Premium Essay

Is3230

In: Computers and Technology

Submitted By pkurutz21
Words 415
Pages 2
Name:
Date:
Instructor: L. Chretien
Subject: Aligning Account Types and Privileges
How Grade: One hundred points total. See each section for specific points.

Learning Objectives and Outcomes * Explore the concepts of access privileges to categorize the given access privileges based on the account types and the security requirements.

Assignment Requirements * Review the nine following account types: 1. Network Administrator 2. System Owner 3. System Administrator 4. Application Administrator 5. Standard User Account 6. Security Manager/CSO/CISO 7. Not allowed by network accounts 8. Remote/Traveling 9. Member of Board of Directors * Review the 30 privileges, roles, rights, and actions identified in the table below; * Match the given account types with their corresponding privileges, roles, rights, and actions; and * Remember that a specific account type may have more than one privilege, role, right, or action.

Part 1: Short Answer (10 points)
Identify and briefly summarize two benefits of assigning privileges, roles, rights, and actions to types of accounts vice assigning them to specific individuals.

Part 2: Matching (90 points)
The left side of the table lists 30 privileges, roles, rights and actions. Identify account types that could fulfill them.

# | Privileges, Roles, Rights, and Actions | Account Type From List Identified Above | 1. | Must authenticate when accessing network resources | | 2. | Is allowed remote access | | 3. | Periodically reviews all user accounts | | 4. | Authorizes risk assessments | | 5. | Performs security assessments | | 6. | Creates group policy objects | | 7. | May send inbound e-mail | | 8. | Is allowed to install software in a secured network | | 9. | Performs daily log

Similar Documents

Free Essay

Is3230

...Case 0:05-cv-00668-RHK-JSM Document 61 Filed 02/07/2006 Page 1 of 14 UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Stacy Lawton Guin, Plaintiff, v. Brazos Higher Education Service Corporation, Inc., Defendant. Civ. No. 05-668 (RHK/JSM) MEMORANDUM OPINION AND ORDER John H. Goolsby and Thomas J. Lyons Jr., Consumer Justice Center, Little Canada, Minnesota; Thomas J. Lyons, Lyons Law Firm, P.A., Little Canada, Minnesota, for Plaintiff. Courtney M. Rogers Reid and Matthew E. Johnson, Halleland Lewis Nilan & Johnson P.A., Minneapolis, Minnesota, for Defendant. INTRODUCTION Plaintiff Stacy Guin alleges that Defendant Brazos Higher Education Service Corporation, Inc. (“Brazos”) negligently allowed an employee to keep unencrypted nonpublic customer data on a laptop computer that was stolen from the employee’s home during a burglary on September 24, 2004. This matter comes before the Court on Brazos’s Motion for Summary Judgment pursuant to Federal Rule of Civil Procedure 56. For the reasons set forth below, the Court will grant the Motion. BACKGROUND Case 0:05-cv-00668-RHK-JSM Document 61 Filed 02/07/2006 Page 2 of 14 Brazos, a non-profit corporation with headquarters located in Waco, Texas, originates and services student loans. (Villarrial Aff. ¶ 2.) Brazos has approximately 365 employees, including John Wright, who has worked as a financial analyst for the company since November 2003. (Villarrial Aff. ¶ 2; Wright Aff. ¶ 1.) Wright works...

Words: 3818 - Pages: 16

Premium Essay

Is3230

...Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct. 3. What vulnerabilities are introduced by implementing a Remote Access Server? Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication. 5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access. Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control. 6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used...

Words: 1143 - Pages: 5

Premium Essay

Is3230

...The staff at 9-Iron Country Club, commonly referred to as 9, is located in the suburbs of St. Georgie. It offers the amenities of a 9-hole golf course a swimming pool, the Clubhouse, and other recreational facilities to more than 1,200 member, it employees 75 staff members who cater to private functions such as wedding, meeting and banquets. The facilities management operations and the Catering Task are normally executed through the network of the 9. We are open eight months out of the year. So there are issues during the off season that need to be covered. Then you have staff that would like to access from home to the network. In order to meet the requirements the above then 9 needs to have a mesha network set up a wireless points thur out the Club and recreational areas so that the customer can always have access to the network. Each customer /member should have their own access/password /pin to the clubs wireless network. I think that the Club should create a Sharepoint website to share information with the Staff and very important customers for example when there are wedding, and major events that can affect the schedule of the club. I also believe that the club should have VPN access and Remote Access. So that the staff can finish their work and view the work schedules from home and state in contact with the venders doing the off season and continue to for new event during the off season. The VPN and Remote would be available twenty-four...

Words: 517 - Pages: 3

Free Essay

Is3230

...A Remote Access Solution requires meeting the demands for mobility from sales or remote staff who frequently out of the office. The most important decisions in the design phase of Remote Access VPN solutions include outlining the key objectives of the design, understanding how the VPN management processes are implemented, planning the required security policies, and knowing how to create a robust and scalable environment (Informit). According to 9-Iron country club’s needs, they are able to remotely access resources as they normally do if they were in the office. The Remote Access VPN Solution should meet the resiliency and availability standards of other areas of your network (Informit). To manage and design a good connectivity to provide local and global redundancy, any organization must consider some service levels such as: * Flexible deployment * Client transparency * Service transparency The management of VPN solution is delicate not only to protect 9-Iron resources from unauthorized access, but also to enable a transparent and manageable solution for all categories of potential users (Informit). VPN Service will be deploy for 9-Iron; however, the solution deployed for each category must be evaluated according to the ability to deploy, change, and enforce policy. Configuration, Change, and Operations, are three relevant management features that can make a robust Remote Access Solution. After the management, place to the security part; the 9-Iron...

Words: 359 - Pages: 2

Premium Essay

Is3230

...What are the three main categories of objects to be protected by Access Controls? | | Information – any type of data asset Technology – Applications, Systems, and networksPhysical Location – buildings and rooms | What are the three elements of an Access Control System? | | Policies – RulesProcedures – nontechnical methods used to enforce policies Tools – Technical methods used to enforce policies | What are the three types of subjects when it comes to access control for specific resources? | | Authorized – presented credentials and have been approved for access Unauthorized – Don’t process the proper credentials or do not have the appropriate privileges for accessUnknown – Don’t possess any credentials at all: Don’t know if they should be given access or not | What are the three steps to the access control process? | | Identification – process of Identifying itself Authentication – verification of the subjects identity Authorization – allow or deny access to an object. | What are the principal components of Access Controls? | | Policies – who gets access to whatSubjects – User, Network, process, or applications requesting access to resources Objects – The resource to which the subject desires access | What are the basic...

Words: 2070 - Pages: 9

Premium Essay

Is3230

...Lab 3 Assessment Worksheet Data Gathering and Foot-printing a Target Website 1. Which reconnaissance tool comes with Microsoft Windows that can provide and can be initiated from the DOS command prompt? What useful information does this query provide? There are several reconnaissance tools that can come with Microsoft Windows that can provide and can be initiated from the DOS command prompt there are as followed Whois, ping, IP block whois, nslookup, Sam Spade, traceroute, finger, SMTP, dig, DNS zone transfer, VRFY, and Web browser. These queries provide a list of which a list of ip addresses or name resolutions and which ports are opens. 2. What is the difference between ARIN, RIPE, IANA? What regions of the world do these domain name registry organizations cover? The difference between ARIN, RIPE AND IANA is that of the area that they cover such as ARIN covers North America, several portions of the Caribbean and the part of Africa that is south of the equator. LACNIC covers Latin America and portions of the Caribbean and APNIC covers Asia and Pacific Region 3. What other functions can be completed using the Sam Spade Utility? Functions such as whois, traceroute, finiger, ping, and nslookup can be completed using the Sam Spade Utility. 4. What is the purpose of the traceroute command? What useful information does traceroute provide? How can this information be used to attack the targeted website? The purpose of the traceroute command is to trace packets from...

Words: 599 - Pages: 3

Premium Essay

Is3230

...Healthcare organizations are migrating from hard copy to electronic records to meet today’s demands. This increase in information storage, patient records and imaging data requires large amounts of bandwidth. Flexible network solutions between data centers, hospitals, clinics and doctors’ offices to access centralized medical records. Move electronic medical records from local to centralized storage. Backup and restore medical data between data centers for disaster recovery. -All mobile devices and USB drives should be encrypted if they will be used remotely. Healthcare organizations are now routinely installing full-disk encryption on their employee laptops. USB thumb drives are a convenient way to transport documents between offices or move data between work and home. But healthcare organization should take steps to minimize the security risks created by those portable drives. The health organization has to keep in mind the threats of USB drives. If the USB lost or stolen or lost which holding protected health information or other sensitive data. The other threat is USB malware USB drives often get passed around and are handed out for free at conferences and other events. That means many people use thumb drives without knowing where they’ve been before, making USB drives an effective way to spread computer viruses. Also Insider threat gives malicious insiders a convenient method for sneaking sensitive information off of a healthcare organization’s premises. -In health...

Words: 362 - Pages: 2

Premium Essay

Access Control: Is3230

...Access Control Project Access Control: IS3230 By Andrew Reed November 20, 2012 TABLE OF CONTENTS 1 INTRODUCTION 1.1 Project Title 1.2 Project Schedule Summary 1.3 Project Deliverables 1.4 Project Guides 1.5 Project Team Members 1.6 Purpose 1.7 Goals and Objectives 2 Risks and Vulnerabilities 2.1 Overall 2.2 Billings, Montana 2.3 Warsaw, Poland 3 Proposed Budget 4 IDI Proposed Solution 4.1 Billings, Montana 4.2 Warsaw, Poland 5 Drawings 6 Conclusion 1 INTRODUCTION 1.1 Title of the project Access Control Proposal Project 1.2 Project schedule summary The project will be a multi-year phased approach to have all sites (except JV and SA) on the same hardware and software platforms. 1.3 Project deliverables • Solutions to the issues that the specifies location of IDI is facing • Plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability • Assessment of strengths and weaknesses in current IDI systems • Address remote user and Web site user’s secure access requirements • Proposed budget for the project—Hardware only • Prepare detailed network and configuration diagrams outlining the proposed change • Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and management aspects from each location. 1.4 Project Guides Course Project Access Control Proposal Guide Juniper Networks Campus...

Words: 1198 - Pages: 5

Premium Essay

Is3230 Assy#4

...This report was generated Using Two vulnerability scans Netwitness and Zenmap investigators. A list of the information will be listed below to be reviewed and analyzed with Company management department for further investigations, modifications and implementations if needed.  Services: The scan shows the use of the following services: Services Use Msrpc A tool for running processes on a remote computer. netbios-ssn It provides services related to the session layer of the OSI model allowing the applications on a separate computer to communicate microsoft-ds This port replaces the notorious Windows NetBIOS trio (ports 137-139), for all versions of Windows after NT, as the preferred port for carrying Windows file sharing and numerous other services. ms-wbt-server Virtual data connection that can be used by programs to exchange data directly, instead of going through a file or other temporary storage location. wsdapi Used to develop client applications that find and access devices, and to develop device hosts and associated services that run on Windows Vista and Windows Server 2008.  Unnecessary services and removing them: Ideally, a Web server should be on a dedicated, single-purpose host. When configuring the OS, disable everything except that which is expressly permitted—that is, disable all services and applications, re-enable only those required by the Web server, and then remove the unneeded services and applications. If possible, install the...

Words: 429 - Pages: 2

Free Essay

Is3230 Unit 8

...While investigating the problem vs the needs of the club, I’ve come up with a simple and effective solution that will benefit all parties involved. The problem is giving employees the necessary access to work related data from home or a mobile location over a secure and encrypted network connection. Of course this could present many security and confidentiality problems to the customer but with the right deployment and use of software, the customer can rest easy knowing that the information being sent over the connection is secure. The solution to this problem is very simple; SSL VPN with an RSA soft token code and a personalized pin that only the user would know. SSL VPN allows users to access confidential files and emails stored on a secure server through a remote connection from home or a mobile hotspot. The use of an RSA soft token increases the level of security for the user by generating a random, 6 digit code every 30 seconds. Combined with the user’s personal 4-8 digit pin, users can breathe easy knowing their information is secure. A specific program that I would recommend is Neoteris Access 1000. The Neoteris Access 1000 is a versatile, feature-rich remote-access device that is an ideal fit for an organization with 50 to 250 concurrent remote users. Unlike the more limited Rainbow NetSwift iGate and SafeWeb SEA Tsunami, the Access 1000 can incorporate a mix of technology resources, including Windows Terminal Services, Web-based enterprise applications (CRM, ERP, and...

Words: 482 - Pages: 2

Premium Essay

Is3230 Final Project Outline

...ITT Technical institute – isc program | Project: Access Control Proposal Outline | IS3230 - Access Control | | Issues at the Data Center * Different versions of unix on servers * Outdated patching * Logisuite 4.2.2 is outdated by 10 years, the license has expired, and would be extremely cost-and-time prohibitive to upgrade to the latest version * Routsim is not integrated into Logisuite or Oracle financials to take advantage of the databases for –real-time currency valuation and profit or loss projections * Managers buy whatever PCs they like and nothing is standardized * Different types of Office Software * Telecoms has not been updated in 15 years and is not integrated with customer service database to improve call management efficiency * The Service Provider for the telecom system is out of business and parts are not available for maintenance * Executives are connecting non approved devices to the network * WAN is outdated and is insufficient for the organization * The PBX is limited that only provides voice mail and call forwarding Solutions * Follow the lead of Standardization from the Brazil Site * Upgrade all the Unix servers to 11x and install appropriate patches * Look into other shipping programs such as Infor ERP and see if it would be more cost effective. ERP allows for growth because it supports large businesses as well. However, if that is not an option, then upgrade Logicsuite but to a version...

Words: 794 - Pages: 4

Premium Essay

Is3230 Project Details

...Project Details: Integrated Distributors Incorporated (IDI), a publically traded company, has its home office located in Billings, Montana. IDI has more than 4000 employees in the following locations: ▪ Billings, Montana, 600 employees ▪ Sao Paulo, Brazil, 580 employees ▪ Warsaw, Poland, 975 employees ▪ Sydney, Australia, 340 employees ▪ Tanzania, Africa, 675 employees ▪ Japan, China, and Hong Kong, 700 employees IDI has accounts with major market retailers, Federal governments, and large State governments. IDI operates a fleet of trucks in each country and has network interface agreements with subcontractors for freight forwarding, storage, and delivery. IDI is responsible for the movement of goods, from multiple manufacturers and distributors to its clients, in a timely and efficient manner using cost-effective methods. Alternatively, IDI may transfer this responsibility to one of its JVs or SAs, if it is more cost-effective and the income differential is within acceptable limits. IDI is also under pressure for several of its competitors in the logistics industry. The competitive market is driving IDI to improve its routes, delivery methods, fleet vehicles, and other facets of its business to increase profits (a strategic goal) and to reduce costs. The company realizes that the information technology infrastructure has been neglected for some time and that many operating locations are running...

Words: 1595 - Pages: 7

Premium Essay

Is3230 Unit 2 Assignment 1

...Selecting Security Countermeasures IS3220 As a technology associate in the information system department at Corporation Tech I have reviewed the new network design and identified possible security threats and appropriated countermeasures. Entering the internet without proper security can be harmful in many ways. The first thing that should be added is a firewall. Firewalls can prevent unwanted traffic from infiltrating the network. This is essential now that the company is deciding to add a web server and internet access. The other priority is to protect business and customer data and to prevent their unauthorized use whether the data is printed or stored locally, or transmitted over a public network to a remote server or service provider. Maintain a Vulnerability Management Program: Vulnerability management is the process of systematically and continuously finding weaknesses in the Corp Techs IT infrastructure system. This includes security procedures, system design, implementation, or internal controls that could be exploited to violate system security policy. Implement Strong access Control Measures: Access control allows Corp Tech to permit or deny the use of physical or technical means to access Corp Techs data. Access will be granted on a business need to know basis. Antivirus software is also needed to make sure the computers and servers aren’t infected with malicious programs that could cause major losses. The WIFI needs to have a password to keep unauthorized users...

Words: 307 - Pages: 2

Free Essay

Is3230 Lab 5 Assessment

...Lab 5 Assessment | 1. They are a. Password b. Token c. Shared secret 2. Authorization is a set of rights defined for a subject and an object; this concept is aligned with Identification and Authentication because these are the 3 steps to the access control process 3. Remote Access servers, Authentication servers, and Logical IDS 4. Network should be both connected and secured physically and remotely in order to avoid unauthorized access to the system. The three are the computer has authorized access. Computer settings must be in compliance with the security standards, and the user having authorization access. 5. NAC Systems implement network security policy at the network access point relatively than the client (endpoint) operating system. Reliant on the system architecture and configuration, NAC systems can deliver physical port security or logical port/access security. NAC systems necessitate authentication for both the endpoint and user before the network access point forwards traffic for that client 6. PKI refers to a framework of programs, data standards, communication protocols, policies, and cryptographic mechanisms. The PKI infrastructure delivers for the generation, production, spreading, control, accounting and obliteration of public key certificates. PKI offers a selection of facilities containing issuance of digital certificates to individual users and servers, end-user enrollment software, assimilation with certificate...

Words: 468 - Pages: 2

Free Essay

Is3230 Unit 9 Lab 9

...1. If you are using corporate e-mail for external communications that contain confidential information, what other security countermeasures can you employ to maximize the confidentiality of e-mail transmissions through the Internet? Encrypt email, email policy, security software, content checking tool, anti-spam tool, and secure firewall configurations. 2. Explain the role of a Certificate Authority and its obligations in authenticating the person or organization and issuing digital certificates. Certificate Authority or Certification Authority (CA) is an entity, which is core to many PKI (Public Key Infrastructure) schemes, whose purpose is to issue digital certificates to use by other parties. It exemplifies a trusted third party. 3. What would a successful Subversion Attack of a CA result in? An attacker can create a certificate for any domain. This certificate will appear to be signed by a trusted CA. Thus, you will see that the site's cert is trusted and you will never get any notification to the contrary. Normally, a trusted CA will issue and sign a certificate and then if the browser trusts the signing CA, you will see a padlock in the GUI and you will often times see a message that lets you know that the certificate of the web site is trusted. If the CA is not trusted, you are shown a message that the certificate is not signed by a trusted party and you are given the option to leave or continue. This is PKI in a nutshell. The entire system relies on trust of...

Words: 804 - Pages: 4