...Introduction Course: IS3340 Week: 1 Lab: Using NTFS to Secure Files and Folders Assignment In this lab you will use NTFS and share permissions to control access to files and folders. Story You're part of the IT support team in the New York office of a nationwide travel services company called USA Travel. You have three other offices in Dallas, San Francisco, and Chicago. All the offices have a separate Windows 2003 Active Directory domain. The domain for the New York office, the root domain for the organization, is named usatravel.com. One afternoon you receive a call from Larry Drake, one of the two sales supervisors in your office. He and the other sales supervisor, Marta Vasquez, both have new Windows XP Professional computers, and they've created a few folders structures on both computers to hold important files. They'd like you to come to their desks and set whatever permissions you need to make sure their sales employees have the different levels of access they'll need to the folders. He then proceeds to give you the following information. There are two sales teams. The first team, led by Larry himself, has two members: Cindy Williamson and Lew Ferrell. The second team, led by Marta Vasquez, also has two members: Tammy Dobson and Juanita Dawson. The Sales department also has an administrative assistant named Markie Chung. The network administrator for your office created three security groups (which you later find out are domain local groups) for the Sales department...
Words: 2606 - Pages: 11
...Unit 1 Assignment1: Adding Active Directory Robert Hanke ITT Tech IS3340 Windows Security Dr. Joseph Martinez 3/27/14 Unit 1 Assignment1: Adding Active Directory Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, the system admins will create Organizational Groups (OU). These OU’s can then can have restriction or Group Policy Objects (GPOs) put in to place that will restrict what a user can and can’t access. An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. Using organizational units, you can create containers within a domain that represent the hierarchical, logical structures within your organization. You can then manage the configuration and use of accounts and resources based on your organizational model (techNet, 2005). With the users assigned to group accounts or OU’s, you can use to assign a set of permissions and rights to multiple users simultaneously, along with making any changes that are needed to individual users. Computer accounts provide a means for authenticating and auditing computer access to the network and to domain resources. Each computer account must be unique. Once the conversion has taken place, the local users on the client computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation...
Words: 430 - Pages: 2
...IS416 Securing Windows Platforms and Applications FINAL EXAMINATION 1. Scope This exam covers all Units and is based on the content from the textbook. 2. Answer Key |Question Number |Correct Answer |Course Objective(s)|Reference | | | |Tested | | |1. |c |1.1 |Security Strategies in Windows Platforms and Applications, Pages 22–23 | |2. |b |1.2 |Security Strategies in Windows Platforms and Applications, Page 27 | |3. |d |1.3 |Security Strategies in Windows Platforms and Applications, Page 31 | |4. |c |1.4 |Security Strategies in Windows Platforms and Applications, Page 32 | |5. |a |1.5 |Security Strategies in Windows Platforms and Applications, Page 32 | |6. |c |2.1 |Security Strategies in Windows Platforms and Applications, Page 42 | |7. |a |2.2 |Security Strategies in Windows Platforms and Applications, Page 44 | |8. ...
Words: 2305 - Pages: 10
...KAMRAN JAN WK4 Assignment 1 Security policy statements: 1. Previous attempts to protect user accounts have resulted in users writing long passwords down and placing them near their workstations. Users should not write down passwords or create passwords that attackers could easily guess. Require all personnel attend a lunch and learn session on updated security policies. 2. Every user, regardless of role, must have at least one unique user account. A user who operates in multiple roles may have multiple unique user accounts. Users should use the account for its intended role only. Create a set of new user accounts with administrator privileges and disable all ‘administrator’ user accounts. 3. Anonymous users of Ken 7 Web application should only be able to access servers located in the demilitarized zone (DMZ). No anonymous Web application users should be able to access any protected resources in the Ken 7 infrastructure Place a firewall between your Web server and your internal network. . 4. To protect servers from attack, each server should authenticate connections based on the source computer and user. Implement Kerberos authentication for all internal servers. 5. Passwords should not be words found in the dictionary. Enforce password complexity. 1. The ERP software vendor reports that some customers have experienced denial-of-service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web...
Words: 344 - Pages: 2
...Lab 1 Worksheet 1. Active Directory and the configuration of access controls achieve C-I-A for folders and data because it controls who can access certain files and folders. This keeps the data confidential since only authorized users can access the files as well as keeping the integrity of the data as it is not able to be modified by unauthorized users. It also meets the accessibility requirements of C-I-A since the authorized users are able to access the resource through proper configuration of the Active Directory Domain Services. 2. It is not a good practice to include the user name in the password since authentication protocols may only transmit the password in cipher text but the user name as plain text, this makes it easy to intercept a user name and if that user name is part of the password, it makes it that much easier to break. 3. Password length and complexity requirements will ensure users are forced to have strong passwords to their accounts and password length and history will ensure the passwords are changed in reasonable increments of time as well as not being able to use the same password when a password change is required. 4. No, a user outside of the domain cannot access a shared drive within a domain. 5. Yes, a prompt requesting login credentials will appear when attempting to access a shared drive. 6. By default, the guests group has the least amount of implied privileges within the Active Directory structure. 7. Implementing controls...
Words: 407 - Pages: 2
...IS3340 Unit 6 Assignment 1 1. How much data has been modified between the last backup and the time of failure? No data should have been lost since nothing was change since the last backup and the backup would have been completed before the error occurred. 2. What images are necessary to recover the workstation? The images that are necessary would be the reimaging image along with the latest back up image available. 3. What are the steps necessary to fix the problem that cause the data loss? Verify what caused the loss by reading the logs. Determine the fix for the issue. Reimage the computer. Restore the computer to last backup state and disable the issue that caused the data loss. 4. What steps should Ken 7 take to avoid a reoccurrence of this issue in the future? Read the logs to find out what caused the issue that caused the data lose. Right a procedure guide to prevent the issue from occurring. Alert users of the occurrence of the issue and the way to prevent the issue. (Soloman, 2001) Procedure Guide: 1. Read logs to decide what cause the issue to occur. 2. Re-Image the computer to default configuration. 3. Restore to first available backup of the system. Restore Process: 1. Right-click on your Computer desktop icon (or click Start and right-click on the Computer tab on the right pane of the menu). 2. Click on Properties. 3. Locate the System protection tab in the System Properties menu. 4. Select the hard disk that you...
Words: 393 - Pages: 2
...Identifying Types of Malware Infection 1) You notice that your computer is getting slower each day. You have terminated unneeded programs, disabled unneeded services, and have recently defragmented the disks. Your computer has plenty of memory but it still seems slow. Since it only started getting slow within the last two weeks, you suspect a malware attack. You have carefully examined each of the programs running but there are no unusual programs. However, you do notice that there is substantial disk activity, even when no programs are running that should be using the disk. What kind of malware do you think is present in your computer? Rootkit and likely another type of malware – Closing all programs and still seeing disk usage would suggest that a rootkit has installed and is actively hiding the actual program running. The rootkit would hide the program while a virus or worm is likely behind the scenes wreaking havoc. 2) You download a new program to display the current weather on your desktop. Since you installed the weather application you noticed a lot of network activity and your computer is getting slow. When you terminate the weather application your computer speeds up. What kind of malware do you think is present in your computer? Trojan Horse – Acting as a useful program, it actually infects and runs amuck inside of the pc and network. 3) Within a week after ordering a new widescreen television (TV) from an online retailer, you start getting many email...
Words: 407 - Pages: 2
.../1724144-IS3340/ Looking for help with IS 3340 at ITT Tech Flint? Course ... IS 3340 - Windows Security - ITT Tech Flint Study Resources ...... Quality answers or your money back. IS3340 Lab Unit 5 Assignment 1 : WINDOWS SE IS3340 ... www.coursehero.com/file/8721414/IS3340-Lab-Unit-5-Assignment-1/ Jan 26, 2014 - MOST POPULAR MATERIALS FROM WINDOWS SE IS3340. 1 Page ... IS3340 Lab Unit 5 Security Assessment Potential Risk ... Access Security > Ali > Notes > IS4670_15_Syllabus.pdf ... www.studyblue.com/notes/note/n/is4670_15_syllabuspdf/.../9759518 Feb 7, 2014 - Find and study online flashcards from Access Security. ... IS3350 Security Issues in Legal Context IS3230 Access Security IS3340 Windows Security IS3440 .... Don?t assume there is only one correct answer to a question ? You've visited this page 2 times. Last visit: 5/28/14 [DOC] Assignment www.webonthecloud.com/is3340/Assignments.docx This assignment builds on the scenario of Ken 7 Windows Limited, which was ... Provide the answers to the following questions to satisfy the key points of ... IS3340 Windo ws Security STUDENT COPY: Graded Assignment Requirements. [DOC] Syllabus - ITT Tech. www.webonthecloud.com/is3340/Syllabus.docx IS3340. Windows Security. Instructor name. Francisco Morales .... Don't assume there is only one correct answer to a question. § Don't be afraid to share your ... Is3340 windows security answers - free ebook downloads www.freebookez.com/is3340-windows-security-answers/ Is3340 windows...
Words: 287 - Pages: 2
...IS3340 —Windows Security E-mail: E-mail: VShafer@itt-tech.edu Cell Phone#: 865-236-1869 Title: Analyzing Windows Application Software for Security Vulnerabilities Learning Objective ▪ Design techniques to protect given Windows application software from security vulnerabilities. Key Concepts ▪ Vulnerabilities to Microsoft server and client applications ▪ Strategies for securing Microsoft server and client applications ▪ Procedures for securing Microsoft applications Class/Content Outline: 5:00pm – 5:50pm Theory 7 (50 min.) 1. Roll / Lesson Plan / Handouts 2. Review/ Discuss Unit 8 ~ ▪ Chapter 12 “Microsoft Application Security”; pp. 271-296 3. In Class IS3340.U8.GA1 ~ Unit 8 Assignment 1: Policy for Securing Windows Environment ▪ You will select from the list of security controls that best addresses to each given ERP vulnerabilities. (*Note: You will refer to the Unit 1 case scenario IS3340.U1.TS3.doc for the Ken 7 Windows Limited details.) We will discuss the correct answers in class 6:00pm – 7:40pm Lab 1 (100 min.) 4. Lab 8 ~ Apply Security Hardening on Windows Microsoft Server & Microsoft Client Applications; pp. 68-73 8:00pm – 9:40pm Theory 7 (100 min.) & 9:50pm – 10:45pm Theory 7 (55 min.) 5. IS3340.U8.GA2 ~ Unit 8 Assignment 2: Best Procedures to Secure Windows Applications ▪ To complete IS3340.U8.GA2.doc ~ You will write a Windows application policy and define its procedure for...
Words: 630 - Pages: 3
...IS3340: Week 1 Assignment 1: Adding Active Directory Bob Johnson IS3340: Windows Security 11/02/2014 Arthur Salmon When evaluating the current set up for all of the PCs that we have at Ken 7 Windows and the purchase of a new enterprise resource planning (ERP) software package, I would definitely recommend that we use Active Directory (AD). There are several reasons to use AD. I will give a few reasons why we should use AD. My first reason is that with the purchase of the new servers we have a wider area to protect. With this being that, we have purchased several new servers that need to be more secure and restrict access to the key people or groups of people that need access to pertinent information. Secondly, by doing this we can activate a more secure password criteria. Making passwords of no less than eight characters long and they must contain a capital letter, a number, and a special character. These passwords will be set to renew anywhere from 30 – 90 days. The most common setting for this feature is 90 days. A notification will sent to the user 14 days prior to the password’s expiration and prompt the user to change their password. Thirdly, special access tokens will be used to insure the identity of the user. A smart card will be in place. This smart card slips into a slot and read a magnetic strip, a microchip that is imbedded into the card, or a by a bar code on the back of the card. Using the bar code will be the less expensive route to take. The...
Words: 469 - Pages: 2
...56 Lab #3 | Configure BitLocker and Windows Encryption LAB #3 – ASSESSMENT WORKSHEET Configure BitLocker and Windows Encryption Course Name and Number: IS3340 Windows Security Student Name: Daniel Longo Instructor Name: Dakrouni Lab Due Date: 10/4/2013 Overview In this lab, you used the Microsoft® Encrypting File System (EFS) to encrypt files and folders on a Windows Server 2008 machine. You documented the success or failure of your encryption efforts. You also installed Microsoft® BitLocker Drive Encryption, a data protection feature that is used to resist data theft and the risk of exposure from lost, stolen, or decommissioned computers. You encrypted a data drive on the server and created a recovery key. Lab Assessment Questions & Answers 1. Within a Microsoft® Windows 2008 server R2 environment, who has access rights to the EFS features and functions in the server? 2. What are some best practices you can implement when encrypting BitLocker drives and the use of BitLocker recovery passwords? 38542_Lab03_Pass2.indd 56 3/2/13 10:01 AM Assessment Worksheet 3. What was the recover key created by BitLocker in this lab? 57 4. BitLocker secured drives. How would you grant additional users access rights to your EFS encrypted folders and data files? 5. What are the main differences between EFS and BitLocker? 6. The customer privacy data policy in your company’s data classification standard requires encryption in 3 ...
Words: 279 - Pages: 2
...ITT Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110...
Words: 2305 - Pages: 10
...IS3340-WINDOWS SECURITY | Recommendations for Access Controls | Unit 2 Assignment 1 | | [Type the author name] | 4/3/2014 | | Access Control is the defined as “the selective restriction of access to a place or other resource”, in the RFC 4949. “The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.” Simply put the ability to read, write, modify, or deleting information or files is what Access Control is. It is more than this, in the permissions (authorization) granted to each Security Group or Individual User. The permissions mentioned in the previous paragraph are rights that a user is allowed to access, create, modify, or delete the file(s) inside a file folder, or objects. These are all permissions (authorizations) controlled by the Authorized Windows Security Personnel of the file structure. We will list some examples of how this outlined and what the impact would be, but first understand that requirements for the permissions is controlled from the Group Level, other than by Individual User, because it is easier to control from a security standpoint when you want to modify these abilities. There are four folders created (D:\ERPdocuments, D:\ERPdocuments\HRfiles, D:\ERPdocuments\SFfiles, D:\ERPdocuments\MGRfiles) which we want to allow specific permissions for certain functions (tasks). For example; by modifying the permissions under the specific user account for HRmanager to include...
Words: 436 - Pages: 2
...IS3340-WINDOWS SECURITY | BEST PRACTICES IN MANAGING CHANCES TO WINDOWS SYSTEMS AND APPLICATIONS | UNIT 10 DISCUSSION 1 | | | 5/29/2014 | | Just as Ken 7 Windows Limited is experiencing Denial of Service attacks, many corporate websites have suffered from illegal DoS attacks more than once. Companies that learn how to turn these experiences to their advantage go a long way to ensuring it doesn't happen again. The summary of what is being seen on the infrastructure is thus; * Denial of Service (DoS) attacks on the Web Servers supporting Ken 7 Windows clients. * Remote clients report connection failures/difficulty accessing Ken 7 Windows planning and order management software application The events of a network attack can uncover some very important mistakes and provide more than a few lessons. Turning these lessons into best practices is where the rewards of such adversity are realized. Ken 7 Windows can arrive at these best practices by asking: "How are we vulnerable?" The following best practices are a sample of some of the common conclusions following a DoS attack. 1. Create a virtual private network (VPN) for authenticated user. 2. Separate authentication an anonymous users on separate servers (some on different subnets). 3. Use firewall rule to close all ports except 80 (HTTP-Hypertext Transfer Protocol) & 443 (HHTPS-Hypertext Transfer Protocol over TLS/SSL). 4. Restrict all anonymous user accounts. 5. Use Kerberos...
Words: 435 - Pages: 2
...IS3340-WINDOWS SECURITY | Auditing Tools for Windows System | Unit 4 Assignment 1 | | | 5/1/2014 | | 1. You want to schedule a weekly analysis for the Windows servers in your data center. The command should run as a scheduled job and report any available patches for the Windows Server 2008 R2 operating system, Internet information services (IIS) Web server, or structured query language (SQL) server that have not been installed. Which tool would be the best choice?. MBSA command line interface 2. You like the way MBSA presents scan results but you need to scan for vulnerabilities in older Windows products, including Microsoft Office 2000. Which tool provides extended scanning and the ability to use MBSA to view scan reports? Security Configuration and Analysis (SCA) 3. Your organization wants to encourage its employees and contractors to use vulnerability scanners at home as well as at work. You want to select a single vendor that can provide scanner software products for home and enterprise computers. A single vendor product line can streamline coordinating and analyzing scan results from many different computers. Which set of tools would be the best choice? Secunia Security Analyzers 4. You have developed several templates that consist of security settings for several types of computers, including desktop workstations, laptops, and various servers. You want to quickly compare a computer’s settings to its corresponding template to see if any...
Words: 271 - Pages: 2
