Supporting Security Needs 117
Supporting Security Needs
As a help desk technician, you will have a limited roll in the security of your network and hardware. The responsibility for a comprehensive security plan lies primarily with professionals, such as your school’s network administrator, engineer, or architect. But help desk technicians can assist in implementing preventive practices, such as those you will learn about in this chapter. They can also help to inventory and tag hardware for identification.
Network Security
Without proper security measures in place and enforced, the computers on your network are subject to many different kinds of security threats. The greatest threat to any computer network is malicious tampering, also called hacking, from outside or from within the network. Recognizing that threats can be both external and internal is critical to keeping your network, and the computers on it, secure.
External hackers can gain access to, steal, or erase data and user account information. They could also use the network as a base from which to attack other networks. Internal hackers might gain access to data about student grades or other confidential information. Computer viruses represent another threat. Viruses can cause significant damage to a network; some are capable of erasing all the files on the network.
It is important to protect the network from viruses, and to educate users on how to avoid spreading them. As a help desk technician, you will help to ensure that security practices and policies are followed.
Preventive Practices
The security of the overall network is the responsibility of the network administrator, engineer, and architect. They are responsible for designing and implementing a strategy that protects the network from attack. As a help desk technician, you might be responsible for implementing preventive practices as part of this strategy. Preventive practices are measures you take to prevent a hacker, virus, or other security threat, from attacking the network.
Installing and Updating
Virus Protection Software
One of the most important preventive security practices you should put in place for any network is the detection and elimination of viruses. A computer virus is a program designed to damage an operating system, applications, or data, or to install unwanted applications on a computer. For example, some viruses set the Internet Explorer home page to a particular site, and add inappropriate content to the hard disk drive. Other viruses can reformat the hard disk, which results in the loss of all data and files installed on the computer. And, other viruses are designed to replicate themselves, thereby using a majority of the system resources and compromising the performance of the computer. Some of these viruses can replicate through e-mail, enabling them to quickly spread throughout a network and effectively disabling it.
One of your duties as a help desk technician might be to install virus protection software. Another equally important task is to regularly update the virus definitions, in the software. A virus definition is enables the virus protection software to find a specific virus, and to cure it, or to alert you to its existence. With most virus protection software, you can update the virus definitions, and add new ones, by going to the developer’s Web site. Many virus protection programs contain a menu item or option that you select to go to the protection Web site and automatically download virus definition updates. Your help desk team should create a schedule for updating virus software for each computer that you support. If you must update this software manually, you should schedule time once a month for the updates to be completed.
Two of the most popular virus protection software packages are McAfee Virus Scan and Norton AntiVirus. Do a Web search for “virus protection,” to research virus protection options. You should bookmark the virus-related Web sites you find so that you can periodically check them for information on new viruses. Most sites do not require that you own the software in order to review their list of viruses.
Using Strong Passwords
In a network where users must log on with user accounts, each user needs a password. Sometimes, users pick passwords that are easy to guess or “hack.” Therefore, users should be required to use passwords that meet your school’s complexity requirements.
Password complexity requirements are usually configured for the entire network. To configure password complexity options on an individual computer, you should do so in a console with the Local Security Settings snap-in
Microsoft Management Console (MMC) is used to create, open, and save administrative tools called consoles. Consoles enable you to make administrative changes using a GUI interface. A console in and of itself is not a tool, but more like a shell for a tool. In a console, you can add tools called Sanpsnap-ins. Snap-ins are focused on a single administrative area, for example such as local security, and contain configurable settings. When you add snap-ins to a console, you can save that console with the added snap-ins so that you can easily open use it later.
To configure password complexity options and enforce the use of strong passwords, do the following:
1. Click Start, click Run, type mmc, and then click OK. The Microsoft Management Console opens. See Figure 8-1, which shows the dialog boxes you see as you complete the next three steps.
Figure 8-1
Adding a snap-in
2. In Console1, click File, and then click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. Highlight the Group Policy snap-in, click Add, and then click Finish.
5. Click Close, and then click OK to close the open dialog boxes.
6. In Console1, expand Local Computer Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click Password Policy.
7. The Password Policy settings are displayed in the right pane of the console. The settings you will change are listed in the following table. Double-click the specified setting and in the Properties dialog box, configure it according to the suggested minimum configuration listed in the table.
Configuration / Minimum Suggested SettingEnforce Password History / 3 passwords remembered
Maximum Password Age / 42 days
Minimum Password Length / 8 characters
Password Must Meet Complexity Requirements / Enabled
Figure 8-2 illustrates the configuration changes that you should make. The changes are effective immediately.
Figure 8-2
Configuring Password Policy settings
8. In Console1, click File, click Save, type Security Console, and then click Save. This saves the console with the embedded snap-in. The configuration changes are saved regardless of whether you choose to save the console.
Exercise 8-1: Create a Security Console and Configure Local Security
Work with your school network administrator to determine the appropriate settings for local security on the computers in a computer lab or other location in your school. Then, complete the following tasks.
1. Create a security console that includes the Local Computer Security Snap-in, save it as Security Console, and then close it. Refer to the procedure in the preceding Using Strong Passwords section above for details.
2. Click Start, click All Programs, click Administrative Tools, and then double-click Security Console. Configure the Password Policy settings as determined by your network administrator.
3. Create a new user account named User10:
a. Logon by using a user account that has Administrator privileges.
b. Click Start, right-click My Computer, and then click Manage.
c. In Computer Management, expand Local Users And Groups, right-click Users, and then click New User.
d. Enter the following information in the New User dialog box:
User Name / User10Description / Testing Password Properties
Password / School
What happens? Why?
______
e. Correct the problem you encountered, write down your solution, ensure that the User Must Change Password At Next Logon check box is selected, and then click Create.
4. Log on as User10, and change the password to one that meets the complexity requirements.
5. Log off, and then log on using an account with Administrator privileges. In Computer Management, delete User10.
Securing Hardware and Software
The physical security of your hardware is as important as the security of your network. After all, if the computers are stolen, there will be no network to protect! As a help desk technician, you can help to ensure the physical security of computer equipment by completing a thorough hardware inventory.
Securing Hardware and Software
As a help desk technician, you can evaluate the physical security of hardware and software assets, and make recommendations about protecting them. One of the first steps in this process is to survey the assets, such as computers, printers, other peripherals, and software, at your school. With a partner, walk around your school and answer the following questions about physical assets:
§ How is access to assets controlled?
§ Are all computers and peripherals in lockable rooms?
§ If not, are they secured to their workstations by computer locks or some other device?
§ Would it be difficult or impossible for someone to pick up a computer and walk away with it?
§ Are users asked for identification before being allowed access to equipment?
§ How are assets protected during non-school hours?
§ Is software secured in a safe place?
§ Are all assets marked with a school identification number in a highly visible place?
If physical access to assets is not adequately controlled, you can make recommendations, such as placing computers in a computer lab that can be locked when it is not monitored, and securing assets to furniture by using computer or printer locks (special metal cables that lock to the asset and secure it to a fixture) or some other locking device, such as immovable clamps. The more difficult it is to gain unauthorized access to equipment, the less likely it is to be stolen.
If physical assets are not marked with a school identification number in a highly visible place, then you should recommend this practice to your school technology committee and your help desk teacher or sponsor. Marking assets with a permanent, highly visible tracking number that identifies the rightful owner makes it difficult to sell stolen equipment, which means it is less likely to be stolen. It also facilitates an inventory of all equipment, and helps you keep track of the equipment.
Some tools you can use for clearly identifying assets as school property include the following:
§ Permanent markers. These are an easy-to-use and inexpensive tool, but be aware that the information can be sanded off.
§ Engravers. These are more complex and expensive than permanent markers. They can also damage equipment if not used properly.
§ Aluminum asset tags. These tags are usually made of anodized aluminum with a super-strong adhesive on the back. Each tag has an asset number, your school or school district name, and possibly a bar code, as shown in the following illustration. You can order the tags from a variety of online companies. They are inexpensive; typically, you can buy 2,000 for about $50. The tags are ideal for recording asset details in an asset tracking database.
Exercise 8-2: Inventory and Label School Hardware Assets
In this exercise, you work in pairs to create an asset inventory for your school’s hardware and software assets. Because your school’s method of storing the inventory may be specific to your school, this exercise describes the tasks to complete, but not the detailed steps. If your school has an asset tracking database, see the database documentation to determine how to record this information. Otherwise, your instructor will explain how to proceed.
1. Determine whether or not your school has a system for identifying assets already in place. If it does not, then determine the method you will use to identify assets.
2. Locate your assigned portion of assets.
3. For each asset, record the following information (or the information required by your database or the existing asset identification system).
a. Asset number (example: 0001, B2346)
b. Asset type (examples: desktop computer, laptop, printer)
c. Manufacturer (examples: Dell, Compaq, Sony, Clone)
d. Model name and number (examples: Armada 1234, Vaio 2345, Tecra 3456)
e. Physical description (examples: beige mini-tower, black laptop, silver scanner)
f. Physical location (examples: Computer Lab A, Library, Instructor’s Desk in room 118)
If your school’s database supports asset tracking and a detailed hardware inventory, you might want to complete them at the same time. For a hardware inventory, complete the following steps:
4. Click Start, click Run, type msinfo32, and then click OK.
5. Click the + sign next to Components to expand the Components list.
6. Click File, click Export, type the file name Components, and then click Save. A file named components.txt is saved to your desktop. This is the inventory of internal components. You will enter some of this information in your hardware database.
7. Open the System Properties dialog box to obtain the computer name, and record that in the hardware inventory.
8. Record the asset numbers and a brief description of each peripheral attached to a computer, including monitors, keyboards, printers, and so forth. For example, HP Monitor # 123456. (Note that the mouse does not usually receive an asset number.)
9. Inform your team when you have completed your portion of the asset tracking project or the hardware inventory.
Click here for the print version