Monitoring and Administrating System Is With Selftest

Entoto Poly Technic College
Training, Teaching and Learning Materials Development
Ethiopian TVET- System

Hardware and Network Servicing Level III
LEARNING GUIDE
Unit of Competence: Monitor and Administer System and Network Security

Module Title: Monitoring and Administering System and Network Security
LG Code: ICT HNS3 05 1110
Nominal Duration : 100hrs
MODULE DESCRIPTION : This module covers the knowledge skill and attitude required to
monitor and administer security functions of a system.
LEARNING OUTCOMES: At the end of the module the learner will be able to:
 Ensure user accounts are controlled

 Secure file and resource access
 Determine authentication requirements
 Determine network security
Learning Guide Entoto Poly College Page 1
Department of Information Technology

MODULE CONTENTS
1. Control User Accounts
1.1. Modify user account
1.2. Create legal notice caption
1.3. Configure password to complex and secured
2. Network Security
2.1. Group policy

2.1.1 Creating and managing User and Computer Account
2.1.2 Defining Group Types and Scope
2.1.3 Creating and managing Groups
2.1.4 Define group policy object
2.1.5 Configure group policy
3. Managing and Administering Network Resources
3.1. Network resource access permission
3.2. Connecting printers
3.3. Configuring printers
4. Planning and Implementing Security
4.1 Security paradigm
4.2 Security treats/ denial of services
4.3 Security policy
4.4 Security configuration with group policy object
4.5. Install and update latest antivirus
4.6. Using the Window firewall
LEARNING METHODS
 Lecture
 Discussion
 Demonstration/Role play
MODULE ASSESSMENT
Assessment Methods
 Direct observations of work activities of the individual member in relation to the work
activities of the group

 Observation of simulation and/or role play involving the participation of individual

member
Assessment Criteria
LO1. Ensure user accounts are controlled
 Default user settings are modified to ensure that they conform to security policy.
 Previously created user settings are modified to ensure they conform to updated security
policy.
 Legal notices are displayed ensured at logon are appropriate.
 Appropriate utilities are used to check strength of passwords and consider tightening
rules for password complexity.
 Action taken to ensure password procedures are reviewed with appropriates other internal
departments.
 Information services are accessed to identify security gaps and appropriate action taken
using hardware and software or patches.
LO2. Secure file and resource access
 Inbuilt security and access features of the operating system are reviewed and considered
for further action
 File security categorization scheme, and an understanding of the role of users is
developed or reviewed in setting security.
 Virus checking process is implemented and scheduled for the server, computer and other
system components.
LO3. Determine authentication requirements
 User and enterprise security requirements are determined with reference to enterprise
security plan.
 Authentication options are identified and analyzed according to user and enterprise
requirements.
 Most appropriate authentication and authorization processes are selected based on
security requirements.
LO4. Determine network security
 Users shared resources access via a network with reference to enterprise security plan
 Security threats are monitored and recorded to the system.
The latest antivirus signatures are updated

Chapter One
1. Control User Accounts
A user account defines the actions a user can perform in Windows. On a stand-alone computer or
a computer that is a member of a workgroup, a user account establishes the privileges assigned to
each user. On a computer that is part of a network domain, a user must be a member of at least
one group. The permissions and rights granted to a group are assigned to its members. User
accounts on a computer that is a member of a network domain. You must be logged on as an
administrator or a member of the Administrators group to use User Accounts in Control Panel.
User Accounts allows you to add users to your computer and to add users to a group In
Windows, permissions and user rights usually are granted to groups. By adding a user to a group,
you give the user all the permissions and user rights assigned to that group.
Authentication: The process of verifying the identity of people who are attempting to
access the network or system. This is usually the first step in gaining access to a
computer system. A process of determining what activities or access will be permitted
for user. This may include access to network resources, data and applications.
User: An individual who uses a computer system, resources or application
Strong passwords
Computer security includes the use of strong passwords for your network logon and the
Administrator account on your computer. For a password to be strong, it should: Be at least
seven characters long. Because of the way passwords are encrypted, the most secure passwords
are seven or 14 characters long.
Contain characters from each of the following three groups:
•Group Examples
Letters (uppercase and lowercase) A, B, C... (and a, b, c...)
Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Symbols (all characters not defined as letters or ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; '
numerals) <>?,./
•Have at least one symbol character in the second through sixth positions.
•Be significantly different from prior passwords.
•Not contain your name or user name.
•Not be a common word or name.
Passwords can be the weakest link in a computer security scheme. Strong passwords are
important because password cracking tools continue to improve and the computers used to crack

passwords are more powerful than ever. Network passwords that once took weeks to crack can
now be cracked in hours.
Password cracking software uses one of three approaches: intelligent guessing, dictionary
attacks, and automation that tries every possible combination of characters. Given enough time,
the automated method can crack any password. However, it still can take months to crack a
strong password.
Chapter Two
2. Network Security
Network Security is the prevention and protection of network assets from unauthorized access,
use, alteration, degradation, destruction, and other threats. It involves the authorization of access
to data in a network which is controlled by the network administrator and the organization
policies. Users choose or an ID and password or authenticating information that allows them
access to information and program within their authority. It also covers a variety of computer
networks, both public and private, that are used in everyday jobs conducting transactions and
communications among businesses, government agencies and individuals Networks can be
private, such as within a company, and others which might be open to public access. Network
security is involved in organizations, enterprises, and other types of institutions. It does as its title
explains: It secures the network, as well as protecting and overseeing operations being done.
2.1. Group policy
Group policy is a User Account Control; helps to protect the systems even though a user is
logged on as an administrator.
2.1.1 Creating and managing User and Computer Account
User and computer accounts
Active Directory user accounts and computer accounts represent a physical entity such as a
computer or person. User accounts can also be used as dedicated service accounts for some
applications.
User accounts and computer accounts (as well as groups) are also referred to as security
principals. Security principals are directory objects that are automatically assigned security IDs
which can be used to access domain resources. A user or computer account is used to:
 Authenticate the identity of a user or computer.

A user account enables a user to log on to computers and domains with an identity that
can be authenticated by the domain. For information about authentication, see Access
control in Active Directory. Each user who logs on to the network should have his or her
own unique user account and password. To maximize security, you should avoid multiple
users sharing one account.
 Authorize or deny access to domain resources.

Once the user has been authenticated, the user is authorized or denied access to domain
resources based on the explicit permissions assigned to that user on the resource. For
more information, see Security information for Active Directory.
 Administer other security principals.

Active Directory creates a foreign security principal object in the local domain to
represent each security principal from a trusted external domain.
 Audit actions performed using the user or computer account.
2.1.2 Defining Group Types and Scope
A group can be defined as a collection of accounts that are grouped together so that
Administrators can assign permissions and rights to the group as a single entity. This removes
the need for an Administrator to individually assign permissions and rights to each account.
Therefore, while a user account is associated with an individual or entity, a group account or a
group is created to simplify the administration of multiple user accounts (users). When
permissions are granted to a group, all accounts that are part of that particular group are granted
the permissions. Permissions actually control which actions users can perform on a network
resource. Rights, on the other hand, relate to system tasks.
Windows Server 2003 provides user accounts and group accounts (of which users can be a
member). User accounts are designed for individuals. Group accounts are designed to make the
administration of multiple users easier.
Group Types
Two types of groups can be created in Active Directory. Each group type is used for a different
purpose. A security group is one that is created for security purposes, while a distribution group
is one created for purposes other than security purposes. Security groups are typically created to
assign permissions, while distribution groups are usually created to distribute bulk e-mail to
users. As one may notice, the main difference between the two groups is the manner in which

each group type is used. Active Directory allows users to convert a security group into a
distribution group and to convert a distribution group into a security group if the domain
functional level is raised to Windows 2000 Native or above.
 Security groups: A security group is a collection of users who have the same permissions to
resources and the same rights to perform certain system tasks. These are the groups to which
permissions are assigned so that its members can access resources. Security groups therefore
remove the need for an Administrator to individually assign permissions to users. Users that
need to perform certain tasks can be grouped in a security group then assigned the necessary
permissions to perform these tasks. Each user that is a member of the group has the same
permissions. In addition to this, each group member receives any e-mail sent to a security
group. When a security group is first created, it receives an SID (security ID). It is this SID
that enables permissions to be assigned to security groups.
 Distribution groups: Distribution groups are created to share information with a group of
users through e-mail messages. Thus, a distribution group is not created for security
purposes. A distribution does not obtain an SID when it is created. Distribution groups enable
the same message to be simultaneously sent to its group members. Messages do not need to
be individually sent to each user. Applications such as Microsoft Exchange that work with
Active Directory can use distribution groups to send bulk e-mail to groups of users.
Group Scopes
The different group scopes make it possible for groups to be used differently to assign
permissions for accessing resources. A group’s scope defines the place in the network where the
group will be used or is valid. This is the degree to which the group will be able to reach across a
domain, domain tree, or forest. The group scope also determines what users can be included as
group members.
In Active Directory, there are three different group scopes:
 Global groups: Global groups are containers for user accounts and computers accounts in
the domain. They assign permissions to objects that reside in any domain in a tree or
forest. Users can include a global group in the access control list (ACL) of objects in any
domain in the tree/forest. A global group can, however, only have members from the
domain in which it is created. What this means is that a global group cannot include user
accounts, computer accounts, and global groups from other domains.
The domain functional level set for the domain determines which members can be
included in the global group.
 Domain Local groups: Domain local groups can have user accounts, computer accounts,
global groups, and universal groups from any domain as group members. However, only
domain local groups can assign permissions to local resources or to resources that reside
in the domain in which the domain local group was created..
The domain functional level set for the domain determines which members can be
included in the domain local group.

Universal groups: Universal groups can have user accounts, computer accounts, global groups,
and other universal groups from any domain in the tree or forest as members. This basically
means that users can add members from any domain in the forest to a universal group. Users can
use universal groups to assign permissions to access resources that are located in any domain in
the forest. Universal groups are only available when the domain functional level for the domain
is Windows 2000 Native or Windows Server 2003. Universal groups are not available when
domains are functioning in the Windows 2000 Mixed domain functional level. Users can convert
a universal group to a global group or to a domain local group if the particular universal group
has no other universal group as a group member. When adding members to universal groups, it is
recommended to add global groups as members and not individual users.
When groups contain other groups as members, group nesting occurs. Group nesting occurs
when groups are added to other groups. Group nesting assists in reducing the number of
instances that users need to assign permissions and replication traffic. As mentioned previously,
the domain functional level set for the domain determines what group nesting can be
implemented as summarized below:
A group’s scope can be changed as well. The Active Directory Users And Computers (ADUC)
console can be used to view and modify an existing group’s scope. The command-line can also
be used – dsget and dsmod. The rules that govern this capability are summarized below:
 The default domain local groups that are created are listed below:
o Cert Publishers: Members of this group can publish certificates to Active
Directory.
o DnsAdmins: Group members have administrative access to the DNS server
service.
o HelpServicesGroup: Group members can assign rights to support applications.
o RAS and IAS Servers: Servers assigned to this default group can access a user’s
remote access properties.
o TelnetClients: Group members have administrative access to Telnet Server.
 The default global groups that are created are listed below:
o Domain Admins: Members of the Domain Admins group have permissions to
perform administrative functions on computers in the domain.
o Domain Users: Group members are user accounts that are created in the domain.
o Domain Computers: Group members are computer accounts that are created in the
domain. This includes all workstations and servers that are part of the domain.
o Domain Controllers: Group members are domain controllers of the domain.
o Domain Guests: Group members are guest accounts in the domain.
o Group Policy Creator: Group members can change the domain’s group policy.
o DnsUpdateProxy: Group members are DNS clients. Members can perform
dynamic updates for clients such as DHCP servers.
 The default universal groups that are created are listed below:
o Enterprise Admins: Members of this group can perform administrative functions
for the whole network.

o Schema Admins: Members of this group can perform administrative tasks on the
schema.
When formulating a strategy for setting up domain local groups and global groups, follow the
guidelines listed below:
 Add users that perform the same function in the organization to a global group.
 Domain local groups should be created for a resource(s) that multiple users need to share.
 Add any global groups that have to access a resource(s) to the appropriate domain local
group.
 The domain local group should be assigned with the proper permissions to the resource.
In addition to the above mentioned group scopes, another group called a local group can be
created. A local group is basically used on the local computer to assign permissions to resources
that are located on the computer on which the particular local group is created. Local groups are
created in the local security database and are not present in Active Directory. This means that
local groups cannot be created on domain controllers.
2.1.3 Creating and managing Groups

Users can use the Active Directory Users and Computers console to create a new group. After
the group is created, users can set additional properties for the group and add members to the
group.
To create a new group:
1. Click Start, Administrative Tools, and Active Directory Users and Computers.
2. Right click the particular domain, organizational unit, or container in which the new
group will be placed and select new then Group from the shortcut menu.
3. The New Object-Group dialog box opens next.
4. In the Group Name box, enter a name for the new group. A name as long as 64 characters
can be specified.
5. The Group Name (Pre-Windows 2000) box is automatically populated with the first 20
characters of the group name specified.
6. In the Group Scope box, select one of the following options as the group scope: Domain
Local, Global, or Universal.
7. In the Group Type box, select one of the following options as the group type: Security or
Distribution.
8. Click OK.
2.1.4 Define group policy object

Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group
Policy is a set of rules that control the working environment of user accounts and computer
accounts. Group Policy provides the centralized management and configuration of operating
systems, applications, and users' settings in an Active Directory environment. In other words,
Group Policy in part controls what users can and cannot do on a computer system. Although
Group Policy is more often seen in use for enterprise environments, it is also common in schools,

smaller businesses, and other kinds of smaller organizations. Group Policy is often used to
restrict certain actions that may pose potential security risks, for example: to block access to the
Task Manager, restrict access to certain folders, disable the downloading of executable files, and
so on.
2.1.5 Configure group policy

Group Policy is a one of the most useful tools found in the Windows 2000/2003 Active Directory
infrastructure. Group Policy can help you do the following:
1. Configure user's desktops

2. Configure local security on computers
3. Install applications
4. Run start-up/shut-down or logon/logoff scripts
5. Configure Internet Explorer settings
6. Redirect special folders
Local policy - Refers to the policy that configures the local computer or server, and is not
inherited from the domain. You can set local policy by running gpedit.msc from the Run
command, or you can add "Group Policy Object Editor" snap-in to MMC. Local Policies also
exist in the Active Directory environment, but have many fewer configuration options that the
full-fledged Group Policy in Active Directory.
GPO - Group Policy Object - Refers to the policy that is configured at the Active Directory
level and is inherited by the domain member computers. You can configure a GPO – Group
Policy Object - at the site level, domain level or Organization Unit level.
Chapter Three
3. Managing and Administering Network Resources
Network management refers to the activities, methods, procedures, and tools relevant to the
operation, administration, maintenance, and provisioning of networked systems. A network
administrator, network analyst or network engineer is a person responsible for the
maintenance of computer hardware and software that comprises a computer network. This
normally includes deploying, configuring, maintaining and monitoring active network
equipment.
3.1. Network resource access permission
All production Windows networks need to have resources (folders, files, documents,
spreadsheets, printer, modem, HDD, CD/DVD –Drive etc) made available from servers so users
on the network can access them. The way this is done is through the use of shared folders
configured on the servers which house the resource. Network resource should accessible for only

authenticated users and users should manipulate the resources based on the level of permission
given for them by the network administrator. In order to protect the resources that are made
available through shared folders, administrators must configure “permissions” for the folders and
files that are made available over the network. Permissions include:
 Full Control
 Modify
 Read & Execute
 List Folder Contents
 Read
 Write
Permission Meaning for Folders Meaning for Files

Permits viewing and listing of files and Permits viewing or accessing of the
Read
subfolders file's contents
Write Permits adding of files and subfolders Permits writing to a file
Permits viewing and accessing of
Read & Permits viewing and listing of files and
the file's contents as well as
Execute subfolders as well as executing of files
executing of the file
Permits viewing and listing of files and
List Folder
subfolders as well as executing of files; N/A
Contents
inherited by folders only
Permits reading and writing of files and Permits reading and writing of the
Modify
subfolders; allows deletion of the folder file; allows deletion of the file
Permits reading, writing, changing, and Permits reading, writing, changing
Full Control
deleting of files and subfolders and deleting of the file
If no access is specifically granted or denied, the user is denied access.
Special Permissions for Files
Control Full Modify Execute Read & Read Write Special Permissions
Traverse Folder/Execute File X X X
List Folder/Read Data X X X X
Read Attributes X X X X
Read Extended Attributes X X X X
Create Files/Write Data X X X
Create Folders/Append Data X X X
Write Attributes X X X
Write Extended Attributes X X X
Delete Subfolders and Files X

Delete X X
Read Permissions X X X X X
Change Permissions X
Take Ownership X
Special Permissions for Folders
3.2 Connecting and configuring network printers
If you have multiple computers that need to share one printer, then you need to know how to
configure a print server. A print server is most often a single computer set up to handle print jobs
sent to one or more printers from several other computers. By setting up one computer as the
server, you allow any computer sharing the network to send and print documents utilizing the
same printer(s).
3.3 Connecting and configuring printer

You can connect your printer using parallel, serial, USB ports or even possible make printer
connect through infrared and Bluetooth.
Configure a Print: You can configure your printer on a local computer, remote computer/network
printer, or TCP/IP/network printer.
Install Printer
By default, a Windows Server 2003-based computer is installed with Client for Microsoft
Networks, File and Printer Sharing for Microsoft Networks, and TCP/IP.
Chapter four
4. Planning and Implementing Security
Security refers to the measures taken to protect certain things or elements of information. There
are three main elements.
Confidentiality
This means keeping information secret and safe. It means controlling access to information so
that only the people with authorisation will access the information. No one else should have
access to the information.
With Network Security this means keeping all information stored in a network environment
confidential and safe. This means keeping unauthorised people off the network and preventing
them from browsing around and accessing thing they have no authority to access.

Integrity
This refers to the correctness of information. It means making sure that the information is kept as
it should be and not altered or changed by unauthorised people. It also means protecting the
information from changes or corruption by other things like system or program failures or
external events.
With Network Security this means keeping all information stored in a network environment as it
should be. Information includes user generated data, programs, computer services and processes
(email, DNS, etc). This means protecting information from unauthorised changes and deletion by
people, network devices or external influences.
Availability
This refers to the ability to access and use information. It means making sure that the information
can be accessed whenever it’s required. If information is not available it is useless.
With Network Security this means keeping all information stored in a network environment
ready and accessible to those who need it when they need it. Information includes user-generated
data, programs, computer services and processes (email, word processing application, etc).
Creating a security policy doesn't have to be a difficult task. Breaking down all necessary
components can turn an overwhelming task into one that is easily manageable and executable
Planning. It is common for many companies to notice a security problem and then immediately
look for technology solutions to plug up the hole. In the end, companies wonder why they have
an abundance of solutions that do not efficiently secure company assets. This is where planning
becomes a necessity.
The Importance of Planning
Planning your security policy requires a close analysis of employee behavior in different job
roles and is also the time for company security goals to be articulated. Having problems and
goals evaluated simultaneously makes it easier to come up with all-inclusive solutions that will
be effective and advantageous for all. A good rule of thumb when planning a security policy is to
base the policy around risks rather than technology. A policy should not change as the
technology changes. A security policy should contain some important function
 The security policy must be understandable
 The security policy must be realistic
 The security policy must be consistent
 The security policy must be enforceable
 The security policy must be documented, distributed and communicated properly.
 A successful security policy needs to be flexible
 A successful security policy must be reviewed.
The Planning Stage helps to address this, by focusing on employee behavior. This is crucial
because, changes in policy often start with changes in procedure. "Organizations need to

understand that much of information security and privacy work that needs to be done are people-
based policies, procedures, training, and awareness response activities.
Planning Your Security Policy
There are three factors to keep in mind when planning your policy. The first requires you to
express the goals of your policy. What are you trying to accomplish? What are you trying to
protect? The second step requires you to scan the work environment and identify vulnerabilities
that exist within current processes. The final step asks you to create a plan of action that will help
alleviate the faults. All are equal contributors to planning success.
Step 1: Setting Goals for Your Security Policy
Your security policy goals should run parallel with the goals set for your company. For example,
if your company is customer oriented, then a goal of your security policy should be to protect
your customer and their data through use of encryption and network security.
Furthermore, all parties should play a role in goal setting. This is crucial because if a security
breach was to occur, each department plays a different role in the recovery process, as well as in
re-evaluating procedures for policy improvement. Global involvement allows each department
time to invest in the policy, ensuring a higher level of cooperation when the time comes to
implement the policy.
Step 2: Identifying Security Vulnerabilities
A company must examine existing procedures and identify all processes that pose a security risk.
For example, policies regarding data management; how data is protected during storage, how
long it is kept and proper methods for data deletion are common pains in the corporate world.
Some questions that may help identify such vulnerability include:
 What types of sensitive information does your company handle?

 Which department handles each piece of sensitive information?
 Is sensitive information stored with non-sensitive information?
Such questions should spur some thought as to what changes need to be made in order to begin
alleviating the risks that accompany current processes within departments.
Step 3: Creating a Plan of Action
After identifying which processes require change, create a plan of action for mitigating these
risks. Each plan should consider how long it will take for the each change to occur, what type of
training is necessary for each individual/department to meet the newly adopted standards and
also what responsibilities each individual/department can be held accountable for (i.e. how often
are gap analyses regarding security conducted and who conducts them.

Other challenges include budget limitations and optimizing upon security measures while still
adhering to auditing standards. Such measures "should be traceable from one document to
another so that audits can easily verify that policies are being enforced.
After procedures have been established, decision makers should be able to identify "which
personnel roles are responsible for which activities, which activities need to be logged, how
often inspections and reviews are done internally. They should also have followed up with a
procedure for making additional changes to the policy in the future.
4.1 Security paradigm/standard
Today’s security risks are diverse and overflowing — botnets, database breaches, phishing
Attacks, targeted cyber and others Security paradigm
Security Solutions
• Access control lists
• Use proxy server
• Application layer gateways/state full firewalls
• Network interruption detection system
• Antivirus software (servers and desktops)
• Access control server/user authentication and authorization or Network user authentication
• IP source guard and Dynamic Host Configuration Protocol (DHCP)
• Switch port security
Many network design, implementation, and operational choices can have a large impact on the
cost effectiveness of increasing security. The predominant costs associated with these options are
the changes in network implementation and operations.
• Password policy

• Multilevel administration and authorization levels
• Private LANs for network and system admin
• Log-in services to track access and configuration changes
• Regular audits
• Regular analysis and implementation of new security technologies
• Regular reviews and updates of security policy
• Frequently reviewing system logs
• Cross training on systems and regular training updates for administrators
• Publishing all user security guidelines and penalties
• Cipher lock or keyed lock access to network and computing systems
• Badge access to network and computing systems
• Video surveillance of network and computing systems
• Video surveillance of external doors
• Security Guards
• Background checks on employees and administrators
• System level key locks
4.2 Security treats(denial of services, modification, and others)
Viruses and Worms:
 A Virus is a “program or piece of code that is loaded onto your computer without your
knowledge and runs against your wishes.
 Viruses can cause a huge amount of damage to computers.
 An example of a virus would be if you opened an email and a malicious piece of code
was downloaded onto your computer causing your computer to freeze.

 In relation to a network, if a virus is downloaded then all the computers in the network
would be affected because the virus would make copies of itself and spread itself across
networks.
 A worm is similar to a virus but a worm can run itself whereas a virus needs a host
program to run.
Solution: Install a security suite, such as Kasper sky Total Protection that protects the
computer against threats such as viruses and worms.
1. Trojan Horses:
 A Trojan horse is “a program in which malicious or harmful code is contained inside it

appears that harmless programming or data in such a way that it can get control and do its
chosen form of damage, such as corrupted the file allocation table on your hard disk.
 In a network if a Trojan horse is installed on a computer and tampers with the file
allocation table it could cause a massive amount of damage to all computers of that
network.
 Solution: Security suites, such as Norton Internet Security, will prevent you from
downloading Trojan Horses.
2. SPAM:
 SPAM is “flooding the Internet with many copies of the same message, in an attempt to
force the message on people who would not otherwise choose to receive it.
 SPAM may not be the biggest risk to a network because even though it may get
maddening and plentiful it still doesn’t destroy any physical elements of the network.
 Solution: SPAM filters are an effective way to stop SPAM, these filters come with most
of the e-mail providers on line. Also you can buy a variety of SPAM filters that work
effectively.
3. Phishing:
 Phishing is “an e-mail fraud method in which the performer sends out legitimate-looking
emails in an attempt to gather personal and financial information from recipients.
 phishing is one of the worst security threats over a network because a lot of people that
use computers linked up to a network are unpaid and would be very vulnerable to giving
out information that could cause situations such as theft of money or identity theft.

 Solution: Similar to SPAM use Phishing filters to filter out this unwanted mail and to
prevent threat.
4. Packet Sniffers:
 A packet sniffer is a device or program that allows listen on traffic traveling between
networked computers. The packet sniffer will capture data that is addressed to other
machines, saving it for later analysis.
 In a network a packet sniffer can filter out personal information and this can lead to areas
such as identity theft so this is a major security threat to a network.
 Solution: “When strong encryption is used, all packets are unreadable to any but the
destination address, making packet sniffers useless. So one solution is to obtain strong
encryption.
5. Maliciously Coded Websites:
 Some websites across the net contain code that is malicious.
 Malicious code is “Programming code that is capable of causing harm to availability, integrity of
code or data, or confidentiality in a computer system.
 Solution: Using a security suite, such as AVG, can detect infected sites and try to prevent the
user from entering the site.
6. Password Attacks:
 Password attacks are attacks by hackers that are able to determine passwords or find
passwords to different protected electronic areas.
 Many systems on a network are password protected and hence it would be easy for a hacker to
hack into the systems and steal data.
 This may be the easiest way to obtain private information because you are able to get software
online that obtains the password for you.
 Solution: At present there is no software that prevents password attacks.
7. Hardware Loss and Residual Data Fragments:
 Hardware loss and residual data fragments are a growing worry for companies, governments
etc.

 An example this is if a number of laptops get stolen from a bank that have client details on
them, this would enable the thief’s to get personal information from clients and maybe
steal the clients identities.
 This is a growing concern and as of present the only solution is to keep data and hardware
under strict surveillance.
8. Shared Computers:
 Shared computers are always a threat.
 Shared computers involve sharing a computer with one or more people.
 The following are a series of tips to follow when sharing computers: “Do not check the
“Remember my ID on this computer” box
 Never leave a computer unattended while signed-in … Always sign out completely …Clear
the browsers cache … Keep an eye out for “shoulder surfers” … Avoid confidential
transactions … Be wary of spy ware … Never save passwords … Change your password
often.
9. Zombie Computers and Botnets:
 A zombie computer or “drone” is a computer that has been secretly compromised by hacking
tools which allow a third party to control the computer and its resources remotely.
 A hacker could hack into a computer and control the computer and obtain data.
 Solution: Antivirus software can help prevent zombie computers.
Solution: Network Intrusion Prevention (NIP) systems can help prevent botnets
Note: A cracker is someone who breaks into someone else's computer system, often on a network;
bypasses passwords or licenses in computer programs; or in other ways intentionally breaches
computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose
or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly
to point out weaknesses in a site's security system.
4.3 Security policy
A security policy is a document that states in writing how a company plans to protect the
company's physical and information technology (IT) assets. A security policy is often

considered to be a "living document", meaning that the document is never finished, but is
continuously updated as technology and employee requirements change. A company's security
policy may include an acceptable use policy, a description of how the company plans to
educate its employees about protecting the company's assets, an explanation of how security
measurements will be carried out and enforced, and a procedure for evaluating the
effectiveness of the security policy to ensure that necessary corrections will be made.
4.4 Security configuration with group policy object
Domain Security Policies
One of the first security areas that you need to deal with when you deploy AD is account policy.
Account policy is the portion of a GPO's security settings that lets you set required password
length, password complexity, and intruder lockout for domain user accounts. To set account
policy on a GPO, open the Microsoft Management Console (MMC) Group Policy Object Editor,
locate the GPO, and navigate to Computer Configuration\Windows Settings\Security
Settings\Account Policies under that GPO.
When you need an account policy to apply to AD domain logons (i.e., user accounts defined in
AD), you need to define that policy within a GPO that's linked to the domain because the domain
controllers (DCs) in an AD domain process only account policies that are contained in GPOs that
are linked to the domain. DCs also ignore three other security policies unless these policies are
linked to the domain:
 Automatically log off users when logon time expires

 Rename administrator account
 Rename guest account
These three policies are located in Computer Configuration\Windows Settings Security

Settings\Local Policies\Security Options under the GPO.
You might wonder why Microsoft requires account policies and these three security policies to
be in a domain-linked GPO. When you promote a member server to a DC in an AD domain, AD
stores the DC in the Domain Controllers OU by default. However, if you move a DC to another
OU, the DC can then receive different security policies. Account policies and the three specified
security policies need to be consistent across all DCs, so Microsoft designed the GPO processing
code to ignore these policies unless they're linked to the domain, thus ensuring that all DCs,
regardless of location, receive the same policies. (Microsoft permits other security policies, such
as audit policy and restricted groups, to be different on DCs in different OUs.
The most misleading thing about Group Policy is its name—Group Policy is simply not a way of
applying policies to groups! Instead, Group Policy is applied to individual user accounts and
computer accounts by linking Group Policy Objects (GPOs

4.5 Understanding Security Filtering

Security filtering is based on the fact that GPOs have access control lists (ACLs) associated with
them. These ACLs contain a series of ACEs for different security principals (user accounts,
computer accounts, security groups and built-in special identities), and you can view the default
ACL on a typical GPO as follows:
1. Open the Group Policy Management Console (GPMC)

2. Expand the console tree until you see the Group Policy Objects node.
3. Select a particular GPO under the Group Policy Objects node.
4. Select the Delegation tab in the right-hand pane
More specifically, if you want a GPO to be processed by a security principal in a container

linked to the GPO, the security principal requires at a minimum the following permissions:
 Allow Read
 Allow Apply Group Policy
The actual details of the default ACEs for a newly created GPO are somewhat complex if you
include advanced permissions, but here are the essentials as far as security filtering is concerned:
Security Principal Read Apply Group Policy
Authenticated Users Allow Allow
CREATOR OWNER Allow (implicit)
Domain Admins Allow
Enterprise Admins Allow
ENTERPRISE DOMAIN Allow
CONTROLLERS
SYSTEM Allow
Note that Domain Admins, Enterprise Admins and the SYSTEM built-in identity have additional
permissions (Write, Create, Delete) that let these users create and manage the GPO. The fact that
Authenticated Users have both Read and Apply Group Policy permission means that the settings
in the GPO are applied to them when the GPO is processed, that is, if they reside in a container
to which the GPO is linked. But who exactly are Authenticated Users? The membership of this
special identity is all security principals that have been authenticated by Active Directory. In
other words, Authenticated Users includes all domain user accounts and computer accounts that
have been authenticated by a domain controller on the network. So what this means is that by
default the settings in a GPO apply to all user and computer accounts residing in the container
linked to the GPO.


4.6. Using the Window firewall
Windows Firewall is a software component of Microsoft Windows that provides firewalling and
packet filtering functions. windows Firewall provides host-firewall protection on computers
running Windows Server 2003 with Service Pack 1 (SP1) and Windows XP with Service Pack 2
(SP2). As a host firewall, Windows Firewall runs on each of your servers and clients, providing
protection from network attacks that pass through your perimeter network or originate inside
your organization, such as Trojan horse attacks, worms, or any other type of malicious program
spread through unwanted incoming traffic.
The following figure shows how Windows Firewall works in conjunction with perimeter
network firewalls.

Windows Firewall inspects and filters all IP version 4 (IPv4) and IP version 6 (IPv6) network
traffic. It is a stateful firewall, which means it tracks the state of each network connection and
determines whether incoming traffic is allowed or blocked. Windows Firewall blocks incoming
traffic unless it is in response to a request by the host (in which case, it is asked for traffic) or has
been specifically allowed (in which case, it has been added to the Windows Firewall exceptions
list). Aside from a few Internet Control Message Protocol (ICMP) messages, Windows Firewall
allows all outgoing traffic.
Windows Firewall is designed to be a supplemental security solution. You cannot use Windows
Firewall as a perimeter firewall. Windows Firewall should be part of a comprehensive security
architecture that implements a variety of security technologies, such as border routers, perimeter
firewalls, interference detection systems, virtual private networking (VPN), IEEE 802.1X
authentication for wireless and wired connections, and Internet Protocol security (IPsec).
4. 7 Install and update latest antivirus
Prevent virus infections: Anti-virus software is one of the main defenses against online
problems. It continually scans for viruses, including Trojans and worms. To be effective it
must be kept up-to-date.
Why install anti-virus software?

Without anti-virus software you are very vulnerable to computer viruses, including:
 Infected email attachments.

 Drive-by infections caused by visiting corrupt websites.
 Viruses that attack over the internet (“worms”).
 Spyware that is introduced by virus infections.
 Viruses that are spread using macros in application documents.
 Depending on the software you use, it may detect some (but not all) spyware.
Being infected by a virus can have very serious consequences including:
 Identity theft.
 Fraud.
 Loss of data.
 A slow or unusable computer.
What anti-virus software does?

Anti-virus software covers the main lines of attack:
 It scans incoming emails for attached viruses.

 It monitors files as they are opened or created to make sure they are not infected.
 It performs periodic scans of every file on the computer.

What anti-virus software does NOT do?

Anti-virus software will not protect you against:
 Programs that you choose to install that may contain unwanted features.
 Spam.
 Against any kind of fraud or criminal activity online.
 A hacker trying break into your computer over the internet.
It is not effective if it is switched off for any reason.

It is less effective (and mostly useless) if it is not kept up-to-date with the latest virus signatures.
A virus signature is like a criminal’s mug hot. Each time a new virus is released, security firms
analyze it and create a new signature that lets anti-virus software block the new virus.
How to choose anti-virus software

For personal and home office use there are a number of basic choices that you can take to decide
which anti-virus software to buy.
Standalone anti-virus or security suite

Most anti-virus software companies sell a standalone program that only scans for viruses as well
as security suite packages that include other protective software such as a firewall, spam
filtering, anti-spyware and so on.
 Advantages of a suite: a suite should cover all the bases, share a single user interface and
be easier and cheaper than buying each individual program separately.
 Drawbacks: while the anti-virus component should be good, sometimes the other
elements in a suite aren’t as good as the best of breed software from other suppliers. Also,
some of the other components may be available for free.
Free or commercial antivirus

There are a number of anti-virus products that are free for personal or non-commercial use.
In most cases, these ‘free’ products are scaled-back versions of commercial products to which
the software manufacturer hopes you will, one day, upgrade. Unless getting free software is
critical, it is preferable to buy a fully-supported commercial product.
Download free evaluation software

Several software developers offer free downloadable trial versions of their software that range
from 3 to 12 months.
How to evaluate anti-virus software

The main criteria are:
 Price.
 Review on reputable technical websites such as Cnet.
 How easy it is to set up and use.
 Level and quality of technical support, including the support website.

 Frequency and responsiveness of signature updates. This is hard for most people to
evaluate but well-known and reputable software companies should be okay.
How to buy anti-virus software

Then it is a matter of buying it or downloading it. Suppliers include: high street retailers, online
retailers or direct purchase and download from the software developers over the internet.
Business anti-virus software

For networks of five or more computers and for business use, you should consider business
versions of popular anti-virus software that are designed to make installation, updating and
management easier on multiple computers.
Suppliers of anti-virus software

Many companies make commercial anti-virus software, including:
 Trend Micro.
 Sophos.
 Symantec.
 F-Secure.
 Kaspersky.
 McAfee
Virus protection advice
 Do not open any files attached to an email from an unknown, doubtful or untrustworthy
source, no matter how charming it may seem.
 Switch on macro protection in Microsoft Office applications like Word and Excel.
 You don’t have to use the anti-virus program that came with your new computer but if
you decide to stick with it, don’t forget to subscribe once the free trial period is over so
that you stay up-to-date.
 Only use one anti-virus program at a time. Uninstall one anti-virus program before you
install another.
 Providing you update virus signatures regularly, as a general rule, you don’t need to buy
every single new release of the anti-virus software to stay protected.
 Free online scans are useful diagnostic tools but they are not a substitute for a proper anti-
virus program that is installed on your PC. Prevention is better than cure.

Self check Your Understanding
1. What is the need of system security?

A. To protect a system from unauthorized users
B. To prevent system component against loss
C. To Keep components performance
D. All are answers
2. The following enables your system is secured
A. Password C. Firewall
B. key/physical Lock D. All are answers
3. Of the following one is network resource
A. printer C. Keyboard
B. Files D A and B
4. Among the following one is antivirus software
A Kasperesky C. Semantic
B. AVG D. All are answers
5. Group policy editor enables your system component secured
A. True b. False
6. Gpedit.msc command used to open the group policy editor
A. True B. False
7. One of the following is the responsibility of a computer administrator
A. Monitor computers B. monitor networks C. A and B are answers
8. Of the following network resource one enables users to printer their document remotely
A. Printer
B. Removable storage
C. Modem
9. In designing network security the following parties might be involved
A. Organization mangers
B. Organization workers
C. Computer administrators
D. Network security persons
E. All of the above can be involved

10. Security policy must be

A. flexible D. Documented
B. consistent E. Reviewed
C. enforceable F. All are answers
11. The following is possible in implementing network security
A. Giving awareness about the designed security policy to the organization members
B. Enforce the workers to practice the policy
C. Document and revise the designed policy
D. All can be answers
12. How to secured networks?
A. Identify authenticated users
B. Create and implement organization security policy
C. Both A and B are answers
13. Organization security policy best implemented and monitored in
A. server based network
B. peer-to- peer network
14. What is the first thing a network administrator should do to protect network resource?
A. Plan security policy B. Implements security policy
15. Without anti-virus software are very susceptible/subjected to computer viruses
A. False B. True
16. Being infected by a virus can have very serious consequences including:
A. Identity theft
B. Fraud
C. Loss of data
D. A slow or unusable computer
E. All are answers
17. Which of the following is strong password?
A. PASSWORD C. P@s5w0rd
B. password D. Password

18. Which can be a printer port?
A. USB B. Parallel C. A And B
Answer Key
1. D
2. D
3. D
4. D
5. A
6. A
7. C
8. A
9. E
10. F
11. D
12. C
13. A
14. A
15. B
16. E
17. C
18. C

Monitoring and Administrating System Is With Selftest

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Monitoring and Administrating System Is With Selftest

Transféré par

Droits d'auteur :

Formats disponibles

Entoto Poly Technic College

Training, Teaching and Learning Materials Development

Ethiopian TVET- System

Unit of Competence: Monitor and Administer System and Network Security

 Ensure user accounts are controlled

Learning Guide Entoto Poly College Page 1

Department of Information Technology

2.1. Group policy

Learning Guide Entoto Poly College Page 2

Department of Information Technology

 Observation of simulation and/or role play involving the participation of individual

LO1. Ensure user accounts are controlled

LO3. Determine authentication requirements

LO4. Determine network security

Learning Guide Entoto Poly College Page 3

Department of Information Technology

1. Control User Accounts

User: An individual who uses a computer system, resources or application

Contain characters from each of the following three groups:

Learning Guide Entoto Poly College Page 4

Department of Information Technology

2.1. Group policy

 Authenticate the identity of a user or computer.

Learning Guide Entoto Poly College Page 5

Department of Information Technology

 Authorize or deny access to domain resources.

 Administer other security principals.

 Audit actions performed using the user or computer account.

2.1.2 Defining Group Types and Scope

Learning Guide Entoto Poly College Page 6

Department of Information Technology

In Active Directory, there are three different group scopes:

Learning Guide Entoto Poly College Page 7

Department of Information Technology

Learning Guide Entoto Poly College Page 8

Department of Information Technology

2.1.3 Creating and managing Groups

2.1.4 Define group policy object

Learning Guide Entoto Poly College Page 9

Department of Information Technology

2.1.5 Configure group policy

1. Configure user's desktops

3.1. Network resource access permission

Learning Guide Entoto Poly College Page 10

Department of Information Technology

Permission Meaning for Folders Meaning for Files

If no access is specifically granted or denied, the user is denied access.

Special Permissions for Files

Learning Guide Entoto Poly College Page 11

Department of Information Technology

Special Permissions for Folders

3.2 Connecting and configuring network printers

3.3 Connecting and configuring printer

4. Planning and Implementing Security

Learning Guide Entoto Poly College Page 12

Department of Information Technology

The Importance of Planning

Learning Guide Entoto Poly College Page 13

Department of Information Technology

Planning Your Security Policy

Step 1: Setting Goals for Your Security Policy

Step 2: Identifying Security Vulnerabilities

 What types of sensitive information does your company handle?