In this unit you’ll do seven tasks for the IT Department of Forth Management Associates, to allow you to demonstrate your skill and knowledge in providing basic system administration. To do these tasks you’ll need to be able to:
- Record security access
- Record software licences
- Carry out system back-up
- Restore system back-up
- Apply security access controls
Activity 1: Document user accounts
Q: What do you need to consider in order identifying what information will need to be supplied for the above user account screens?
A: There are depending on the organisation’s security procedures. Some of the data will be determined by the procedures. For example, an organisation may have decided that users cannot change their own passwords. In this case, the ‘user cannot change password’ box will always be checked.
Assume that an organisation has the following security procedures:
- Username to be surname plus initial
- Initial password to be the username but users must change at next logon
- Users can change their own password
- Passwords to be changed every 30 days.
- In this case, the only information (other than resource access) that the manager will need to supply is the full name of the user and any description that is required.
Q: What is the most important issue that you need to consider when developing the procedures for the Network Administrator to deal with forgotten passwords? Suggest some ways of dealing with this issue.
A: The most important issue to be dealt with is for the administrator to verify that the user requesting a replacement password is, indeed, who they say they are. There are several ways that this may be de
- Storing personal details about the user such as date of birth or a PIN that the user must quote
- Channelling such requests through the user’s manager in writing — a good reason to keep hard copy records of the account creation for users
- Monitoring the frequency of such requests. For example, if a hacker requests a change then the real user will not be able to log on. This user will then request a new password. Two requests in a few days could indicate a problem.
- Checking account logon attempts before changing the password. Most systems allow for an account lock-out if more than, say, three unsuccessful attempts were made to log in. These could indicate a hacker attempting access.alt with, including:
Activity 3: Manage users that leave
Q: List some of these IT security procedures you need to consider and follow.
A: Handling the user account is only part of the story. Some of the procedures that I need to consider include:
What is to happen to all the files and documents that the outgoing person created? Prior to computers, the new person would look through the filing cabinets in the office. Today, they need to look through the electronic files and review documents, spreadsheets, databases, etc.
Mail may have been addressed to the former employee and could be forwarded to the new person. Does email need a similar process to be implemented or should the manager get all mail intended for someone who no longer works in the company?
Does the new user account (for the new person) immediately update all telephone lists and other directories that may be on the system?
Provide secure access to network resources practice
Activity 1: Control user access
Q: Your task for this activity is to set up the user access for two users, using these requirements.
We want you to alter the current open access of all times for Caroline Weller who works Monday to Friday 9:00 to 17:00, with the exception of Thursday when she works 8:00 to 13:00. You have been asked to set her logon hours accordingly.
Additionally, Brian Fellowes, in Accounting, uses two workstations that have a Windows 98 platform: accounting1 and accounting2, and you have been asked to set his access rights to those two machines only.
A: These following two screen shots are shown the logon hours for Caroline Weller (Figure 1) and restricted workstation access for Brian Fellowes (Figure 2).
Figure 1: Logon hours for Caroline Weller
Figure 2: Restricted workstation access for Brian FellowesActivity 2: Document a file system
Q: Your task is to create a graphical representation of this system. E.g. think along the lines of a flow chart, or process chart.
Physical drive 0 has the operating system.
The inetpub folder contains the default web page and program files, etc.
Physical drive 1 is partitioned as a primary and extended logical drive with data on each partition.
One partition contains data for the Legal Department — for both individual user directories and shared directories for sub sections within the Legal Department.
The other partition is for the Accounting Department with directories developed in a similar manner to Legal’s.
A: It’s often good to document the file system graphically, as well as with written specifications. Here’s an example of how this might look:
Figure 3: File system
Activity 3: Make a security access register entry
Q: Record a security access registry entry to satisfy these details.
The security for the new Legal Department employee, Caroline Weller, was configured on 28/07/04 by David Glass, Network Administrator, with approval from Stanley Holloway, Systems Engineer.
Caroline’s logon name is cweller and her supervisor is Gavin Masters, Senior Counsel at Forth Management Associates.
Caroline can log on to the local domain and has no additional privileges.
A: There are some examples of record a security access registry as follows:
Example entry
User’s name: Ms Caroline Weller
Organisation department: Legal
Login name: Cweller
Group membership: Users, Legal
Immediate supervisor: Gavin Master, Senior Counsel
Domain access: Domain local
Additional access privileges: NIL
Date of current privileges: 28/07/2004
Access configured by: David Glass, Network Administrator
Security access approved by: Stanley Holloway, Systems Engineer
Control the use of unlicensed software practice
Activity 1: Check for illegal software
Q: Describe the features provided by the Microsoft Software Inventory Analyser.
A: There are some of the features that provide by the Microsoft Software Inventory Analyser as illustrated below:
- There is a wizard to help you install the software.
- You are able to select which software to scan from a list.
- You can set a preference for how to view your scan report.
- The scan summary report includes a list of how many installations of each software product have been found.
Figure 4: Installing the Analyser using a wizard
Figure 5: Defining products to scan
Figure 6: Confirming preferences for a report
Figure 7: Scan summary
Key terms
Domain: a group of computers and devices on a network that are administered as a single entity with common rules and organisational procedures; a specialised network environment where not only the users need accounts but the client computers they use to connect to the network must also have a type of account that is authenticated from a central point on the network
Secure clients: workstations that contain functionality to facilitate secure connection to a server as a specific unit; Windows 2000 Professional and Windows XP workstations are secure clients
Security access register: a database or pen and paper journal that contains the details of users who have privileges to access the network; usually maintained by IT network staff
Disaster recovery plan: commonly known as DRP, describes recovery processes to get the business or organisation back in operation as soon as possible in the event of a particular disaster; it usually assumes the worst possible scenario and identifies how the organisation could get up and running in the least possible time.
Disaster recovery plan: also known as DRP or contingency plan, describing the procedures and processes whereby an organisation would restore any loss of data in the event of disaster, such as fire, vandalism, natural disaster, or system failure
No comments:
Post a Comment