You are on page 1of 8

CTSC 2120 Network Security Fundamentals

Lab 1 Policies/Auditing/Privacy
Policies
Review the Eastern Florida State College Technical/Internet Ethics &
Acceptable Use Policy at this link
(http://www.easternflorida.edu/administration-departments/it/internet-ethicsand-use-policy.cfm). Specifically the Policy Monitoring and Passwords
section:
a. Does EFSC guarantee privacy when utilizing their systems? Explain.
No EFSC does not guarantee privacy when using email or Internet
communications
b. Does the policy explain if any form of filtering is done on the EFSC
network? The policy doesnt mention any form of filtering in it.
c. Is the use of the system a right or a privilege? The use of the system is
a privilege, because if you violate the terms of use they reserve the
right to revoke access to the system.
d. How does this policy protect EFSC? EFSC is not responsible for the
actions of the user.
Auditing
Research and explain how an organization can audit access to a specific
folder in a Windows Active Directory environment. The name of the folder
and the server are not relevant. Provide an overview of how this is done. I
do not need commands or screen shots or step by step instructions. Hint: It
takes several steps. This is done through Group Policy you can go and set
local policy.

Privacy - Cookies
Review this article: http://kb.wisc.edu/page.php?id=936 and answer the
following questions
a. How can cookies affect your privacy when you browse the internet?
When you visit some sites, the server gives you a cookie that acts as
your id card. Upon each return visit to that site, your browser passes
that cookie back to the server. In this way, a Web server can gather
information about which Web pages are viewed the most, and which
pages you going back to the most.
b. Clear the cookies on your PC. Access a site of one site of your
choosing. Provide the following information:
Lab 1 CTSC 2120 Summer 2015 r1.0
1

i. Site visited:reddit.com
ii. Number of cookies dropped: 68
c. Open one of the cookies using notepad or a text editor and comment
on what you discover. That a cookie holds a lot more info about my
browser than I realized.
d. Explain any possible security issues with cookies. If you packet sniff
you can intercepts traffic between a computer and the Internet and
use a log in cookie you can use it to simulate the same session
elsewhere by manually setting the cookie.
Privacy - Browser
1. What is the name and version of browser that you are using? Google Chrome
Version 47.0.2526.111 m
2. Describe three settings which enhance the protection of your browser.
To make the necessary changes in the Content settings window, you will need to
scroll down in order to access the other options.
1. If you want to restrict cookies from being stored on your browser and using
the collected information about your browsing habits, use the available
options. Another option in that area is to disable JavaScript, a vulnerability
issue exploited by hackers over the years.

2. You can control the behavior of your browser plug-ins, you can block pop-ups
from disturbing your browsing session and you can stop a website from
tracking your physical location.

3. If you continue scrolling down to the bottom of the Content settings window,
you will find the option to block websites from using a plug-in to access your
computer.
3. Newer browsers offer private browser capability. Research and explain how
this function works.
Private browsing is a privacy feature in some web browsers to disable
browsing history and the web cache. This allows a person to browse the Web
without storing local data that could be retrieved at a later date.
4.

Read the following article and explain how it relates to question 3 above:

http://arstechnica.com/security/news/2010/08/private-browsing-not-soprivate.ars
Lab 1 CTSC 2120 Summer 2015 r1.0
2

Lab 1 CTSC 2120 Summer 2015 r1.0


3

EFSC Technology Use Policy


Downloaded August 2nd, 2013
EFSC Responsibility and Liability
The college has no control over the information accessed through the Internet and
is not responsible for the Internet's content. The Internet is an uncontrolled
information resource with a highly diverse user population and should be used with
discretion and in compliance with this Technology and Internet Ethics and
Acceptable Use Policy (AUP). The college may deny use of its information
technology to persons under the age of 15.
Adherence to other Policies and Procedures
Successful participation in the use of the Internet and information technologies
requires that its users regard it as a shared resource and that they conduct
themselves in a responsible, ethical, and legal manner while using the network. Any
use of Eastern Florida State College information technology for illegal,
inappropriate, or obscene purposes, or in support of such activities, is prohibited.
Engagement in such prohibited activities may result in suspension, termination or
revocation of access to information technology, internet privileges, user account, or
other sanctions as deemed appropriate.
Users must not utilize computing resources to gain unauthorized access to remote
computers or networks to impair or damage the operations of Eastern Florida State
Colleges computers, networks, terminals or peripherals. This includes but is not
limited to blocking communication lines, intercepting or sniffing communications,
and running, installing, or sharing virus programs. Deliberate attempts to
circumvent data protection or other security measures is prohibited and may be
subject to other penalties and disciplinary action as set forth herein or within any
other college policies or procedures.
The college recognizes that defining immoral or unethical uses of the Internet is
highly subjective. The college also recognizes that EFSC students may access sites
as listed below in pursuit of academic projects. In such cases where use of
information technology is questionable, the college may review such cases to
determine compliance with this AUP.
Examples of illegal, immoral, or unethical uses of the college Internet computers
include, but are not limited to:

Deliberately using or accessing materials that are profane, offensive, or obscene


to the reasonably prudent person

Using inflammatory or derogatory language

Lab 1 CTSC 2120 Summer 2015 r1.0


4

Libeling or slandering remarks

Any actions used to breach network or account security

Any actions that place secure data at risk (i.e. FERPA and/or HIPPA violations)

Activities connected with any attempt to overthrow the government of the


United States

Any actions that can be interpreted as sexual harassment or that contribute to a


hostile work environment

Any actions of malicious intent

Violating the conditions of the State of Florida Education Code dealing with
student's rights or privacy

Reposting or otherwise disseminating personal communications without the


author's consent

Other actions that are not in accordance with The Code of Ethics and Principles
of Professional Conduct of the Education Profession of Florida

Any student, faculty, staff, or community user who improperly utilizes or accesses
EFSCS information technology (hardware and or software) and in the course of
improper access or utilization causes any damage, loss of service or interruption of
services due to willful or negligent behavior, may be liable for all direct and
consequential damages resulting from such willful or negligent misuse.
Additionally, all students, faculty, staff, and community users must comply with
federal and state laws, college rules and policies, and the terms of applicable
contracts including software licenses while using the colleges information
technology resources. Examples of applicable laws, rules and policies include the
laws of libel, privacy, copyright, trademark, Florida Computer Crimes Act, the
Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, all
other international, federal, state and local laws, including the Florida State Board of
Education Rules for Community Colleges, and the colleges sexual harassment
policy and student code of conduct. Users who engage in electronic
communications with persons in other states or countries or on other systems or
networks may also be subject to the laws of those jurisdictions and the rules and
policies of those other systems and networks.
Any student, faculty, staff, or community user utilizing the printing function of any
standalone or networked computer must comply with all departmental policies and
procedures regarding such printing function. This includes, but may not be limited
to, all limitations on the number of pages printed and or payment for the cost of
such printing.
Lab 1 CTSC 2120 Summer 2015 r1.0
5

Copyright
Current technology easily allows users to duplicate and distribute copyrighted video
images, audio recordings and other digital materials. The receipt of, possession of,
or distribution of copyrighted material without the permission of the copyright
holder is prohibited and is in violation of the laws of the United States (Title 17, U.S.
Code). Violators of copyright law could be subject to felony charges in state or
federal court, and may also be sued by the copyright holder in civil court.
Additionally, such improper use may be a violation of the EFSCs student code of
conduct and may amount to actionable plagiarism. U.S. Copyright Act (Title 17,
U.S.C.101-810) prohibits the unauthorized reproduction or distribution of
copyrighted materials, except as permitted by the principles of "fair use. Users are
responsible for any consequences of copyright infringement and the college
disclaims any liability or responsibility resulting from such use.
All software loaded on campus computers must be licensed by the college. Faculty,
staff, students, and community users are prohibited from downloading software to
individual campus computers or servers; if found, unlicensed software will be
removed, and access to campus computing resources may be suspended and/or
terminated.
The Digital Millennium Copyright Act of 1998 requires the college to file with the
Copyright Office a designation of an agent to receive notifications of claimed
infringement. The colleges agent is listed at http://www.copyright.gov/onlinesp/list.
E-mail
For purposes of this document, e-mail and Titan e-mail includes point-to-point
messages, listserves, and any electronic messaging involving computers and
computer networks. EFSC Titan e-mail is the official email account for students.
Students are responsible for accessing their Titan e-mail accounts and retrieving all
communications sent to the students from the college.
The college has adopted Titan e-mail protocol and procedures which are routinely
outlined in student publications. The use of the EFSC provided Course Management
Systems (i.e. BlackBoard) communication tools, also requires adherence to all
protocols and procedures for the use of Imail. Organizational e-mail accounts,
including those used by student organizations, are held to the same standards as
those for individual use by other students, faculty, or staff. E-mail is also generally
subject to the Florida Public Records Law to the same extent as it would be on
paper.
Examples of inappropriate and unacceptable uses of e-mail and Imail may include
but are not limited to:

Lab 1 CTSC 2120 Summer 2015 r1.0


6

Chain mail that misuses or disrupts resources - e-mail sent repeatedly from
user to user, with requests to send to others

Abusive, threatening, obscene, pornographic, harassing, or hate-mail

Willful introduction of virus or virus hoaxes

Spamming or junk mail or other disseminations that may fail to otherwise


accurately identify the sender

Any use of web-based communication tools that otherwise violates the


Federal Educational Right to Privacy Act (FERPA)

Personal or Commercial Use


College provided informational resources are not to be used by anyone for
commercial purposes or for personal financial or other gain. Occasional personal
use of college information technology resources for other purposes is permitted
when it does not consume a significant amount of those resources, does not
interfere with the performance of the faculty or staffs job, and is otherwise in
compliance with this policy. Further limits may be imposed upon personal use in
accordance with normal supervisory procedures concerning the use of college
equipment.
Policy Monitoring and Passwords
In the interest of protecting free speech and privacy regarding academic freedom
and responsibility, the college does not routinely monitor an individual's use of the
colleges information technologies. However, the college employs various measures
to protect the security of its information technology resources and its users
accounts. Users should be aware that the college does not provide security and
confidentiality when using its computer technology. Users should therefore engage
in "safe computing" practices by establishing appropriate access restrictions for
their accounts, guarding their passwords and routinely changing all passwords. The
normal operation and maintenance of the colleges computing resources require the
backup and caching of data and monitoring usage patterns. The college may also
monitor the activity and accounts of specific users in the event of a complaint
relating to this policy or possible security breach.
Access to certain college systems requires the use of usernames and passwords.
Many of these systems require the user to periodically change passwords.
Security of student and financial records on EFSC systems is a highly regulated
environment. All users must adhere to the following rules to maintain the security of
records and to ensure an accurate audit trail:

Lab 1 CTSC 2120 Summer 2015 r1.0


7

Never provide your username, B number, and password to another user. By


doing so, the audit trail is broken, and you may be held accountable for
actions in the system you did not perform. If someone has forgotten their
username, B number, and/or password, contact the campus Help Desk. If you
dont have an account and need access, contact your supervisor. Users
allowing other faculty and staff to use their username, B number, and
password will have their access removed.

Never leave written evidence of your username, B number, and password


around the office or workspace.

Technology and Internet Ethics Policy Implementation


Technology and Internet ethics and acceptable use policies and procedures will be
implemented as follows:

A full version of the Technology and Internet Ethics and Acceptable Use Policy
and procedures will be placed in the Eastern Florida State College Procedures
Manual. A copy of this manual is available on the colleges intranet.

An abbreviated version of the Technology and Internet Ethics and Acceptable


Use Policy will be placed in the faculty and student handbooks. A notice will
also be placed in these handbooks indicating where a complete copy of the
Internet ethics and acceptable use policies and procedures may be obtained.

A complete copy of the Technology and Internet Ethics and Acceptable Use
Procedures will be prominently displayed within the colleges
websitewww.easternflorida.edu.

Lab 1 CTSC 2120 Summer 2015 r1.0


8