In this lab, you followed the Microsoft approach to securing the CIA triad. You created new user accounts and security groups, and applied the new user accounts to the security groups, just as you would in a real world domain. You created nested folders on the remote server and assigned unique file permissions using the new user accounts and security groups. You modified the Windows Group Policy enabling each new user account to use remote desktop services to remotely access the TargetWindows01 server. Finally, you tested the security layers you placed in the previous parts of the lab by using each new user account to access and modify the nested folders on the remote server.
Lab Assessment Questions & Answers
1. What are the three fundamental elements of an effective security program for information systems?
Identification, Authentication, and Authorization.
2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources?
Authentication and Authorization
2 | Lab #3: Enabling Windows Active Directory and User Access Controls
3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what types of access controls and permissions are probably configured? Read only file type, not Read/Rewritable permissions set by an Adminstrative level atleast
The Essay on Managing User Accounts In Linux
Linux’s most notable advantage over other operating systems such as Windows and Mac is security and in order for a user to modify critical components of the system, such as user accounts, is to have access rights of a ROOT. The root is at the top level of Linux’s user hierarchy and has all the privileges to access all resources. To login as root, a user must use the command su ...
4. What is the mechanism on a Windows server that lets you administer granular policies and permissions on a Windows network using role based access?
Group Policies
5. What is two-factor authentication, and why is it an effective access control technique? “It is a two different type of identification process. Like an ID card and a pin code.”
6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. “security details are created in the directory domain”
7. Is it a good practice to include the account or username in the password? Why or why not? ” this is a common starting place for hackers to start when attempting to log in to someonefis account or when trying to use another personfis access.”
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
3 | Lab #3: Enabling Windows Active Directory and User Access Controls
8. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the domain?
If the user is not granted specific access to the dir by an Admin they will not be able to access it.
9. When granting access to LAN systems for guests (i.e., auditors, consultants, third-party individuals, etc.), what security controls do you recommend be implemented to maximize confidentiality, integrity, and availability of production systems and data? “Establish a limited account for access to only what they need, make them sign user and non-disclosure agreements.”
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
