When the tides of life turn against you... And the current upsets your boat... Don't waste those tears on what might have been... Just lay on your back and float!...

Lab 2 ~The Goals of Information Technology~

Assalamualaikumm w.b.t..

Lam Lab 2 nie encek ckp blajar sndiri... so kiteorg x msk lab la time tue.... godek2 sndiri la saper yg rajin tue... ermm.. aku bacer jer la lab sheet nie.. dop tau nk kater la... Lab nie menerangkan tentang The Goals of Information Technology..
Antare objektif yang perlu dicapai adalah :-

• Understand What is Information Technology Security goals
• Determine if partition is NTFS or FAT32
• Implementing confidentiality in Windows Server 2003
• Implementing integrity in Windows Server 2003
• Implementing availibility in Windows Server 2003


Introduction The goals of Information Technology Security
In general the term “Security” is use to describe the quality or state of being secure that is to be free from danger or to be protected from those who would do harm, intentionally or otherwise. In Information Security it is refer to the protection of information and the systems and hardware that use, store, and transmit that information. Information security involves the security in an organization
regarding the application security, policies involves and Information Technology infrastructure to create a secure and protected computing environment for an organization. The goals of an Information security are confidentiality, integrity and availability.

Confidentiality
-Provides protection to computer related assets from being used by unauthorized user. Its mean only the right person who has the authority can read, view, print or even knowing the existing of the object. It also called as privacy or secrecy.

Integrity
-Ensures data can be modified by authorized parties and by authorized mechanism only. Information can be added, updated or deleted; hence it must be done in a correct ways and by the right person to ensure the correctness and validity of the information. Encryption is one of them mechanism used in providing data integrity.

Availability
-Makes sure authorized user can access information at any time without any failure. Information that is not available to the authorized user is useless, imagine if we went to the ATM machine and we cannot access to our account particular, how frustrated is that?

Using NTFS to Secure Local Resources.
Local computer security, especially at the file level, is often ignored. Most people are familiar with the Windows 9x version of Microsoft Windows, which uses FAT and does not offer local file security. NTFS, the file system for Windows server 2003, is designed with local file security in mind. To take advantage of these capabilities, we must have Windows NT, 2000, 2003, or XP with the NTFS file
system installed. It is important to note that although all of these operating systems are compatible with FAT; local file security will be enabled only if we have NTFS installed.

1. Open the winserv03 virtual machine
2. Log on to the Windows 2003 server as Administrator.
3. Click [Start].
4. Click [Run].
5. Type cmd to invoke the command line. (The FAT partition in this lab will be designated as drive letter D.)
6. At the command line type chkntfs d: to verify that the drive is not using NTFS. We will see the message, “D: is not dirty”. This means that there is no corruption on the drive.

7. To convert a FAT disk to NTFS you need to type at the command line convert d: /fs:ntfs
8. If the drive has a volume label, enter it when prompted. Windows will then convert the drive to NTFS. Note: If we convert the system partition you will have to reboot for the conversion to take place.
9. At the command line type chkntfs d: to verify that the drive is now NTFS.

10. Close all Windows and log off.

Data Confidentiality
Once a secure file system is installed, we can begin to think about data
confidentiality. Data confidentiality refers to making sure that only those intended to have access to certain data actually have that access. With the FAT file system, this is not possible at the local level, but with NTFS we can lock down both folders and files locally. NTFS can be used to protect data from intruders who may
have physical access to the computer containing the data. In this lab, we will create a folder and files, assign NTFS permissions, then verify whether or not the data is confidential.

Creating user account
1. Two user-level accounts: User1 and User2
a. To create user account go to [Start] |[Administrative Tools] | [Computer Management].
b. Choose [Local User and Groups] and double click on the [user] folder.
c. To create new user right click on the pane and from the pop-up menu choose [New User] and fill up the necessary information such as username and password (use easy to remember password e.g. abc123)

Creating data Confidentiality between 2 user accounts.
1. Log on to the Windows 2003 server as Administrator.
2. Open My Computer, and then double-click on the D: drive.This should be the drive that was converted from FAT to NTFS in task 1
3. Create a new folder called Confidentiality.
4. Double-click the Confidentiality folder and create a new folder called User1Folder.
5. To secure this folder from other users, right-click User1Folder.
6. Click [Properties] to open the User1Folder Properties window.
7. Click the [Security] tab, as seen in Figure 2.3. Note: if the drive was not formatted with NTFS the Security tab will be unavailable

8. Click on the Advanced Button, you will receive a windows

9. Uncheck the box “Allow inheritable permissions from
parent to propagate to this object”.
10. You will receive the message shown below

11. Click [Copy] to retain the permissions.
12. Click [Add] and the Select Users, Computers, or Groups window will pop up.
13. Type User1 and then click [Checks Names].

14. Click [OK].
15. In the Permission Entry windows, click the Allow Full Control box and then click [OK].
16. Remove the other username except Administrator, System and User1 by clicking the username and click the [Remove] button.

17. Click OK.
18. Double-click User1Folder.and you should see the content of the folder
19. Close all windows and log off.
20. Log on as User2 and navigate to the User1Folder, can we open it?
21. Close all windows and log off.


Data Availibility
Although it is important that data remains secure and confidential, it is just as important that the data is available when needed. Secured data that is inaccessible is considered downtime and detrimental to a business and its ability to serve customers. Technologies such as clustering and load balancing can help, but if NTFS permissions are assigned inappropriately, these features will not help.
Log on to the Windows 2003 server as Administrator.
1. Open My Computer and then double-click on the D drive.
2. Create a new folder called Availability.
3. Double-click the Availability folder and create the folder User2Folder.
4. Right-click on User2Folder.
5. Follow step 6 to 20 in the previous task to secure the folder so that only User2 can access it.
6. Log on as User2 and verify that you have access to d:\Availability\User2Folder.
7. Close all windows and log off.
8. Log on as Administrator and delete the User2 account from the local security database.
9. Create a new user, also named User2, then log off.
10. Logon as User2 and try to access the d:\Availability\User2Folder. Access should be denied.
11. Log off User2.
12. Log on as Administrator.
13. Check the Security properties of the d:\Availability\User2Folder. Notice the account is no longer listed, but the old SID is.

14. We should be denied access. The data is no longer available to User2.
15. To verify this, log on as User2 and try to open the User2Folder.We will be denied access.
16. Close all windows and log off.


Data Integrity
Once data is secured properly and available to the appropriate people, it is important to make sure that the contents of the data have not been altered accidentally or intentionally. Malicious corruption is a problem, and can be done by a virus, worm, or hacker. Accidental changes, however, can also damage data
integrity. For example, Windows 2003 file synchronization capabilities could easily lead to accidental corruption. Changes made to data that conflict with other changes to the same data can damage data integrity just as much as a hacker can.
1. Log on to the Windows 2003 server as User1.
2. Open My Computer, and then double-click the D drive.
3. Create a new folder called Integrity.
4. Double-click the Integrity folder and create a new folder called User1Folder.
5. Double-click the User1Folder folder.
6. Create a new Text document and edit the contents to say:“This document has not been modified accidentally or intentionally”.
7. Save the file as New Text Document and close the document.
8. Log off User1.
9. Log on as User2.
10. Navigate to the d:\integrity\User1Folder and remove the word “not” from the New Text Document. Because we did not assign permissions to d:\integrity\User1Folder, we can modify the contents of the file.
11. Close the file and save the changes.
12. Log off User2.

Hmmm... then lepas nie kene la wat review question cam biaser... uhuksss...

alhamdulillah

"Always put yourself in others' shoes. If you feel that it hurts you, it probably hurts the person too.."

0 komplen:

Post a Comment

Related Posts with Thumbnails