Pace IT - Basic OS Security Settings (Part 2)

Basic operating system security settings II.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger

with 10+ years of experience turning complex issues

into efficient and effective solutions.

Strengths include developing and mentoring diverse

workforces, improving processes, analyzing

business needs and creating the solutions

required— with a focus on technology.

– Shared files and folders.

– System files and folders.

– User authentication.

PACE-IT.

– Administrative shares vs. local shares.» Administrative shares are a set of default hidden shares

that are only available to administrators.

• These shares cannot be deleted, but they can be

disabled (the default in modern operating systems).

» An administrative share is denoted by the $ in the name.

• As a rule, these shares create access to the most

important or vulnerable resources (e.g., volume root

and operating system files).

» Local shares are shares that are created and can be

made available to anyone.


– Folder and file relationships.» Folder and file structure involves a parent-to-child

relationship.

» The folder which holds a file is the file’s parent folder.

» That file is the child of the parent that holds it.

» Two files contained in the same folder are sibling files.

» Folders also have the same parent-to-child relationship.

– Permission propagation and

inheritance.» Permissions granted to parent folders are, by default,

inherited by the children.

» The child’s permissions can be modified, but this has to

be explicitly done.

» It is easy to propagate the wrong permissions.


System files and folders contain the operating system and other files that are necessary for the system to function.

By default, these files and folders are hidden and

protected. The default hide option can be changed

by the Folder Options applet located in the Control

Panel. Once it is unhidden, an administrator can

change the protection level of the file or folder.

Caution should be used when doing so, as changes

to these files and folders may cause security issues

or other problems.


Authentication is proving who you are.

Authentication is not authorization. Once you prove

(authenticate) who you are, then you are granted

authorization to resources by the administrator.


– There are multiple methods of user

authentication.» What you know: most common method of authentication; it

usually involves the use of username and passwords.

» What you are: biometric authentication (e.g., fingerprint

scanners and retinal patterns).

» What you have: security token (uses a rolling code algorithm

to supply a secure code when activated).

» Combining different forms of authentication is called multi-

factor authentication.

– Single sign-on (SSO).» Uses an authentication server (contains a database of

authorized users).

» Allows users to sign on once to get access to multiple

resources.

» WorkGroups cannot achieve single sign-on, but domains can.



Administrative shares are disabled by default. Local shares are created on

the local system and can be shared. A child file (or folder) inherits the

permissions of the parent by default (this is called permission propagation).

Topic

Shared files and folders.

Summary

These are both protected and hidden by default. They can be unhidden and

unprotected; however, this is not recommended.System files and folders.

What you know, what you are, and what you have are all common methods

of user authentication (proving who you are). Single sign-on allows a user

to sign on a single time to receive access to resources. Single sign-on is

only available in a domain type network.

User authentication.

This workforce solution was 100 percent funded by a $3 million grant awarded by the

U.S. Department of Labor's Employment and Training Administration. The solution was

created by the grantee and does not necessarily reflect the official position of the U.S.

Department of Labor. The Department of Labor makes no guarantees, warranties, or

assurances of any kind, express or implied, with respect to such information, including

any information on linked sites and including, but not limited to, accuracy of the

information or its completeness, timeliness, usefulness, adequacy, continued availability

or ownership. Funded by the Department of Labor, Employment and Training

Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are

available upon request to individuals with disabilities. For those that are hearing

impaired, a video phone is available at the Services for Students with Disabilities (SSD)

office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call

425.354.3113 on a video phone for more information about the PACE-IT program. For

any additional special accommodations needed, call the SSD office at 425.640.1814.

Edmonds Community College does not discriminate on the basis of race; color; religion;

national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran

status; or genetic information in its programs and activities.

Pace IT - Basic OS Security Settings (Part 2)

Education

Transcript of Pace IT - Basic OS Security Settings (Part 2)