Saint COM520 Module 1 Written Assignment Latest November 2018

COM520 Systems Security Management

Module 1 Written Assignment

COM520 Written Assignment 1

Assignment: Adding Active Directory

In this assignment, you will answer questions relating to the impact of adding Active Directory to the Ken

7 Windows Limited environment.

Assignment Requirements

This assignment builds on the scenario of Ken 7 Windows Limited given as the last section of this

document. For this assignment, imagine yourself to be a security administrator working for Ken 7

Windows Limited. You have been asked to evaluate the option of adding the Active Directory to the Ken 7

Windows network. Here are some facts to help you work on this assignment.

Ken 7 has just purchased a new enterprise resource planning (ERP) software package and will place the

workstation computers which will use this ERP software at eight different locations on the shop floor. The

ERP software requires two database servers, four application servers, and two Web servers, all of which

run a Windows operating system. All above-mentioned servers and the shop floor workstations are new,

but there are 22 workstations, already in place, which work with an older software that Ken 7 used to

manage the manufacturing and accounting processes. The existing 22 workstations are grouped into

three workgroups: accounting, planning, and purchasing. Before you add the Active Directory to the

network, you have been asked to examine the effects of the Active Directory in several key areas.

Tasks

Provide the answers to the following questions to satisfy the key points of interest to the Ken 7 Windows

Limited management regarding the addition of the Active Directory to the network.

1. Currently, system administrators create Ken 7 users in each computer where users need access.

In the Active Directory, where will system administrators create Ken 7 users?

2. How will the procedures for making changes to the user accounts, such as password changes, be

different in the Active Directory?

3. What action should administrators take for the existing workgroup user accounts after converting

to the Active Directory?

4. How will the administrators resolve the differences between the user accounts defined on the

different computers? In other words, if user accounts have different settings on different

computers, how will the Active Directory address that issue?

5. How will the procedure for defining access controls change after converting to the Active

Directory?

Submission Requirements

? Format: Microsoft Word

? Font: Arial, Size 12, Double-Space

? Citation Style: APA Style

? Length: 1–2 pages

Self-Assessment Checklist

? I have described with proper justification that the Active Directory user rights and permissions

take precedence over the local user accounts.

? I have explained with proper justification that the Active Directory and local users have different

security identifiers (SIDs)—even if the user accounts names are the same.

COM520 Written Assignment 1

Case Scenario for Rationale: Importance of Windows Access Control and Authentication

Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7

Windows Limited carries a variety of Windows and related products. It supplies builders with all of the

tools and supplies to install finished Windows in any type of building.

Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package

to help control costs and increase both quality and customer responsiveness. The ERP software collects

and stores information including:

? Raw material costs

? Labor costs

? Materials and labor requirements for products

? Purchasing requirements

Ken 7 Windows Limited has identified six basic roles for users in the new ERP software:

? Administrators—maintain ERP data and system operation.

? Planners—run planning software and generate requirements reports.

? Shop Floor users —enter operational data (receiving, shipping, and product progress

during manufacturing).

? Managers—manage department personnel.

? Purchasing users—generate purchasing documents based on planning requirements.

? Accounting users—maintain cost and accounting data.

Access controls limit what users or roles can do with different types of data. For example, consider the

following types of data:

? Cost information—raw materials and labor costs, including the cost of finished goods.

? Manufacturing details—cost, amount of labor, and time required to produce finished

goods.

? Purchasing requirements—rules for determining when raw materials, components, or

supplies should be purchased.

Through access control:

? Cost information can be viewed only by Accounting users.

? Manufacturing details can be viewed only by Shop Floor users.

? Purchasing requirement can be viewed only by Purchasing users.

During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about

users being able to access restricted data.

? Accounting users are able to login to shop floor computers.

? Purchasing users are able to access human resource (HR) applications and data.

The ERP implementation team suggested the following access control measures to protect restricted

data.

? Create an organizational unit (OU) in Active Directory for shop floor computers.

? Deploy Group Policy Objects (GPOs) to restrict shop floor users to the shop floor OU.

? Define data access controls in the ERP software to deny access for all non-HR users to

restricted data.

Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data

access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in

reducing costs and increasing profits.