 1.2 Preparing an Application Server Ques. 1 – NT2670Svr03A Ques. 2 – This is the first time the disk has been used. Ques. 3 – Disk moves to online status. Ques. 4 – The disk is unallocated space and has not created a volume type yet. Table 1-2-1 – Disk type (basic or dynamic) – Disk 0 – Basic Disk 1 - Basic Total disk size - Disk 0 – 40GB Disk 1 – 16GB Number and type of partitions – Disk 0 – NTFS Primary Partition Disk 1 – Unallocated Basic Partition Amount of unallocated space – Disk 0 – 40GB Disk 1 – 16GB Ques. 5 – Shrink Volume / Delete Volume Ques. 6 – All available disk space has been allocated to C:, X:,Y: drives Ques. 7 – This allows data to be transferred from disk to disk Ques. 8 – C: drive contains system files and boot files that cannot be moved Table 1-2-2 – Unallocated space left (in Gigabytes) Disk 0 – 0 Disk 1 - 8 * Unallocated space left (in Megabytes) Disk 0 – 0 Disk 1 – 8000 Ques. 9 – All tasks could be completed using the Server Manager Ques. 10 – Active Directory Domain Services - DHCP Server - DNS Server Ques. 11 – Group Policy Management – AD DS Tools – DHCP Server Tools – DNS Server Tools – Net Framework 3.5 Ques. 12 – Active Directory Roles and Services were installed Ques. 13 –...
Words: 314 - Pages: 2
...The filing system that is primarily used for large USB flash drives is the NTFS file system. Well the NTFS is a “Hot- Swapping” system unlike the FAT32 file system which is recommended for hard disk only. But you can format the flash drive using FAT32 file system. The filing system NTFS provides better security, support for large drives, and access to users. There is different levels of access for users using the NTFS system. NTFS partial limited to the same size drive as FAT32 but it is theorized that NTFS can partition a drive to 16 exabytes which is 16 billion billion bytes. Finally the NTFS system uses EFS (Encrypting File System) where all the files are encrypted without the use of a username and password. Actually FAT32 is not preferred over NTFS, NTFS is preferred over FAT32 for newer system like Windows 2000, XP, Vista, Windows7, etc. Since this day in age the way we move information from place to on USB flash drives or micro SD cards NTFS is a better system. Also with the ability to partition larger drives that was not even thought of back when FAT32 was introduced. When the largest drives were in GBs for a home computer but now we have TBs in a standard computer today. The security features that is associated with the NTFS file system wasn’t even really need back in 1995. When the computer was just then starting to take off, where today everyday life revolves a...
Words: 251 - Pages: 2
...Khalifah Alcutt Professor Shade 1230 Project 1 As a System Administrator of the Home and Hospice Care Complete Inc., the way I will be designing this client server network for this small business /office would be continuing the use of the Windows server 2008 operating system, the Windows 2008 small business server comes with an antivirus and email protection, monitors levels of all software and applications running, can also manage and maintain any large amount of workload/project used on the server. Also I will choose to upgrade Windows XP to Windows 7 Professional because Windows XP is more for home use. Windows 7 Professional can be for home and small business use, another great edition of Windows for business would be Windows Enterprise which offers and has the same qualities and needs for a business but more so highly recommended for larger companies/businesses, the Enterprise software cost much more than Windows 7 Professional as well. Windows 7 Professional comes with 64 bit installation, 192 GB of RAM, backup to a network location, EFS (Encryption File System) which is great for any business especially when in the Health Care field because your handling patient information so the EFS would protect all data this would help uphold the HIPPA standards and polices. Windows 7 Professional also includes software restriction polices, the ability to participate in a Windows server domain, and operate as a remote desktop server. So as a System Administrator, my next step would...
Words: 700 - Pages: 3
...Proposal Simple Getaways, Inc. Written by Rachael Deming Table of Contents Executive Summary 3 Key Stakeholders 4 Actual Performance and Desired Performance 5 Justification 5 References 7 Executive Summary Simple Getaways, Inc. is a travel agency that specializes in island vacations. Due to the overwhelming success of the company, they have grown from one office located in California to 12 all across the United States. Due to this expansion, the communication between headquarters and human resources has become increasingly challenging. When employees request leave or there is a change in an employee's file, a paper document is used. When headquarters requests a document from one of the offices, that particular document is either mailed or faxed. The hard copies are stored in a file cabinet. The file sharing has also become an issue because each location utilizes a Windows file server. The offices do not have central file sharing. That does not allow for real time file sharing. The current way employees work on files together is by emailing each other. When the revisions are completed, the file goes back to the original employee. This causes a delay in processing and outdated paperwork. I propose the company utilizes a central server that every office has access. With a new file sharing system, anytime a file is changed, the revised version is immediately available for any employee...
Words: 978 - Pages: 4
...Kevin Flecker NT-1230 7/31/14 Client Analysis, Project part 1 The first part of establishing a client-server network in the Home Hospice Care building would be establishing where the Access Points would be in the building for the WLAN, because the Windows 2008 server machine that is running Medical Manager is already set-up for the most part. Here is a diagram of the floor plan with the location of where the APs will be set-up. Each AP will be set-up with an omnidirectional antenna, with antenna gain features to ensure that signal is properly spread to all areas of the hospice through walls and other obstacles. I believe a wireless local area network is the best option. Next, the servers for the file managers and three-in-one printer, copier, and fax machine must be set-up. These servers will also be running on Windows 2008 standard. The file machine needs to be its own dedicated box, so that there is no extra delay for managers and employees when files need to be read, wrote, and managed. A print server set-up with one three-in-one machine would be the easiest to set-up and cost-effective as well. This would be beneficial to all employees and easy to set-up on each workstation. Windows 7 Professional edition would be the best idea for each workstation here at the company. Each workstation needs to have its own license purchased, but the benefits of having extended RAM capabilities is critical to the doctors/nurses here. Also, I think 6 notebook workstations...
Words: 648 - Pages: 3