Scribd Logo
Upload

Welcome to Scribd!

  • Chapter Two

    Uploaded by

    ecclesasates erdachew
    5 views18 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views18 pages

    Chapter Two

    Uploaded by

    ecclesasates erdachew

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    System & Network

    Administration
    Course Code: COSC4036
    Chapter-2
    Account and Security
    Administration, and Access
    Control (DAC, RBAC)
    Account Management: Creating, modifying, and deleting
    user accounts, assigning roles and permissions, managing
    passwords, and enforcing security policies.

    Authentication: Verifying the identity of users attempting to


    access systems or resources.

    Account and Authorization: Determining what users are allowed to do


    once authenticated.

    Security Auditing and Logging: Tracking user activity and system

    Administration: events for monitoring and accountability.

    Security Patching: Keeping systems and applications up-to-


    date with security patches to address vulnerabilities.

    Incident Response: Identifying, containing, and recovering


    from security incidents.
    Access Discretionary Access Control (DAC):
    Users have direct control over who can
    access their resources. Simple but can
    be insecure in complex environments.
    Mandatory Access Control (MAC):
    The system enforces strict access rules
    based on security labels and
    clearances. Highly secure but can be
    inflexible.

    Control
    Models:
    Role-Based Access Control (RBAC):
    Users are assigned roles with specific
    permissions, and access is granted
    based on the role. A good balance
    between security and flexibility.
    Additional
    Considerations Multi-factor authentication (MFA):
    Adding an extra layer of security to
    logins beyond just a password.

    Least privilege: Granting users only


    the minimum access they need to
    perform their job.

    Separation of duties: Dividing tasks


    and permissions to prevent
    unauthorized access.

    Data encryption: Protecting


    sensitive data at rest and in transit.
    Account and Security
    Administration

    Managing server user accounts


    effectively is crucial for maintaining
    system security and ensuring smooth
    operations. Here's a breakdown of
    key concepts and best practices:
    User Account Creating, modifying, and deleting
    user accounts: Understand different
    account types, user attributes,
    Role-Based Access Control
    (RBAC): Learn how roles,
    permissions, and assignments work to
    password policies, and best practices grant appropriate access levels to

    Management: for managing them securely. users.

    Group Management: Discover how


    groups can simplify access control
    and user management.
    Different authentication methods:
    Explore password-based, multi-factor
    authentication (MFA), single sign-on
    (SSO), and other techniques.
    Authentication
    and Authorization models: Understand

    Authorization: how access control decisions are


    made based on user identity, roles,
    and permissions.

    Access control lists (ACLs): Learn


    how ACLs define access rules for
    specific resources.
    Importance of keeping systems and
    applications up-to-date: Understand
    the risks of vulnerabilities and the
    Security importance of timely patching.

    Patch Patch management tools and


    processes: Explore different tools and
    Management: strategies for automating patch
    deployment.

    Security best practices for patching:


    Learn how to patch securely and
    minimize downtime.
    Incident Response:

    Preparing for security


    incidents: Develop incident
    response plans and
    procedures.

    Identifying and containing


    incidents: Understand how
    to detect and respond to
    security events effectively.

    Recovery and remediation:


    Learn how to recover from
    incidents and prevent future
    occurrences.
    Additional ACCOUNT LOCKOUT POLICIES:
    DEFINE STRATEGIES TO
    AUDITING AND LOGGING:
    UNDERSTAND HOW TO TRACK
    PREVENT UNAUTHORIZED USER ACTIVITY AND SYSTEM

    Areas: ACCESS ATTEMPTS. EVENTS FOR SECURITY


    MONITORING.

    SECURITY AWARENESS
    TRAINING: LEARN HOW TO
    EDUCATE USERS ABOUT
    CYBERSECURITY BEST
    PRACTICES.
    Managing files and
    folders permission
    Managing file and folder
    permissions is crucial for
    maintaining security and
    data integrity in any
    system. Let's delve into
    the key concepts and
    essential techniques:
    Active development: Constant updates and improvements by a global
    community ensure security, features, and compatibility

    Learning curve: Command-line interface can be daunting for new users,


    requiring more technical knowledge compared to GUI-heavy alternatives

    Hardware compatibility: May not support all peripheral devices as readily


    as proprietary OSes, sometimes requiring additional drivers or
    configuration
    Fragmented landscape: Numerous distributions can create confusion and
    Strengths complicate software compatibility and package management across
    different versions
    Limited desktop software: While improving, the selection of user-friendly
    applications compared to Windows or macOS might be lacking in certain
    categories
    Security risks: Open-source nature can be seen as a vulnerability if
    proper security practices aren't followed
    Understanding Permissions:

    User: Owns the Group: Users


    Others: All other
    file/folder and belonging to the
    users on the
    has the most same group as
    system.
    control. the owner.

    Execute (x):
    Write (w): Allows
    Read (r): Allows Allows executing
    modifying
    viewing content. files or accessing
    content.
    directories.
    What are Disk Quotas?

    DISK QUOTAS LIMIT THE AMOUNT ENSURE FAIR ALLOCATION OF PREVENT DISK EXHAUSTION: MONITOR INDIVIDUAL STORAGE
    OF DISK SPACE A USER OR STORAGE RESOURCES: AVOIDS SITUATIONS WHERE THE USAGE: TRACKS HOW MUCH
    GROUP CAN CONSUME ON A PREVENTS INDIVIDUAL USERS SYSTEM RUNS OUT OF DISK SPACE EACH USER OR GROUP IS
    SPECIFIC FILE SYSTEM. THIS FROM MONOPOLIZING SPACE. SPACE DUE TO EXCESSIVE UTILIZING.
    HELPS: USAGE.
    Types of
    Disk
    Quotas:
    HARD QUOTA: SETS A STRICT LIMIT, SOFT QUOTA: PROVIDES A WARNING
    PREVENTING USERS FROM THRESHOLD BEFORE REACHING THE
    EXCEEDING IT. HARD LIMIT, ALLOWING USERS TO
    TAKE CORRECTIVE ACTIONS.
    Setting quotas: Use system
    administration tools or commands
    (e.g., quota on Linux) to define hard
    and soft quotas for users or groups.

    Managing
    Disk Quotas: Monitoring quota usage: Track
    individual user/group usage and
    identify potential issues.

    Enforcing quotas: Apply appropriate


    actions when users exceed quotas,
    such as sending warnings, blocking
    writes, or deleting files.
    Exempting specific users or
    groups: Exclude certain users or
    groups from quota limitations if
    needed.

    Additional
    Grace periods: Allow a grace
    Considerations: period after exceeding the soft
    quota before enforcing the hard
    limit.

    Quota reports: Generate reports


    to analyze overall storage usage
    and identify potential problems.

    You might also like