Lab 4 - Building
Systems with Assurance
This assignment involves creating a user account in Windows XP
and implementing policies to ensure data confidentiality, data availability,
and data integrity.
Pre-assignment:
- Log on with an administrative
account
- Create a new standard user
with your first initial and last name as the username (e.g. wsummers)
- Create a new folder with your
name as the username
- Explore the systems
Assignment: This assignment allows you to explore the different aspects of
data security including confidentiality of data, availability of data,
integrity of data and data encryption.
- Data Confidentiality - making
sure that only those intended to have access to certain data actually have
that access.
- Log onto the host as
admin.
- Open My Computer and
then double-click on the C: drive.
- Create a new folder
called Confidentiality in your directory
- To secure this folder
from other users, right-click the folder and select Properties
- Click the Security
tab. [this would not be available if the drive was not formatted as NTFS.
- Uncheck the box
"Allow inheritable permissions from parent to propagate this
object"
- Click Copy
to retain the permissions
- Click Add
and Select Users, Computers, or Groups window will pop up.
- Make sure your server
is selected in the Look in drop down box.
- Select your username, and
then click Add.
- Click OK.
- With your username
still highlighted, click the Allow Full Control box.
- Click the name Everyone, then click Remove.
- Click OK.
- Double-click your
folder Confidentiality. Your access should be denied because you only
granted yourself access.
- Close all windows and
log off.
- Log on with your
username account, and navigate to the Confidentiality folder to verify
that your account has access to the folder.
- Close all windows and
log off.
- Data Availability - ensuring
data is available when needed
- Log onto the host as
admin.
- Open My Computer and
then double-click on the C: drive.
- Create a new folder
called Availability in your directory
- To secure this folder
from other users, right-click the folder and select Properties
- Click the Security
tab. [this would not be available if the drive was not formatted as NTFS.
- Uncheck the box
"Allow inheritable permissions from parent to propagate this
object"
- Click Remove
to clear the permissions
- Click Add
and Select Users, Computers, or Groups window will pop up.
- Make sure your server
is selected in the Look in drop down box.
- Select your username, and
then click Add.
- Click OK.
- With your username
still highlighted, click the Allow Full Control box.
- Click OK.
- Close all windows and
log off.
- Log on with your
username account, and navigate to the Availability folder to verify that
your account has access to the folder.
- Close all windows and
log off.
- Log on as admin and
delete your username account.
- Create a new user with
your username, then log off.
- Log onto your username
account, and try to access your folder Availability. Your access should
be denied.
- Log off your username
account.
- Log on as admin
- Check the Security
properties of the Availability folder. Notice the account is no
longer listed, but the old SID is.
- Close all windows and
log off.
- Data Integrity - make sure
that the contents of the data have not been altered accidentally or
intentionally.
- Log onto the host as username.
- Open My Computer and
then double-click on the C: drive.
- Create a new folder
called Integrity in your directory
- Create a new Text
document and edit the contents to say: This document has not been
modified accidentally or intentionally.
- Save the file as myFile and close the document
- Log off as firstname
- Log on as test
(password testing123)
- Edit myFile and remove the word "not" from the
file. Because you did not assign permissions to the folder, you can
modify the contents of the file
- Close all windows and
log off.
- Data Encryption - taking
readable data and making it unreadable
- Log onto the host as
username.
- Open My Computer and
then double-click on the C: drive.
- Create a new folder
called Encryption in your directory
- Create a new Text
document and edit the contents to say: This document is for my
eyes only.
- Save the file as
Secret.txt and close the document
- Right click on the
document and select Properties
- Click the Advanced
button and check the Encrypt contents to secure data box
- Click OK
and Click OK a second time
- Click the radio button
that says Encrypt the file only and Click OK
- Log off as username
- Log on as test
- Try to access the file
Secret.txt. Access should be denied, even though the file permissions are
Everyone, Full Control.
- Close all windows and
log off.
Post-assignment: Answer the following questions
(you may have to refer to the help in Windows and Microsoft websites)-
- What features of NTFS
are not available with FAT partitions?
- A safeguard in Windows
allows administrators to access data even if they have been explicitly
denied. Explain this safeguard.
- A user took a leave of
absence from your company for personal reasons. A junior administrator
deleted the user's account from Active Directory. To fix the problem, the
junior administrator re-created the account. When the user returned to
work, he could not access any of his files. Explain what happened.
- How can data
confidentiality affect data availability?
- An Administrator
restores a folder of files at the request of the owner of the folder. Two
days later the user calls the Help Desk to complain that some data is
missing from files that were updated two weeks ago. What could have
happened?
- In Windows 2000, who
can access encrypted files?
- You have decided to
use NTFS encryption to enhance security on your network of six servers.
Five of the six servers have compressed drives, and a new administrator
says that it would not be a good idea to implement an encryption policy
at this time. Why is or isn't the administrator correct?
- Explain the
differences between data confidentiality, data integrity, and data
availability.
- Describe what you
learned from this lab. Describe any problems you had with this lab.