Page 63 - StudyBook.pdf
P. 63
General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1 47
Remove unnecessary protocols from network communication systems and
devices that operate in your system. Evaluate the need for each protocol,
and unbind or remove as appropriate in your environment.
Remove unnecessary or unused programs from workstations and servers to
limit potential problems that may be introduced through their
vulnerabilities.
Exam Objectives
Frequently Asked Questions
The following Frequently Asked Questions, answered by the authors of this
book, are designed to both measure your understanding of the Exam Objectives
presented in this chapter, and to assist you with real-life implementation of
these concepts.
Q: What is the difference between access controls and authentication? They seem
to be the same.
A: Access controls set the condition for opening the resource.This could be the
time of day, where the connection originates, or any number of conditions.
Authentication verifies that the entity requesting the access is verifiable and
who the entity is claiming to be.
Q: My users are using Win9.x workstations. I can’t find where to set DAC settings
on these machines.
A: Win9.x machines do not have the ability to have DAC settings configured for
access to items on the local machine.Win9.x users logged into a domain may
set DAC settings on files they own stored on remote NTFS-formatted drives.
Q: The idea of RBACs seems very complicated.Wouldn’t it be easier just to use
groups?
A: Easier, yes. More secure, NO! RBACs allow much finer control over which
users get access.This is backwards from the conventional teaching that had us
use the groups to ease administrative effort.
Q: You discussed the necessity to disable or remove services. I work with Windows
2003 servers, and would like some guidelines to follow.
www.syngress.com
