Name: Malak Griess Class: CIS 281 Case Project 5-1: Selecting a File System and

Question

Name: Malak Griess

Class: CIS 281

Case Project 5-1: Selecting a File System and Security Settings

You decide to share the annual report for your company from your computer. You decide

that the data will be stored in its own partition, so you create a 20 MB logical partition for

the report. If a user logs on to your computer locally, they must have read-only access to

the files. What file system would you select for the partition? What security settings would

you use to achieve the desired results?

.

Case Project 5-2: Designing a Shared File System with Security

You are responsible for creating a shared file system to support a new branch office. The

manager has requested shared locations for branch staff to access fi les. An area is required

for all staff to access common forms and notices. Staff members are required to have

read-only access to this location but the manager will require full access to all content.

A different area is required for all staff to share files without restrictions. The last area

required is for the manager’s private files, and only the manager has access to this location.

A second manager will be hired in the next month to share the current manager’s duties for

job training. Both managers will require the same access throughout the file system. Only

the IT administrator should have the ability to change file and folder permission settings

for any area. Network permissions are not a concern because they will be configured appropriately based on the NTFS permissions you select. What groups would you create to

simplify permission assignment? What folder structure and corresponding file-level permission

settings would you use to achieve the desired results?

Explanation / Answer

CASE PROJECT 5-1

ANSWER :

The partition is going to be very small. Using NTFS would allow sophisticated security features to be used but it would also use up a lot of drive space for the NTFS system files alone.

FAT would not use up a lot of space, but would it provide the required security? The readonly requirement for the network can be achieved by setting up access via shared folders and restricting the required users to read only access. That would apply for the FAT or NTFS solution equally.

The requirement that the data is read-only even if the user logs on locally is open to somediscussion.

If the partition is formatted with FAT the files can be configured with the read-only attribute. Making sure the read-only attribute stays that way is another problem, however, the question does not specify that users must not be allowed to change the read-only setting – only that it exists.

From a minimalist perspective FAT would work with limited security, and from a perfectionist perspective NTFS could guarantee security – but only if there is enough diskspace remaining to store the data.

CASE STUDY 5-2

ANSWER :

There are 3 distinct areas mentioned in the case. The most efficient answer would be to have one set of structured folders. Permissions flow from the top down in the file system so generic or restricted access is typically assigned at the top of the file system and more permissive and unique security settings are applied at the bottom.

The groups identified in the case are managers and all other branch staff. The IT administrator is singular but may be entered into a group with the administrator as the only member. Assigning permissions to individuals is difficult to audit and inflexible, therefore it is commonly discouraged.

The case mentions that only the IT administrator should have the ability to change permissions on any folder. That implies that any mention of full access for other users must use the Modify and not the Full Control permission.

A single folder can be created as the root of the folder structure, C:BRANCH. No explicit permissions are required for this folder as it is a placeholder. It is possible to assign the branch group Read permission to this folder but it is not mentioned as a requirement in the case study.

The forms can be stored in a folder below this level, C:BRANCHFORMS. The branch group will have Read permission to the folder. The manager’s group will have Modify permission to the folder.

The shared area can be stored in a folder below C:BRANCH, C:BRANCHCOMMON. The branch group will have Modify permission to the folder. The manager’s group will have Modify permission to the folder.The manager’s private area can be stored in a folder below C:BRANCH, C:BRANCHADMIN. To guarantee that no permission assigned higher up the folder structure will accidentally allow access to this folder, permission inheritance should be disabled for the ADMIN folder. The branch group will have no permission’s assigned to the folder. The manager’s group will have Modify explicitly assigned to the folder.

Related Questions

Navigate

• Browse (All)
• Browse N
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.