Question

Case studies offer a practical problem for which you supply a written solution. There is not always a specific right or wrong answer to these cases. They are intended to encourage you to review the chapter material and delve deeper into the topics you have learned.

One of the primary reasons networks were built was to facilitate the sharing of information. Organizations want to share files and printers in Windows, Linux,and Mac OS X. However, organizations need to ensure they maintain secure access to shared files. This is often accomplished using user and group accounts, with assigned permissions. These permissions determine who can access the shared resources and what type of access they have.

Answer 1

Security of shared resources:
Security from a general perspective, and as a whole involves and ensures Confidentiality, Integrity, and Availability (CIA) of the shared resources, where availability of the said resources is restricted to unauthorized users who are not allowed or supposed to access them. Technically, a shared resource or a network share is basically a computer resource that is made available on one host machine to be accessible by other host machines on a computer network. The shared resource could be either, a device or piece of information, or simply data to be remotely accessed from another computer through a Local Area Network (LAN) or an enterprise or corporate intranet. This happens transparently, virtually, and seamlessly as if it were a resource in the local computer or host machine. Examples of sharing resources are computer programs, files, folders, documents, data, storage devices, scanners, printers, etc. Some of the terminologies in this facility are shared file access, file sharing, disk sharing, folder sharing, shared printer access, shared scanner access, etc. The shared resource is a shared disk, shared folder, or a shared document. However, these days file sharing is called peer-to-peer file sharing over the public Internet.

There are security issues related to file sharing and shared resources. A network share could be vulnerable from a security standpoint in case unauthorized users access the shared files in a devious way, where unauthorized users are the people who are not supposed to access them. Many computer viruses and worms have been sent, downloaded, and spread through network shares affecting thousands of o computers, breaching the security and safety of systems, computers, and data. Below are some of the security measures that can be followed to maintain secure access to shared files and resources.
* Shared printer access and shared file access are not allowed in firewalls from computers used by users who are outside the company's LAN or enterprise Intranet.
* Since there might be legitimate users also who would be working from outside the company's LAN or enterprise Intranet who want to access the company's intranet and LAN, they could use Virtual Private Networks (VPN) to securely access shared resources. This VPN would be made available, accessible, will be authorized to be used for certified users working outside the local network.
* For availability and security purposes, a network share would be made accessible to other users and employees marking the desired folder or file as shared or changing the file system permissions or access rights in the properties of the folder.
* Security should be made stringent such that only the user or the owner, system administrators, a certain group of users of the public, or all logged-in users are able to access a file or a folder.
* A special pre-shared folder could be made accessible to all users who have a valid user account and password on the local computer.
* For availability and accessibility purposes network access to the pre-shared folder could be enabled.
* To ensure availability of the shared resources for the legitimate users, shared access mechanism involves synchronization of folder information done automatically as and when a folder is changed on the server being accessed, and could even provide service for server-side file searching.
* Shared file access should support a multi-user environment with concurrency control or a remote file being while a user is editing it, and file system permissions.
* Necessary, strong, and secured measures to be taken when assigning permissions or access rights to specific users and users of a certain group as a whole.
* These file permissions and access rights provide security controlling the users' ability as to what, why, and how they view, edit, read, write, change, navigate, and execute the contents of the file system.
* Access Control Lists (ACLs) need to implement.
* There should be necessary management of user accounts, groups, roles, and permissions.
* This management should include:
* User accounts addition, editing, activation, and deactivation.
* Creation, editing, activation, and de-activation of user groups.
* Creation and editing of roles, and association of appropriate and authorized capabilities for roles.
* Management of permissions for system objects.
* Configuring strong password requirements for the user accounts.
* Management of User Access Control (UAC) that provides the ability for explicitly enabling or restricting the access.
* With respect to UAC, access to an object for a user should be based on those users belonging to a group providing capabilities through roles.
* Access rights should be grouped by role name.
* The roles should be associated with capabilities like view, delete, change, edit, etc.
* Addition of users.
* Creation of user groups.
* Assigning roles to groups.
* Assigning groups to objects providing custom permissions as needed.