CHAPTER
8
Supporting
Security Needs
After completing this chapter, you will be able to:


Help increase network security from the client side.
Advocate measures to increase the physical security of
hardware assets.
As a help desk technician, you will have a limited roll in the security of
your network and hardware. The responsibility for a comprehensive
security plan lies primarily with professionals, such as your school’s
network administrator, engineer, or architect. But help desk technicians
can assist in implementing preventive practices, such as those you will
learn about in this chapter. They can also help to inventory and tag
hardware for identification.
Network Security
Without proper security measures in place and enforced, the computers
on your network are subject to many different kinds of security threats.
The greatest threat to any computer network is malicious tampering, also
called hacking, from outside or from within the network. Recognizing
that threats can be both external and internal is critical to keeping your
network, and the computers on it, secure.
External hackers can gain access to, steal, or erase data and user account
information. They could also use the network as a base from which to
attack other networks. Internal hackers might gain access to data about
student grades or other confidential information. Computer viruses
represent another threat. Viruses can cause significant damage to a
network; some are capable of erasing all the files on the network.
It is important to protect the network from viruses, and to educate users
on how to avoid spreading them. As a help desk technician, you will help
to ensure that security practices and policies are followed.
Preventive Practices
The security of the overall network is the responsibility of the network
administrator, engineer, and architect. They are responsible for designing
and implementing a strategy that protects the network from attack. As a
help desk technician, you might be responsible for implementing
preventive practices as part of this strategy. Preventive practices are
measures you take to prevent a hacker, virus, or other security threat,
from attacking the network.
110
Supporting Security Needs
MORE INFORMATION
For more information on preventive practices, see the section entitled
Preventive Support in Chapter 4.
Installing and Updating
Virus Protection Software
One of the most important preventive security practices you should put
in place for any network is the detection and elimination of viruses. A
computer virus is a program designed to damage an operating system,
applications, or data, or to install unwanted applications on a computer.
For example, some viruses set the Internet Explorer home page to a
particular site, and add inappropriate content to the hard disk drive. Other
viruses can reformat the hard disk, which results in the loss of all data
and files installed on the computer. And, other viruses are designed to
replicate themselves, thereby using a majority of the system resources
and compromising the performance of the computer. Some of these
viruses can replicate through e-mail, enabling them to quickly spread
throughout a network and effectively disabling it.
One of your duties as a help desk technician might be to install virus
protection software. Another equally important task is to regularly update
the virus definitions, in the software. A virus definition is enables the
virus protection software to find a specific virus, and to cure it, or to alert
you to its existence. With most virus protection software, you can update
the virus definitions, and add new ones, by going to the developer’s Web
site. Many virus protection programs contain a menu item or option that
you select to go to the protection Web site and automatically download
virus definition updates. Your help desk team should create a schedule
for updating virus software for each computer that you support. If you
must update this software manually, you should schedule time once a
month for the updates to be completed.
Two of the most popular virus protection software packages are McAfee
Virus Scan and Norton AntiVirus. Do a Web search for “virus
protection,” to research virus protection options. You should bookmark
the virus-related Web sites you find so that you can periodically check
them for information on new viruses. Most sites do not require that you
own the software in order to review their list of viruses.
Using Strong Passwords
In a network where users must log on with user accounts, each user
needs a password. Sometimes, users pick passwords that are easy to
guess or “hack.” Therefore, users should be required to use passwords
that meet your school’s complexity requirements.
Supporting Security Needs
111
MORE INFORMATION
TIP
Adding snap-ins and
making configuration
changes are
automatically saved,
regardless of whether
you save the console.
When you save a
console, you are saving
the shell with the added
snap-ins so that you can
easily open it later. The
default location for
saved consoles is the
administrative Tools
folder.
For more information on why to use strong passwords, see the section
entitled Common Preventive Measures in Chapter 4.
Password complexity requirements are usually configured for the entire
network. To configure password complexity options on an individual
computer, you should do so in a console with the Local Security Settings
snap-in
Microsoft Management Console (MMC) is used to create, open, and
save administrative tools called consoles. Consoles enable you to make
administrative changes using a GUI interface. A console in and of itself
is not a tool, but more like a shell for a tool. In a console, you can add
tools called Sanpsnap-ins. Snap-ins are focused on a single
administrative area, for example such as local security, and contain
configurable settings. When you add snap-ins to a console, you can save
that console with the added snap-ins so that you can easily open use it later.
To configure password complexity options and enforce the use of strong
passwords, do the following:
1. Click Start, click Run, type mmc, and then click OK. The
Microsoft Management Console opens. See Figure 8-1, which
shows the dialog boxes you see as you complete the next three
steps.
FIGURE 8-1
Adding a snap-in
112
Supporting Security Needs
2. In Console1, click File, and then click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. Highlight the Group Policy snap-in, click Add, and then click
Finish.
5. Click Close, and then click OK to close the open dialog boxes.
6. In Console1, expand Local Computer Policy, expand Computer
Configuration, expand Windows Settings, expand Security
Settings, and then click Password Policy.
7. The Password Policy settings are displayed in the right pane of the
console. The settings you will change are listed in the following
table. Double-click the specified setting and in the Properties
dialog box, configure it according to the suggested minimum
configuration listed in the table.
Configuration
Minimum Suggested
Setting
Enforce Password History
Maximum Password Age
Minimum Password Length
Password Must Meet Complexity
Requirements
3 passwords remembered
42 days
8 characters
Enabled
Figure 8-2 illustrates the configuration changes that you should make.
The changes are effective immediately.
FIGURE 8-2
Configuring Password Policy settings
Supporting Security Needs
113
8. In Console1, click File, click Save, type Security Console, and
then click Save. This saves the console with the embedded snap-in.
The configuration changes are saved regardless of whether you
choose to save the console.
Exercise 8-1: Create a Security Console and
Configure Local Security
Work with your school network administrator to determine the
appropriate settings for local security on the computers in a
computer lab or other location in your school. Then, complete
the following tasks.
1. Create a security console that includes the Local
Computer Security Snap-in, save it as Security Console,
and then close it. Refer to the procedure in the preceding
Using Strong Passwords section above for details.
2. Click Start, click All Programs, click Administrative Tools,
and then double-click Security Console. Configure the
Password Policy settings as determined by your network
administrator.
3. Create a new user account named User10:
a. Logon by using a user account that has Administrator
privileges.
b. Click Start, right-click My Computer, and then click
Manage.
c. In Computer Management, expand Local Users And
Groups, right-click Users, and then click New User.
d. Enter the following information in the New User dialog
box:
User Name
Description
Password
User10
Testing Password Properties
School
What happens? Why?
___________________________________________
e. Correct the problem you encountered, write down your
solution, ensure that the User Must Change Password
At Next Logon check box is selected, and then click
Create.
114
Supporting Security Needs
4. Log on as User10, and change the password to one that
meets the complexity requirements.
5. Log off, and then log on using an account with
Administrator privileges. In Computer Management, delete
User10.
Securing Hardware and
Software
The physical security of your hardware is as important as the security of
your network. After all, if the computers are stolen, there will be no
network to protect! As a help desk technician, you can help to ensure the
physical security of computer equipment by completing a thorough
hardware inventory.
Securing Hardware and Software
As a help desk technician, you can evaluate the physical security of
hardware and software assets, and make recommendations about
protecting them. One of the first steps in this process is to survey the
assets, such as computers, printers, other peripherals, and software, at
your school. With a partner, walk around your school and answer the
following questions about physical assets:
 How is access to assets controlled?
 Are all computers and peripherals in lockable rooms?
 If not, are they secured to their workstations by computer locks
or some other device?
 Would it be difficult or impossible for someone to pick up a
computer and walk away with it?
 Are users asked for identification before being allowed access
to equipment?
 How are assets protected during non-school hours?
 Is software secured in a safe place?
 Are all assets marked with a school identification number in a
highly visible place?
If physical access to assets is not adequately controlled, you can make
recommendations, such as placing computers in a computer lab that can
be locked when it is not monitored, and securing assets to furniture by
using computer or printer locks (special metal cables that lock to the
asset and secure it to a fixture) or some other locking device, such as
immovable clamps. The more difficult it is to gain unauthorized access to
equipment, the less likely it is to be stolen.
If physical assets are not marked with a school identification number in a
highly visible place, then you should recommend this practice to your
school technology committee and your help desk teacher or sponsor.
Supporting Security Needs
115
Marking assets with a permanent, highly visible tracking number that
identifies the rightful owner makes it difficult to sell stolen equipment,
which means it is less likely to be stolen. It also facilitates an inventory
of all equipment, and helps you keep track of the equipment.
Some tools you can use for clearly identifying assets as school property
include the following:
TIP
If your school has an
asset tracking database,
you should use the
database documentation
to determine how to
enter each asset in the
database. This not only
enables you to keep
track of the asset tags, it
also allows you to search
for equipment by
location. For example,
you could search for a
list of all equipment that
should be in a specific
room.
 Permanent markers. These are an easy-to-use and inexpensive
tool, but be aware that the information can be sanded off.
 Engravers. These are more complex and expensive than
permanent markers. They can also damage equipment if not
used properly.
 Aluminum asset tags. These tags are usually made of anodized
aluminum with a super-strong adhesive on the back. Each tag
has an asset number, your school or school district name, and
possibly a bar code, as shown in the following illustration. You can
order the tags from a variety of online companies. They are
inexpensive; typically, you can buy 2,000 for about $50. The tags
are ideal for recording asset details in an asset tracking database.
Exercise 8-2: Inventory and Label School
Hardware Assets
In this exercise, you work in pairs to create an asset inventory
for your school’s hardware and software assets. Because
your school’s method of storing the inventory may be specific
to your school, this exercise describes the tasks to complete,
but not the detailed steps. If your school has an asset tracking
database, see the database documentation to determine how
to record this information. Otherwise, your instructor will
explain how to proceed.
1. Determine whether or not your school has a system for
identifying assets already in place. If it does not, then
determine the method you will use to identify assets.
116
Supporting Security Needs
2. Locate your assigned portion of assets.
3. For each asset, record the following information (or the
information required by your database or the existing asset
identification system).
a. Asset number (example: 0001, B2346)
b. Asset type (examples: desktop computer, laptop, printer)
c. Manufacturer (examples: Dell, Compaq, Sony, Clone)
d. Model name and number (examples: Armada 1234,
Vaio 2345, Tecra 3456)
e. Physical description (examples: beige mini-tower,
black laptop, silver scanner)
f. Physical location (examples: Computer Lab A, Library,
Instructor’s Desk in room 118)
If your school’s database supports asset tracking and a
detailed hardware inventory, you might want to complete
them at the same time. For a hardware inventory, complete
the following steps:
4. Click Start, click Run, type msinfo32, and then click OK.
5. Click the + sign next to Components to expand the
Components list.
6. Click File, click Export, type the file name Components,
and then click Save. A file named components.txt is saved
to your desktop. This is the inventory of internal
components. You will enter some of this information in
your hardware database.
7. Open the System Properties dialog box to obtain the
computer name, and record that in the hardware inventory.
8. Record the asset numbers and a brief description of each
peripheral attached to a computer, including monitors,
keyboards, printers, and so forth. For example, HP Monitor
Supporting Security Needs
117
# 123456. (Note that the mouse does not usually receive
an asset number.)
9. Inform your team when you have completed your portion
of the asset tracking project or the hardware inventory.
Click here for the print version