To complete this assignment, review the prompt and grading rubric in theProject One Guidelines and Rubric PDFdocument. OpenCYB 230 Project Onein the InfoSec environment to begin your project. You will also need the following documents:
CYB 230 Project One Guidelines and Rubric 1 CYB 230 Project One Guidelines and Rubric Permission Modification Overview Setting permissions can be a simple but critical aspect of a systems administrator’s role. While setting permissions can sometimes be a straightforward matter of process, this task has much larger implications for information security. Correctly setting permissions means that you are maintaining the confidentiality, integrity, availability, and privacy of data. Authentication is also an important part of maintaining information security within an organization. After you have validated the authorized user’s credentials, you need to be able to properly identify and authenticate authorized personnel trying to access protected data. This highlights the idea of file system permissions based on use-case requirements for least privilege in a networked environment using common operating systems. In this project, you will create a user, modify user file permissions, modify user passwords to meet organizational requirements, and validate modified permissions. The project will be submitted in Module Six. You will demonstrate your mastery of the following course competency: CYB-230-02: Install and configure common operating systems Scenario You are a systems administrator for Helios Health Insurance. Pat Smith, a user in the finance department, has been promoted to human resource (HR) manager, and you are tasked with changing permissions for Pat’s new role. Your internal Helios network is Windows-based, and each department’s folders are located on the network S drive. You will change permissions in the network, specifically removing access to finance-only resources and allowing access to HR resources. Additionally, you will need to create a new account for Pat to access the Linux-based third-party document server where managers store and modify sensitive data. You will perform the following tasks in your lab environment: Helios Network (Windows) ○ Remove the user’s existing permissions to finance folders. ○ Add the user’s permissions to human resource folders (allowing access to both user and management-level folders). ○ Change the password policy in the group policy object (GPO) to increase the complexity to meet organizational requirements for a manager. The requirements are listed in the Helios Password Policy Update Guidelines document, which is linked in the Project One Submission task in Module Six of your course. Document Server (Linux) ○ Create a new HR admin user named Pat Smith for the Linux-based document server. 2 Prompt Complete the Account Modification Form, which is linked in the Project One Submission task in Module Six of your course. Specifically, you must address the critical elements listed below. The codes shown in brackets indicate the course competency to which each critical element is aligned. Complete the following tasks and provide screenshots validating their implementation: I. Permission Modification A. Modify the user file permissions on the Windows PC to reflect access changes based on Pat’s promotion. Provide two screenshots: one showing the modified finance folder permissions and one showing the modified HR folder permissions. [CYB-230-02] B. Modify the user password policy settings to meet organizational requirements for admin users on the Windows PC. Provide evidence of the policy enforcement with two screenshots: i. A screenshot of the GPO displaying the new settings [CYB-230-02] ii. A screenshot of the logon error displayed for a password change that does not meet the password complexity requirements [CYB-230-02] C. Create a new HR admin user on the Linux server for Pat and then log in as that user. Provide a screenshot of the console command prompt when you are logged in. [CYB-230-02] Project One Rubric Guidelines for Submission: Submit your completed Account Modification Form containing all relevant screenshots. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx. Critical Elements Proficient (100%) Needs Improvement (70%) Not Evident (0%) Value User File Permissions [CYB-230-02] Provides screenshots of modified permissions for the finance and HR folders Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 25 User Password Policy Settings: GPO [CYB-230-02] Provides a screenshot of the GPO reflecting the change in password complexity requirements Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 25 User Password Policy Settings: Logon Error [CYB-230-02] Provides a screenshot of the logon error reflecting the change in password complexity requirements Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 25 3 Critical Elements Proficient (100%) Needs Improvement (70%) Not Evident (0%) Value Linux Server: New HR Admin User [CYB-230-02] Provides a screenshot of the console command prompt when logged in as the new user Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 25 Total 100% Helios Password Policy Update Guidelines Helios Password Policy Update Guidelines Effective Immediately! Password Complexity All new or modified accounts require updates to meet the new password complexity requirements outlined below. Characters allowed: Alphanumeric characters and symbols in the set [ '*', '!', '#', '_', '$' ]. The password must be at least 10 characters. The password cannot be any of the previous three passwords used. The password must contain at least one capital letter, one numeric character, and one special character from the given set. The password must be changed every 180 days. Process All Account Modification Forms should follow the process below to ensure compliance with this policy. 1. Submit a screenshot of the GPO settings aligning to the requirements outlined above. 2. Enable the User must change password at next logon option. For Active Directory accounts, use dsa.msc to access this option. For local user accounts, use lusermgr.msc to access this option. 3. Attempt a logon as the user using a noncompliant password and submit a screenshot of the error message received as a result of this noncompliant password. Account Modification Form Replace the bracketed phrases in the table below with the relevant screenshots. Systems Access Current Permissions Manager Approval for Modification to Access Verification of Implementation (Filled Out by Systems Administrator) Finance Full control, modify, read and execute, list folder contents, read, and write Remove Pat from all access. [Insert screenshot.] Human resources None Provide Pat with all access: full control, modify, read and execute, list folder contents, read, and write. [Insert screenshot.] GPO User Update to meet admin requirements for passwords. [Insert screenshot.] GPO n/a Test Pat’s account for the logon error displayed after you update the password requirements. [Insert screenshot.] Linux server None Create HR admin user for Pat. [Insert screenshot.]