Post on 21-Jul-2015
Basic operating system security settings II.
Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
Page 3
– Shared files and folders.
– System files and folders.
– User authentication.
PACE-IT.
Page 4
Basic operating system security settings II.
Page 5
– Administrative shares vs. local shares.» Administrative shares are a set of default hidden shares
that are only available to administrators.
• These shares cannot be deleted, but they can be
disabled (the default in modern operating systems).
» An administrative share is denoted by the $ in the name.
• As a rule, these shares create access to the most
important or vulnerable resources (e.g., volume root
and operating system files).
» Local shares are shares that are created and can be
made available to anyone.
Basic operating system security settings II.
Page 6
– Folder and file relationships.» Folder and file structure involves a parent-to-child
relationship.
» The folder which holds a file is the file’s parent folder.
» That file is the child of the parent that holds it.
» Two files contained in the same folder are sibling files.
» Folders also have the same parent-to-child relationship.
– Permission propagation and
inheritance.» Permissions granted to parent folders are, by default,
inherited by the children.
» The child’s permissions can be modified, but this has to
be explicitly done.
» It is easy to propagate the wrong permissions.
Basic operating system security settings II.
Page 7
Basic operating system security settings II.
Page 8
System files and folders contain the operating system and other files that are necessary for the system to function.
By default, these files and folders are hidden and
protected. The default hide option can be changed
by the Folder Options applet located in the Control
Panel. Once it is unhidden, an administrator can
change the protection level of the file or folder.
Caution should be used when doing so, as changes
to these files and folders may cause security issues
or other problems.
Basic operating system security settings II.
Page 9
Basic operating system security settings II.
Page 10
Authentication is proving who you are.
Authentication is not authorization. Once you prove
(authenticate) who you are, then you are granted
authorization to resources by the administrator.
Basic operating system security settings II.
Page 11
– There are multiple methods of user
authentication.» What you know: most common method of authentication; it
usually involves the use of username and passwords.
» What you are: biometric authentication (e.g., fingerprint
scanners and retinal patterns).
» What you have: security token (uses a rolling code algorithm
to supply a secure code when activated).
» Combining different forms of authentication is called multi-
factor authentication.
– Single sign-on (SSO).» Uses an authentication server (contains a database of
authorized users).
» Allows users to sign on once to get access to multiple
resources.
» WorkGroups cannot achieve single sign-on, but domains can.
Basic operating system security settings II.
Page 12
Basic operating system security settings II.
Administrative shares are disabled by default. Local shares are created on
the local system and can be shared. A child file (or folder) inherits the
permissions of the parent by default (this is called permission propagation).
Topic
Shared files and folders.
Summary
These are both protected and hidden by default. They can be unhidden and
unprotected; however, this is not recommended.System files and folders.
What you know, what you are, and what you have are all common methods
of user authentication (proving who you are). Single sign-on allows a user
to sign on a single time to receive access to resources. Single sign-on is
only available in a domain type network.
User authentication.
Page 13
This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.