Microsoft Windows Access Control Research Papers Examples

Microsoft Windows Access Control

Appropriate Microsoft Windows access controls

The access control of Windows is complex associated with various permission grants. The system assumes that the installation of applications is under Program Files that has a safe default set of permissions. Any application installed in a non-default location goes to C folder. The user can modify the settings to have a Collaborative Access Control List. An administrator should have two accounts one for regular work, and another for administrative work (Homer & Isbell, 2004). The administrator should create user accounts using malware and least privilege where users do not have administrative permissions. An administrator should use the Security Configuration Wizard (SCW) built on Microsoft Windows Server 2008 (Michener, 2008).
The system recommends additional secure settings such as firewall rules, audit policies, and registry. The SCW can also help one to create different security settings since it has an extensive database. Some of the security settings have client features, service configuration, Windows Firewall Settings, and administration options. Microsoft performs routine operation to investigate bugs and flaws in released operating systems. Microsoft regularly writes and release patches and hot fixes to correct the problems. Microsoft releases security updates once every month to help managers manage the deployment of the patches.
User Account Control (UAC) provides an essential level of protection for systems by separating privileges needed for standard tasks and rights for administrative tasks. The administrative account includes built-in account and group accounts. The administrator assigns two access tokens when the user logs to the administrative account. One symbol applies to regular user account activities as well as launching the desktop. The second token utilizes for administrative purposes. The goal is to prevent unauthorized changes to a computer by restricting the instances when administrative credentials are available. A user that performs basic tasks such as email or creating documents uses a regular token. The administrator token performs the administrative function. A UAC dialog box prompts the user for approval prior to executing a task that prevents malware from taking advantage of the elevated privileges taken to perform other unapproved duties. UAC goes into action in case a non-administrative user attempts to take an action that requires administrator privileges. UAC provides non-administrator with the opportunity to offer administrative credentials. When the UAC prompts the user to continue, it will provide administrator credentials. A dimmed desktop responds to the UAC prompt. The purpose of the dimmed desktop is to prevent malicious software from overriding UAC. UAC waits manual intervention to approve an action without any user interaction.
Some of the steps of to protect all systems to ensure they are up to date. The reason is that bugs and security flaws regularly discover operating systems and applications. The whole process of discovery and resolution of safety defects includes the following steps flaw detection, vendor notified, vendor develops, provider makes update available, and updates downloaded. Users connected to a network will access shares on the system as long as they have permissions to the share. Offline folders allow a user to access the shared data while disconnected from the network. The user can specify the cache files on the local machine and files will appear in a special folder on the local machine entitled Offline Folders.

Cryptography methods to protect organizational information

The birth of cryptography in Windows offers real growth in commercial and consumer use of public key. The catalyst for the rise of electronic commerce is due to rapid consumer use of public key cryptography that requires secure authentication and symmetric-key exchange. Specifically, the development of SSL protocol by Netscape to secure HTTP traffic is the flash point for client-side adoption of strong cryptography. Some of the additional applications that have appeared include security-enabled Web Services, disk encryption, and document protection (Seltzer, 2004). The applications establish the cryptographic support as a standard foundation for distributed security.
Microsoft added SSL protocol to its Internet Explorer before introducing application-programming interface for the purpose of public key cryptography. API provides a standard interface for user-mode for cryptographic algorithms for Microsoft and its third-party applications. CryptoAPI implements many controlled algorithms and pluggable provider interface subject to many restrictions. Public Cryptography matures as it encourages the use of large key sizes in the standard algorithms.
Cryptographic controls reinvent the use of internet on how users communicate, educate, and collaborate. Cryptography is a new accepted practical security mechanism that supports robust infrastructure. With the maturing of cryptographic in the business world, both public and private sector turn to cryptographic support to protect information in a cost-beneficial way. Standard bodies adopt innovative ways in the application of cryptography (Fontana, 2006). Interoperability enables the implementation of different protocols and cryptographic standards. New applications mandate the use of new cryptographic standards to update formats and protocols that include new standard block cipher, new cryptographic hashes, and a new public key algorithm standard based on elliptic curve cryptography. The United States Security Agency establishes a list of cryptographic requirements.
Microsoft introduces Crypto Next Generation for use in Windows Vista to counter the limitations of CryptoAPI. Some of the features of CNG include a new crypto configuration system that can support crypto-agility, process isolation especially for long-term keys, thread-safety, pluggable random number generations, relief from export signing restrictions, and fine-grained abstraction for purpose of key storage. Cryptographic Agility feature supports third-party implementations cryptographic algorithms through pluggable cryptographic service providers.
A user that would like to use an algorithm not available in CryptoAPI can obtain third-party implementation of that algorithm and access it through the CryptoAPI interface. That enables the replacement of the Microsoft implementation of RSA algorithm and the implementation of RSA hardware accelerator. In addition to that, CNG design provides API core cryptographic operations.
CryptoAPI ensures algorithm implementation as well as storage and protection of primary material. Currently, there exists a broad class of hardware accelerators for cryptographic operations. Some include SSL accelerators, IPSec accelerators, Network interface cards, trusted platform modules, and other hardware-based key storage facilities. Another feature of CNG includes process-based isolation of operations that involve long-term keys. In Microsoft Windows operations especially Vista, the long-term keys undergo Local Security Authority through a cross-process call. The third-party plug-in providers have user-mode processes to support cryptographic hardware.

A plan to thwart malicious code chapter 2

Morganstem (2004) says that the malware is a common threat to computers presently. Malware comes in many forms such as Trojan horses, viruses, and worms. It is paramount to understand how serious the threat is and what one can do to protect computers and networks. Antivirus software provides protection against all types of malware and not just viruses. Another common threat is social engineering where many attackers steal people financial property, people identities. The social engineers are dishonest and conniving. Saran (2008) defines malware as software copied into the system with no user consent. Some of the malware includes Trojan horses, spyware, worms, and viruses. A computer turned on is susceptible to infection from malware. Most of the malware is through the internet. An infected USB flash drive can install malware on the system immediately the flash plugs in the system. The main purpose of malware is to make money. Malware attempts to gather many data as the attackers use the data for monetary gain. Attackers steal identities, steal financial data, and clear out bank accounts. Another purpose of malware is corporate and government espionage.
Saran (2008) defines computer virus as an executable program that spreads to computers in a network. The primary function of the virus is to replicate itself. Virus attackers write them to interfere with the proper operation of the system. Some of the damages caused by viruses include deleting crucial information, erasing the entire hard disk, joining the computer to a botnet, and email it to other computers using the address list. Some of the ways of delivering viruses include attachment in unwanted email, installed on USB drives, embedded in downloaded files, and installed on USB drives.
Policies and procedures include a requirement to protect against malware and social engineering attacks. The primary protection against malware entails the use of antivirus software. Additional policies and procedures in tandem antivirus software include using firewalls, educating users, reducing attack surface, keeping systems up-to-date, and minimize the use of administrator accounts. The network-based and host-based firewalls provide an added layer of protection against worms. A host-based firewall can offer protection for a worm that get in the network. On the discovery of software vulnerabilities, vendors will release updates to counter the threats. A system can benefit from regular updates to affect the vulnerabilities. To reduce the attack surface, one should remove all the unneeded protocols. Only few Protocols that run translate to a successful attack on the target machine. The best method to address social-engineering attacks is to educate the users. Users that understand the threats have the ability of countering them. Users should use accounts that have least privilege in their job. Antivirus software protects systems against different types of malware. Most of the organizations use a three-pronged approach to protecting systems in their network. The procedure consists of a content-filtering firewall to scan all incoming internet traffic, a mail server with antivirus software, and antivirus software on internal systems. The content-filtering firewalls can scan for threats in the attachments that include spam scanners to remove spam messages.
 

Incident Response Plan

Auditing is one method that can provide administrators with an easy way to track activities on systems. The administrator will monitor when users access files, shut down systems, create, and modify accounts. Windows Server 2008 has nine separate categories of audit that one can manipulate. One can check how to enable review of different events and how to view the audited events. Microsoft Baseline Security Analyzer (MBSA) provides a type of testing that permit one to inspect computers in the network for a broad range of vulnerabilities. It is a free tool where one can download and install a single system in the network. One can use the tool to perform necessary vulnerability scans on other Windows systems that run on the network and audit them for compliance, compare their status against other known security vulnerabilities. A secure operating system can identify individual users, track actions and grant access based on their identities.
The first step to the user that attempts to access the system is to prove authentication against the system. An administrator should understand user authentication, securing access with permissions, and learning how to track user activity using auditing. Reliable accountability provides no repudiation that prevents someone from denying one take an action. The logging records events in the audit log can deny a user from taking action for the record to provide non-repudiation.
An administrator should monitor failed events since they do not represent actual changes. The primary benefit is that logged failed attempt will document possible malicious activity. For instance, regular users cannot have access to proprietary company data unless they specifically need it. If the logs show that a user repeatedly attempts to access data, it is due to cause for alarm. It is acceptable to investigate why a user attempts to access the data. It is possible that the user needs access to perform their job or a particular function. A request comes to the IT department that modifies permissions for the user.
It is easy to identify security settings for auditing. The challenge entails going through the audit prior to enabling it. Enabling everything leads to many logs with unnecessary details that consume system resources and difficulty to identify the events that matter. While many systems have similar security requirements, domain controllers hold all the user accounts and passwords that require higher security. Object access auditing can record any time a user access or deny access to an object such as folder, printer, registry key, folder, or file.

Security guidelines

Every computer has a certain level of risk as one attempt to mitigate it by reducing vulnerabilities. Several primary security principles guide the protection of information technology systems and data. One can trace the security principles in the CIA triad. The triad mandates protection against loss of integrity, loss of availability of data, loss of confidentiality, and loss of availability of IT systems. Other principle includes defense-in-depth and the principle of least privilege (Morgenstem, 2007).
The administrators have to harden IT systems in an attempt to configure to default the configuration and reduce vulnerabilities. One can reduce risks by reducing vulnerabilities such as faulty power supplies and bugs in the code. They can be weaknesses in procedures in the security to permit users provide valuable data for social engineers. The core risk management in an IT environment is to reduce vulnerabilities. Some of the standard techniques one can use to weaknesses include enforcing the principle of least privilege, implementing strong authentication mechanisms, maintaining systems up to date, backing up data, protecting systems data, updating the antivirus software, tracking access to data using audit trails, implementing multiple layers of security, and others.
In protecting against loss of confidentiality, one has to maintain its secret. Some of the steps to achieve privacy are to ensure that everyone, which can access data has authentication. Users log onto a system using a combination of username and password. Next, an administrator can use an access-control method to control how people access the data. For instance, one can assign permissions to specific folders and files. If a user does not need access, they do not have permissions.
Encryption is a layer of security that protects against loss of confidentiality (Bauer, 2005). One can encrypt individual files, data transmissions that travel across the network, individual files or entire hard drives. If a person fails to obtain an encrypted file, the administrator will scramble it in a way to make it unreadable. High encryption standards ensure that unauthorized individuals do not decrypt the encrypted data.
Protecting against loss of availability means that data is unavailable when a user needs them. Some of the systems such as web servers should be available and operational throughout. Computer systems are only available when used by the staff such as the computer systems. The administrator can ensure that systems stay functional by protecting against different threats and building redundancies. Some of the common threats consist of malware that includes worms, viruses, and Trojan horse.
Backing data keeps it secure in the event of a catastrophe. A user with a copy of the data will just restore it and rescue them from the inconvenience as they progress with the business of the day. A user with no copy of the data will have to rebuild the data from scratch. Organizations implement sophisticated backup strategy to ensure they maintain copies of all crucial data. The organizations with mature back up plans maintain a copy of data while off-site. Redundant Arrays of Independent Disks provide fault tolerance for hard drives.
Protection against loss of integrity occurs when an unauthorized person modifies data without permission. That can happen if unauthorized individuals change data. Access controls purpose is to ensure that only authorized people have access to systems. A malicious person tends to bypass the control to gain in it illegally, or the power in the system may fail (Greenemeier, 2006). Audit log show if anyone accessed data in addition to time and auctioned performed. Administrator can create hashes to detect whether data has lost integrity. The administrator re- creates the hash later to observe changes.

The best practices for security of Next Gard’s organization

Next Gard can implement defense-in-depth security strategy that provides multiple layers of security. The approach goes against the creation of one security technique since it treats security as an ongoing process. Some of the recent attackers and hackers have the determination to hack systems to earn money. Monetary gain serves as a motivation to ensure they learn everything concerning the security procedures. Other than that, hackers have the skill on how to break in networks and obtain the information needed. For that reason employing a single security system, will create an easy task for a hacker. Using multiple layers of security will create a challenging task for a hacker (Homer & Isbell, 2004).
Defense-in-depth strategy defends against multiple points and multiple layers through a combination of procedures, policies, security technologies, and people. The policies and procedures provide the first line of defense, and the physical safety provides the second line of defense. The technical security methods employed seek to provide additional layers of security. The administrative policies and procedures are written rules that outline safety requirements. They enable an administrator know the security to implement and let users in the organization are aware of their expectations.
The principle of the least privilege states that users, resources, and applications have the rights and permissions to perform the necessary tasks. For instance, users with the need for accessing project data from a computer should have minimal access to the data. A gross violation of the principle is to award users’ full administrator access. That will enable users to access the project data and involve with other things in the computer. Administrators should avoid the temptation of giving everyone administrator access other than managing permissions. The problem of allowing full administrator access is that users can maliciously delete or modify data. More resource input is needed to return to normalcy since some of the damages may be irreversible.
In summary, it is crucial to understand different steps one can take to protect end-user computers and servers. Some of the techniques applicable include User Account Control. UAC is a built-in mechanism used to separate administrative actions from regular user actions on clients and servers. It is essential to maintain the system in an organized way to protect the environment from newly discovered potential vulnerabilities. An administrator should consider whether users could use offline folders to store data accessed from shares. In few cases, one can want to protect the offline data through encrypting offline folders. One can protect clients by using software restriction policies to control what applications run. One can add a layer of protection for servers by placing them in virtual local networks by ensuring that the server does not run on services that have conflicting security goals. Read-only domain controllers will protect further restrictive active directory in branch offices. Every Active Directory includes a server that runs on the Domain Name System service.

References

Bauer, M. (2005). The Future of Linux Security. Linux Journal, (136), 28-30.
Chanda, S. (2012). Microsoft Windows Identity Foundation Cookbook : Over 30 Recipes to Master Claims-based Identity and Access Control in .NET Applications, Using Windows Identity Foundation, Active Directory Federation Services, and Azure Acces Control Services. Olton, Birmingham [England]: Packt Pub.
De, C. J., & Grillenmeier, G. (2006). Windows Security Fundamentals : For Windows 2003 SP1 and R2. Burlington, MA, USA: Digital Press.
Fontana, J. (2006). Licensing woes still dog Microsoft. (cover story). Network World, 23(11), 1- 16.
Gibson, D. (2011). Microsoft Windows Security Essentials. Hoboken NJ, USA: Sybex.
Greenemeier, L. (2006). Microsoft Yields To Howling Admins, Kills Private Folder. Informationweek, (1099), 26.
Homer, P. C., & Isbell, D. (2004). Segregating Library Users in a Microsoft Windows Client/Server Environment to Control Access to Public Printers. Information Technology & Libraries, 23(3), 128-132.
Johnson, E., & Beehler, E. (2008). MCITP: Microsoft Windows Vista Desktop Support Consumer Study Guide : Exam 70-623. Hoboken, NJ, USA: John Wiley & Sons.
Michener, J. (2008). Common Permissions in Microsoft Windows Server 2008 and Windows Vista. IEEE Security & Privacy, 6(3), 63-67.
Morgenstern, S. (2007). a new computer VISTA. Cigar Aficionado, 15(2), 144-152.
Saran, C. (2008). Early adopters cite benefits of Windows Server 2008. Computer Weekly, 2
Seltzer, L. (2004). WINDOWS XP SP2'S FIREWALL: ON BY DEFAULT. PC Magazine, 23(4), 64.