Question 1

A university has several academic functions as on organization .The management decides to access the computers in examination cell and the students are not allowed to access any information in the stored on the computers in examination cell suggest a solution in your Operating System state clearly the assumptions that you have made.

Expectations
y

State some of the vulnerabilities in the operating system which can be exploited remotely. Clearly design a network of university for which you have to implemen t the solution. Develop a policy of how machines should be allowed the access to the examination cell computers which are to be safeguarded. State the role of system administrators in this process. Give IPTABLES for the network you have thought. What more changes would you do on the machines to make them secure

y y

y y

Solution

There are several ways in which an intruder can attack password -protected systems. when and how. where. special . distributed and updated in such an avalanche so. Most users think that security procedures are a joke and so. weak password schemes that do not provide minimal user authentication enable knowledgeable people to easily break down many security mechanisms. management evaluates their performance by how availa ble. The most common form of attack is password guessing. namely. open. 2) Protecting network information is difficult today. 5) Vendors often highlight security features.Vulnerabilities in the operating system 1) Computer crime attacks are continuing to grow in seriousness. 6) Passwords are a weak form of protection for many reasons. the human user. One major reason is that passwords depend on the weakest link in the computer and network security chain. username. These facts suggest that network security is a contradiction in terms for many organizations. transparent and unrestrictive their network is. For instance. vendors often consider security secondary to more "productive" network aspects. they choose the name of family members or friends. Information is being produced. The reality of network information security is that in too many instances we do not know who is doing what. network administrators often understand that while security is an important part of their job. 3) Network security is weak and sometimes even nonexistent for several reasons. next. which open up your files to anyone using another com puter in the group. 4) Peer-to-Peer networking systems (both Windows and Macintosh AppleTalk) for Workgroups allow people on the network to share files and printers. In addition. massaged. People often choose their own name. or some variant as their password. pets. However. that it appears that it is done in old days without sufficient control. review or administration . telephone number. they do not pay sufficient attention to wisely choosing passwords nor protecting them.

theft.g. or some variant. power outages). Moreover the network in a lab is of LAN type Peer to Peer among different computer of lab and data transfer is allowed only with the permission of administrator. a known security weakness waiting to be exploited. Others are risks that we would face even if you weren't connected to the Internet (e. read and analyze all the messages on a segment. but do not strictly limit the capabilities of that account. An attacker find this information by t he Finger utility. The bad news is that we probably cannot plan for every possible risk.TXT and PROJECT. . Sniffing type programs can record. Every message sent out by any computer on an Ethernet LAN segment reaches all parts of that segment and potentially could be read by any computer on the segment. we provide access to only those files to be able to see from one lab to another which is allowed by administrator(shown by ). one item of information that an attacker cannot do without. Many individual's WWW pages supply even more personal information. may have an option in their configuration which allow other computers to get into your computer and have access to your files wh ile the program is running. They can also change the information and forge totally different messages. such as FTP program which allows you to get files from and send files to another computer. 8) Some applications. rather than as a necessity. hard disk failures. Finger listings also display the users' real name.e. displays the status of all currently active users complete with username. of network and also different lab is connected among each other with password protected layer i.P. This is particularly true during the current down sizing movement. as well as information about the last login. Many systems even supply a GUEST account with no password. The good news is that you can plan to take some simple steps to reduce the chance that we'll be affected by the most common threats -. t he PLAN.and some of those steps help with both the intentional and accidental risks we're likely to face.TXT files often supply additional personal information with which an intruder can launch a password guessing attack. 10) Some security risks arise from the possibility of intentional misuse of our computer by intruders via the Internet. Actually others can read your password and subsequently login to any account. There is a central examination cell which is act as server from which paper transfer to the different labs of university which is connected with the server. 9) The primary weakness with Ethernet is that it is a broadcast system . We want to design a network which is local to college by using class A of I. 7) Managers can also weaken security by regarding it as a cost.interests.

simplified sharing is turned on. By default. You can set permissions only on drives that are formatted to use NTFS. view. Simple file sharing is turned on. Read & Execute .policy design for allow accessing in Lab for examination which made able to conduct test safely Permissions for files and folders Folder permissions include Full Control. By default. you may be experiencing the following issues : y The file or folder where you want to apply special permissions is not on an NTFS drive. Each of these permissions consists of a logical group of special permissions that are listed and defined in the following sections. these permissions are . simplified sharing is enabled in Windows XP if you are not connected to a domain. List Folder Contents. and Write. Note This article assumes that we are using Windows XP on a domain. Read. If you are not joined to a domain and want to view the Security tab. Troubleshooting If the Security tab is not available and you cannot configure special permissions f or users and groups. view the Set. This means that the Security tab and advanced options for permissions are not available. or remove special permissions for files and folders section in this article. Modify. y Note : -Although the List Folder Contents and the Read & Execute folder permissions appear to have the same special permissions. change.

The Read Data permission applies only to files and allows or denies the user from viewing data in files. the Everyone group does not include the Anonymous Logon group. Traverse Folder/Execute File For folders : The Traverse Folder permission applies only to folde rs. Special permissions defined You can set any or all the following special permissions on files and folders. This permission is not affected if the folder that you are setting the permission on is listed in the folder list. By default. List Folder/Read Data The List Folder permission allows or denies the user f rom viewing file names and subfolder names in the folder. For files : The Execute File permission allows or denies ac cess to program files that are running. . The Bypass Traverse Checking user right checks user rights in the Group Policy snap -in.inherited differently. the Everyone group is given the Bypass Traverse Checking user right. If you set the Traverse Folder permission on a folder. List Folder Contents is inherited by folders but not files and it only appears when you view folder permissions. Note In Windows XP Professional. The List Folder permission applies only to folders and affects only the contents of that folder. Read & Execute is inherited by both files and folders and is always present when you view file or folder permissions. the Execute File permission is not automatically set on all files in that folder. This permission allows or denies the user from moving through folders to reach other files or folders. Traverse Folder takes effect only when the group or user is not granted the Bypass Traverse Checking user right. even if the user has no permissions for the traversed folders.

such as read-only or hidden. Extended attributes are defined by programs and they may vary by program. Write Attributes The Write Attributes permission allows or denies the user from changing the attributes of a file or folder. Read Extended Attributes The Read Extended Attributes permission allows or denies the user from viewing the extended attributes of a file or folder. Create Folders/Append Data The Create Folders permission applies only to folders and allows or denies the user from creating folders in the folder. The Append Data permission applies only to files and allows or denies the user from making changes to the end of the file but not from changing. The Write Attributes permission does not imply that you can create or delete files . deleting. Create Files/Write Data The Create Files permission applies only to folders and allows or denies the user from creating files in the folder. or overwriting existing data . The Write Data permission applies only to files and allows or denies the user from making changes to the file and overwriting existing content by NTFS. Attributes are defined by NTFS. such as rea d-only and hidden attributes.Read Attributes The Read Attributes permission allows or denies the user from viewing the attributes of a file or folder. Attributes are defined by NTFS.

it includes only the permission to make changes to the attributes of a file or folder. there is Create Files/Write Data .or folders. It includes only the permission to make changes to the attributes of a file or folder. Create Folders/Append Data . Performing routine audits of systems and software. and Delete attributes . y t. To allow or to deny create or delete operations. Performing backups. removing. resetting passwords etc. Installing and configuring new hardware and software. Applying operating system update s. Delete Subfolders and Files . Role of system administrator A system administrator's responsibilities might include: - 1) 2) 3) 4) 5) 6) 7) 8) Analyzing system logs and identifying potential issues with computer systems. and configuration changes. patches. Adding. Changes on machine to make it secure 1) 2) 3) 4) Use a switched network: Bridges and Routers: LAN Security Architecture (LSA): Consult your system support personnel if you work from home . Answering technical queries. or updating user account information. Extended attributes are defined by programs and may vary by program. Introducing and integrating new technologies into existing data center environments. Write Extended Attributes The Write Extended Attributes permission allows or denies the user from changing the extended attributes of a file or folder. The Write Extended Attributes permission does not imply that the user can create or delete files or folders.

. 5) Use virus protection software 6) Use a firewall 7) Don't open unknown email attachments Don't run programs of unknown origin 8) Disable hidden filename extensions 10) Keep all applications. and ActiveX if possible 13) Disable scripting features in email programs 14) Make regular backups of critical data and a boot disk in case our computer is damaged or compromised . including your operating system. patched 11)Turn off your computer or disconnect from the network when not in use 12) Disable Java. JavaScript.

Sign up to vote on this title
UsefulNot useful