Network Security Fundamentals [Electronic resources]

Case Study

The case study of this chapter gives you an example of how you can tighten the security of an operating system. Imagine that you have bought a new web server. All users logged in to that web server have Full Control over that system. To change this, you need to create two additional groups. One is used to authorize the web users, and the other is for web developers. To create these groups, you need to open the Computer Management window. In that window, select

Users and Groups , as shown in Figure 7-16.

Right-click

Groups and select

Add new . This brings you to the screen displayed in Figure 7-17. On that screen, you need to define a group name and description. You also need to add members for that group.

In this case, you create the Web Design group and add one user to that group, as shown in Figure 7-17. After that, click

Create to finish. The first group is now created. To create the Web Users group, you must repeat the same procedure, as shown in Figure 7-18.

In this second group, you add two members. Now that the groups are created, you can assign these groups to the folder you use for web content. In this example, all web documents are stored in the WebDocs folder. You use Explorer to locate this folder. Right-click the folder and choose

Properties from the menu. This displays the

WebDocs Properties screen, as shown in Figure 7-19.

As you can see in Figure 7-19, everyone has Full Control of this directory. You need to change this. First, add the two new groups you just created and then change the permissions for those groups. Figure 7-20 shows the permissions for the Web Design group. That group still has Full Control of this folder. Figure 7-21 shows the Web Users permissions. Those users can read only the content of that directory.

Now that the two groups are added and the permissions are changed, you need to remove the Everyone group. To do this, select

Everyone > Remove . Now, the security of your web content directory is improved.