Supporting Security Needs

smileybloatNetworking and Communications

Nov 20, 2013 (3 years and 11 months ago)

77 views

Supporting
Security Needs


As a help desk technician, you will have a limited roll in the security of
your network and hardware. The responsibility for a comprehensive
security plan lies primarily with professionals
,

such as yo
ur school’s
network administrator, engineer, or architect.


But help desk technicians
can
assist in

implement
ing

preventive practices
,

such as those you will
learn about

in this
chapter
.

They can also

help to inventory and tag
hardware for identification.

Network Security

Without proper security measures in place and enforced, the computers
on your network are subject to

many different kinds of security threats.
The greatest threat to any computer network is malicious tampering, also
called
hacking
, from ou
tside or from within the network. Recognizing
that threats can be both external and internal is critical to keeping your
network, and the computers on it, secure.

External hackers can gain access to, steal, or erase data and user account
information. They

could also use the network as a
base

from which to
attack other networks. Internal hackers might gain access to data about
student grades or other confidential information.

Computer viruses
represent another threat. Viruses can cause significant damage to

a
network; some are capable of erasing all the files on the network.

It is important to protect
the network from viruses, and
to educate
users
on

how to avoid spreading
them
. As a help desk technician, you will help
to ensure that security practices and
policies are followed.

Preventive Practices

The security of the overall network is the responsibility of the network
administrator, engineer, and architect. They are responsible for designing
and implementing a strategy that protects the network from atta
ck. As a
help desk technician, you
might

be responsible for implementing
preventive practices as
part of this

strategy.
P
reventive practices are
measures you take to prevent a hacker, virus, or other security threat,
from attacking the network.

After completing this chapter, you will be able to:



Help increase ne
twork security from the client side.



Advocate measures to increase the physical security of
hardware assets.

CHAPTER

8

110

Supporting Security Needs



Installing and Updating

Virus Protection Software

One of the most important preventive security practices
you should put
in place
for any network is the detection and elimination of viruses. A
computer
virus

is a program designed to dam
age an operating system,
applications, or data, or to install unwanted applications on a computer.
For example, some viruses set the Internet Explorer home page to a
particular site, and add inappropriate content to the hard
disk d
rive. Other
viruses can

reformat

the hard
disk
, which results in the loss of
all data
and files

installed on the computer.
And,

other viruses are
designed

to
replicate themselves, thereby using a majority of the system resources
and compromising the performance of the computer. S
ome of these
viruses can replicate through e
-
m
ail,
enabling them to

quic
kly spread
throughout a network

and

e
ffectively disabling it
.

One of your duties as a help desk technician might be to install virus
protection software. Another equally important task

is to regularly update
the virus definitions
,
in the software.
A virus definition is enables the

virus protection

software to find a specific virus, and to cure it, or to alert
you to its existence.
With

most virus protection software, you can update
the

virus definitions, and add new o
nes, by going to the develope
r’s
W
eb
site.
Many

virus
protection
program
s

contain a menu item or option that
you select to go to the
protection
Web site and automatically download
virus definition updates.
Your help desk te
am should create a schedule
for updating virus software for each computer that you support. If you
must
update this software

manually,
you should
schedule time once a
month for the updates to be completed.


Two of the most popular

virus protection software

packages are McAfee
Virus Scan and Norton AntiVirus. Do a Web search for “virus
protection,”
to research virus protection
o
ptions.
You should

bookmark
the
virus
-
related Web
sites

you find

so that you can periodically check
them

for information on new viru
ses.
M
ost sites

do not require that you
own the software

in order

to review their list of viruses.

Using Strong Passwords

In a network where users must log

on
with

user accounts, each user
need
s

a password. Sometimes, users pick passwords that are easy to
guess o
r


hack.


Therefore, users should be required to use passwords
that meet your school

s complexity requirements.

MORE INFORMATION

For more information on preventive practices, see the section entitled
Preventive Support

in Chapter 4.

Supporting Security Needs

111




Password complexity requirements are usually configured for the entire
network.
T
o configure password comp
lexity options on an individual
computer, you
should

do so in

a

console

with the

Local Security Settings
snap
-
in


Microsoft Management Console

(MMC) is used to create, open, and
save administrative tools called consoles.
Consoles

enable you to make
admini
strative changes using a GUI interface. A console in and of itself
is not a tool, but more like a shell for a tool.


In a console, you can add
tools called Sanp
sn
ap
-
ins.
Snap
-
ins

are focused on a single
administrative area, for example
such as

local securi
ty, and contain
configurable settings. When you add snap
-
ins to a console, you can save
that console with the added snap
-
ins so that you can easily open
use

it later.


To configure
password complexity options

and enforce the use of strong
passwords
, do the

following
:

1.

Click
Start
, click
Run
, type
mmc
, and then click
OK
. The

Microsoft Management Console

opens
.

See Figure 8
-
1, which
shows the dialog boxes you see as you complete the next three
steps.




























F
IGURE
8
-
1

Adding a snap
-
in

MORE INFORMATION

For m
ore information on why to use strong passwords, see the section
entitled
Common Preventive Measures

in Chapter 4.

TIP

Adding snap
-
ins and
making configuration
changes are
automatically saved,
regardless of whether
you save the console.
When you save a
con
sole, you are saving
the shell with the added
snap
-
ins so that you can
easily open it later. The
default location for
saved consoles is the
administrative Tools
folder.

112

Supporting Security Needs

2.

In Console
1, click
F
ile
, and then click
Add/Remove Snap
-
in
.

3.

In the Add/Remove Snap
-
in dialog box, click
Add
.

4.

Highlight the
Group Policy
snap
-
in, click
Add
,
and
then click
Finish
.

5.

C
lick
Close
, and then click
OK

to close the
open dialog boxes
.

6
.

In Console
1, expand
Local Computer Policy
, expand
C
omputer
C
onfiguration
, expand
Windows Settings
, expand
Security
Settings
, and then click
Password Policy
.

7
.

The Password Policy settings are displayed in the right pane of the
console. The

settings

yo
u will change are

listed in the following
table. Double
-
click the specified setting and in the Properties
dialog box, configure
it

according to the s
uggested
m
inimum
configuration

listed in the table.

Configuration

Minimum Suggested
Setting

Enforce Passwo
rd
H
istory

3 passwords remembered

Maximum
P
as
sword A
ge

42 days

Minimum Password L
ength

8 characters

Password
M
ust
Meet C
omplexity
R
equirements

Enabled


Figure 8
-
2 illustrates t
he configuration changes that you
should
make
.
The changes are effective

imm
ediately
.


F
IGURE
8
-
2

Configuring Password Policy settings



Supporting Security Needs

113



8
.

In
Console1, click
File
, click
Save
, type
Security
C
onsole
, and
then click
Save
.

This saves the console with the embedded snap
-
in.
The configuration changes are saved regardless of whether yo
u
choose to save the console
.

Exercise

8
-
1: Create

a Security

C
onsole and
Configur
e

Local Security

Work with your school
network administrator to determine the
appropriate

settings for local security on the computers in a
computer lab or other location in
your school. Then
,

complete
the following tasks.

1.

Create a security console that includes the Local
Computer Security Snap
-
in, save it as
Security Console
,
and then close it.

Refer to the procedure in the
preceding
Using Strong Passwords

section above fo
r details.

2.

Click
Start
, click
All Programs
, click
Administrative
T
ools
,
and then double
-
click
Security Console
. Configure the
Password Polic
y settings

as determined by your network
administrator.

3.

Create a new user account named
User10
:

a.

Log
on

by us
ing a user account that has

Administrator
privileges.


b.

Click
Start
, right
-
click
My Computer
,
and then click

Manage
.

c.

In
Computer Management
, expand
Loc
al Users A
nd
Groups
, right
-
click
Users
, and then click
New U
ser
.

d.

Enter the following information
in the New User dialog
box:

User Name

User10

Description

Testing Password Properties

Password

School


What happens? Why?

___________________________________________

e.

Correct the problem you encountered, write down your
solution,
ensure

that

the
User
M
ust
Change Password
A
t
N
ext
L
ogon

check box is selected, and then click
Create
.

114

Supporting Security Needs

4.

Log

on as
User10
, and change the password to
one

that
meets the complexity requirements.


5.

Log off, and then log

on using an account with
Administrat
or

privileges. In
C
omp
uter
M
anagement, delete
User10
.

Securing Hardware and
Software

The physical security of your hardware is as important as the security of
your network. After all, if the computers
are stolen
, there will be no
network to protect!

As a help desk technician, y
ou can help to ensure the
physical security of computer equipment by completing

a thorough
hardware inventory.

Securing Hardware and Software

As a help desk technician, you can evaluate the physical security of
hardware and software assets, and make recomm
endations about
protecting them. One of the first steps in this process is to survey the
assets
, such as computers, printers, other peripherals, and software,

at
your school. With a partner, walk around your school and answer the
following questions ab
o
ut
physical assets:




How is access to assets controlled?



Are all computers and peripherals in lockable rooms?



If not, are they secured to their workstations by computer locks
or some other
device
?



Would it be difficult or impossible for someone to pick

up a

computer and walk away with it?



Are users asked for identification before being allowed access
to equipment?



How are assets protected during non
-
school hours?




Is software secured in a safe place?



Are all assets marked with a school identification number
in a
highly visible place?

If physical access to assets is not adequately controlled, you can make
recommendations
,

such as placing computers in a computer lab that can
be locked when it is not monitored, and

securing assets to furniture by
using computer
or printer locks (special metal cables that lock to the
asset and secure it to a fixture) or
s
ome other
locking device
, such as
immovable clamps. The more difficult it is to gain unauthorized access to
equipment, the less likely it is to be stolen.

If phys
ical assets are not marked with a school identification number in a
highly visible place,
then
you should recommend this practice to your
school technology committee and your help desk teacher or sponsor.

Supporting Security Needs

115



Marking assets with a permanent, highly visible tra
cking number that
identifies the rightful owner makes it difficult to sell stolen equipment,
which means it is less likely to be stolen.
It

also facilitates an inventory
of all equipment, and help
s

you keep track of the equipment.

Some
tools you can use

f
or clearly identifying assets as school property
include

the following:



P
ermanent
m
arkers
.
These are an easy
-
to
-
use and inexpensive
tool, but be aware that the information can be sanded off.



E
ngravers
.
These are more complex and expensive than
permanent ma
rkers. They can also damage equipment if not
used properly.



A
luminum a
sset
t
ags
.

These tags are usually made of anodized
aluminum with a super
-
strong adhesive on the back. Each tag
has an asset number, your school or school district name, and
possibly a b
ar code, as shown in the following illustration. You can
order the tags from a variety of online companies. They are
inexpensive; typically, you can buy 2,000 for about $50. The tags
are ideal for recording asset details in an asset tracking database.


Ex
ercise

8
-
2
:
Inventory and
Label School
Hardware Assets

In this exercise
,

you work in pairs to create an asset inventory
for your school

s hardware
and software
assets. Because
your school’s method of storing the inventory may be specific
to your school, th
is exercise describes the tasks to complete,
but not the detailed steps. If your school has an asset tracking
database, see the database documentation

to determine how
to record this information
. Otherwise, your instructor will
explain how to proceed.



1.

Determine
whether or not your school has a system for
identifying assets already in place. If it does not, then
determine
the method you will use to identify assets
.

TIP

If your school has an
asset tracking database,
you should use the
database docume
ntation
to determine how to
enter each asset in the
database. This not only
enables you to keep
track of the asset tags, it
also allows you to search
for equipment by
location. For example,
you could search for a
list of all equipment that
should be in a s
pecific
room.

116

Supporting Security Needs

2.

Locate your assigned portion of assets.

3.

For each asset, record the following inform
ation (or the
information required by your database

or the existing
asset
identification
system
)
.

a.

Asset
n
umber

(
e
xample:

0001
,

B2346
)

b.

Asset type

(
e
xample
s
:
desktop

computer
,
laptop
,
printer
)


c.

Manufacturer

(
e
xample
s
:
Dell
,
Compaq
,
Sony
,
Clone
)

d.

M
odel
n
ame and
n
umber

(
e
xample
s
:

Armada 1234
,

Vaio 2345
,

Tecra

3456
)

e.

Physical
d
escription

(
e
xample
s
:

b
eige mini
-
tower
,

b
lack laptop
,

silver scanner)

f.

Physical
l
ocation

(
e
xamples:
Computer Lab A
,
Library
,
Instructor

s Desk in room 118
)


If your school’s

database supports asset tracking and a
detailed hardware inventory, you
might

want to complete
them at the same time. For a hardware inventory, complete
the following steps:


4.

Click
Start
, click

Run
, type
msinfo32
, and then click
OK
.

5.

Click the
+

sign

next to
Components

to expand the
C
omponents list.

6.

Click
File
, click
Export
, type the file name
Components
,
and then click
Save
. A file named
components.txt

is saved
to your desktop. This is the inventory of internal
components. You will enter some of t
his information in
your hardware database.

7.

Open the

System Properties

dialog box to

obtain the
computer name, and record that in the hardware inventory.

8.

Record the asset numbers and a brief description of each
peripheral attached to a computer, inclu
ding monitors,
keyboards, printers,
and so forth
. For example,
HP Monitor
Supporting Security Needs

117



# 123456
.
(Note that the mouse

do
es

n
ot usually receive
an asset number
.
)

9.

Inform your team when you have completed your portion
of the asset tracking project or the hardware inven
tory.


Click here for the print version