BULE HORA UNIVERSITY

COLLAGE OF INFORMATICS

DEPARTEMENT OF INFORMATION
TECHNOLOGY

BSC COMPLETION FINAL PROJECT

TITLE: -ON-LINE EXAMINATION SYSTEM FOR BHU DEPARTMENT

OF INFORMATION TECHNOLOGY (IT)

By
1. Samuel Fikadu..................................................0645/09
2. Tareka Gutema..................................................0656/09
3. Ambisa Turuneh.................................................0614/09
4. Meseret Hirkisa…………………………………0638/09
5. Yonas Kebeda………………………………….0658/09

SUBMITTED TO MR: BERMURA Y.

1|Page
1. Explain Group Policy In Detail Using Different Example?

Group Policy is a hierarchical infrastructure that allows a network administrator in charge of

Microsoft's Active Directory to implement specific configurations for users and computers.
Group Policy is primarily a security tool, and can be used to apply security settings to users
and computers. Group Policy allows administrators to define security policies for users and
for computers. These policies, which are collectively referred to as Group Policy Objects
(GPOs), are based on a collection of individual Group Policy settings. Group Policy objects
are administered from a central interface called the Group Policy Management Console.
Group Policy can also be managed with command line interface tools such as result and
update.

The Group Policy hierarchy

Group Policy objects are applied in a hierarchical manner, and often multiple Group Policy
objects are combined together to form the effective policy. Local Group Policy objects are
applied first, followed by site level, domain level, and organizational unit level Group Policy
objects.

Group Policy extensibility

The native collection of Group Policy settings pertain exclusively to the Windows operating
system. An administrator might for instance use these native Group Policy settings to enforce a
minimum password length, hide the Windows Control Panel from users, or force the installation
of security patches. However, Group Policy is designed to be extensible through the use
of administrative templates. These administrative templates allow various applications to be
configured through Group Policy settings. One of the best known examples of this is the
collection of administrative templates for Microsoft Office.

Administrative templates consist of two components. An ADMX file is the XML file containing
all of the Group Policy settings that are associated with the template. A corresponding ADML

2|Page
file acts as a language file that allows the Group Policy settings to be displayed in the
administrator’s language of choice. 

Local vs. centralized Group Policy

Group Policy objects can be applied locally to a Windows computer through its own operating
system, or Group Policy objects can be applied through Active Directory. Local group policies
allow security settings to be applied to either standalone computers or computers managed by
a domain controller, but these policy settings cannot be centrally managed. Conversely, Active
Directory based Group Policy objects can be centrally managed, but they are only implemented
if a user is logging in from a computer joined to the domain.

Many organizations use a combination of local and Active Directory Group Policy objects. The
local policy settings provide security when the user is not logged into a domain, while Active
Directory Group Policy objects apply once the user has logged in.

Examples of group policies

1. configuring operating system security

 Operating system security (OS security) is the process of ensuring OS integrity,
confidentiality and availability. OS security refers to specified steps or measures used
to protect the OS from threats, viruses, worms, malware or remote hacker
2. Adding Firewall Rules
 If System Recovery Monitor or System Recovery console is remotely used, you need to
configure the firewall exceptions. If System Recovery is locally used, you do not need to
configure the firewall exceptions. 
3. Managing Applications Like Microsoft Office Or A Browser.

Application management (AM):- is an enterprise wide IT governance approach geared toward

providing an optimal application performance benchmark for organizations while incorporating
business and IT segments, each with diverse AM objectives.

Key AM stakeholders are:

 Application owners: Key business executive personnel that view AM in terms of

business productivity, revenue and control.
 Application developers/managers: Key IT enterprise personnel responsible for
application development, deployment and maintenance.
 Application users: For this group, AM is measured according to security, privacy,
versioning and overall control of application processes and modules.

3|Page
AM processes include Application Lifecycle Management (ALM), Application Portfolio
Management (APM) and Application Performance Management (AP

Group Policies also install software and run startup and login scripts

Important Group Policy Settings to Prevent Breaches

Here is the list of top 10 Group Policy Settings:
1. Moderating Access to Control Panel
2. Prevent Windows from Storing LAN Manager Hash
3. Control Access to Command Prompt
4. Disable Forced System Restarts
5. Disallow Removable Media Drives, DVDs, CDs, and Floppy Drives
6. Restrict Software Installations
7. Disable Guest Account
8. Set Minimum Password Length to Higher Limits
9. Set Maximum Password Age to Lower Limits
10. Disable Anonymous SID Enumeration

1. Moderating Access to Control Panel

Setting limits on a computers’ Control Panel creates a safer business environment. Through
Control Panel, you can control all aspects of your computer. So, by moderating who has access
to the computer, you can keep data and other resources safe.

2. Prevent Windows from Storing LAN Manager Hash

Windows generates and stores user account passwords in “hashes.” Windows generates both a
LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of passwords. It stores them
in the local Security Accounts Manager (SAM) database or Active Directory.
The LM hash is weak and prone to hacking. Therefore, you should prevent Windows from
storing an LM hash of your passwords.
Figure 2: Configuring policy to not store LAN Manager hash value policy

3. Control Access to Command Prompt

4|Page
Command Prompts can be used to run commands that give high-level access to users and evade
other restrictions on the system. So, to ensure system resources’ security, it’s wise to disable
Command Prompt.
After you have disabled Command Prompt and someone tries to open a command window, the
system will display a message stating that some settings are preventing this action.

4. Disable Forced System Restarts

Forced system restarts are common. For example, you may face a situation where you were
working on your computer and Windows displays a message stating that your system needs to
restart because of a security update.
In many cases, if you fail to notice the message or take some time to respond, the computer
restarts automatically, and you lose important, unsaved work.
Figure 4: No system auto-restart with logged on users

5. Disallow Removable Media Drives, DVDs, CDs, and Floppy Drives

Removable media drives are very prone to infection, and they may also contain a virus or
malware. If a user plugs an infected drive to a network computer, it can affect the entire network.
Similarly, DVDs, CDs and Floppy Drives are prone to infection.
It is therefore best to disable all these drives entirely.
6. Restrict Software Installations
When you give users the freedom to install software, they may install unwanted apps that
compromise your system. System admins will usually have to routinely do maintenance and
cleaning of such systems.
7. Disable Guest Account
Through a Guest Account, users can get access to sensitive data. Such accounts grant access to a
Windows computer and do not require a password. Enabling this account means anyone can
misuse and abuse access to your systems.
Thankfully, these accounts are disabled by default. It’s best to check that this is the case in your
IT environment as, if this account is enabled in your domain, disabling it will prevent people
from abusing access:

8. Set Minimum Password Length to Higher Limits

Set the minimum password length to higher limits. For example, for elevated accounts,
passwords should be set to at least 15 characters, and for regular accounts at least 12 characters.

5|Page
Setting a lower value for minimum password length creates unnecessary risk. The default setting
is “zero” characters, so you will have to specify a number:

9. Set Maximum Password Age to Lower Limits

If you set the password expiration age to a lengthy period of time, users will not have to change
it very frequently, which means it’s more likely a password could get stolen. Shorter password
expiration periods are always preferred.
Windows’ default maximum password age is set to 42 days.

10. Disable Anonymous SID Enumeration

Active Directory assigns a unique number to all security objects in Active Directory; including
Users, Groups and others, called Security Identifiers (SID) numbers. In older Windows versions,
users could query the SIDs to identify important users and groups. This provision can be
exploited by hackers to get unauthorized access to data.

If you get these Group Policy settings correct, your organization’s security will automatically be
in a better state. Please make sure to apply the modified Group Policy Object to everyone and
update the Group Policies to reflect them on all domain controllers in your environment.

2. Discuss Reverse Lookup Zone and Forward Lookup Zone

 Domain Name System (DNS) is a naming system that is used by any resource
connected to internet.
 DNS translates domain names, which are more meaningful to humans, in to IP
addresses associated with internet resources to locate them throughout the world.
Each time an IP address is used, the DNS translates the name in to the corresponding
IP address. Forward lookup zone holds host name to IP address relations.
 When a computer requests an IP address for a specific host name, the forward
lookup zone is queried to get the result. On the other hand, Reverse lookup zone
contains the IP address to host name mapping. When a computer requests a host
name for a specific IP address, the reverse lookup zone is queried to get the answer.

What is forward lookup zone?

6|Page
  Forward lookup zone contains a mapping between host names and IP addresses.
When a computer requests an IP address by providing a host name (that is more user
friendly), the forward lookup zone is queried to find the IP address for the given host
name.
 For example, when you type www.cnn.com in your browser, the forward lookup
zone will be queried and the IP address 157.166.255.19 will be returned, which is
actually the IP address of that site.
 When a forward lookup is sent to the DNS server, the DNS server searches for an A
type resource record associated with the host name provided by the request. An A
type resource is a DNS record that can be used to point the domain name and host
names to a static IP address.
 If the DNS server finds a matching A type resource record, it will return that to the
client, else it will forward the query to another DNS server.

What is reverse lookup zone?

 Reverse lookup zone contains a mapping that relates IP addresses to host names.
When a computer requests for a domain name by providing an IP address, the reverse
lookup zone is queried to find the host name for the IP address given.
 For example, if a client wants to find the host name for the IP address
157.166.255.19, the reverse lookup zone will be queried and it will return the host
name www.cnn.com. The reverse lookup zone contains PTR resource records.
 A PTR record allows doing a reverse lookup by pointing the IP address to a
host/domain name. When doing reverse lookups, these PTR records are used to point
to A resource records.

What is the difference between Reverse Lookup Zone and Forward Lookup
Zone?

7|Page
  The main difference between forward lookup zone and reverse lookup zone is that
forward lookup zone is used to resolve forward lookup queries where the client requests
an IP address by providing the host name, while reverse lookup zone is used for resolving
reverse lookup queries where a client requests a host name by providing an IP address.
 The forward lookup zone contains A type resource records that can point out an IP
address for a given host name. The reverse lookup zone contains PTR records that can
point out a host name for a given IP address.

3.Discuss DHCP server in detail

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically
provides an Internet Protocol (IP) host with its IP address and other related configuration
information such as the subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as
an Internet Engineering Task Force (IETF) standard based on Bootstrap Protocol (BOOTP), a
protocol with which DHCP shares many implementation details. DHCP allows hosts to obtain
required TCP/IP configuration information from a DHCP server.

Windows Server 2016 includes DHCP Server, which is an optional networking server role that
you can deploy on your network to lease IP addresses and other information to DHCP clients.
All Windows-based client operating systems include the DHCP client as part of TCP/IP, and
DHCP client is enabled by default.

Why use DHCP?

Every device on a TCP/IP-based network must have a unique unicast IP address to access the
network and its resources. Without DHCP, IP addresses for new computers or computers that are
moved from one subnet to another must be configured manually; IP addresses for computers that
are removed from the network must be manually reclaimed.

With DHCP, this entire process is automated and managed centrally. The DHCP server
maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts
up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently
assigned), addresses no longer in use are automatically returned to the pool for reallocation.

The network administrator establishes DHCP servers that maintain TCP/IP configuration
information and provide address configuration to DHCP-enabled clients in the form of a lease
offer. The DHCP server stores the configuration information in a database that includes:

 Valid TCP/IP configuration parameters for all clients on the network.

 Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded
addresses.

8|Page
  Reserved IP addresses associated with particular DHCP clients. This allows consistent
assignment of a single IP address to a single DHCP client.
 The lease duration, or the length of time for which the IP address can be used before a
lease renewal is required.

A DHCP-enabled client, upon accepting a lease offer, receives:

 A valid IP address for the subnet to which it is connecting.

 Requested DHCP options, which are additional parameters that a DHCP server is
configured to assign to clients. Some examples of DHCP options are Router (default
gateway), DNS Servers, and DNS Domain Name.

Benefits of DHCP

DHCP provides the following benefits.

 Reliable IP address configuration. DHCP minimizes configuration errors caused

by manual IP address configuration, such as typographical errors, or address
conflicts caused by the assignment of an IP address to more than one computer at
the same time.
 Reduced network administration. DHCP includes the following features to
reduce network administration:

 Centralized and automated TCP/IP configuration.

 The ability to define TCP/IP configurations from a central location.
 The ability to assign a full range of additional TCP/IP configuration values by
means of DHCP options.
 The efficient handling of IP address changes for clients that must be updated
frequently, such as those for portable devices that move to different locations on a
wireless network.
 The forwarding of initial DHCP messages by using a DHCP relay agent, which
eliminates the need for a DHCP server on every subnet.

4. What is proxy server? list down example of free proxy server

and explain the way how they are working?
A proxy server is an intermediary server that retrieves data from an Internet source, such as a
webpage, on behalf of a user. They act as additional data security boundaries protecting users
from malicious activity on the internet.

9|Page
Proxy servers have many different uses, depending on their configuration and type. Common
uses include facilitating anonymous Internet browsing, bypassing geo-blocking, and regulating
web requests.

Like any device connected over the Internet, proxies have associated cybersecurity risks that
users should consider before use.

Examples of proxy server

1. Privacy: proxy server can be used by a web browser or network in order to enhance
privacy

2. Encryption: proxy server that implement encryption such as SSL for web site.

3. Compression: a proxy server that compresses responses from a server to reduce

network bandwidth and improve performance.

4. Security: in many cases proxy severs are security front ends that protect webservers
from certain types of information security threats.

5. Load balancing: proxies can be used to implement load balancing whereby

workloads can be shared between two more servers.

6. Caching: proxies that cache static content or web sites such as videos, images, scripts
and html.

7. Content delivering network: a content delivering network is an advanced type of

cache that serves content from data centers closest to the user.

8. Filtering: proxies can be used to prevent users from connecting to web sites or other
service based on a configurable police.

9. Logging: a proxy can be used to record network traffic for audit trail or motives such as
eavesdropping.

10. Performance: proxy can be designed to speed up network service such as DNS queries
used by web browsers to look up the IP address of web site.

10 | P a g e
How Does a Proxy Server Work?
Proxy servers work by facilitating web requests and responses between a user and web server.

Typically, a user accesses a website by sending a direct request to its web server from a web
browser via their IP address. The web server then sends a response containing the website data
directly back to the user. 

A proxy server acts as an intermediary between the user and the web server. Proxy servers use a
different IP address on behalf of the user, concealing the user's real address from web servers. 

A standard proxy server configuration works as follows:

1. A user enters a website's URL into their browser.

2. The proxy server receives the user's request.
3. The proxy server forwards the request to the web server.
4. The web server sends a response (website data) back to the proxy server.
5. The proxy server forwards the response to the user.

11 | P a g e
5.What is a VPN?
A VPN (virtual private network) is a service that creates a safe, encrypted online
connection. Internet users may use a VPN to give themselves more privacy and
anonymity online or circumvent geographic-based blocking and censorship. VPNs
essentially extend a private network across a public network, which should allow a user
to securely send and receive data across the internet.

Typically, a VPN is used over a less secure network, such as the public internet. Internet
service providers (ISPs) normally have a rather large amount of insight into a customer's
activities. In addition, some unsecured Wi-Fi access points (APs) may be a convenient
avenue for attackers to gain access to a user's personal data. An internet user could use a
VPN to avoid these encroachments on privacy.

VPNs can be used to hide a user's browser history, Internet Protocol (IP) address and
geographical location, web activity or devices being used. Anyone on the same network
will not be able to see what a VPN user is doing. This makes VPNs a go-to tool for online
privacy.

12 | P a g e
A VPN uses tunneling protocols to encrypt data at the sending end and decrypts it at the
receiving end. The originating and receiving network addresses are also encrypted to
provide better security for online activities.

VPN apps are often used to protect data transmissions on mobile devices. They can also
be used to visit websites that are restricted by location. Secure access through a mobile
VPN should not be confused with private browsing, however. Private browsing does not
involve encryption; it is simply an optional browser setting that prevents identifiable user
data from being collected.

How do VPNs work?

At its most basic level, VPN tunneling creates a point-to-point connection that cannot be
accessed by unauthorized users. To create the tunnel, a tunneling protocol is used over
existing networks. Different VPNs will use different tunneling protocols, such
as OpenVPN or Secure Socket Tunneling Protocol (SSTP). The tunneling protocol used
may depend on the platform the VPN is being used on, such as SSTP being used on
Windows OS, and will provide data encryption at varying strengths. The endpoint device
needs to be running a VPN client (software application) locally or in the cloud. The client
will run in the background. The VPN client is not noticeable to the end user unless it
creates performance issues.

By using a VPN tunnel, a user's device will connect to another network, hiding its IP
address and encrypting the data. This is what will hide private information from attackers
or others hoping to gain access to an individual's activities. The tunnel will connect a
user's device to an exit node in another distant location, which makes it seem like the user
is in another location.

What are VPNs used for?

VPNs are used for virtual privacy by both normal internet users and organizations.
Organizations can use VPNs to make sure outside users that access their data center are
authorized and using encrypted channels. VPNs can also be used to connect to a database
from the same organization located in a different area.

VPNs also can be used to provide remote employees, gig economy freelance workers and
business travelers with access to software applications hosted on proprietary networks.
To gain access to a restricted resource through a VPN, the user must be authorized to use

13 | P a g e
the virtual private network and provide one or more authentication factors. These can be
passwords, security tokens or biometric data.

When surfing the web, an internet user could have information accessed by an attacker,
including browsing habits or IP address. If privacy is a concern, a VPN can provide users
with peace of mind. Encryption, anonymity and the ability to get around geographically
blocked content is what most users find valuable in a VPN.

The ability to get around blocked content from another country, for example, might be
extremely useful for journalists. For example, if a country is likely to block internet
content from foreign entities, journalists could use a VPN to look like they are within that
country.

VPN protocols
VPN protocols ensure an appropriate level of security to connected systems when the
underlying network infrastructure alone cannot provide it. Several different protocols can
be used to secure and encrypt data. They include the following:

 IP Security (IPsec)
 Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
 Point-to-Point Tunneling Protocol (PPTP)
 Layer 2 Tunneling Protocol (L2TP)
 OpenVPN
Benefits and challenges of using a VPN
Benefits of using a VPN include the following:

 the ability to hide a user's IP address and browsing history;

 secure connections with encrypted data;
 bypassing geo-blocked content; and
 making it more difficult for advertisers to target ads to individuals.
The challenges of using a VPN, however, include the following:
 Not all devices may support a VPN.
 VPNs do not protect against every threat.

14 | P a g e
  Paid VPNs are more trusted, secure options.
 A VPN may slow down internet speeds.

VPN Examples

 Health Care Company Intranet Deployment. Here we have a health care company

that’s deploying an intranet. Well, why would they care so much about security?

 Branch Office or Telecommuters. Another example would be branch offices or perhaps

telecommuters. ...

 Traditional Dialup versus Access VPN. To illustrate the savings an Access VPN can

provide, compare the cost of implementing one with that of supporting a dial-up remote

access application.

15 | P a g e
16 | P a g e