Network+ Certification (Outline) - Chapter 13: Network security

In this chapter, students will be able to understand: Password policies ensure that users choose effective passwords; user-level security requires a separate account for each user; in share-level security, all users access shares by using the same passwords; a firewall is a hardware or software product that protects a network from unauthorized access, using techniques such as packet filtering, NAT, or proxy servers;...
Nội dung trích xuất từ tài liệu:
Network+ Certification (Outline) - Chapter 13: Network security Chapter 13, Network Security|1| Chapter Overview A. Password Protection B. Security Models C. Firewalls D. Security Protocols Chapter 13, Lesson 1 Password Protection|2| 1. Using Passwords A. Passwords are the most common method of securing network resources. B. There are security mechanisms other than passwords. 1. Smart cards a. Credit card-like devices with a magnetic strip b. Must be run through a card reader connected to a computer for a user to access the network 2. Biometric devices a. Identify users by scanning unique physical characteristics, such as thumbprints or retina patterns C. Passwords can be an effective security mechanism, or they can be useless, depending on how they are used. 1. The strength of any password protection is based on the password policies that administrators set. 2. When users create their own passwords, they tend to choose short, simple ones, or use information that is easy to guess, such as birthdays or initials, or they use no password at all. 3. Assigning complex passwords to users can be equally ineffective, because the users might be compelled to write them down and leave them in obvious places. 4. The object is to find a middle ground between these two extremes. D. Most operating systems include tools that enable administrators to impose password policies on users. 1. Users can be forced to a. Choose passwords of a specific length b. Change passwords at regular intervals 2. These tools provide a middle ground that lets users choose effective passwords that they can remember easily. 3. Password policies are typically available in network operating systems that use a directory service to authenticate users and grant them access to network resources. a. You can set password policies on Windows 2000 and Microsoft Windows NT domain controllers and Novell NetWare servers. b. You cannot set password policies in Microsoft Windows Me, Microsoft Windows 98, or Microsoft Windows 95.|3| 2. User Account Password Settings A. When you create a new user account in Windows 2000 or Windows NT, you can use the following check boxes in the New Object – User dialog box to control the basic password policies for the account: 1. User Must Change Password At Next Logon. Allows the administrator to assign the same password to each new user account created and forces the user to change that password during the first logon a. The administrator can password-protect the new accounts without having to track individual password assignments. 2. User Cannot Change Password. Prevents users from changing the password assigned to the account during its creation a. If an administrator elects to assign passwords to users, activating this option on all accounts ensures that he or she retains control over the password assignments. 3. Password Never Expires. Overrides other policies that cause passwords to expire after a specified time a. Users can still change their passwords at will, but they are not required to do so. 4. Account Is Disabled. Allows the administrator to temporarily prevent access to an account, eliminating the need to delete and re-create the account 3. Specifying Password Lengths A. Users tend to choose short passwords, because they are easier to type and remember, or use no password at all. 1. Short passwords are mathematically easier to guess. B. Most network operating systems let the administrator set a minimum password length requirement. 1. Longer passwords are harder to penetrate. 2. Windows 2000 supports passwords of up to 104 characters. 3. Windows NT supports passwords of up to 14 characters. 4. For most networks, a minimum password length of five or six characters is sufficient. a. Higher security might call for eight characters or more. C. In Windows 2000, you set password length restrictions by using the Group Policy feature.|4| 1. You can apply policies to domains, sites, or organizational units.|5| 2. When you activate the Minimum Password Length policy, you specify the minimum number of password characters by using the Security Policy Setting dialog box.2 Outline, Chapter 13 Network+ Certification, Second Edition 4. Setting Password Change Intervals ...