Corso referenti S.I.R.A. – Modulo 2

1. Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA)

2. Overview • Securing Desktops and Services by Using Security Policies • Auditing Access to System Resources

3. Securing Desktops and Services by Using Security Policies • Implementing Security Policies • Modifying Security Settings • Using Predefined Security Templates • Creating Custom Security Templates • Analyzing Security • Configuring and Analyzing Security from a Command Line

4. Internet Services Manager Implementing Security Policies by Using Local Security Policy Event Viewer Licensing Group Policy Local Security Policy Performance Routing and Remote Access Server Extensions Administrator Services Accessories Telnet Server Administration Administrative Tools Startup Internet Explorer Outlook Express Implementing Security Policies by Using Group Policy Implementing Security Policies

5. Account policies Configure password and account policies Local policies Configure auditing, user rights, and security options Public key policies Configure encrypted data recovery agents, domain roots, trusted certificate authorities, etc. IPSec policies Configure IP security on a network Event log Configures settings for application logs, system logs, and security logs Restricted Groups Configures group memberships for security sensitive groups System Services Configure security and startup settings for services running on a computer Registry Configures security on registry keys File system Configures security on specific file paths Modifying Security Settings

6. Define the default security level for Windows 2000. • Provide a a higher level of security than Basic but still ensures that all the features of standard business applications will run. • Provide an additional level of security than Compatible, but do not ensure that all of the features of standard business applications will run. Compatible Basic Secure High • Enforce the maximum security for Windows 2000 without consideration for application functionality. Using Predefined Security Templates

7. To create a custom security template Creating Custom Security Templates Add the Security Template snap-in to MMC Select the template to customize Configure the new policy settings Save the new configuration

8. Local Security Settings Console Window Help Action View Favorites Policy Tree Database Setting Computer Setting Favorites Additional restriction… Do not allow en… None. Rely on … Console Root Allow server operato... Disabled Disabled Security Configuration and A Account Policies Allow system to be s... Disabled Disabled Allowed to eject rem… Local Policies Administrators Administrators Audit Policies Amount of idle time r... 15 minutes 15 minutes Audit the access of g... User RightsAssignme Disabled Disabled Security Options Audit use of Backup… Disabled Disabled Event Log Automatically log off… Enabled Disabled Restricted Groups Automatically log off… Enabled Enabled System Services Clear virtual memory... Disabled Disabled Registry Digitally sign client co... Disabled Disabled CLASSES_ROOT Digitally sign client co… Enabled Enabled MACHINE Analysis Database (.sdb file) Current Computer Settings Template (.inf file) Analyzing Security

9. Configuring and Analyzing Security from a Command Line C:\WINNT\System32\cmd.exe • /analyze • /configure • /export • /refreshpolicy • /validate • /areas C:\>cd %windir%\security\database C:\WINNT\security\Database>secedit /configure /db mysecure.sdb /areas FILESTORE /Log C:\WINNT\security\logs\MySecure.Log /verbose FILESTORE Task is completed successfully. See log C:\WINNT\security\logs\MySecure.Log for detail info.

10. Auditing Access to System Resources • Introduction to Auditing • Selecting Events to Audit • Planning an Audit Policy • Setting Up an Audit Policy • Auditing Access to Resources

11. Event Viewer User1 logon failed Access denied Printing successful Success or Failure Logged Use of Resources Introduction to Auditing • Auditing Tracks User and Operating System Activities • Audit Entries Contain Actions Performed, Users Who Performed the Actions, and Success or Failure of the Events • Audit Policy Defines the Types of Security Events That Windows 2000 Records • You Set Up an Audit Policy to Track Success or Failure of Events, Identify Unauthorized Use of Resources, and Maintain a Record Activity • You View Security Logs in Event Viewer

12. Event Example Account logon Domain controller receives a request to validate a user account Account management Administrator creates, changes, or deletes a user account or group Directory service access User gains access to an Active Directory object Logon User logs on or off a local computer Object access User gains access to a file, folder, or printer Policy change Change is made to the user security options, user rights, or Audit policies Privilege use User exercises a right, such taking ownership of a file Process tracking Application performs an action System User restarts or shuts down the computer Selecting Events to Audit

13. Determine the Computers on Which to Set Up Auditing Review Security Logs Frequently Determine Whether to Audit the Success or Failure of Events, or Both Determine Which Events to Audit Determine Whether You Need to Track Trends Planning an Audit Policy

14. Console1 – [Console\Root\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policie Console Window Help Action View Favorites Policy Local Setting Effective Setting Tree Favorites Audit account logon events Success, Failure No auditing Console Root Audit account management No auditing No auditing Local Computer Policy Audit directory service access No auditing No auditing Computer Configuration Software Settings Audit logon events Success, Failure No auditing Window Settings Audit object access No auditing No auditing Scripts (Startup/Shutdown) Audit policy change Success No auditing Security Settings Audit privilege use Failure No auditing Account Policies Audit process tracking No auditing No auditing Local Policies Audit system events No auditing No auditing Audit Policy User Rights Assignme Security Options Public Key Policies IP Security Policies on Lo Setting Up an Audit Policy • Assign Security Settings to a Single Computer by Configuring the Settings in Local Policies in Group Policy • Assign Security Settings to Multiple Computers by Creating a Group Policy Object and Assigning It

15. NTFS Printers • Set the Audit Policy to Audit Object Access • Enable Auditing for Specific Printers • Record Success or Failure of an Event Auditing Access to Resources File System • Set the Audit Policy to Audit Object Access • Enable Auditing for Specific NTFS Files and Folders • Record Success or Failure of an Event