Contact Academy Computer Services.
Company |  Products |  Support |  Ordering |  Contact Us
  

CD Tower and Virtual CD Tower
Virtual CD/DVD Server
NAS
Networking
Legal Research Programs
Glossary
Downloads
Search

 

 

 

Email Us
Tel.: 800-385-6442
Fax: 781-279-4262

©2001 Academy Computer Services, Inc.
All rights reserved.
Terms & Conditions
 

Networking

Peer Security: A Case Study
Because this is an imaginary network, we can make any changes we want without regard to cost or effort. Which is exactly what we did, by converting two of the computers to WindowsNT. But that is the only physical difference in this reconfiguration of the network.

Computer User Name OS Workgroup Files Shared Share Access Level
Sales1 Bugs Windows95 ACME      
Sales2 Freeling (Administrator)
 
Daffy		 WindowsNT ACME C:\Financial Spreadsheets FullControl to the Administrator, Bugs, Daffy and Tweety.
No Access to all others.
Shipping1 WileE Windows98 ACME C:\FedEx\History FedEx Notes Read-Only
Accounting1 Freeling (Administraotr)
 
Tweety		 WindowsNT ACME C:\AccountingData Warner$ Full Control to the Administrator, Tweety and Bugs
No Access to all others.
        CD-ROM drive CDROM Full Control
Support1 Freeling (Administrator)
 
Elmer
 
Sylvester
 
RoadRunner
 
Bugs
 
Daffy
 
WileE
 
Tweety		 WindowsNT ACME C:\Website
 
HP Printer		 OurWebsite
 
Printer2		 Read for all users
Print for all users

The Solutions

Printers
The printer crisis has been solved by removing the inaccessible printer (in Bug's office) and sharing the other unit. The printer is attached to a WindowNT machine. That operating system requires that an account must be created in the machine for each user.

Workgroups
All five computers are members of the same workgroup: ACME. As the company grows workgroup configurations can be changed, but there is no current need to have more workgroups.

Software Piracy
Bugs is no longer engaging in software theft by sharing Word across the network. Each computer has its own licensed copy of the program.

Data Security
This is achieved through a combination of factors. First the machines with the sensitive sales and accounting data were converted to WindowsNT. This allows the NTFS file format to be used; which in turn allows much greater security over individual files, shares and user access.

Second, the Warner share is a hidden share. By placing a $ (dollar sign) symbol after the Share Name, that share is invisible in Network Neighborhood. The share is still there, but a user must know the exact name and location of the share to access it. this location is the UNC path.

In additions, the Warner share has an obscure name. Most other shares are given a strightforward, obvious name. Not only is this share hidden but it's name is difficult to guess.

A Universal Naming Convention (UNC) path will be familiar to users of the World Wide Web. It uses the workstation name and share name and looks like this: \\computer\share\file.ext  The UNC path for a document named "revenues.txt", in the hidden Warner share of the Accounting1 PC is \\Accounting1\Warner$\revenues.txt  

WindowsNT User Accounts
In the orignal ACME network the Support1 computer was WindowsNT. Three people used the machine, but only one user account was used: Administrator. This is not the best use of WindowsNT. The enhanced security options of NTFS aren't fully utilized until you create multiple User accounts. WindowsNT ships with two default User accounts: Administrator and Guest. Because these default accounts are widely known, they are easy targets for hacking. Knowing a username means a hacker only needs to guess the correct password to access the system.

The first step is to disable the Guest account.

Next, create separate user accounts for Administrators and general Users. Only use the Administrator account when absolutely necessary. This account has the right to modify the PC in any way -- therefore, damage done to the system is much more pervasive when the Administrator user account does it.

  1. Individual User accounts were added to the newly converted WindowsNT computers.
  2. Accounts for Elmer, Sylvester, and RoadRunner were added to the Support1 machine. In order to allow acces to the printer on this machine the accounts for Bugs, Daffy, WileE and Tweety were added.

Third, rename the Administrator account. All accounts require a password to log on. Only the Administrator account will be allowed unlimited password entry attempts. All other accounts are blocked after a fixed number of attempts. Hackers know this fact and will try to exploit it. Renaming the Administrator account will lessen the possibility of a security breach.

  1. The Administrator account was renamed in all three WindowsNT computers. The same name was used in all three machines, for simplicity's sake. But you could assign a unique name to each Administrator account. Just keep a record of the information.

Shares
Don't create shares for information you don't want to share.