Understanding Operating System Security

1. A strong password: a. contains 7+ characters; does not contain the user name, real name, or company name

2. To secure workstation and computer authentication across the network, Jim can use: b. Kerberos

3. To reduce the number of times a user would have to authenticate to access a particular resource, Jim can implement: c. Single Sign-on (SSO)

Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority

Kerberos authenticates the identity of users attempting to log on to a network and encrypts their communications through secret-key cryptography.

Lightweight directory access protocol (LDAP) is a network protocol designed to work on TCP/IP stacks to extract information from a hierarchical directory such as X.500.

Remote authentication dial-in user service (RADIUS) is an Internet protocol in which an authentication server provides authorization and authentication information to a network server to which a user is attempting to link.

1. To implement two-factor authentications, Todd can use: a. smart card and user password

2. Instead of signing in with elevated privileges, the staff can use: b. Secondary Logon-Run As

3. A disadvantage of biometric identification is: b. cost is prohibitive for many organizations

A certificate is an electronic credential that authenticates a user on the Internet and intranets

Public key infrastructure (PKI) is an asymmetric scheme that uses a pair of keys for encryption: the public key encrypts data, and a corresponding secret key decrypts it.

The Run As command allows a user to run specific tools and programs with different permissions than the user’s current logon provides.

Steps to change your password: • Press and select Change Password

Steps to use Secondary Logon or Run As. . . • Right-click the application icon and select Run As Administrator

1. When a share is created, the default permission is: a. everyone with Read permission

2. Shawn should enforce User Account Control (UAC) across the domain because: b. it will help prevent unauthorized changes to computers on the domain

3. Shawn’s job can be made easier when reassigning permissions by using: b. inheritance

Permissions include Full control, Modify, Read & Execute, List folder Contents, Read, and Write and can be applied to both folder and file objects. Permissions can also be applied to Active Directory objects.

Inheritance is the concept of permissions that are propagated to an object from a parent object. Inheritance is found in both file system permissions and Active Directory permissions. It does not apply to share permissions.

New Technology File System (NTFS), FAT, and FAT32. The primary difference between NTFS and FAT file systems is the ability apply security to the file system. You can grant or deny various permissions on NTFS. NTFS also supports the ability to encrypt data.

Share and NTFS permissions are applied based on how the resource is accessed. Share permissions are effective when the resource is being accessed through the network whereas NTFS permissions are effective all the time. When share and NTFS permissions are applying to the same resource, the most restrictive permission wins.