Mr C JohnstonICT Teacher

www.computechedu.co.uk

G055 - Lecture 13

Network Safety and Security

Session Objectives

Understand safety procedures to ensure that users are kept safe

Understand the necessity for security procedures and how they can be implemented to ensure that data equipment and data is kept secure

Safety and Security Overview

When designing and installing a network we need to consider some additional factors:

The health and safety of users, Ensuring equipment is not damaged, Ensuring that the data stored can not be maliciously or

accidentally harmed. It is the role of the network administrator to ensure

that these issues are considered and frequently they will write an acceptable use policy which all users must adhere to.

Safety and Security Procedures

Safety Procedures Include: Making sure each workstation has enough space, Equipment prevents RSI etc, No trailing cables, All electrical equipment is safe (yearly PAT test) and free from

damage. Security Procedures Include:

Keeping data backed up, Protecting confidential information through access rights, Ensuring passwords are strong and kept safe, Ensuring virus checkers are kept up to date and perform regular

scans, Ensure copyright is protected, Take measures to ensure that equipment, data and software is not

stolen.

Acceptable Use Policies To ensure that procedures are adhered to most

organisations make users sign and follow acceptable use policies.

Here are a few examples: Sidney Stringer Academy Coventry University Barnet, Enfield and Haringey NHS Trust Parliament – MPs and Staff

In groups compare and contrast the different policies and develop your own based on the common rules.

In groups compare and contrast the different policies and develop your own based on the common rules.

TA

SK

Topic Exercise

Complete the following reading: Slides 6 – 29 of this presentation A2 Text Book Pages pg 46-47 AVCE Unit 08 Book pg 55/56 (Section 5.3) This topics reading downloadable from the website

Download and complete this topics past exam paper questions – complete for next lesson.

Safety Overview

The next few slides cover some of the issues that need to be considered when setting up a network to keep users safe

Safety Law

When setting up a networked room a network manager needs to ensure the Health and Safety at Work Act (1974) is adhered to,

This Act states that it is the employers responsibility to provide a “safe working environment”,

This means a number of safety features need to included in the design of the room to prevent injuries to staff.

Safety Considerations

Cabling, Power Supply, Fire Protection, Lighting, Security Provision, Accommodation, Temperature Control, Type of Equipment.

Staff Education

As well as providing a safe environment staff need to be educated to ensure they work in a safe manner,

Many companies provide guidance for staff on how to use the computers safely,

This often comprises of a policy which appears in staff handbooks and displayed on notice boards in prominent places.

Safety Policy / Training Content

Correct Posture, Correct use of keyboard and mouse to avoid RSI, Avoiding eye and neck strain, Avoiding headaches.

Network Administration Overview

To ensure that users behave themselves there are number of techniques we can use – the next few slides cover some of the basic aspects of network administration.

User Accounts To log onto a network each user needs a unique user

account with a username, Each user should have their own username and

shouldn’t share because: Its possible to keep a log of who is logged in, Able to keep a history of who is logged in, Provides user with a unique identity on the network, Links user automatically to their files, Allows access rights to be enforced, Can trace any body who breaks the acceptable use policy.

Users need to be told not the share / write down their password,

Also should be encouraged to change their password regularly and log off workstations when finished – password policies can be used enforce this,

User Groups To make it easier to manage users they are spilt into groups, Groups are then given different security rules or policies and

access to different files and folders, The policies then apply to all members in a group – much

quicker than granting rights to each user account individually, A basic model is to have three groups but an organisation

may have hundreds of different groups all with different levels of access.

User 1 User 2 User 6User 3 User 4 User 5

User 8 User 9 User 13User 10 User 11 User 12

User 7

Group 1 = usersMaximum Security Applied

Group 2 = PowerUsersMedium Security Applied

Group 3 = AdministratorHave Full Control

Password Policies One of the easiest ways to hack a network is to guess a users password, Users tend to have silly passwords which can be easily deduced by others – brute

force method hacking is very common, Password policy aims to prevent silly passwords from being used by:

Ensuring a user account has a password, Allowing users to change their passwords, Setting a minimum length for passwords, Forcing users to frequently change their password, Ensuring passwords contain a mixture of numbers, upper and lower case characters, Blocking accounts for 24hours where the password has been entered incorrectly three times

(prevents brute force attack),

Password Policy Examples

Setting up password policy

Example of a brute force attack

Setting up password policy

Login Policies

Security policies can also be applied to logging into the network,

Network operating systems allow you to: Restrict login times (e.g. 9 till 5 Mon-Fri only), Disable a user or groups of users accounts, Limit the number of concurrent connections, Force accounts to automatically expire on a given day.

Login Policies Example

Limiting Jacks logon hours to between 6am and 8pm

WorkStation Policies Workstation Policies apply to the computers users work on, They prevent users from:

Changing Settings, Installing Software / Hardware, Customising Machines (screen savers, backgrounds etc), Accessing Certain Software,

Normally you will have a Workstation policy for each group of users or type of user, which has an appropriate level of security,

To set-up Workstation Policies you select from the what you will allow users to, and not to do.

Workstation Policies Example

Setting up a security policy to control how the workstations look and prevent changes

File and Folder Policy To access a file or folder on the network you need to have the correct permissions, Each file or folder can be marked with permissions including:

No Access List (File Scan) Read only Add (Write) Change (Modify) Full Control

File and Folder policy specifies the permissions files and folders have to each user and group of users.

File and Folder Policy Example

No Access - NList (File Scan) - FSRead only - RAdd (Write) - WChange (Modify) - MFull Control - FC

SharedUsers – FS, RPowerUsers – FS, RAdmins - FC

Document TemplatesUsers – FS, RPowerUsers – FS, R, A, MAdmins – FC

PrivateUsers – NPowerUsers – FS, RAdmins – FC

Users SharedUsers – FS, R, A, MPowerUsers – FS, R, A, MAdmins – FC

Backup Overview

The next few slides cover of the techniques and methods used to backup data on a network.

Need For Backups Data is critical for many organisations and if important

files are lost it could lead to???? Backups are “copies” of data which can be used to

restore files in the event of any mishap. We tend to backup files which change regularly on a

daily basis. Files which change less frequently may only be

backed up once a week. Files which rarely change rarely are achieved onto a

medium – exempt from the normal backup routine and stored off site.

Performing Backups How often? – Depends on file type

When? – Depends on organisation Typically outside office hours or when network quite Sometimes backups occur during working hours and log made

to track changes between backups.

Typical Backup Strategies

Three Tape Six Tape Rotation God Father, Father, Son Tower of Hanoi Also need to consider imaging of servers and

workstations.

If a network uses identical (or groups of identical) machines we can build a standard image which includes all the locally stored applications and driver file of and store it on a server – if the machine breaks we just download the image to it and we have a fresh machine. Some software (Symantec Ghost Solution Suite 2.5) allows you to do this remotely so no need to leave desk!!

If a network uses identical (or groups of identical) machines we can build a standard image which includes all the locally stored applications and driver file of and store it on a server – if the machine breaks we just download the image to it and we have a fresh machine. Some software (Symantec Ghost Solution Suite 2.5) allows you to do this remotely so no need to leave desk!!

EX

PLA

INA

TIO

N

Writing A Backup Strategy

6 Key Elements – Determine the Frequency of your Backups Choose your Backup Medium Ensure Checks on the Source Data for Errors are included SAVE MONEY - Choose Your Rotation Pattern Ensure Tests on the Integrity of your Restore are included Store the Backups in a Safe Place

Hardware / Software Traditionally backups have been “dumped” onto backup tapes, Even today tapes are still popular as they hold a lot of data (4gb – 400gb) on a small

package which fits in your pocket, To use tape you require:

A tape drive Compatible media Software to perform the backups - e.g. MS Backup,

Alternative Backup Solutions

There are several issues with tape backup: Slow to perform backups, Slow to retrieve files, Put a mass strain on the server when using, Magnetic medium so can by wiped by other magnetic sources.

Use your backup software to dump data onto: CD-R / DVD-R A dedicated backup server NAS (Network Attached Storage) or several NAS boxes On-line servers via an internet connection