Basic Operating System Security for Spark Computer - Essay Example

Security of a Computer in a Network Name Tutor Date Basic operating system security for Spark computer Introduction Many organizations today utilize the full power of the advancements that are ii the field of information and communications technology in various ways. This ways vary in a number of ways including the implementation of various modes of operation, storage of data, sorting out of records, tracking of information and so many other ways. Owing to this in critically, it is therefore essential and very important to keep and maintain a good system of security that will at all times enhance that all the data is not detectable by any malicious users, snuffers and any other caliber of people that are not supposed to get in touch with or access important data that is not in their field. Group policy objectives in the windows environment usually assist the user or the administrator to a system to keep the system secure such that no irresponsible or malicious individuals get access to the data. This paper will try to expound and check into the various ways that can and times be used so in maintaining a secure system that maybe can vary from some strong passwords and some other kind of rules that will assist to enhance the security of the system. Section I Report on the application of GPOs (Group Policy Objects) Abstract Being the core of the industry today, computers and computer use has been in the verge of increase by day. Most of the people have embarked on computers as the most recent mode of communication and storage of data on such great magnitude that it has become the backbone of almost all businesses. This has thus attracted more people from the opposite side of the arena to take advantage of the data at hand to exploit people and gain from them. People have been reported to use the data stored in a way that they get their own selfish gains or destroy and make formidable businesses to collapse. This has been due to ease of access and thus there needs to be a way in which to inhibit this access. System security This segment focuses on how the implementation of group policy objectives has constantly been used in the Windows environment to achieve various security units in the world of computer networks many industries. Group policy objectives used in the computer industry has been used to help get some of the Windows users and clients to control the registries of the target objects, the security of the NTFS (New Technology File System), the security and the audit policy, installation of new software, scripts used for logon and also for logoff. The above described processes are usually done by use of a system which is known as “security filtering” which is then essentially the mode of customization of the group-policy-object in the security policy. This is in most cases through the choosing of the users and also of the groups to whom those GPO’s apply to. The group policy objects are previously set in the operating system. In short, the policies that are set are part of the operating system security. The basic step is the ensuring that the all the inclusive staff have a password which has a minimum length of 8 characters. The password must also meet the minimum requirements necessary for Windows. In such a case, the administrator will need to navigate the settings of the group-policy which can later be reached using two ways. In the first and also the simplest way you can press the control (ctrl) key and “R” key together. On doing this, there is a window that comes up with a text box where one types the command line mmc. Mmc stands for Microsoft management console. This console manages the group policies. One other way of opening the console window is through following the control panel. In this mode, one presses the start key and then followed by pressing the control panel, administrative tools and lastly the local security policy settings. This major policy uses the pull model. This model is can be configured. This paper shows the different processes through which various objectives can be achieved during computer security maintenance. The discussed objectives will give the reader of this report an overview of how a certain organization can make use of a very important feature found in Microsoft Windows kit so as to maintain a certain set of rules in the maintenance of company standards. The set rules form a policy which can be always written and later distributed to every worker to make sure that they conform to them. After the commands have been input into a computer, the machine denies access or entry to any person who acts in default to the requirements. Opening the console would be a first step in achieving various measures related to administrative security. Firstly, we set the password settings in order. The password length of a certain user can be placed at a maximum or even minimum length in such a way that it is compliant to relevant window settings. (Gasser, 2004). The shortest length of any given password can later be altered by going to the account policies’ password policy. The information that has been expanded contains a password that is of minimum length as is required by the administrator in charge. In a situation where eight characters have been used, one changes the size converting the default length to zero characters. Changing the figure to eight makes sure no one accesses the given account with any length that is lower than eight. The number of days that the password gets to stay can be found in the password age that has a default number of 42 days. Changing to twenty days only requires one to change the figures to twenty in properties. Changing to eight days requires one to change the existing figure to eight in properties. The field identified as “enforce password history” affects how often the password can be used. When one customizes the enforce password history field, the system cannot accept the password after the said number of days. One more field that can be imposed in the various account policies includes how often a particular user tries to log in. in a situation where the user tries to log in using a password that is not valid for three times consecutively, the account can at this time get blocked or locked out. This can also takes place within the group objectives panel though the user first moves too but one should move to the account lockout policy instead. When you move to the account lockout policy, there is a field called the account lockout threshold. This field determines the number of times that a person can try to login. In the current case, the value should be set to 3 such that the person should try to logon a maximum of three number of time using an invalid password after which the account is rendered invalid. The system users are perceptible to be denied accessing the various installed computer applications by the use of either the window’s group policy or the or the local policy or editing the registry. In the group policy, one can be able to restrict access to a certain program like internet explorer by editing of the local domain. During the editing of the local policy, it is required that the person keys in gpedit.msc by typing this and then clicking OK. There is a dialog box that pops up where one needs to expand the user configuration then expand the administrative templates and lastly expand the system. On the right pan inside that dialog box, there are many options that pop up. From the list having those options, the administrator should click the choice written “Don't run specified Windows applications”. The next pop up dialog box, there is a field where one has the ability to check some options. The option of choice at this moment is show. On checking this option, one is supposed to check “show”. There is a panel where you can input the program that needs to be hidden. In our current case, the programs are internet explorer and the windows messenger. The programs should be input using the executable code name associate with them which can be iexplorer.exe or so. Conclusion It is fine to state that most of the group policy objects are obviously a series of steps that need to be followed in order to achieve the aspired objective. One of the major reasons for using the group policy objects is to maintain a standard through which a certain group in a particular network will adhere to in order to work optimally. Security has been enhanced through setting of a password policy that has to be followed whether the user is willing or no thus making computer use very dedicated. In order to achieve the said steps in a simple and acceptable way, setting them from the control panel path is the best. In this way the user will not have the risk of changing some system setup like it would have been if the person was to interfere with the registry. Section II Back up policy report This part majors on a backup policy that can be used in any particular organization to help protect the data in that organization from probable failures. A back policy can be referred to as a policy that is usually used by an institution or an organization such that it is regularly and constantly in use. When any such policy is determined by the necessary authority, a section of people in the IT sector are assigned roles which they have to follow throughout until that policy is maybe changed or altered. The significance of backing up data is to aid the organization at stake in making sure that no work will stall or records lost in case there was anything that caused the data to be lost or altered. Possible causes of data loss include fire outbreaks, theft, system failures and natural disasters. Data may vary with importance and some data can cause either a lot of havoc or either so much loss. Some of such data may include bank databases, criminal records and so. If such data is lost and there is no recovery method, it means that the loss that will be encountered is so big. Overview This is a sample policy that defines the back-up policy for the computers which are within the organization and also which are expected to have the data that is contained in them backed up. The systems at hand are typically servers though they are not necessarily limited to basic servers as they also contain other types of machines. Servers which are expected usually to be backed up include the main file server, mail server, and the lastly the web server. Purpose of study This policy is intended to protect the data in spark computers so as to be sure that it is not lost and that it can be recovered in the event of an equipment failure, intentional data destruction, or any other disaster. These disasters as they my arise can big a big loss to spark computers thus the data has to be protected in the best way possible. Description This policy as it is written applies to all equipment and data owned and operated by spark computers. In this case, it means that the data and the equipment will have to be backed up using some set rules and regulations thus the company will not just be operating in a fail safe mode but in a way that the system will be at its utmost secure. Definitions Backup – this entails saving of files onto the magnetic tape or any other offline mass storage space media for the sole purpose of averting loss of data material in the events of equipment’s failure or in case destruction. Archive – this is the storage of unused or old files onto magnetic-tapes or any other given offline mass storage-media so as to release off any online room of storage. Restore – it is the process of bringing off-line storage data reverse from the off-line media and then putting it onto an online storage structure like a file server. Backup schedule Full backups are to be performed during the on Mondays, Tuesdays, Wednesdays, Thursdays, and Fridays. If for maintenance purposes, backups are not to be performed on Fridays, they shall be prepared on Saturdays or Sundays. Storage The tape that is under use in spark computers is an LTO-2 device that can handle 200 GB of data in a single drive. There shall be incorporated a separate or a set of tapes for each backup day which includes Mondays, Tuesdays, Wednesdays, and Thursdays. There also shall be separate or set of tapes for all Fridays of every month such as Friday-1, Friday-2, etc. Backups which are to be performed on Fridays or weekends shall always be kept for one-month and then used again the subsequent month on the appropriate Friday. Backups which are performed from Monday through Thursday will be kept for a period of one week and then used again in the following suitable day of that week. Maintenance of the data tapes The date that each tape was set into use shall be documented on the tape. Tapes which have been used for longer than 6 months shall immediately be discarded and then replaced with new-fangled tapes. This will enhance the system integrity and remove the probability of having some data loss due to faulty tapes. It is obvious that some tapes do get deprived with time and so keeping old tapes might only alleviate the risk. Cleaning of the drives The tape drives shall always be cleaned per week and the tape used for cleaning shall be altered monthly. The IT administrator shall schedule the jobs to the various IT personnel such that no impending job will be undone. Backups during every single month, a monthly back-up tape shall then be prepared using the oldest back-up tape or the tape set from the available tape sets. This will assist in that the back ups will be at their recent most way and manner throughout the period and that only a small piece of data will be lost when there will happen to be some failure. Responsibility The IT department boss shall be supposed to delegate one of the members of the IT department so as to perform some regular backups. The delegated individual shall develop a modus operandi for trying backups and then test the ability to restore the data from the backups on monthly bases. There is no need to keep any backup if the data that has been saved cannot be restored to the computer. This means that the data is of no use to the organization and will only incur more costs to the company without actually adding any monetary value. Testing For the maintenance of the system integrity the ability of the system to restore data from the backups shall always be tested at least once monthly. Back up of data this entails the use of: - the registry data, system state data and data which are in the hard drive. Systems that are backed up consist of a file server, mail server, production web server and database server, domain controller, test web as well as data base server. Archives this are mainly made towards the end of every year and mainly during the month of December. In this case, the accounts and data of the different users that are related to the mail servers and the file are mainly placed in archives just one month after they have left the organization. Restoration the various users that require having a number of their files recovered should always ensure that their request is submitted to the information desk. The given information must always be related to the date of file creation, file name, the very last time that alterations were made on it as well the time at which deletion or destruction of the file was done. Storage sites Offline tapes play a major role in night backup. They are reserved in an entirely very safe fire proof adjacent building. Monthly offline tapes also require to be kept in an area that is both safe and fireproof and that is in a different location rather than the working area. This ensures that there is ready back up at all times. Conclusion From the above report, it is evident that storage of data should be in such a way that all information is safely kept and has ready back up at all times. This does not only ensure that the information or data remains confidential and free from damage or destruction but also that once the existing information is destroyed or lost, it can be retrieved from a different storage area. A company should not at any one time ignore the creation of back up during the storage of all their data. They should always put in mind that any saved information is prone to loss, malicious damage, theft and destruction and hence should always be prepared in case any o that happens. Companies must always ensure that the working conditions are in such a way that they create proficiency, quality performance and productivity and that they ensure maximum security of data. This could be done by for example ensuring that each member of staff dealing with important information regarding the company and its various activities has their own computers. Sharing of computers among staff members is one way through which information can be stolen and thus a huge compromise to the security of any company’s data. With the case of an integrated company like the case at hand, software installation is simple as almost all the users have their PC’s apart from the users in the warehouse who have one PC between three people. The simplicity of the installation comes from the fact that it is the sole responsibility of the administrator and he/she can do it from a fixed spot over the network. In case, the administrator wants to communicate with other people in the network, it is also simplified by the single connection. References Kelly, R (2003), Computer Network Security, New York: McGraw-Hill. Read More