Tuesday, June 4, 2019
User authentication
User authenticationIntroductionI was appointed as the new Network Manager for Philadelphia Inc. It is a large multinational organisation which has an extensive meshwork of PCs comprising more than 1000 agreements. This organisation relies heavily on its vast network for its day to day operation. each potential risks need to be place and play downd as far as possible. Recently a large number of PCs were affected by a computer virus, do a work stoppage among the administration and tarradiddleing department. Following this incident of large scale virus infection, the guild management has decided to completely redirect examination all the ready reckoner warrantor precautions and procedures in use within the organisation. So, I occupy been designed to ensure that I mint pick out potential threats to the aegis of the organisations network and formulate appropriate action plans and security policies to play down the risks.Research and document the various prognosiss of n etwork security that need to be addressed including each of the next topicsAccess manoeuverUser authenticationFirewallsVirus fosterionAccessing the Internet (15 Marks)Im research and document the various aspects of network security that need to be addressed.Access gibeAccess control is the methods for imposing controls that forfeit or deny user coming to network resources, usually based on a users direct or a group to which the user belongs. Access control is security features that rule which resources users argon permitted to entrance fee, what type of get at they are allowed, and how numerous simultaneous users coffin nail bother a resource at the same time. They ensure info solitude and protection and help maintain a productive computing environment.User authenticationUser authentication is a security feature that allows an administrator to control who has access to the network and what users burn down do after they are recordged on to the network. This cogency involve confirming the identity of a person, the origins of an object, or assuring that a electronic estimator program is a trusted one. Authentication is the process of determining the identity of a network user by verifying a toughened of user credentials, typically a user ID and password.FirewallsA firewall is a combination of hardware and calculator software system components that provide a protective barrier amid networks with various security levels. Rules for transmitting and receiving info to and from the another(prenominal) network give the axe be established for the firewall so that specific types of items or addresses are not allowed to pass between the networks. It sits between the computer and the rest of the network, and according to some criteria, it decides which colloquy to allow, and which communication to b curl. Firewalls protect a computer or network from unauthorised access and attacks designed to cripple network or computer performance. Moreover, it is also a stratagem or set of devices assembled to permit, deny, encrypt, decrypt, or proxy all computer handicraft between different security domains based upon a set of rules and other criteria.Virus protectionVirus protection means securing data from viruses that is designed to demean data or make the computer or network operate inefficiently. Computer viruses are the programs that must be triggered or punish before they can infect the computer system and fete to others. Viruses can then be spread by sharing infected files on a network drive, man-portable drive, or other media, by exchanging infected files over the internet via e-mail attachments, or by downloading debatable files from the internet.Accessing the internetAccessing the internet is the telephone communication system that also covers the world linking telephones to halther. As with the telephone system, each device attached to the network can be reached through with(predicate) a unique code that represents that devices location. The telephone system access and services are supplied to phone users by an array of competing local, long-distance, and wireless telephone companies, access to the internet is also supplied through a number of access and hosting companies utilise an array of different connectivity methods.A user in your company calls to report that shes unable to log on to netmail. You respond with a couple of quick questions. Because you know that no one else is using the network right now, you cannot destine if the problem is unique to her machine or if the problem affects the entire network. Probing further, you also learn that shes unable to print. You decide this problem is probably easier to troubleshoot from the users computer.Using the structured troubleshooting method, abstract the things you must check and the questions you must ask when you arrive at the users office. Based on the possible responses to your questions, describe the actions you will take to posi tion the potential causes. (10 Marks)One of the users in our company reports me that shes unable to log on to her email grudge. So, I asked her some questions-How long the duration of your user account?Do you sure the log on user name and password is correct.When it starts to unable to log on to your email?After I arrive at the user department, I check her computer and network. I also learn that shes unable to print to a network printer. Probing some of the check, other users of this department can able to log on to their email account and can able to print. Therefore, I ask her a couple of quick questions again-What has changed since the operate time you worked?Have you installed anything on your own?Are there applications on your computer that arent on other computers?Firstly, I check the power is plugged in, the Caps lock is on, all the cables are attached and network permissions for her computer. Then I check that she can beat back a connection online or not by seek Google w ebsite and I see there is no connection online. So, I check the Ethernet cable and connection setting. In checking her problem, I document that what I do, so I can undo it if I need to. I use pink to check the computer can contact an IP address of another PC or not. (Ping is the simplest and well-nigh useful diagnostic tool to become familiar with and well worth a a couple of(prenominal) minutes experimentation.) The reply message is orison timed out. It is because of the connection or routing error. Then I restart the computer because 90% of all problems disappear when the computer is restart. To check the router, I Ping the local router, and it fails. So, the problem of the local LAN or the router is sure. Then, I find the router and switch to check the LED display. And I think they are not normal, so I switch the unit OFF, remove and immediately replace the power connection, then switch the unit ON. After it has done, I go back to the computer and retry to Ping the local route r. I have successfully sent a message to the local router and receive a response. Then, I check the computer can get a connection online or not, and can able to browse the website or not. Then I see the computer successfully get a connection online. So, I check the email account can be able to log on or not and the printer can be able to print or not. Then I see the problems of the user are successfully solved.Task 3Produce a shelter Review report, which details the specific threats to network security for ALL of the topics identified in Task 1, namely Access Control, User Authentication, Firewalls, Virus Protection, and Accessing the Internet, along with your proposed solutions aimed at reducing the risks associated with each threat. (35 Marks)Access ControlAccess control can identify the users, and verify their identity through an authentication process so they can be held responsible for their actions. Good access control systems record and timestamp all communication theory an d transactions so that access to systems and information can be audited later. The chief(a) objective of access control is to preserve and protect the confidentiality, integrity, and availability of information, systems, and resources.I use role-based access control and rule-based access control to identify the user. Role-based access control systems allow users to access systems and information based on their role within the organisation. It allows end-users access to information and resources based on their role within the organisation. Roles based access can be applied to groups of people or individuals.Rule-based access control systems allow users to access systems and information based on pre-determined and pieced rules. Rules can be established that allow access to all end-users coming from a particular domain, host, network, or IP addresses.User AuthenticationUser authentication is an important aspect of network computer security. For network computer, ill-treat can be cau sed by hacking, malicious messages, viruses, malwares, adwares, email attachments, downloading illegal materials and many other types of activity. Moreover, the secret information of the company can be stolen by the attacker using spywares and Trojan horses.User authentication will reduce this harm by limiting individuals access to a few systems, rather than the whole Internet. Network operating systems include tools that enable administrators to do a number of options and restrictions on how and when users can log on to the network. There are options for password complexity requirements, logon hours, logon locations, and hostile logons, among others. After a user is logged on, file system access controls and user permission settings determine what a user can access on a network and what actions a user can perform on the network.So I specify the numbers of options and policies for user authentication. I specify that the password is required for all users of the company, to use the companys computer. The user password length must be typically a minimum of five to eight characters and user passwords must have three of these four characteristics lowercase earn (such(prenominal) as abc), uppercase garner (such as ABC), numbers (such as 123), and special characters (such as emailprotected). And I specify the policy that can lock the user account to prevent from logging on, when a user enters an incorrect password five times. According to the user account and password, I control which user can access to the network and what he/she can do on the network.FirewallsFirewalls protect against extraneous attempts to access unauthorized resources, and they protect against malicious network packets intended to disable or cripple a embodied network and its resources. Second use of firewalls placed between the internet and the incorporate network is to restrict corporate user access to internet resources.Firewalls can identify and block remote access Trojans (Trojan hors e). Trojan horse is a program that purports to be a useful software tool, but it actually performs unintended (and frequently unauthorized) actions or installs malicious or damaging software behind the scenes when launched. Sometimes get some program via ICQ or via IRC and believe this program to be something good, part in fact runnel it will do something less nice to the computer. Such program is called Trojan horses. The difference of a Trojan and a virus is that a virus has the ability to self-replicate and to distribute itself, while a Trojan lacks this ability. A special type of Trojan is Remote Access Trojans (RAT). These Trojans once perpetrated in the victims computer, start to listen to incoming communication from a remote matching program that the attacker uses. When they get instructions from the remote program, they act accordingly, and thus let the user of the remote program to execute commands on the victims computer.Firewalls can identify and block remote communic ation efforts to the more common RAT and by thus blocking the attacker, and identifying the RAT. There are many other types of Trojan horses which may try to communicate with the outside from the computer. Whether they are e-mail worms trying to distribute themselves using their own SMTP engine, or they might be password stealers, or anything else. Many of them can be identified and blocked by a firewall.So, I run the firewall on the server and all the desktop computers to protect Trojans, malware, and to prevent users from accessing offensive Websites or bandwidth-intensive centre that might not be the best use of an employees time or the networks bandwidth.Firewall devices from different vendors vary quite a bit in configuration details, but they are all based on one premise Rules are created to determine what type of traffic is allowed to enter and exit the network. To configure a firewall, I build rules that allow only certain packets to enter or exit the network. The firewall can examine all incoming packets and discard packets with a destination address of the networks restricted segment.Virus ProtectionIn internet-connected networks, virus attacks are a regular threat. Users download programs, mold disks from home, reposition sticks, and open e-mail attachments are normal computing activities, but they can also bring viruses into the network.A virus is a program that spreads by copy itself into other programs or documents. Computer virus can attack computer systems and perform a variety of functions ranging from annoying to dangerous. Its individual purpose is to disrupt computer or network operation by deleting or corrupting files, formatting disks, or using large amounts of computer resources. If a server file accessed by other users on the network is infected, the virus can spread through the network in a matter of seconds.To protect the spread of viruses, one of the most effective ways is to buy virus-protection software from a reputable source. Antivirus software is program that can interpret and remove known viruses which have contracted. Most antivirus software is also designed to detect and prevent worms and viruses. The software can also be set to automatically contemplate disks when inserted into the disk drive, scan files when downloaded from the Internet, or scan e-mail when received. However antivirus software is available in many commercial and open source versions, the license-version of the antivirus software from reputable source is more secure and undeviating than others.So, I run the standard antivirus software from reputable source in server and every desktop computer, and turn-on the scanning features. But by running antivirus software can only protect against viruses that it knows about. Therefore, virus definition files (update files) for antivirus software are inevitable to download from the internet daily or weekly. To get the maximal protection against viruses on the computer, make sure to keep an tivirus definition files current.Another way to protect the data from virus infection is backup the files which helps to recover the data if the original files infected by the virus.Accessing the InternetThe internet access is the essential thing to communicate between privileged or external organisation for many purposes. Thousands of companies have discovered the pervasive power of the Web in distributing information, selling products, supporting customer service, and staying in touch with clients and customers. By using the internet, we can get important business information which is necessary for competition and improvement of the company.However the internet is useful for us, but also the internet attack can harm the business. The internet attacks are organised and designed to steal information and resources from the customers and the organisation. Input validation attacks using the Common Gateway Interface (CGI), Active Server Pages (ASP), and nippy Fusion Markup Language (C FML) programs stem from either a web developer or vendor failure. The basic problem happens from the lack of sanitizing the arousal to a particular script. Without input validation and sanitizing, it is possible for attackers to submit a particular character, along with a local command, as a parameter and have the web server execute it locally. Sometimes, the virtual website of the attackers steals user information and users credit card details.If all kinds user can get permission to access the network, the private information of the organisation can be stolen by the attacker using the internet. So that I control the user access to the network resources by using access control and identifying the user account to verify the network permission for the user.Task 4Create a set of Acceptable Use Policies for each of the followingAccessing the WWWEmail habitudeInstant Messengers and murmur roomsEach of these documents should provide a set of guidelines for users which will minimise any associated security threats. (30 Marks)To minimise any potential risks and associated security threats of the organisations network, all the staff of the company should agree the following policies for accessing the World Wide Web, email usage, instant messengers, and impose rooms. entirely the staff has responsibility to use the resources in an efficient, effective, ethical and lawful manner.In our organisation, access to the internet is available for the staffs to support informational, educational and communicable. So, staffs should agree the following internet access policies.Policies for accessing the WWWThe use of Internet is strongly restricted to official company business. Personal use or time played out for personal gain is purely prohibited.Authorisation for Internet access must be obtained through your supervisor. Once authorisation is approved you are responsible for the security of your account password and you will be held responsible for all use or misuse of your account. You must maintain secure passwords and never use an account assigned to another user.Staffs are strongly prohibited to accessing internet websites that contain obscene, hateful, pornographic, politics or otherwise illegal material.Never copy or impartation electronic files without permission.Prohibit copying and sending any confidential or proprietary information, or software that is protected by copyright and other laws protect intellectual property.Downloading a file or application from the Internet can bring viruses with it. Should be scan all downloaded files with standard virus prevention software before being saved on the companys network.All downloaded applications must be accepted by the companys IT administrator or company owner before being installed on the companys network.Hacking into unauthorised areas and other employees computers are rigorously prohibited.Confidential information is not to be transmitted over the internet without proper encryption.Introducin g any form of computer virus or malicious software into the corporate network is strictly prohibited.Email usage policyEmail is to be used for company business only. Company confidential information must not be divided up outside of the Company without authorisation, at any time.When conducting companys business, only use the companys official email account for staff such as emailprotectedStaffs are not to conduct personal business using the Company computer or email.All messages must show the genuine sender information (from where and from whom the message originated).The representation of yourself as someone else, real or fictional, or a message sent anonymously is prohibited.Emails for the purposes that violate company perspective or regulations, or for an illegal or criminal purpose may not be sent or forwarded through a companys network.Management has the right to access all e-mail files created, received, or stored on company systems and such files can be accessed without pri or notification.Email attachments can bring viruses, you should scan for virus after and before downloading the attachments with standard virus prevention software.Do not open any e-mail attachments if you do not severalize the sender.Forwarding of company confidential messages to external locations is strongly prohibited.Introducing any form of computer virus or malicious software into the corporate network is strictly prohibited.Policies for instant messengers and chat roomsChats, also known as Internet Relay Chat (IRC), as well as Instant Messaging (IM), are very popular modes of quickly communicating with others. In using these IRC and IM, staffs should agree the following policies. These policies provide staffs with effective and consistent instant messaging (IM) use and content standards.Staffs are prohibited from downloading and using personal instant messenger software such as MSN or Yahoo to transmit messages via the public internet.All IM communications and information tr ansmitted, received, or archived in the companys IM system belong to the company.The instant messaging and chatting system is intended for business use only. Staffs are prohibited from wasting computer resources, colleagues time, or their own time by sending personal instant messages or engaging in unnecessary chat related to to business.Treat messages as business records that may be retained and used as evidence in litigation, audits, and investigations.Always use professional and appropriate expression in all instant messages. Staffs are prohibited from sending abusive, harassing, threatening, menacing, discriminatory, disrespectful, or otherwise offensive instant messages.Staffs may not use instant messengers and chat rooms to transmit confidential, proprietary, personal, or potentially embarrassing information about the company, employees, clients, business associates, or other third parties.Introducing any form of computer virus or malicious software into the corporate networ k is strictly prohibited.Task 5Prepare and supply a short presentation to your tutor using a presentation package like Power Point which summarises the major points in your Security Report and your proposed Acceptable Usage policies. (10 Marks)I prepare and deliver a short presentation to the tutor using a Power Point presentation which summarises the major points in my Security Report and my proposed Acceptable Usage policies.Network computerised system can contain various potential threats. To minise that risks, network security is required.In this presentation, I want to talk about five topics to configure network securityAccess ControlUser AuthenticationFirewallsVirus ProtectionAccessing the InternetAccess control can control the user account and identify the user. It can verify user identity through an authentication process so users can be held responsible for their actions. Primary objective of access control is to preserve and protect the confidentiality, integrity, and ava ilability of information, systems, and resources.I use role-based access control and rule-based access control to identify the user. Role-based access control systems allow users to access systems and information based on their role within the organisation. Roles based access can be applied to groups of people or individuals. Rule-based access control systems allow users to access systems and information based on pre-determined and configured rules. Rules can be established that allow access to all end-users coming from a particular domain, host, network, or IP addresses.User authentication can determine the identity of a network user. For network computer, harm can be caused by hacking, malicious messages, viruses, malwares, adwares, email attachments, downloading illegal materials and many other types of activity. User authentication can reduce this harm by limiting individuals access to a few systems, rather than the whole internet. Network administrator can control user log on a nd specify user permission on the network.So, I configure some options and policies for user authentication. I specify that the password is required for all users of the company, to use the companys computer. The user password length must be typically a minimum of five to eight characters and user passwords must have three of these four characteristics lowercase letters (such as abc), uppercase letters (such as ABC), numbers (such as 123), and special characters (such as emailprotected). And I specify the policy that can lock the user account to prevent from logging on, when a user enters an incorrect password five times. According to the user account and password, I control which user can access to the network and what he/she can do on the network.Firewalls protect against outside attempts to access unauthorised resources, and they protect against malicious network packets intended to disable or cripple a corporate network and its resources. And also use to restrict corporate user access to inter resources. Firewalls can identify and block remote access Trojans (Trojan horse). Network administrator can configure the rules for what type of traffic is allowed to enter and exit the network. The firewall can examine all incoming packets and discard packets.In internet-connected networks, virus attacks are a regular threat. Users download programs, bring disks from home, memory sticks, and open e-mail attachments are normal computing activities, but they can also bring viruses into the network. To protect the spread of viruses, one of the most effective ways is to buy virus-protection software from a reputable source. Antivirus software is program that can scan and remove known viruses which have contracted. Most antivirus software is also designed to detect and prevent worms and viruses. The software can also be set to automatically scan disks when inserted into the disk drive, scan files when downloaded from the Internet, or scan e-mail when received. But by run ning antivirus software can only protect against viruses that it knows about. Therefore, virus definition files (update files) for antivirus software are needed to download from the internet daily or weekly. To get the maximum protection against viruses on the computer, make sure to keep antivirus definition files current. Another way to protect the data from virus infection is backup the files which helps to recover the data if the original files infected by the virus.Accessing the internet is the essential thing to communicate between internal or external organisation. However the internet is useful for us, the internet attack can harm the business. The internet attacks are organised and designed to steal information and resources from the customers and the organisation. If all kinds user can get permission to access the network, the private information of the organisation can be stolen by the attacker using the internet. So that I control the user access to the network resources by using access control and identifying the user account to verify the network permission for the user.To minimise any potential risks and associated security threats of the organisations network, all the staff of the company should agree the policies for accessing the World Wide Web, email usage, instant messengers, and chat rooms. All the staff has responsibility to use the resources in an efficient, effective, ethical and lawful manner.ReferenceWeb Referencewww.en.wikepedia.orgwww.businesslink.gov.ukwww.3w.netwww.answer.comwww.procompgroup.comhttp//humanresources.about.comhttp//netsecurity.about.comhttp//answers.yahoo.comwww.zytrax.comwww.windowsnetworking.comwww.cryer.co.ukBook ReferenceTitle Guide to Networking Essentials ( 5th Edition)Author relieve oneself Greg Tomsho, Ed Tittel, David JohnsonAccess date time 13 July 2009, 630 pmTitle Fundamentals of Hardware and Operating Systems (Operating System Technologies) A+ Fifth EditionAuthor Name Charles J.BrooksAccess date time 15 July 2009, 500 pmTitle Fundamentals of Hardware and Operating Systems (Software Service Technicians) A+ Fifth EditionAuthor Name Charles J.BrooksAccess date time 16 July 2009, 700 pm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.