Apply Your Knowledge
Exercises
12.1. Activating Logon Auditing on a Windows 2000 Server
Many different elements go into developing an effective security strategy. Two of these elements are configuring and setting up a password policy and configuring system auditing. In this exercise, you learn the procedures involved in activating the auditing feature on a Windows 2000 Server system. (Remember that to enable auditing, you need to have administrative privileges.)
1. |
Select Start, Programs, Administrative Tools, and then select Local Security Policy. The Local Security Settings dialog box, shown in Figure 12.9, appears. |
2. |
On the left side of the dialog box, click on the Local Policies folder, and then double-click the Audit Policy file folder on the right side of the dialog box. The auditable policies are displayed. Figure 12.10 shows the auditable policies. Figure 12.10. The auditable policies on a Windows 2000 Server system.
|
3. |
Double-click the Audit Logon Events icon. This opens the Local Security Policy Setting dialog box, which is shown in Figure 12.11
. Figure 12.11. The Local Security Policy Setting dialog box in Windows 2000 Server.
|
4. |
Select the Success and Failure check boxes to audit both successful and failed logon attempts, and then click OK. |
5. |
12.2. Setting Password Policies
As a network administrator, you might be required to establish a password policy for the organization. In this exercise, you identify where password policies are set in Windows 2000 and how to set them. Specifically, you set a specific maximum password age.
1. |
Select Start, Programs, Administrative Tools, and then select Domain Security Policy from the menu. The Domain Security Policy dialog box, shown in Figure 12.12, appears. |
2. | |
3. |
Double-click the Maximum Password Age option. The Security Policy Setting dialog box, which is shown in Figure 12.13, appears. |
4. |
12.3. Testing Password Strength
Network administrators are required to set strong passwords and ensure that users also set strong passwords. In this exercise, you test password strength.
1. |
Log on to the Internet, and type https://www.securitystats.com in the address box of your browser. You arrive at the Secure Stats Web site. |
2. |
On the left side of the screen, under the Awareness Tools menu, click the Password Strength option. |
3. |
You are redirected to the Password Security Web site. In the Test the Strength of a Sample Password field, type the password you would like to test. |
4. |
Exam Questions
| 1: | Which of the following are benefits of using a proxy server? (Choose the three best answers.)
|
| A1: | a, b, c. A proxy server allows the costs associated with Internet access to be reduced, provides a central point of Internet access, and allows Internet access to be controlled. Answer d describes the function of a DNS server. For more information, see the section “Proxy Server,” in this chapter. |
| 2: | On a packet-filtering firewall, which of the following is not used as a criterion for making forwarding decisions?
|
| A2: | d. Firewalls do not make forwarding decisions based on the NetBIOS service name, which is fictitious. All the other answers are valid means by which a firewall can make filtering decisions. For more information, see the section “Firewalls,” in this chapter. |
| 3: | What is the basic reason for implementing a firewall?
|
| A3: | c. Implementing a firewall allows you to have protection between networks, typically from the Internet to a private network. All the other answers describe functions offered by a proxy server. Note that some firewall systems do offer NAT functionality, but NAT is not a firewall feature; it is an added benefit of these systems. For more information, see the section “Firewalls,” in this chapter. |
| 4: | Which of the following is the strongest password?
|
| A4: | c. Strong passwords include a combination of letters and numbers and upper-and lowercase letters. In this question Answer c is by far the strongest password. Answer a is not a strong password because it is a standard word, contains no numbers, and is all in lowercase. Answer b mixes letters and numbers, and it is not a recognized word, so it is a strong password, although it is not as strong as Answer c. Answer d is too easy to guess and contains no numbers. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 5: | Which of the following best describes 3DES?
|
| A5: | c. 3DES uses a 192-bit encryption key. None of the other answers are valid. For more information, see the section “Understanding How Security Affects a Network,” in this chapter. |
| 6: | When defining a password policy for an organization, which of the following would you consider setting? (Choose the three best answers.)
|
| A6: | a, b, c. When creating a password policy, you should set a minimum password length, parameters limiting reusing the old password, and a password expiration period. You may even want to set a maximum password length. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 7: | What is the name for an area that is connected to a firewall but is neither in the private network area nor the public network area?
|
| A7: | b. A DMZ is an area of a network where you would place systems that must be accessed by users outside the network. All the other answers are invalid. For more information, see the section “Firewalls,” in this chapter. |
| 8: | At which two layers of the OSI model does a packet-filtering firewall operate? (Choose the two best answers.)
|
| A8: | a, b. Packet-filtering firewalls work at the data-link and network layers of the OSI model. None of the other answers are valid. For more information, see the section “Firewalls,” in this chapter. |
| 9: | You have installed a proxy server on a network and configured it to allow all the hosts on the internal network to access the Internet through it. None of the users on the internal network are able to access the Internet, although they could before you implemented the proxy server. What is the most likely cause of the problem?
|
| A9: | c. In order for Web browsers to access the Internet through a proxy server, they must be correctly configured. Given the scenario, Answer c is the most likely answer. For more information, see the section “Proxy Servers,” in this chapter. |
| 10: | What is the purpose of auditing?
|
| A10: | b. Auditing is a process of reviewing security logs so that breaches can be detected. Answer a describes the function of alerting. The other answers are not valid. For more information, see the section “Understanding How Security Affects a Network,” in this chapter. |
| 11: | After noticing that there have been several attempts to access your network from the Internet, you decide to block port 53. Which of the following services is associated with port 53?
|
| A11: | b. DNS uses port 53. None of the other services use port 53. For more information, see the section “Understanding How Security Affects a Network,” in this chapter. |
| 12: | At which level of the OSI model does a circuit-level firewall operate?
|
| A12: | a. A circuit-level firewall works at the transport layer of the OSI model. None of the other answers are valid. For more information, see the section “Firewalls,” in this chapter. |
| 13: | Which of the following is not a valid file permission on a Unix/Linux system?
|
| A13: | d. Erase is not a valid file permission on Linux or Unix systems. Read, Write, and Execute are all valid Linux file permissions. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 14: | You suspect that an employee in the company has been logging on to the system from a remote connection and attempting to look through files that he should not have access to. Which mechanism could you use to discover the identity of the person trying to dial in?
|
| A14: | a. To determine the user ID of a person trying to log on, you would implement auditing. File permissions, password policies, and intruder detection would not help you to do this. For more information, see the section “Understanding How Security Affects a Network,” in this chapter. |
| 15: | Which of the following network operating system platforms uses inheritance filters to prevent file permissions from flowing through the directory structure?
|
| A15: | a. Novell NetWare uses filters to prevent file permissions from flowing through the directory tree. None of the other network operating systems use inheritance filters as part of their file system secu-rity structure. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 16: | Which of the following is not a valid file permission on a NetWare server?
|
| A16: | c. Full Control is not a valid right. The equivalent on a NetWare server is Supervisor. All the other answers are valid NetWare file permissions. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 17: | Your company is moving from a client-based email system to a Web-based solution. After all the users have been successfully moved to the new system, what are you likely to do on the corporate firewall? (Choose the two best answers.)
|
| A17: | b, d. Because users will access their email via a Web browser, the firewall will not need to accommodate POP3 (port 110) and SMTP (port 25). Blocking port 53 would disable DNS lookups, and blocking port 80 would disable Web browsing (HTTP). For more information, see the section “Understanding How Security Affects a Network,” in this chapter. |
| 18: | Which of the following is considered a physical security measure?
|
| A18: | b. Locks on a cabinet would be considered a physical security measure. All the other answers are considered logical security measures. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 19: | Which of the following is not a valid file permission on a Windows 2000 NTFS partition?
|
| A19: | d. Change is not a valid NTFS file permission. All the other permissions are valid on an NTFS partition. For more information, see the section “Physical and Logical Security,” in this chapter. |
| 20: | You are a network administrator for a small company in Alaska that makes knitted hats. It is expected that your company will experience huge growth, and a competitive company is seeking the design for your company's latest toque, which is code-named “Frost Killer.” Your manager is concerned that a rogue employee might be preparing to sell the design to the competition, so you have been given the task of securing the company's data on your Windows 2000 server. Which of the following would you do?
|
| A20: | c. Implementing file system permissions can help secure data on the internal network. Blocking ports would prevent external users but would likely have no effect on internal users. The same is true of implementing a proxy server. Answer d is not a valid option. For more information, see the section “Physical and Logical Security,” in this chapter. |
Suggested Readings and Resources
1. Habraken, Joe . Absolute Beginner's Guide to Networking, third edition. Que Publishing, 2001.
2. Shinder, Debra Littlejohn . Computer Networking Essentials. Cisco Press, 2001.
3. Northcutt, Steven , David Mclachlan , Judy Novak . Network Intrusion Detection: An Analysis Handbook, second edition. New Riders Publishing, 2000.
4. Zwicky, Elizabeth D. , Simon Cooper , Brent Chapman , Deborah Russell . Building Internet Firewalls, second edition. O'Reilly & Associates, 2000.
5. Norberg, Stephan , Deborah Russell . Securing Windows NT/2000 Servers for the Internet. O'Reilly & Associates, 2000.
6. Linux security information, www.linuxsecurity.com.
7. Windows NT/2000 security information, www.ntsecurity.net.
8. Computer Security Institute, www.gocsi.com.
9. Computer networking tutorials and advice, compnetworking.about.com.
10. “TechEncyclopedia,” www.techencyclopedia.com.