a. By having domains and access rights and permissions, an administrator can achieve confidentiality, integrity, and accountability by controlling what files and resources a user can access.
2) Is it good practice to include the account or user name in the password? Why or why not?
a. No it is not good practice because it makes it easier to guess from an attacker’s standpoint.
3) In order to enhance the strength of user passwords, what are some of the best practices to implement for user password definitions in order to maximize confidentiality?
a. To maximize confidentiality and to make passwords harder to crack, passwords should be of a minimum length (8 characters or more), complex (upper/lower case, numbers, and special characters), have a minimum password age (change periodically), and password history must be enforced (cannot use the last 10 passwords).
4) Can a user defined in Active Directory access a shared drive if that user is not part of the domain?
a. No a user needs to be part of the domain in order to access shared drives.
5) Does Windows Server 2008 R2 require a user’s login/password credentials prior to accessing shared drives?
a. Yes a username and password are required.
6) When looking at the Active Directory structure for Users and Computers, which group has the least amount of implied privileges?
a. The guest account have the least amount of implied privileges.
7) When granting access to LAN systems for GUESTS (i.e. auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented in order to maximize CIA of production systems and data?
a. It is best practice to allow the least privilege that still allows what the guests need to do for their job. For example, an auditor should only be allowed to view files and folders but not write, delete, or modify them.
8) When granting access for the Show Floor group to the SFFiles within the SFFiles folder, what must be configured in the Active Directory?
a. The permissions need to be configured so that the Show Floor group can read, write, modify, and/or delete files in the SFFiles folder.
9) When granting access for Human Resources group to access the HRfiles within the HRfiles folder, what must be configured within Active Directory?
a. The permissions need to be configured so that the HR Group can read, write, modify, and/or delete files in the HRFiles folder.
10) Explain how CIA can be achieved down to the folder and data file access level for departments and its user’s using Active Directory and Windows Server 2008 R2 access control configurations. Configuring unique access controls for different user types is an example of what kind of access controls?
a. CIA can be achieved down to the folder and data file access level for departments and users by controlling what files each group can access and what it can do to it (read, write, modify, delete).
You May Also Find These Documents Helpful
-
2. During the install, a password has been set for the “root” user, and when is it appropriate to use this account?…
- 368 Words
- 2 Pages
Satisfactory Essays -
When specifying security policies for an enterprise, setting security on an individual-by-individual basis provides the tightest and most personalized security. The tradeoff, however, is the increased amount of administration effort in setting up the security and maintaining it on an ongoing basis. You have been brought in as a consultant from Smith Systems Consulting to advise Riordan Manufacturing on what it will take to establish adequate enterprise security policies. You will need to prepare a 3-5 page paper that highlights why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems.…
- 651 Words
- 3 Pages
Satisfactory Essays -
Finally, the system/application domain would require virtual testing of everything before any implementation, hardening of all servers, and keeping up with patches and updates regularly after testing has been completed. Some of the more efficient ways to implement better access controls in a company would start with the proper level of authorization policies including physical controls for facilities. The authorization policy would appropriate entry system access controls that specify what areas are to be locked at all times and what type of locking mechanism should be implemented. It would also include the implementation of secondary locks on specific equipment and storage cabinets…
- 439 Words
- 2 Pages
Satisfactory Essays -
Describe the policies for securing the facilities and the policies of securing the information systems. Outline the controls needed for each category as relates to your selected scenario.…
- 650 Words
- 3 Pages
Good Essays -
3. Which departments will need what permissions as far as access to computers, printers, and scanners?…
- 335 Words
- 1 Page
Satisfactory Essays -
User accounts and passwords are implemented to maintain individual accountability for network resource usage. Any user who obtains an account and password for accessing a Corporation Tech provided resource, is required to keep these credentials confidential. Users of these systems may only use the accounts and passwords for which they have been assigned and authorized to use, and are prohibited from using the network to access these systems through any other means. This plan also prohibits the sharing of personal user accounts or passwords for accessing Corporation Tech or…
- 4134 Words
- 12 Pages
Better Essays -
iii. All EPHI must be removed and relocated to a system that supports the foregoing security password structure.…
- 1549 Words
- 6 Pages
Powerful Essays -
1. What is the term used to describe a read-only copy of a user profile stored on a network share? Mandatory Profile.…
- 359 Words
- 1 Page
Satisfactory Essays -
Sandhu, R., & Samarati, P. (1996). Authentication, access control, and audit. ACM Computing Surveys (CSUR), 28(1), 241-243.…
- 1478 Words
- 5 Pages
Powerful Essays -
1. You are the network administrator for a new company that has 10 users and plans to add five more users within a year. The files need to be accessed by all 10 users and each user must have different security rights. What kind of network would you install and how would the pieces and components of this network relate to each other? Define each component.…
- 350 Words
- 2 Pages
Satisfactory Essays -
2.2 Password protection could be used to ensure security when storing and/or accessing information. Also ensuring that no-one who is…
- 244 Words
- 1 Page
Satisfactory Essays -
The Active Directory Domain Services (AD DS) role installs Active Directory and turns a Windows Server 2008 computer into a domain controller. AD is a database of objects in computer it is used for authentication for users and computers. Active Directory is the foundation of a Windows network environment. This directory service enables administrators to create and manage users and groups, set network-wide user and computer policies, manage security, and organize network resources. Provides a single point of administration of network resources, such as users, groups, shared printers, shared files, servers, and workstations. Provides centralized authentication and authorization of users to network resources. Along with DNS, provides domain-naming services and management for a Windows domain. Enables administrators to assign system policies, deploy software to client computers, and assign permissions and rights to users of network resources.…
- 10480 Words
- 42 Pages
Powerful Essays -
The LAN domain includes all data closets and physical as well as logical elements of the LAN. This domain needs strong security, being that it is the entry and exit points to the wide area network, and makes private information easily accessible to anyone. Users will be screened and authorized by the IT department head and given a special access code. The biggest threat to the LAN domain is unauthorized access. This will be monitored closely to make sure all policies are being followed.…
- 327 Words
- 2 Pages
Satisfactory Essays -
6. What is the purpose of the login.defs file? Creates accounts and is site specific for the shadow login. This has rules like expirations, password requirements.…
- 304 Words
- 2 Pages
Satisfactory Essays -
The purpose of this policy is to describe what steps must be taken to ensure that users connecting to the corporate network are authenticated in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function. This policy specifies what constitutes appropriate use of network accounts and authentication standards.…
- 1461 Words
- 6 Pages
Good Essays