Thursday, October 29, 2009

Lab 2- The Goal of Information Technology Security

In general the term “Security” is use to describe the quality or state of being secure that is to be free from danger or to be protected from those who would do harm, intentionally or otherwise. In Information Security it is refer to the protection of information and the systems and hardware that use, store, and transmit that information.

Information security involves the security in an organization regarding the application security, policies involves and Information Technology infrastructure to create a secure and protected computing environment for an organization. The goals of an Information security are confidentiality, integrity and availability. In contemporary computer network environments, another goal to be achieved is to provide legitimate use of resources which ensuring that resources are from the original source.

In creating a secure computing environment, one must know how to balance these three elements. If one of the element is more or less it will affect the functionality of the system, for instance if you concentrate on providing the total confidentiality of the information then the availability of the data is less. Thus the balance between the elements is very important and this is the challenge a security administrator has to face. The relationship between the three goals is depicted in figure below.

5 objective that need to be achieve in this lab :

  1. Understand What is Information Technology Security goals
  2. Determine if partition is NTFS or FAT32
  3. Implementing confidentiality in Windows Server 2003
  4. Implementing integrity in Windows Server 2003
  5. Implementing availibility in Windows Server 2003



Exercise that have been to do :

Using NTFS to Secure Local Resources.
NTFS (New Table File System) is designed with local file security in mind. It is compatible with FAT; local file security will be enabled only if you have NTFS installed.

1. Open your winserv03 virtual machine
2. Log on to the Windows 2003 server as Administrator.
3. Click [Start].
4. Click [Run].
5. Type cmd to invoke the command line. (The FAT partition in this lab will be designated as drive letter D.)
6. At the command line type chkntfs d: to verify that the drive is not using NTFS. You will see the message, “D: is not dirty”. This means that there is no corruption on the drive.

7. To convert a FAT disk to NTFS you need to type at the command line convert d: /fs:ntfs

8. If the drive has a volume label, enter it when prompted. Windows will then convert the drive to NTFS. Note: If you convert the system partition you will have to reboot for the conversion to take place.

9. At the command line type chkntfs d: to verify that the drive is now NTFS.

10. An example of the steps is shown in Figure below.


11. Close all Windows and log off.


Task 2 – Data Confidentality

Once a secure file system is installed, you can begin to think about data confidentiality. Data confidentiality refers to making sure that only those intended to have access to certain data actually have that access. With the FAT file system, this is not possible at the local level, but with NTFS you can lock down both folders and files locally. NTFS can be used to protect data from intruders who may have physical access to the computer containing the data. In this lab, you will create a folder and files, assign NTFS permissions, then verify whether or not the data is confidential.

Before doing this task, we must make sure that :-

  • Login as an administrator
  • Make sure your partition is NTFS
  • Need two user accounts namely user1 and user2 before start this task

Creating user account

1. Two user-level accounts: User1 and User2

  • To create user account go to [Start] | [Administrative Tools] | [Computer Management].
  • Choose [Local User and Groups] and double click on the [user] folder.
  • To create new user right click on the pane and from the pop-up menu choose [New User] and fill up the necessary information such as username and password (use easy to remember password e.g. abc123)

Creating data Confidentiality between 2 user accounts.

1. Log on to the Windows 2003 server as Administrator.

2. Open My Computer, and then double-click on the D: drive.This should be the drive that was converted from FAT to NTFS in task 1

3. Create a new folder called Confidentiality.

4. Double-click the Confidentiality folder and create a new folder called User1Folder.

5. To secure this folder from other users, right-click User1Folder.

6. Click [Properties] to open the User1Folder Properties window.

7. Click the [Security] tab, as seen in Figure 2.3. Note: if the drive was not formatted with NTFS the Security tab will be unavailable

8. Click on the Advanced Button, you will receive a windows as shown in figure below

9. Uncheck the box “Allow inheritable permissions from parent to propagate to this object”.

10. You will receive the message shown in figure below

11. Click [Copy] to retain the permissions.

12. Click [Add] and the Select Users, Computers, or Groups window will pop up.

13. Type User1 and then click [Checks Names].

14. Click [OK].

15. In the Permission Entry windows, click the Allow Full Control box and then click [OK].

16. Remove the other username except Administrator, System and User1 by clicking the username and click the [Remove] button, refer figure below

17. Click OK.

18. Double-click User1Folder.and you should see the content of the folder

19. Close all windows and log off.

20. Log on as User2 and navigate to the User1Folder, can you open it?

21. Close all windows and log off.

No comments:

Post a Comment