Monitoring and Administering System and Network

Security
User Account Security and Management
Module Learning Objectives
By the end of this module, trainees will be able to:

 Modify and harden default user settings to reduce vulnerabilities.

 Understand and explain the inbuilt security features provided by operating systems.
 Classify files according to security categorization schemes and enforce access controls.
 Determine specific security requirements for systems and users.
 Monitor, detect, and record security threats to respond proactively.
 Update antivirus software regularly with the latest virus definitions to protect systems from
malware.

User Account Management

What is a User Account?

A user account is a digital identity that controls a user’s access to computer systems and network
resources. It defines:

 What files and resources the user can access.

 What actions the user can perform (read, write, execute).
 What security settings and permissions apply.

User accounts are fundamental to enforcing security policies and protecting systems from unauthorized
access.

Types of User Accounts:

1. Local Accounts: Valid on a single computer; not connected to network authentication.

2. Domain Accounts: Managed centrally in a network domain, often via Active Directory in
Windows environments.
3. Administrator Accounts: Have elevated privileges to manage system settings.
4. Standard User Accounts: Limited privileges to prevent accidental or malicious system changes.
5. Guest Accounts: Temporary access with minimal privileges.

By Dereje.A (MSc) Page 1

1.1 Modifying Default User Settings
Why Modify Default Settings?

 Default user settings often prioritize ease of use over security.

 Attackers know default configurations well and exploit them.
 Customizing these settings reduces attack surfaces.

Key Areas for Modification:

a) Operating System Configuration

 Disable unnecessary services:

Many OSs start services by default that may not be needed, e.g., Telnet, FTP, SMB v1. Disable
these to reduce vulnerabilities.
 Close unused network ports:
Use commands like netstat -an or firewall tools to identify open ports and close those not
required.
 Enable and configure firewalls:
Use built-in firewalls (Windows Defender Firewall) and configure rules restricting
inbound/outbound traffic.

b) User Permissions

 Least Privilege Principle:

Only grant users the minimum permissions necessary for their tasks.
For example, do not give software installation rights unless necessary.
 Restrict Administrative Rights:
Avoid using administrator accounts for everyday tasks to limit damage from malware or user
error.

c) Password Policies

 Set minimum password length (e.g., 12 characters).

 Enforce complexity: uppercase, lowercase, digits, special characters.
 Password expiration (e.g., every 90 days).
 Prevent reuse of previous passwords.

Use Group Policy in Windows ([Link]) or equivalent tools to enforce these policies centrally.

d) Application Settings

 Disable features that are not used or secure by default, such as macros in office suites.
 Enable encryption for sensitive data storage or communication (e.g., HTTPS, VPN).

By Dereje.A (MSc) Page 2

e) Network Devices

 Change default admin passwords on routers, switches.

 Disable remote administration unless needed.
 Update firmware regularly to patch vulnerabilities.

f) Web Browsers

 Enable pop-up blockers to prevent unwanted content.

 Disable or limit plugins and extensions to reduce attack vectors.
 Configure privacy settings to block tracking and cookies.

1.2 Displaying Legal Notices at Logon

Purpose:

 Warn users about monitoring policies.

 Inform about acceptable use policies (AUP).
 Serve as a legal disclaimer to protect the organization.

Implementation in Windows:

 Use the Registry Editor (regedit) to set these values:

o LegalNoticeCaption – The title of the notice window.
o LegalNoticeText – The body of the message.

Example:
Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System

 This notice appears before login prompt, forcing users to acknowledge it.

Best Practices:

 Keep the text clear and concise.

 Update regularly to reflect policy changes.
 Ensure notice complies with local laws.

1.3 Checking Strength of Passwords and Complexity

Why Strong Passwords Matter:

Weak passwords are easy targets for:

By Dereje.A (MSc) Page 3
  Brute force attacks
 Dictionary attacks
 Credential stuffing from leaked databases

Password Strength Components:

Factor Recommendation Why?

Length Minimum 12-16 characters Longer passwords resist guessing

Complexity Mix letters, numbers, symbols Increases possible combinations

Unpredictability Avoid names, dates, common words Prevents social engineering

Passphrases Use sentences or phrases Easier to remember, stronger

Examples:

 Weak: Password123
 Strong: B!cycle$4SunnyDays!
 Passphrase: CorrectHorseBatteryStaple

Tools to Check Strength:

 Password meters (built-in or online tools like How Secure Is My Password)

 Password managers (e.g., LastPass, Bitwarden) generate and rate strong passwords.

Additional Recommendations:

 Enable Multi-Factor Authentication (MFA) for additional protection.

 Avoid password reuse across sites or systems.
 Educate users regularly on password best practices.

1.4 Reviewing Password Procedures

Important Aspects:

a) Password Creation

 Define and enforce password policy via system tools.

 Provide users with clear guidelines and examples.

b) Password Storage

 Passwords must never be stored in plain text.

By Dereje.A (MSc) Page 4

  Use hashing algorithms with salt (e.g., bcrypt, PBKDF2).
 Secure transmission over encrypted channels (HTTPS, TLS).

c) Authentication Policies

 Use account lockouts after a set number of failed login attempts to block brute force.
 Implement password expiration but balance usability and security.

d) Password Recovery

 Use secure recovery methods: e.g., email verification links, 2nd-factor questions.
 Avoid easily guessed security questions.

e) User Training

 Educate on phishing and social engineering attacks.

 Encourage use of password managers.

f) Incident Response

 Have documented steps to respond to suspected password compromises.

 Force password resets and investigate cause.

1.5 Identifying Security Gaps

What are Security Gaps?

 Weaknesses or missing controls that could lead to unauthorized access or data loss.

How to Identify:

1. Security Audits
o Internal or external experts systematically review systems and policies.
2. Vulnerability Scanning
o Use automated tools (Nessus, OpenVAS) to find known vulnerabilities.
3. Access Control Reviews
o Check who has access to what, adjust for the least privilege.
4. Network Analysis
o Monitor for unusual traffic using Intrusion Detection Systems (IDS).
o Analyze firewall and router logs.
5. Continuous Monitoring
o Implement Security Information and Event Management (SIEM) tools to collect and
analyze security events in real-time.
6. Documentation and Reporting
o Keep records of identified gaps, actions taken, and timelines.

By Dereje.A (MSc) Page 5

 o Prioritize remediation based on risk impact.

Continuous Improvement:

 Security is an ongoing process — regularly update policies and technical controls as new threats
emerge.

Practical Exercises and Demonstrations

 Operation Sheet 1.1: Walk through OS configuration settings for disabling services, enabling
firewall, and adjusting user permissions.
 Password Strength Check: Create strong passwords and test using built-in meters or password
manager tools.
 Configure Legal Notices: Use Windows Registry Editor to set legal notice text and test login
behavior.
 Vulnerability Scan: Run basic scans on a test system and analyze results.

If you want, I can prepare step-by-step tutorials with screenshots for:

 Changing user account permissions in Windows 10/11

 Configuring Group Policy for password policies
 Enabling and customizing legal notices
 Using Windows Defender Firewall and antivirus updates
 Performing vulnerability scans with free tools

Unit Two: File and Resource Access

Unit Objective
This unit equips learners with the skills and knowledge to manage file and resource access effectively,
understand operating system security features, and ensure secure data practices within an organization.
Learning Outcomes
By the end of this unit, learners will be able to:
 Explain inbuilt operating system security and access features
 Describe file security categorization schemes
 Identify the role of users in security settings
 Implement and schedule virus checking processes

2.1 File and Resource Access

File and Resource Access
By Dereje.A (MSc) Page 6
  Definition: Control over who can access, modify, or use files and system resources.
 Access Models:
o DAC: Owner-controlled access
o MAC: System-enforced policies
 Permissions:
o Read, Write, Execute
 File Systems:
o NTFS (Windows), EXT4 (Linux), NFS (network shared files)
Definition:
File and resource access refers to the ability of users or processes to read, write, or execute files and
interact with system resources.
Access Control Models
 DAC (Discretionary Access Control): Resource owners assign permissions.
 MAC (Mandatory Access Control): Access is based on system policies, often used in sensitive
environments like government.
File Permissions
 Read: View content
 Write: Modify content or create files
 Execute: Run programs or scripts
Access Control Lists (ACLs)
 Provide fine-grained permissions beyond basic read/write/execute
File System Types
 NTFS (Windows): Supports encryption, auditing, and detailed permissions
 EXT4 (Linux): Supports UNIX-style permissions and ACLs
Network File Systems (NFS)
 Allows remote file access
 Must be securely configured

2.2 Reviewing Inbuilt Operating System Security and Access

Features

By Dereje.A (MSc) Page 7

OS Security & Access Features
 User Authentication: Login/password protections
 Patching: Regular updates to fix vulnerabilities
 Antivirus: Built-in or third-party tools
 Logging & Audit: Track system events
 Backup/Restore: Data recovery tools
 Remote Access: Controlled desktop connections
 Security Center/Settings: Centralized management
 App Permissions: Controls per app
 Security Policies: Enforce user rules
Key Features:
1. User Authentication and Access Control
o Managed via system settings or control panel
o Supports multi-user authentication
2. Update and Patch Management
o Essential for fixing vulnerabilities
o Should support automatic updates
3. Antivirus and Anti-Malware Protection
o Some OS have built-in tools (e.g., Windows Defender)
o Real-time scanning and threat detection
4. Audit and Logging
o Records system events for security analysis
5. Device Management
o Controls USB access and hardware settings
6. Backup and Restore
o Enables data recovery
7. Remote Access Management
o Allows/disallows remote desktop connections
8. App Permissions and Security Center
o Controls what apps can access
o Centralized dashboard for security settings

By Dereje.A (MSc) Page 8

 9. Security Policies
o Define and enforce system-wide rules
2.3 Reviewing File Security Categorization Scheme
File security categorization is a critical aspect of information security, helping organizations
classify and protect sensitive data appropriately. An effective categorization scheme
ensures that data is handled in accordance with its level of sensitivity and importance.
Below is a review of key considerations for a file security categorization scheme:
Data Classification Levels
 Public: No restrictions
 Internal: For internal organizational use
 Confidential: Restricted to specific groups
 Top Secret: Highly sensitive, need-to-know basis
Classification Criteria
 Legal Compliance
 Business Impact
 Confidentiality Requirements
Sharing Guidelines
 Define who can access or share what
 Prevent unauthorized disclosure
Automated Classification Tools: Consider using automated tools to classify data based on
content and context. Examples:
 Data Loss Prevention (DLP) tools can automatically classify and control the flow of
sensitive information
 Prevention (DLP) tools can automatically classify and control the flow of sensitive
information.

A well-structured file security categorization scheme provides a foundation for a robust

information security program.
Note: Regular reviews, training, and automated classification enhance data security.

2.4 Role of Users in Security Settings

User Roles in Security
 Password Best Practices: Strong, regularly updated
By Dereje.A (MSc) Page 9
  Phishing Awareness: Avoid suspicious links/emails
 Device Safety: Antivirus, report lost/stolen items
 Data Handling: Follow classification rules
 Software Updates: Keep systems patched
 Physical Security: Lock screens/devices
 Remote Work: Use VPN, secure home Wi-Fi
 Incident Reporting: Report threats promptly
Key Responsibilities
1. Password Management
o Create strong passwords
o Change regularly/ update password
2. Phishing Awareness
o Identify and avoid phishing emails and links
o Recognizing Phishing Attempts: Users need to be trained to recognize
phishing emails and other social engineering tactics
o Avoiding Clicking on Suspicious Links: Refraining from clicking on links or
downloading attachments from unknown or suspicious sources is critical.
3. Device Security
o Use antivirus
o Report lost/stolen devices immediately
o Securing Personal Devices: If allowed for work-related tasks, users should
follow security practices on personal devices, including regular updates and
antivirus software.
4. Data Handling
o Understand data classification
o Follow handling protocols
5. Software Updates
o Apply updates promptly
o Report vulnerabilities
6. Physical Security
o Lock workstations
o Prevent unauthorized physical access

By Dereje.A (MSc) Page 10

 7. Remote Work Security
o Secure home Wi-Fi o Use VPNs for access
8. Incident Reporting
o Promptly report suspicious activity
9. Data Backups
o Follow backup policies o Know recovery steps

2.5 Implementing and Scheduling Virus Checking Process

Steps to Implement:
1. Install & Configure Antivirus
o Use reliable tools with full installation
2. Configure Settings
o Adjust based on security needs
3. Enable Real-Time Scanning / Real-Time Scanning: Monitor ongoing threats
o Protect files during access or execution
4. Schedule Scans
o Full Scans: Weekly or monthly (off-peak hours) , Quick scans (daily)
o Quick Scans: Daily or more frequent for system areas
 Automatic Updates / Auto-Updates: Keep virus definitions current
o Ensure antivirus definitions are up to date
o Schedule multiple checks per day if needed
 USB and Email Scanning / Email/USB Scanning: Block external threats
o Block threats from attachments and removable devices
 Quarantine Management / Quarantine & Alerts: Handle infected files
o Automatically isolate or delete infected files
 Integrate with Change Management and SIEM / SIEM Integration: Monitor alerts centrally
o Monitor, alert, and respond to threats
o Use Security Information and Event Management for logging

Conclusion
Good access control, secure user habits, and proper antivirus processes together ensure safe, reliable
systems. Effective file and resource access management is a foundation of IT security. It requires a
combination of system-based controls, user responsibility, regular scanning, and thoughtful

By Dereje.A (MSc) Page 11

categorization of information. By applying these principles, organizations and individuals can safeguard
their systems and data from evolving security threats.

Unit Three – Authentication Requirements

1. Overview of Authentication Requirements

 Purpose: Prevent unauthorized access, protect sensitive data, ensure compliance.

 Core Practices:
o Strong password policies – Define minimum length, mix of characters, update intervals.
o Integration with incident response – Plan for investigating breaches in authentication.
o Secure third-party authentication – Vet providers, ensure compliance, perform regular
reviews.
o Access revocation – Promptly remove accounts during offboarding to reduce risks.

2. Determining Security Requirements

Step 1 – Risk Assessment:

 Identify assets: Data, systems, applications, infrastructure.

 Threat analysis: Possible attacks (phishing, brute force, insider threats).
 Impact assessment: Measure potential loss (financial, reputational, operational).

Step 2 – Define Security Objectives:

 Align with mission, business goals, and compliance needs.

 Prioritize objectives based on asset criticality and risk level.

Step 3 – Data Encryption:

 Classify sensitive data.

 Apply encryption standards for both data in transit (TLS, VPN) and data at rest (AES).

Step 4 – Incident Response:

 Create detailed response procedures for authentication incidents.

 Define escalation and reporting channels.

Step 5 – Network Security Controls:

 Configure firewalls to block unauthorized traffic.

 Deploy IDS/IPS to detect and block suspicious activity.

Ongoing: Review and update regularly to match evolving threats.

By Dereje.A (MSc) Page 12

3. Identifying & Analyzing Authentication Options

Method Pros Cons

Username + Password Familiar, easy to implement Weak if reused or guessed
Multi-Factor Authentication Strong security, mitigates stolen creds More complex for users
Biometric (fingerprint, face) High accuracy, unique to user Privacy issues, false matches possible
Smart Cards / Tokens Strong 2FA, portable Cost, can be lost/stolen
Time-Based OTP Dynamic, prevents replay attacks Needs accurate time sync
Device Authentication Secures endpoints Device management overhead
Risk-Based Authentication Adapts to threat level Complex to configure
Passwordless Removes password risks Limited compatibility
Session Management User convenience Risk if sessions hijacked

Selection Factors:

 Security level needed

 User convenience and productivity
 Compliance/legal requirements
 Cost and complexity of deployment

4. Selecting Authentication & Authorization Processes

Authentication:

1. Risk Analysis – Know what you’re protecting and from whom.

2. Method Choice – Balance security with usability (e.g., MFA for critical apps, simple login for
low-risk tools).
3. Compliance Check – Meet standards like GDPR, HIPAA, PCI DSS.

Authorization:

 Access Models:
o RBAC (Role-Based) – Permissions tied to job role.
o ABAC (Attribute-Based) – Context-based permissions (location, time, device).
 Principle of Least Privilege: Grant minimum access required.
 Policy Enforcement: Automate to reduce human error.
 Integration: Ensure authentication seamlessly feeds into authorization.
 Secure Token Handling: Use protocols like OAuth 2.0, SAML.
 Auditing: Keep logs of access requests, approvals, and denials for forensics.
 Dynamic Authorization: Adjust access in real-time based on risk (adaptive access).

Maintenance:

 Review policies regularly.

 Update after incidents or business changes.

By Dereje.A (MSc) Page 13

Key Takeaway:
A secure authentication framework starts with clear security requirements, applies the right mix of
authentication methods, and ensures authorization matches user roles and context. Continuous
monitoring and updating keep the system strong against new threats.

Unit 4: Network Security

Overview of Network Security

Definition:
Network security is the practice of protecting the integrity, confidentiality, and availability of data and
network resources from unauthorized access, misuse, or attacks.

Goals:

 Integrity: Ensure data is not altered by unauthorized parties.

 Confidentiality: Ensure only authorized parties can access the data.
 Availability: Ensure systems and data are accessible to authorized users when needed.

Key Components of Network Security

1. Firewalls
o Control incoming/outgoing network traffic based on rules.
o Act as a barrier between trusted and untrusted networks.
2. Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS)
o IDS: Detect malicious activities or policy violations.
o IPS: Detect and actively block threats.
3. Virtual Private Networks (VPNs)
o Provide secure, encrypted remote connections over public networks.
4. SSL/TLS Protocols
o Encrypt communication (e.g., web browsing, email).
5. Network Access Control (NAC)
o Checks device compliance before granting network access.
6. Network Segmentation
o Divides the network into isolated sections to limit attack spread.
7. Wireless Security
o WPA/WPA2/WPA3 for Wi-Fi encryption and authentication.
8. Encryption
o In Transit: SSL/TLS for data transfer.
o At Rest: Full-disk encryption.

Key Considerations in Network Security

By Dereje.A (MSc) Page 14

 1. Vulnerability Management – Regularly detect and patch weaknesses.
2. Security Policies & Procedures – Define how to securely configure and use network resources.
3. Employee Training & Awareness – Prevent breaches caused by human error.
4. Incident Response Planning – Predefined plan for responding to attacks.
5. Regular Audits & Assessments – Penetration tests, security audits.
6. Patch Management – Timely updates to systems and software.
7. Network Monitoring – Continuous traffic and log analysis.

4.1 Sharing User Resources via a Network

Purpose: Enable users to access shared files, printers, and applications.

Methods:

1. Network File Sharing

o Shared drives/folders with controlled permissions.
2. User Authentication & Authorization
o Strong passwords, MFA, role-based access.
3. Network Print Sharing
o Centralized printers with usage permissions.
4. Centralized Application Access
o Remote Desktop Services (RDS) or Virtual Desktop Infrastructure (VDI).
5. Collaboration Platforms
o SharePoint, Google Drive, Teams with version control.
6. Network Protocols
o Secure options like SMB for files, IPP for printing, HTTPS/FTPS for encryption.
7. Security Measures
o Encryption, firewall rules, updated access lists.
8. User Training
o Password hygiene, phishing awareness, responsible sharing.

4.2 Monitoring & Recording Security Threats

Purpose: Detect, record, and respond to security incidents in real time.

Techniques:

1. Security Information & Event Management (SIEM)

o Collects and analyzes logs, provides alerts.
2. Log Management
o Centralized storage and retention for analysis.
3. Network Traffic Analysis
o Detect unusual patterns using monitoring tools.
4. Endpoint Detection & Response (EDR)
o Monitors endpoints for malware, ransomware, and intrusion attempts.
5. Anomaly Detection
o Compare activity against baseline behavior.

By Dereje.A (MSc) Page 15

 6. Threat Intelligence Feeds
o Stay updated on new vulnerabilities and attack methods.
7. Incident Response
o Automated responses and predefined playbooks.
8. Red Team Exercises
o Simulated attacks to find weaknesses.
9. Documentation & Reporting
o Maintain records of incidents for review and compliance.

4.3 Updating Antivirus Signatures

Definition:
Antivirus signatures are patterns used to detect known malware.

Best Practices:

1. Enable Automatic Updates – Keeps definitions current.

2. Check Update Settings – Ensure frequent update checks.
3. Stable Internet Connection – Needed for update servers.
4. Scheduled Scans – Runs updates during scans.
5. Manual Updates – For urgent or failed automatic updates.
6. Alternative Methods – Vendor-specific updater tools.
7. Part of a Bigger Security Plan – Combine with patches, strong passwords, and training.

By Dereje.A (MSc) Page 16