1 / 36

Microsoft Windows Server 2008 Network Infrastructure Configuration

Objectives. Manage security in Windows Server 2008 with various Windows utilitiesDiscuss threats to Internet Protocol SecurityCreate Internet Protocol Security policiesDiscuss Network Access ProtectionInstall Network Access Protection. 2. Managing Security in Server 2008. Tools for managing ne

chipo
Download Presentation

Microsoft Windows Server 2008 Network Infrastructure Configuration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 10 Securing Windows Server 2008

    2. Objectives Manage security in Windows Server 2008 with various Windows utilities Discuss threats to Internet Protocol Security Create Internet Protocol Security policies Discuss Network Access Protection Install Network Access Protection 2

    3. Managing Security in Server 2008 Tools for managing network security Security Configuration Wizard Windows Firewall Encrypting File System BitLocker Microsoft Baseline Security Analyzer 3

    4. Security Configuration Wizard Security Configuration Wizard (SCW) Provides a step-by-step wizard for hardening your network servers Security policies can be created for: Role-based service configuration Network security Registry settings Audit policy 4

    5. Windows Firewall Allows users to turn the firewall off or on By default, Windows Firewall is turned on and allows exceptions for programs and ports Allows you to create exceptions for inbound traffic Exception Instruction to open a port briefly, allow a program or service to pass information, and then close the port 5

    6. 6

    7. 7

    8. Windows Firewall (continued) Windows Firewall with Advanced Security Provides a more robust interface for managing the firewall policies in detail Used to manage Windows Firewall based on port, services, applications, and protocols 8

    9. 9

    10. Windows Firewall (continued) Windows Firewall with Advanced Security Console Can be used to manage the following areas Inbound rules Outbound rules Connection security rules Monitoring 10

    11. Windows Firewall (continued) Windows Server 2008 uses the following network profiles Public Private Domain Deploying Windows Firewall Settings via Group Policy WFAS allows you to import or export firewall policies 11

    12. Encrypting File Services Symmetric encryption Uses a single key and is faster and more efficient than public key encryption Public key (asymmetric) encryption Each user has a public key available to everyone and a private key known only to the user EFS in Windows Server 2008 When a user encrypts a file, a symmetric file encryption key (FEK) is generated that EFS uses to encrypt the file 12

    13. BitLocker Provides hard drive–based encryption of servers and Windows Vista computers Encrypts entire Windows system volume of a computer running Windows Server 2008 Designed to enhance protection against data theft or exposure on computers that are lost or stolen 13

    14. BitLocker (continued) Four authentication modes used by BitLocker BitLocker with a TPM BitLocker with Universal Serial Bus (USB) flash drive in place of TPM BitLocker with a TPM and a personal identification number (PIN) BitLocker with a TPM and a USB flash drive 14

    15. BitLocker (continued) Installing BitLocker Hard drive that supports BitLocker needs to be configured before installing BitLocker BitLocker requires at least 1.5 GB of unallocated or available drive space System volume is responsible for maintaining the unencrypted boot information Boot volume will contain the OS files and be encrypted by BitLocker 15

    16. Microsoft Baseline Security Analyzer When MBSA scans a computer, it creates a report that is organized into the following areas Security Assessment Security Update Scan Results Windows Scan Results Internet Information Services (IIS) Scan Results SQL Server Scan Results Desktop Application Scan Results 16

    17. Microsoft Baseline Security Analyzer (continued) Scanning a computer with MBSA You can perform MBSA scans using: The GUI-based tool The mbsacli.exe command- line tool One requirement of MBSA is Internet connectivity 17

    18. Internet Protocol Security An open-standards framework for securing network communications IPSec meets three basic goals Authentication Integrity Confidentiality 18

    19. IPSec Threats Depending on the configuration of IPSec, it provides protection from the following threats Data tampering Denial of service Identity spoofing Man-in-the-middle attacks Repudiation Network traffic sniffing 19

    20. How IPSec Works IPSec modes of operation Transport mode Tunnel mode Scenarios available when deploying IPSec Site to site Client to client Client to site 20

    21. 21

    22. 22

    23. How IPSec Works (continued) IPSec security association modes IPSec uses the Internet Key Exchange (IKE) to negotiate security protocols IKE generates the encryption and authentication keys used by IPSec for the transaction IPSec performs transactions in two phases Main mode/Phase 1 Quick mode/Phase 2 23

    24. How IPSec Works (continued) IPSec security methods IPSec uses two security services Encapsulating Security Payload Authentication Header IPSec policies Can be managed with the following tools WFAS, IP Security Policy snap-in Netsh, GPME 24

    25. 25

    26. 26

    27. Network Authentication in Windows Server 2008 Server 2008 supports the following authentication protocols to some degree LAN Manager authentication NTLM version 1 authentication NTLM version 2 authentication All forms of NTLM use the challenge-response protocol 27

    28. Introduction to Network Access Protection NAP can be broken into three parts Health policy validation Health policy compliance Access limitation 28

    29. NAP Terminology Enforcement Client Enforcement Server Host Credential Authorization Protocol Health Registration Authority Network Policy Server Remediation Server System Health Agent System Health Validator 29

    30. NAP Enforcement Methods The five types of NAP enforcement methods used by NAP 802.1x-authenticated connections Dynamic Host Configuration Protocol (DHCP) address configurations IPSec communications Terminal Services Gateway (TS Gateway) connections Virtual Private Network (VPN) connections 30

    31. Implementing NAP NAP Designed by Microsoft to allow you to customize it to meet the unique needs of your networks Implementing and configuring NAP differs from network to network based on requirements and policies 31

    32. 32

    33. Installing NAP NAP is part of the NPS role To install NAP components Add the NPS role either through the Role Services Wizard or from the command line using servermanagercmd.exe 33

    34. Summary The SCW Guides you through the steps of hardening your network servers Windows Firewall Provides inbound and outbound traffic enforcement through the Windows Firewall and WFAS consoles EFS Microsoft’s built-in service for providing folder- and file-level encryption BitLocker Provides hard drive–based encryption of servers 34

    35. Summary (continued) At startup BitLocker performs a system integrity authentication prior to booting into the OS MBSA Scans single or multiple computers on a network and lets you view existing security scan reports IPSec An open-standards framework for securing network communications Works at the network layer of the OSI model 35

    36. Summary (continued) On Windows networks Windows Server 2008 uses Kerberos as its default authentication method in Active Directory domains To use NAP policies A client must be a part of the NAP infrastructure on a network The HRA Distributes health certificates to NAP clients that comply with network health Requirements 36

More Related