WINDOWS SECURITY

Access control in Windows is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. These can be configured by the end user to fit their needs from the control panel in windows.

Permissions is the type of access that is granted to a user or group for an object or object property. They can be granted to any user, group, or computer by the security principals, who are the lead owners of the computer. Ownership of objects is a control that allows owner (creator) of the object to assign permissions for an object, the owner of the object can always change the permissions. Inheritance allows administrators to easily assign and manage permissions. This feature automatically causes objects within a container to inherit all the inheritable permissions of that container. For example, the files within a folder inherit the permissions of the folder. Only permissions marked to be inherited will be inherited. User rights grant specific privileges and sign-in rights to users and groups in your computing environment. These rights authorize users to perform specific actions, such as signing into a system interactively or backing up files and directories. User rights are different from permissions because user rights apply to user accounts, and permissions are associated with objects.

With administrator’s rights, a user can audit users’ successful or failed access to objects. The user can select which object access to audit by using the access control user interface.

Use of current access controls to secure the system 

Security wise, access controls secure the user’s computer by identifying users who use the computer it is easy to track any malpractice carried out using the said computer, Further, user authentication protocols deny access to unauthorized users and groups. Finally, authorization protocols help set well-defined limits on the access that is provided to authorized users and groups. This generally helps keep a user’s computer secure from unauthorized intrusions.

Deficiencies and or opportunities for increasing security and provide suggestions for remediation and/or configuration changes.

Remote access across numerous devices poses a threat as loss of a device can lead to unauthorized access to files should a device be stolen. Such a breach may give time to the person in possession to select which object access to audit potentially causing damage to the primary computer. This threat can be overcome by introducing two step verification in the authentication process. This will require anyone in possession of the device to very their identify using two different methods thus reducing the risk of unauthorized access.

Physical security is every bit as important as issues related to software or networks. A stolen laptop, or one left behind in a taxi or a restaurant, can lead to significant risk of data loss. For a business or a government agency, the impact can be disastrous, and the consequences are even worse in regulated industries or where data breach laws require public disclosure. This can be prevented by enabling BitLocker device encryption. (BitLocker is the brand name that Microsoft uses for the encryption tools available in business editions of Windows.)

SOURCES

DulceMontemayor. (n.d.). Access Control Overview (Windows 10). Retrieved from https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/access-control

Bott, E. (2019, June 28). The Windows 10 security guide: How to safeguard your business. Retrieved from https://www.zdnet.com/article/the-windows-10-security-guide-how-to-safeguard-your-business/

NIST 800-53. 

gov/manuscript-publication-search.cfm?pub_id=917904″>http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917904