ADMAS UNIVERSITY Monitor and Administer System

and network Security

LO 2. Secure file and resource access

Secure file and resource access is a fundamental aspect of network and information security. It
encompasses a range of measures and practices designed to protect data, files, and digital resources
from unauthorized access, modification, or disclosure. In an era where cyber threats are becoming
increasingly sophisticated and prevalent, ensuring secure access to files and resources is essential
for safeguarding an organization's sensitive information and maintaining the integrity of its
systems. This brief overview will explore key principles and strategies involved in securing file
and resource access.
1. Authentication and Authorization:
 Authentication: Authentication is the process of verifying the identity of users or
devices attempting to access a network or system. Common authentication methods
include passwords, biometrics, smart cards, and multi-factor authentication (MFA).
Strong authentication mechanisms are critical to ensuring that only authorized users
gain access to files and resources.
 Authorization: Authorization involves defining and enforcing access rights and
permissions. Access control lists (ACLs) and role-based access control (RBAC) are
commonly used to specify who can access specific files or resources and what
actions they can perform. Proper authorization mechanisms prevent unauthorized
users from accessing sensitive data.
2. Encryption:
 Data encryption is an essential component of securing file and resource access.
Encryption transforms data into a format that can only be deciphered with the
appropriate decryption key. In transit, data should be encrypted using protocols like
HTTPS and VPNs. At rest, files and data should be stored in encrypted form to
protect against physical theft or unauthorized access.
3. File Categorization and Classification:
 Not all files and resources are equal in importance. Categorizing and classifying
data based on its sensitivity and criticality allows organizations to apply appropriate
security controls. Categories may include public, internal, confidential, and highly
confidential. Each category should have specific access controls and encryption
requirements.
4. Access Auditing and Logging:
 Implementing auditing and logging mechanisms is vital for tracking who accesses
files and resources and what actions they perform. Audit logs can be invaluable in
detecting security incidents, monitoring user behavior, and conducting forensic
investigations.
5. User Training and Awareness:
 Users play a significant role in security. Educating employees and users about
security best practices, the importance of strong passwords, and how to recognize
phishing attempts can help prevent unauthorized access due to human error or
social engineering attacks.

1|Page
ADMAS UNIVERSITY Monitor and Administer System
and network Security

6. Regular Updates and Patch Management:

 Keeping operating systems, applications, and security software up to date is
essential to address vulnerabilities that could be exploited by attackers. Regular
patch management helps maintain the integrity of the network and prevents known
security flaws from being exploited.
7. Network Segmentation:
 Network segmentation involves dividing a network into smaller, isolated segments.
This limits the lateral movement of attackers within the network and reduces the
risk of unauthorized access to sensitive resources.
8. Incident Response and Monitoring:
 Establishing an incident response plan is crucial for swiftly addressing security
incidents and minimizing their impact. Continuous monitoring of network activity
for anomalies and suspicious behavior is essential for early threat detection.
Securing file and resource access requires a comprehensive approach that combines authentication,
authorization, encryption, categorization, and ongoing monitoring. It is an ongoing process that
demands proactive measures to adapt to evolving cybersecurity threats. Organizations should
develop robust security policies and practices to protect their sensitive data and digital assets from
unauthorized access and potential breaches.
2.1. Reviewing inbuilt operating system security and accessing features
Operating systems (OS) are the backbone of any network infrastructure. They come equipped with
built-in security features designed to safeguard the system and its resources. Network
administrators must thoroughly review and understand these inbuilt security mechanisms.
Common OS security features include user authentication, access controls, encryption, and audit
logs. It is crucial to configure these features properly, aligning them with the network's specific
security requirements. Access control lists (ACLs) and user privileges are particularly essential for
controlling who can access what resources within the network.
Most modern operating systems have a variety of built-in security features that can be used to
protect files and resources. These features include:
 File permissions: File permissions control who can access and modify files. By default,
only the owner of a file has full permissions. However, permissions can be changed to
allow other users and groups to access the file.
 User accounts: User accounts allow you to track who is accessing your system and what
they are doing. Each user should have their own account, and passwords should be strong
and unique.
 Firewalls: Firewalls can be used to block unauthorized access to your system from the
internet or other networks.
 Antivirus software: Antivirus software can help to protect your system from malware
infections.
It is important to review the built-in security features of your operating system and make sure that
they are configured correctly. For example, you should make sure that file permissions are set
2|Page
ADMAS UNIVERSITY Monitor and Administer System
and network Security

appropriately and that all users have strong passwords. You should also enable firewalls and
antivirus software.

2.2. Developing or reviewing file security categorization scheme

One of the cornerstones of network security is organizing and categorizing files and resources
effectively. Developing or reviewing file security categorization schemes is an integral part of this
process. The categorization scheme should classify files and resources based on their sensitivity
and importance. Common categories may include public, internal, confidential, and highly
confidential. Each category should be associated with specific access permissions, ensuring that
only authorized users can access and modify data. Employing encryption techniques, such as file-
level encryption, can add an extra layer of security to sensitive data.
A file security categorization scheme is a way of classifying files based on their sensitivity and
importance. This can help you to determine which files need to be protected with the most stringent
security measures.
To develop a file security categorization scheme, you need to consider the following factors:
 The type of data contained in the file. For example, files containing confidential customer
information or financial data will need to be more protected than files containing less
sensitive information.
 The potential impact of a breach. For example, a breach of a file containing customer credit
card numbers could have a devastating impact on your business.
 The legal and regulatory requirements for protecting certain types of data.
Once you have considered these factors, you can develop a scheme for classifying your files into
different security categories. For example, you might have three categories: low sensitivity,
medium sensitivity, and high sensitivity.
2.3. Understanding the role of users in security setting
Users are both the greatest strength and potential vulnerability in a network's security framework.
Understanding the role of users in security settings is crucial. It involves educating users about
security best practices, emphasizing the importance of strong passwords, regular updates, and the
avoidance of suspicious emails and websites. Network administrators should implement user
access policies that align with the principle of least privilege (POLP), ensuring that users have the
minimum access necessary to perform their job functions. User training and awareness programs
can significantly reduce the risk of security breaches caused by human error or negligence.
Users play a vital role in security. Users can help to protect your system by following good security
practices, such as:
 Using strong passwords and changing them regularly.
 Not clicking on links in emails or opening attachments from unknown senders.
 Keeping their software up to date.
 Reporting any suspicious activity to their IT administrator.

3|Page
ADMAS UNIVERSITY Monitor and Administer System
and network Security

It is important to educate users about the importance of security and how to follow good security
practices. You should also have policies and procedures in place to ensure that users are following
these practices.
2.4. Implementing and scheduling virus checking process
Viruses and malware pose continuous threats to network security. Implementing and scheduling
virus checking processes is essential for detecting and mitigating these threats. Antivirus software
should be installed on all network devices and servers, with regular updates to ensure the latest
virus definitions are in use. Automated scanning schedules should be set up to perform regular
system scans, checking for any signs of infection. Network administrators should also implement
email and web filtering to block malicious content at the network perimeter. In addition to
prevention, a robust incident response plan should be in place to address any security breaches
promptly.
Virus checking is an important part of protecting your system from malware infections. Virus
checking software can scan your system for known viruses and other malware.
To implement a virus checking process, you need to install virus checking software on all of your
systems. You should also schedule regular virus scans. It is important to note that virus checking
software is not a silver bullet, and it is important to follow other good security practices as well.
Additional tips for secure file and resource access
 Use strong encryption to protect sensitive files.
 Implement multi-factor authentication for all users.
 Regularly back up your files to a secure location.
 Monitor your systems for suspicious activity.
 Have a plan in place to respond to security incidents.
Conclusion
Securing file and resource access is a multifaceted task that requires a holistic approach to network
security. Reviewing inbuilt operating system security features, developing effective file security
categorization schemes, understanding the role of users in security settings, and implementing and
scheduling virus checking processes are all essential components of a comprehensive network
security strategy. By addressing each of these topics diligently, network administrators can
significantly enhance the resilience of their network infrastructure against a wide range of
cybersecurity threats. It is an ongoing process that demands vigilance, regular updates, and
adaptability to counter emerging threats in today's dynamic digital landscape.
Secure file and resource access is essential for any organization. By reviewing the built-in security
features of your operating system, developing a file security categorization scheme, educating
users about security, and implementing a virus checking process, you can help to protect your
organization from data breaches and malware infections.

4|Page