Need to answer two separate students forum discussion for this week. Each response must be 150 words minimum. Please see below the bold is this week questions.
All posts must be a minimum of 250-300 words. All follow-up posts to your classmates must be a minimum of 150 words for each required post. Peer responses will not be accepted after the due date.
For this assignment, create a new message and address the following items in your response.
- Give reasons why a user would protect a file from read or write access by other users and provide examples how this can be done.
- Explain the difference between a virus, a worm, and a Trojan.
- Explain why it is safer for administrators to use two different accounts when working with a computer. Explain the difference between the two accounts.
- Explain how access restrictions on a folder or directory can block a userâ€™s access to a file, even if the file itself may be readable by that user.
- Explain the four general tasks that may play a role in recovering from a security incident
There are several reasons that a user would want to protect a file by using read and or write access on an individual file or folder. I currently work in a Brigade operations section and we use read and right access on some of our files. We publish a lot of operations orders that are used by the entire Brigade. The files are kept in a folder that allows individuals that need the information to read them. Folks that work in my shop have full read and write access so that we can manipulate the files or create new files within the folder when needed. We do not let the folks outside of our shop have write access so that others canâ€™t erroneously change content on the one of the files whether it is a malicious act or an honest mistake. The reason that it is so important is because an error could negatively impact the entire Brigade. This can be accomplished by tailored file sharing, user groups, file permission flags, and access control list. You can also have files within the folder that some users are blocked from even though they have read access to the folder itself.
A Trojan horse program copies a userâ€™s files to its own file by using the userâ€™s access rights. A virus is malicious software that is carried by a program that is spread to other programs on the computer when the program with the virus is being operated. A worm is a malware that constantly scans the internet looking for a weak computer to insert itself into it. Newly developed worms even act on their own.
It is safer for an administrator to have a personal regular user account for regular work and an administrative account when working with other peoples accounts or files that pertain to other people. This is extremely important to keep the administrative account from being compromised or changing something that shouldnâ€™t be changed.
The four general task that may play a role in recovering from a security incident are Identify shortcomings in our risk assessment, security requirements, or implementation to reduce the impact of future incidents. Repair any problems caused by the attack. If a Trojan program infests your computer, the repair includes removal of the Trojan. If the incident is caused by someoneâ€™s malicious act and we can hold that person accountable, then we need to collect evidence that clearly ties the person to the incident. If someone is using our computer to violate laws, then we need to preserve the evidence so that a prosecutor may use it as evidence in a trial.
File security is of utmost importance to users and organizations. Users may desire to protect files from unauthorized access due to personal privacy information, sensitive health information, as well as confidential financial files for organizations. Several layers of permissions exist, consisting of read, read/write, and execute. Controlling permissions depends on the overall operating system. Files can inherit permissions from their directory or they can be established directly. As highlighted by Smith (2016), controlling permissions in organizations is often established by groups instead of individual persons. For example, a member belonging to the Contributor group in a Linux OS can read and write, but possibly not execute. This would be annotated as —RW-RWX, specifying the world has no rights, the group has read-write, and the originator has read, write, and execute. The Windows OS operates in a similar manner and permissions can be established by groups or by individual access.
Several threats exist to the average user. Viruses, trojans, and worms are common threats facing unsecured system. A virus executes on its own, without interaction, and can replicate while altering the overall operation of the computer or file (Smith, 2016). Unlike viruses that may be openly visible, trojans attempt to hide as a legitimate program and execute malicious code when a user downloads the program on accident. Trojans do not self-replicate and must be manually received from a user. Finally, a worm has the capability of replicating throughout systems and does not require a host file like a virus.
System administrators must maintain two users account, typically a username.adm and a username.standard account. The standard user account has basic permissions to user-created files and cannot install, execute, or modify certain files based on the permissions to a standard user’s permissions. Administrative accounts have full system access and can execute, delete, modify, or replicate files throughout the system with root access. If an administrator commonly logged in with their .adm account and visited their email and other websites, any malicious code accidentally downloaded would have full system rights and execute with the permissions of the user logged in.
File permissions are controlled through Windows and Unix file architectures and subfiles inherit permissions from higher folders unless disabled (Smith, 2016). Inherited rights can be overridden in the folder security settings. Setting permissions should be granular, but utilizing groups instead of individuals helps establish file permissions easier.
Incident response differs from organization to organization, however, four steps are accomplished regardless of the formal plan. First, system requirements must be analyzed and a risk assessment accomplished to prevent future attacks (Smith, 2016). Furthermore, Smith puts forward implementing controls to correct the original security incident, such as a DoS or virus infection. The final two steps involve collecting evidence, often through logs on the host system, network, and intrusion detection and prevention system and then preserving the evidence through a proper chain of custody.
Smith, R. E. (2016). Elementary Information Security. [VitalSource]. Retrieved from https://online.vitalsource.com/#/books/97812840930…