Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Alice is responsible for the file server where all of the company payroll and ac

ID: 3718974 • Letter: A

Question

Alice is responsible for the file server where all of the company payroll and accounting data is stored, and as a result, security is one of her primary concerns. To prevent potential intruders from intercepting sensitive data in transit over the network, Alice wants to ensure that all of the company bookkeepers and accountants use IPsec to encrypt their traffic as they access the financial spreadsheets stored on the server. Alice has located the inbound firewall rules on the server that enable users to access files using their spreadsheet application. How can she modify those rules to permit access only under the following conditions: The user must be a member of the Accounting group. The user must be using a computer on the company subnet. The user must connect using IPsec encryption.<PLEASE ANSWER IN DETAIL BECAUSE THIS IS FOR A DICUSSION POST PLEASE AND THANK YOU>

Explanation / Answer

Answer:-

The user must be a member of the Accounting group :

To perform this procedure, the user Alice must be a member of the Administrators group on the local computer, or must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

To open Computer Management, click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management.

Open Computer Management.

In the console tree, click Groups.

Computer Management/System Tools/Local Users and Groups/Groups

On the Action menu, click New Group.

In Group name, type a name for the new group.

In Description, type a description of the new group.

To add one or more users to a new group, click Add.

In the Select Users, Computers, or Groups dialog box, do the following:

To add a user or group account to this group, under Enter the object names to select, type the name of the user account or group account that you want to add, and then click OK.

To add a computer account to this group, click Object Types, select the Computers check box, and then click OK. Under Enter the object names to select, type the name of the computer account that you want to add, and then click OK.

In the New Group dialog box, click Create, and then click Close.

The user must be using a computer on the company subnet:

Standard Way to Approach it:
I think a more normal approach be to use a subnet per location.

For Example:
So if you think you might have 254 devices on the network per area, crack it up to 255.255.252.0, the next subnet up. This will give you a host range of 192.168.0.1-192.168.3.254. Then when it becomes time to expand, the next range using the same subnet mask would be 192.168.4.1 to 192.168.7.254.

A More Simple Way:
A simple way if our location is small, would be just to set the DHCP range to something like 192.168.0.1-150, and then use the rest of the IPs in that address space for static assignment. Your DHCP server should have the option to specify a host range to hand out that doesn't line up with network mask. And if it only works by subnet masks, you could always cut the subnet in half with a mask of 255.255.255.128.

The user must connect using IPsec encryption :

Create a connection security rule with specific settings. Using the netsh advfirewall consec add rule command, you can create a connection security rule that includes specific quick mode algorithm combinations. If you specify these in the rule then they are used instead of those in the global IPsec default settings. Use the qmsecmethods parameter. This option specifies that no integrity protection is provided to each network packet in the connection. No AH or ESP header is used to encapsulate the data. This option is provided for compatibility with network equipment and software that is incompatible with AH or ESP. You can specify the use of Null encapsulation in either the global IPsec defaults .

Change the global IPsec default values. In your GPO, open the Windows Firewall with Advanced Security Properties page, and in the IPsec defaults section, clickCustomize. You can configure the algorithms used to negotiate protection for both the main mode and quick mode security associations, and the authentication options available. Changing these settings alters them for all IPsec connections made to and from this computer whose connection security rules do not specify otherwise, and that do not match a main mode rule.

Related Questions

Alice and Bob encrypt their messages using the RSA method. Bobs (a) Alice would
Question #3145346
Alice and Bob go out on a date at a nice restaurant. At the end of the meal, Ali
Question #3690530
Alice and Bob have just signed the lease on their exciting 10 foot by 20 foot fu
Question #3009404
Alice and Bob locate at two cities 2000 Km apart. Alice needs to send a picture
Question #3581832
Alice and Bob play the following game. They start with an empty 4x4 grid: Alice
Question #2829963
Alice and Bob play the following game: Alice starts by naming an actress A 1 . B
Question #3933816
Alice and Bob spin a roulette wheel alternately, each attempting to get one of s
Question #3084555
Alice and Bob spin a roulette wheel alternately, each attempting to get one of s
Question #3084735
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Alice is planning a visit with her sister Jeannie, and her niece and nephew on t
Next
Alice is responsible for the file server where all of the company payroll and ac

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.