Question

In: Computer Science

Introduction - Please briefly explain what is meant by Access control/Authentication/Authorization, the role this plays in...

  1. Introduction - Please briefly explain what is meant by Access control/Authentication/Authorization, the role this plays in securing a network and the importance of having policies about Account naming conventions and password management.
  2. Account naming convention - What are the suggested format(s) for user accounts to be named? i.e. johndoe, jdoe, john.doe, user1, etc.... Be sure that your account naming convention provides a way to create a unique account name for folks with the same names.  
  3. Password length and complexity - How long should passwords be? Must they contain any special case, characters, etc?, Will you require your users to change their passwords? If so how often will you require them to change them, can they reuse old passwords?
  4. Server administrative access - What is your policy regarding people gaining full access to server resources? Will you require server administrators to "do" anything with the default Windows and Linux server administrative accounts and passwords? Is there a policy for leaving these accounts active? What about password management?

Solutions

Expert Solution

Hi, I would love to answer you with this question. Hope you will like an answer and get some clear idea related to the same. So not wasting much time lets get started.

The question is long and complex so as to channelize I will be answering the question by making parts as follows:

  • Access control/Authentication/Authorization and its importance in securing the network
  • Account naming convention
  • Password length and complexity
  • Server administrative access - What is your policy regarding people gaining full access to server resources?

Ans.1 The access control is the measure that is been initiated by the network security experts in the network so as to restrict the access to the users and provide the limited access as been required. While moving forward the authentication is the method for checking the legitimacy of the user that whether the user is original or the faker user trying, this is done by using password policies and the multifactor authentications. Now heading to the authorization, Authorization is the process to find out the user privileges that any user needs the maximum to complete its task like an employee will not be authorized to get access to the server or the admin computer, so this is a part of the authorization.

These all the methods are been used to secure the network by restricting and checking the legitimacy of the user of the services as the PC's are password protected with some limited access resulting in the security of the network.

Ans.2 Account naming convention is the method to keep the unique username so as they could not be easily guessed and tried for the brute force. The two things which you can keep in mind are never use default username and never directly names of yours or the email domain and related things. These can be complexed with the mixing with DOB or the ID card details and something like these should be mixed with the name or the email. eg. Devsin3008 this is for the Dev Sinha whose DOB is 30/08/1998. So these types can be mixed and can be made more complex using other methods of ID and DOB.

Ans.3 Password length and complexity, me as a penetration tester always test for this in the auditing or the pentest this is the most targeted place for the brute force attacks and the passwords must be complex enough so that this might not be penetrated so easily. The basic factors which can keep the password complexity strong are :

  • 8-12 character minimum password length
  • Must use one Upper case and one Lower case letter minimum
  • Must use a minimum one special character

Some other aspects asked in the question may be answered as the password must be changed so often so as resulting in the security and the old 3 passwords cannot be resused as a password. And while resetting the password the old password must be asked and verified for the legitimacy

Ans.4 Server administrative access, The access to the server administration must be restricted to the server admin only. The policy must be there for no employees full access to the server administration.

No the server administrators should not be allowed to keep the default credentials anywhere is in the server whether the authentication is there or not default credentials must be removed, whether in Linux or windows. Dealing with the password management the password complexity must be high and the password information must be restricted to the server admin only not event the owner till required hardly. This is the way the network can be provided the secure environment.

I hope you got your answers and a clear idea related to the same .

Please like an answer and do comment for any queries in the answer.

Thanks and Happy to help :)

HAPPY LEARNING


Related Solutions

What is the role of a system plays in preventing a pandemic outbreak and how access...
What is the role of a system plays in preventing a pandemic outbreak and how access to additional resources may assist public health leadership effectiveness.
Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There...
Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There are fewer professionals who have taken the time to consider the more granular characteristics of these controls and the options that are available for differentiation, selection, and implementation. Describe the combination of authentication and access controls that you believe best balance cost, complexity, and security. Support your position. Explain how domain trusts, isolation technologies, and the separation and organization of those technologies can support...
Briefly explain the role the independence axiom plays in the expected utility theorem.
Briefly explain the role the independence axiom plays in the expected utility theorem.
Define the concept of statistical process control Explain briefly the rationale for SPC What is meant...
Define the concept of statistical process control Explain briefly the rationale for SPC What is meant by variation in processes? Describe how the seven tools are used when implementing SPC.
Describe the difference between authentication and access control. How do each of these concepts support the...
Describe the difference between authentication and access control. How do each of these concepts support the confidentiality and integrity of the data they protect? How does the “principle of least privilege” increase this support on the access control side? Describe how multi-factor authentication increases the confidence that someone is who they claim to be (i.e. that the person logging in is actually that person.)
Please explain, pursuant to the Report of the Harvard Medical Practice, what role age plays as...
Please explain, pursuant to the Report of the Harvard Medical Practice, what role age plays as a factor for adverse events. Is there any correlation between age and the primary type of adverse event (negligence)? Secondly, is there any correlation between the type of hospital involved (i.e. government, non-profit, private propriety) and adverse events involving negligence? What about teaching hospitals vs. non-teaching hospitals?
Role-based access control (RBAC), an accepted model for access control in enterprise environments, may provide the...
Role-based access control (RBAC), an accepted model for access control in enterprise environments, may provide the means for conditions effectively restrict access based on rules and prerequisite conditions. However, there may be weaknesses in this approach. Provide strengths and weaknesses of role-based access control use in any size organization of your choice.
What is meant by “package access”? What is a “package”? What is meant by “classpath”?
What is meant by “package access”? What is a “package”? What is meant by “classpath”?
Explain what a variance is, why it is important, and what role it plays in cost...
Explain what a variance is, why it is important, and what role it plays in cost control. Then, find a news article not older than 5 years of a healthcare facility that managed or is managing to control costs. Provide a brief background, reasons why they must control costs, and what they are doing effectively to control costs.
The income statement is a change statement. Explain what is meant by this. Briefly explain the...
The income statement is a change statement. Explain what is meant by this. Briefly explain the difference between the single-step and multiple-step income statement formats. Distinguish between the direct method and the indirect method for reporting the results of operating activities in the statement of cash flows.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT