Duration: 50 hrs

Protecting Application
or System Software
aji
e b oH
e f a H
M u st e t
ns p . m
o ege.ed u .
te i a i l .c
D e pu @ g m icecoll
B y a il r20 09 iapol
a
E-m filenb a@orom 6591
u s tef 91128
m 0
h on e
e p
Tel
This module includes the following Learning Guides

• LG1: Ensure User Accounts are Controlled LG Code: ICT ITS1 M09LO1LG33

•LG2: Detect and Remove Destructive Software LG Code: ICT ITS1 M09 LO2LG34

•LG3: Identify and Take Action to Stop Spam LG Code: ICT ITS1 M09 LO3 – LG35
LG 1: Ensure User
Accounts are Controlled
This learning guide is developed to provide you the necessary
information regarding the following content coverage and topics –

 User Account Control

 User Account Configuration

 Notifications Displayed at Logon

 Utilities Used to Check Strength of Passwords

 Accessing Information Services

User Account Control

• user access:- for accessing and

completing tasks users require
specific roles and permissions.
Review the different available roles,
permissions, and the associated tasks
that users can complete with the roles
and permissions. These roles help you
to set up users so that they can begin
day to day operations.
Cont…
The control of user access can take many forms and apply at
several levels. Once a computer is physically accessed, the user
usually logs on to gain access to applications. These applications
will access data in files and folders.
We can simplify the process down to 3 things.

 Physical access

 Authentication

 Authorization
Physical Access
• The first layer of management and security is the physical access to the computer. To prevent u n a u t h o r i z e d
access, a company may make use of:
 locks on the front doors
 locks on each floor
 locks on offices, etc
 security guards
 cameras
 keys on computer systems.

 Only those who have permission and keys will be able to access a computer in the company’s premises. The
Internet, however, presents issues concerning access to corporate information or systems because physical
restrictions cannot be imposed.
Authentication
•Authentication is the process of confirming the identity of a user. This is usually the initial step in
the security process. To confirm the user's identity, the user must present physical or nonphysical
evidence (information) to the authentication platform. These can be divided broadly among the
following:
•What they have: The possession of a physical object, such as a key, keycard, key fob, or swipe
card.
•What they know: Information that only the user would know, including a password, passcode,
personal identification number (PIN), date of birth, Social Security number, or other personally
identifiable information (PII).
• Who they are: Bio-metrics, or the use of an index finger, thumb, hand, voice, retina, face, or
another unique physical identifier to gain access to a resource. The physical attribute must match
what was used at the time of the user's enrollment in the system.
Cont…

•Passwords are generally the most common—and oldest—authentication factor. If the

password matches exactly the password created by either the user or the system, the
system assumes validity and grants access.
•Other information-based authentication processes are also gaining in popularity. One
is the one-time PIN or temporary password generated by the system. It allows a user
access to a single or temporary session that expires after a set amount of time. Mobile
banking users typically encounter this procedure for money transfer transactions,
specifically when a new recipient, at first unrecognized by the system, is added.
Cont…
•Another way to confirm user identity is through an authentication application,
usually on the user's mobile device, that generates temporary security codes that
grant access to another website or service.
•Two-factor authentication (2FA) and multi-factor authentication (MFA) are also
increasingly being employed to increase security beyond the level provided by
passwords alone. These processes require the successful verification of one or
more modalities before granting access to a system. For example, MFA could ask a
user to provide both a password and the temporary PIN sent to the user's mobile
device.
Two-Factor Authentication
• Two-factor authentication (2FA) is a security procedure that increases the
likelihood that a person is who they say they are. This procedure requires users to
provide two different authentication factors before they can access an application
or system, not just their username and password.
• 2FA is a crucial security tool for organizations to protect their data and users in
the face of a cybersecurity landscape that is increasingly threatened by more
sophisticated cyber attacks. Organizations of all sizes must keep up with the
sophistication of attackers and constantly evolve their defenses to lock out
malicious actors from their networks and systems.
• A sensible approach to answering the question of what 2FA is is to keep in mind
that it is a process in which organizations do not rely solely on the use of
passwords to provide access to applications and websites. 2FA is exactly what it
says: a two-step authentication process that adds another layer of security to the
organization's protection.
Cont….
• This makes it difficult for cybercriminals to steal users' identities or
access their devices and accounts. It also helps organizations keep
attackers out of their systems, even if a user's password has been
stolen. The process is increasingly being used to fend off common
cyber threats, such as phishing attacks, which allow attackers to spoof
identities after stealing passwords from their victims.
What Is MFA and Why Is It Important?
• Multi-factor authentication (MFA) is a security measure that
protects individuals and organizations by requiring users to provide
two or more authentication factors to access an application, account,
or virtual private network (VPN). This adds extra layers of security to
combat more sophisticated cyberattacks, since credentials can be
stolen, exposed, or sold by third parties.
• Much like an organization might employ various layers of physical
security, such as a fence with a gate, a guard station, an ID scanner,
and locks on the doors, an organization can also use MFA to provide
multiple layers of virtual security to make sure anyone accessing the
system, whether onsite or remotely, is both
authorized and authenticated.
How Does Multi-Factor Authentication (MFA)
Work?
• A user is first prompted for their username and password, standard
credentials used to log in, but then they are required to verify their
identity by some other means. The most common is to enter a code
sent by email, Short Message Service (SMS), via a mobile
authentication app, or to a secondary device, but other forms may be
hardware that scans biometrics or prearranged security questions.
• This second or even third factor in the authentication process serves to
verify the user request is genuine and has not been compromised.
MFA uses three common authentication methods to
verify a user’s identity.

1.Knowledge: This is the factor users are most familiar with. The user
is prompted to supply information they know, such as a password,
personal identification number (PIN), security key, or the answer to a
security question.
2.Possession: This factor verifies the user’s identity using something
they possess. For example, by sending a code to a mobile phone.
3.Inherence: This factor verifies the person by some unique personal
attribute, such as biometric authentication or voice recognition.
Other authentication methods include:
 Username with static passwords - the password stays the same until changed by the user at some time

 Usernames with dynamic passwords - the password is constantly changed by a password generator
synchronized with the user and system.

 Other challenge response systems - this may involve PINs, questions to the user requiring various answers or
actions

 Certificate Based - this requires the user to have an electronic certificate or token. This may also need to be
digitally signed by a trusted authority.

 Physical devices - these include the use of smart cards and biometric. Generally, the entire authentication
process occurs on the local workstation, thus eliminating the need for a special server.

• Whatever method is used is determined by the organizational policy and security requirements.
 Authorization
• Authorization is the process of giving a user permission to access a physical location
or information-based resource (e.g., a document, database, application, or website).
• Authorization is unfortunately used synonymously with authentication, but this is an
error. Authentication occurs first, followed by authorization. Users need to prove
their identities before a system can grant them permission to enter.
• However, permission is a broad term. A user may pass authentication procedures and be
granted access to a system, but that does not mean they can access all the components
of an application or online service because specific permissions can be defined by the
organization that allowed them access.
• Permissions are what a user is able to see or do on a website or inside an application.
Without these specific permissions, every user would have access to the same
information or features.
• As such, permissions and restrictions, and their proper administration, are critical to an
organization's security for several reasons.
 This is because they:
• prevent a User from Accessing Another Customer's Account
• Block Free Accounts from Receiving the Benefits of Premium Features
• Ensure Zero Crossover Between External Client Accounts and Internal Accounts

The Network and System administrators are responsible for the technical configuration of network operating
systems, directory services and applications. Part of the configuration includes security settings that authorize
user access. The administrators use an organizational policy to determine these settings.
Key differences between Authentication and Authorization?
Authentication
• Authentication is the process of verifying user
identity before giving them permission to access
a system, account, or file.
• Its main purpose is to verify (“authenticate”) a
user’s identity. It also keeps out suspicious or
malicious users since their identities will not be
verifiable.
• Most authentication mechanisms are based on
verifying a user’s credentials before they get access
to the system. These credentials may be their
username and password, security questions or a
one-time pin (OTP) sent to their mobile phones.
• Credential-based authentication works by
comparing user-provided credentials to a database
record. When there is a perfect match between the
two, users can access the account.
Authorization
• Authorization is the process of verifying a
user’s access level to a system, account, or
file.
• User authorization ensures that only
authorized users can access the assets they
need and only to the extent allowed by the
system.
• Computer systems can leverage many types
of authorization strategies, such as Role-
Based Access Control (RBAC).
• Under RBAC, authorization permissions are
associated with roles, not users. It ensures
that users can only access the required
information according to their roles.
Finaly
User Account
• A user account is a collection of information that tells
Windows which files and folders you can access, what
changes you can make to the computer, and your personal
preferences, such as your desktop background or screen
saver. User accounts let you share a computer with several
people, while having your own files and settings. Each
person accesses his or her user account with a username and
password.
Cont…
• A user account is an account assigned to an individual user to
access a system. It typically requires a username and
password for authentication and is used by a single person.
User accounts should have limited permissions based only on
a user's role and job responsibilities.
There are three types of accounts.
On Windows-based operating systems, your user account type controls
what tasks you can perform on your computer, in some cases you may
need administrative rights to perform some tasks or to use some
applications. The following describes the three types of accounts on
Windows-based computers and then helps to determine your user
account type.
• Standard User accounts are for everyday computing.
• Administrator accounts provide the most control over a computer,
and should only be used when necessary.
• Guest accounts are intended primarily for people who need
temporary use of a computer.
Why is User Account Control necessary
• The most important rule for controlling access to resources is to provide
the least amount of access privileges required for users to perform their
daily tasks.
• Many tasks do not require administrator privileges. However, because
previous versions of Windows created all user accounts as administrators
• by default, users logged on to their computers with an administrator
account.
• Without User Account Control (UAC), when a user is logged on as an
administrator, that user is automatically granted full access to all system
resources.
 How UAC Work
• there are two levels of users: standard users and administrators.
Standard users are members of the Users group and administrators are
members of the Administrators group on the computer.
• Both standard users and administrators access resources and run
applications in the security context of standard users by default. When a
user logs on to a computer, the system creates an access token for the
user.
• This access token contains information about the level of access that the
user is granted, including specific Security Identifiers (SIDs) and Windows
privileges.
cont...
• When an administrator logs on, two separate access tokens are created for
the user:
• a standard user access token and an administrator access token.
• The standard user access token contains the same user-specific information as
the administrator access token, but the administrative Windows privileges
and SIDs are removed.
• The standard user access token can start standard user applications but
cannot start applications that perform administrative tasks.
• When the user needs to run applications that perform administrative tasks
(administrator applications), the user is prompted to change or elevate the
security context from a standard user to an administrator.
• This default user experience is called Admin Approval Mode. In this mode,
applications require specific permission to run as an administrator application.
User Account Configuration

• Network and System Administrators are responsible for configuring user

accounts.Network operating systems and applications have many
security options and setting relating to user access. How does an
administrator determine the configuration and setting for user accounts?

• Organisation policies and procedures provide the guidelines for

administrators.
User Account Settings

• The organisation’s policies should make statements as to the degree of

user control that is required. Network procedures should contain
details as to how these policies may be implemented. For example, the
policy may state that user passwords should not be less than six
characters. The procedures will then describe how the administrator
should configure the operating system to ensure that all passwords are
at least six characters.
cont...
• The administrator should review the policies to ensure that the
procedures produce the desired outcomes. The procedures should
describe in detail how to make use of the operating system facilities
to configure user accounts in accordance with the security
requirements.
• The actual way you set these parameters will vary with each operating
environment, however, here are some basic parameters covered by
most operating systems to consider when setting up user account
options:
cont....
Password requirements - whether a password is required, minimum length,
complexity,needs to be changed at intervals, etc
 Account lock out settings - disabling accounts that have made a number of
bad logon attempts
Access hours - the standard days and time that users will be permitted to
access the network
Account expiry dates - date when account will be disabled
Logon restrictions - accounts can only be used at specified locations or
workstations.
Home directory information - a home directory is a folder that usually has
the name of the user and the user has full permissions over.
Logon scripts - these perform specific tasks or run specific programs when
the user logs on
User Authorizations
Which managers can authorize a new user
Standards for user id and passwords
Groups that users can belong to and authority required for each group
Basic accesses that all users are allowed
Authorization requirements to access sensitive data
Application accesses
Ability to install additional software
Email and internet accesses
Special accesses that may be required.