Question

1. Identify and explain the threats and risks to files.

2. Identify and distinguish between isolation policy and file sharing policy.

3. What are the common resource permission access rights for files on Windows, for Mac and for Linux?

4. What are common file permission flags? How are they used?

5. What is the concept of “least privilege” as it applies to computer security? How is “least privilege” implemented in relation to file access and sharing on computer systems?

Answer 1

a)

The threat or risks to a flie or data are as under:

File/Data can get lost during a system crash, especially in the case of one which affects the hard drive.

The file can get corrupted.

It can get lost by accidentally deleting it, or it can also become corrupted because of a virus in the system.

It can also be hacaked by unauthorised access and also can be mis used at places thus resultiing in huge loss.

During sharing the file can be introduced to a malware thus affecting the whole software, or maybe the whole organization at times.

A ransomware can also turn out to be dangerous for the file as well as the system, at times it can affect the whole organisation and countries as well.

b)

The Isolation Policy infers to the design or say the rules according to which a user configures device on his/her network to accept the connections coming from a source which the user him/herself is well aware of and knows that they are a member of the same isolated domain. Thus, ensuring the safety and security of the system, data, and all the files within.

On the other hand a afile sharing policy is one in which all the systems connected on the network allows a device to participate in one or more file sharing networks. It can be public as well as a private file sharing network.

c)

The common resource permission access rights for files on

Windows:

> Full Control- It permits reading, writing, editing and deleting of files and subfolders.

> Modify - It permits reading and writing of file and also allows deletion of the file.

> Read and Execute - It permits viewing of file's contents and also execution of file.

> Write - It allows writing to a file.

> Read - Only allows viewing and accessing the file's contents.

Mac:

> Read and Write- It permits to open the file and change it.

> Read Only- It permits only to read the item but canoot change it.

> Write Only - It makes a folder into a dropbox. The user can only drag and drop items in the drop box, but cannot open it, only the administrator can open it.

> No Access- It blocks all access to the file.

Linux:

> Read- It permits the user to only read the content of a file, he/she cannot make any changes to it.

> Write- It permits the user to edit or delete the content of a file.

> Execute- The user with execute permission can run the file as a program.

d)

The permissions that are given to a file for eg; read, write, execute and delete, these all permissions collectively are called file permission flags.

For eg; if a user has given write only permission to a file, then that file is supposed to have a write only permission flag.

They are used in the same way as the file permissions. The usage of the permission flags allows to keep the data secure and safe.

The permission flag for a file can be checked by right clicking on it, going to properties and then switching to security tab, tand moving to the advanced. In the permissions one can easily see what all he/she can do with the file or what permission flag does he/she has.

e)

In computer security the concept of "least privilege" implies to the approach that a user, a program, or a process should have only the minimum privileges which are required to do the task or only the priviiges which are important for a function or task to be completed.

It is the best practise which is followed in computer security. This way an administrator can always have a check as to what number of people or systems a particular privilege has been provided, thus, reducing the risk, and also ensuring that the attackers do not have the privilege to do an important change or modification in the system's data, thus avoiding data breach.

The "least privilege" in relation to file access is implemented by providing the right amount of access to only the right amount of people or the people who are really necessary for the completion of job.

The administrator can keep a track as to whom he/she has given the write access, and then can make sure that if there is any unnnecessary data that has been written on the file, the user can be easily identified.

By doing this, the administrator can ensure that no data theft, or unwanted operation is being performed on the important tasks, which as a resultant is safer and secure for any organisation and person as well.