Building a Secure Computer System - Lab Report Example

Security of a Computer in a Network Name Tutor Date Basic operating system security for Spark computer Section I Introduction In every department, there needs to be a record of all the activities that take place there. With this in mind, it is essential to keep a good security system that will enhance that the data is not perceptible to malicious users. Group policy objectives assist the user or an administrator to a system to keep the system secure such that no irresponsible or malicious individuals get access to the data. This paper will try to expound on the various ways that can be used so as to maintain a secure system which may vary from strong passwords and some other rules that will enhance security. Security system for spark computer In this section, we will dwell on how the use of group policy objectives has been used to achieve various security entities in the computer networks of spark computer industry. Group policy objectives has been used in the computer industry to help get some windows users to control the registry of the target object, the security of the new technology file system, security and audit policy, installation of software, scripts for logon and logoff and so much more. The above processes are all done using a system known as security filtering which is essentially the customization of the group policy object in the security policies. This is basically through choosing the users and the groups to whom the GPO applies to. This policy applies a pull model which is configurable through the configuration of the model. In this paper, we will go through a step by step process of how to achieve a certain set of objectives in the maintenance of computer security. The first step is to ensure that the all the staff have a password whose minimum length is 8 characters and that the password meets the minimum windows requirements. In this case, the administer needs to go to the settings of the group policy which can be reached at using two ways. In the first and simplest way you can press control key and R key at the same time. On the pop up dialog box, you then type mmc and press the return key. The dialog box that pops up is the Microsoft management console. This console manages the group policies. Another way of opening the console is through the control panel, in this manner, one should press the start key followed by the control pane, clicking the administrative tools and then the local security policy. When the console is open a number of administrative security measures can thus be achieved. To start with, we will check on the password security policies that can be set in order. A user’s password length can be set to a minimum or maximum length in a manner that complies with windows settings. In the password security there are various options that can be achieved which include the password history, password age and much more (Gasser, 2004). To change the minimum password length, one goes to the password policy in the account policies. The expanded information has the minimum length required by the administrator. In the case of the 8 characters, the size is changed in the properties where the default length is 0 characters. Once the figure is changed to 8, no user can be able to access the account with a size which is less than that. The setting of the number of days in which the password can stay is found in the password age where the default number of days is 42. To set to 20 days you only change the figure to 20 in properties. The number of times in which the password can be used is effected in the field labeled, enforce password history. Another field which can be enforced in the account policies is the number of times with which a user can try to login. In case a user puts an invalid password for a maximum of three consecutive times, the account can then be locked out. This is done in the group policy objectives panel too but one should move to the account lockout policy instead. In this field, move to the account policy threshold and change the figure to 3. Users can be denied access from various programs by using either the group policy where one can restrict access but editing the local domain or the local policy or editing the registry. In the editing of the local policy, one should gpedit.msc by typing this command on run and then clicking OK (Anderson, 2006). On the pop up dialog box, one should expand the user configuration then the administrative templates and lastly the system. There is a right pan that has many options that then pops up. On this one should double click the option that is written “Don't run specified Windows applications”. On this clicking “enabled” and then “show”. Here, one has the option of selecting the program to block by typing its executable file name. In this case one should input internet explorer and windows messenger executable keys. Most of the group policy objects require the user to learn the paths that are found in the Microsoft management console and keeping the instructions to the letter without defaulting them. Section II Back up policy report A back policy is a policy that is employed by an institution such that it is frequently and constantly used. In this case it means that a backup policy is one which will be used to make sure that data belonging to a certain organization is always followed to the letter. The importance of data backup is to assist the organization at stake to make sure that the data is always safe during any failure. There are many possible failures which might include fire outbreaks, theft, system failures and such like. Data may vary with importance and some data can cause either a lot of havoc or either so much loss. Some of such data may include bank databases, criminal records and so. If such data is lost and there is no recovery method, it means that the loss that will be encountered is so big. 1.0 Overview This is a sample policy that defines the back-up policy for the computers which are within the organization and also which are expected to have the data that is contained in them backed up. The systems at hand are typically servers though they are not necessarily limited to basic servers as they also contain other types of machines. Servers which are expected usually to be backed up include the main file server, mail server, and the lastly the web server. 2.0 Purpose This policy is intended to protect the data in spark computers so as to be sure that it is not lost and that it can be recovered in the event of an equipment failure, intentional data destruction, or any other disaster. These disasters as they my arise can big a big loss to spark computers thus the data has to be protected in the best way possible. 3.0 Scope This policy as it is written applies to all equipment and data owned and operated by spark computers. In this case, it means that the data and the equipment will have to be backed up using some set rules and regulations thus the company will not just be operating in a fail safe mode but in a way that the system will be at its utmost secure. 4.0 Definitions 1. Backup – this entails saving of files onto the magnetic tape or any other offline mass storage space media for the sole purpose of averting loss of data material in the events of equipment’s failure or in case destruction. 2. Archive – this is the saving of old or unused files onto magnetic tape or other offline mass storage-media for the purpose of the releasing of on-line storage room. 3. Restore – it is the process of bringing off-line storage data reverse from the off-line media and then putting it onto an online storage structure like a file server. 5.0 Timing Full backups are to be performed during the on Mondays, Tuesdays, Wednesdays, Thursdays, and Fridays. If for maintenance purposes, backups are not to be performed on Fridays, they shall be prepared on Saturdays or Sundays. 6.0 Tape Storage The tape that is under use in spark computers is an LTO-2 device that can handle 200 GB of data in a single drive. There shall be incorporated a separate or a set of tapes for each backup day which includes Mondays, Tuesdays, Wednesdays, and Thursdays. There also shall be separate or set of tapes for all Fridays of every month such as Friday-1, Friday-2, etc. Backups which are to be performed on Fridays or weekends shall always be kept for one-month and then used again the subsequent month on the appropriate Friday. Backups which are performed from Monday through Thursday will be kept for a period of one week and then used again in the following suitable day of that week. 7.0 Tape Drive Cleaning The tape drives shall always be cleaned per week and the tape used for cleaning shall be altered monthly. The IT administrator shall schedule the jobs to the various IT personnel such that no impending job will be undone. 8.0 Monthly Backups Every 1 month, a monthly back-up tape shall then be prepared using the oldest back-up tape or the tape set from the available tape sets. This will assist in that the back ups will be at their recent most way and manner throughout the period and that only a small piece of data will be lost when there will happen to be some failure. 9.0 Age of the tapes The date that each tape was set into use shall be documented on the tape. Tapes which have been used for longer than 6 months shall immediately be discarded and then replaced with new-fangled tapes. This will enhance the system integrity and remove the probability of having some data loss due to faulty tapes. It is obvious that some tapes do get deprived with time and so keeping old tapes might only alleviate the risk. 10.0 Responsibility The IT department boss shall be supposed to delegate one of the members of the IT department so as to perform some regular backups. The delegated individual shall develop a modus operandi for trying backups and then test the ability to restore the data from the backups on monthly bases. There is no need to keep any backup if the data that has been saved cannot be restored to the computer. This means that the data is of no use to the organization and will only incur more costs to the company without actually adding any monetary value. 11.0 Testing The ability of the system to restore data from the backups shall always be tested at least once monthly. 12.0 Data Backed Up Data which is to be backed up includes the following information: 1. User data that is stored on the hard-drive. 2. System-state data 3. The registry Systems which are to be backed up includes but aren’t limited to: 1. File server 2. Mail server 3. Production web-server 4. Production database-server 5. Domain controllers 6. Test database server 7. Test web server 13.0 Archives Archives are often made at the end of each year in Decembers. User accounts’ data associated with file and mail servers are always archived a month after they leave the organization. 14.0 Restoration Users who need some files restored must always submit requests to the help-desk. The information should be about the file-creation-date, name of that file, last time it was altered, and lastly the date and the time that it was deleted or was destroyed. 15.0 Tape Storage Locations Offline tapes are used for night backup and shall be stored in an adjacent-building in a safe that is fireproof. Monthly tapes shall then be stored across the town in the other facility also in a fireproof safe. 16.0 conclusions This report has helped us to ascertain the fact that data needs to be kept in an utmost safe way and that all such data when it comes to a company or any other relevant data should always have a backup. According to the case of sparks computer the systems have been put I such a way that the users have limited rights and so they will only be having access to the right channels of information. Part B According to the way the PC’s in the organization have been assigned to the users, there is much concern on some issues. If we look at the performance, it is wise to conclude that it is excellent due to the fact that most of the users have their own computers apart from the warehouse staff. On the security measures, it looks fine from the case of the staff with each machine per person though the warehouse looks a bit tricky due to the fact that they share the computers. This might tend to compromise the status of the data security. In terms of software installation, it is simpler because it is possible for the administrator of the IT system to be able to install the software over a network. A network installation happens only from one point and does not entail transfer from one machine to the other as long as they are in the same network. Deployment of activities can also happen throughout the network using the various chat activities. Appendix Display for group policy References Anderson, R (2006), Security Engineering: A Guide to Building Dependable Distributed Systems, New York, Mc-GrawHill. Gasser, M (2004), Building a secure computer system, New York: McGraw Hill. Read More