1 / 20

UFEEP4-15-M - Week 4 Microsoft windows security & administration

UFEEP4-15-M - Week 4 Microsoft windows security & administration. Principles for securing a corporate network, with a look at the some of the Microsoft technologies available. Nick Clark. Agenda. Outline a generic corporate network Identify possible weaknesses Discuss risk and impact

pier
Download Presentation

UFEEP4-15-M - Week 4 Microsoft windows security & administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UFEEP4-15-M - Week 4 Microsoft windows security & administration Principles for securing a corporate network, with a look at the some of the Microsoft technologies available Nick Clark

  2. Agenda • Outline a generic corporate network • Identify possible weaknesses • Discuss risk and impact • Discuss main security technologies (Least Privilege & Group Policy, ISA Server, PKI) • Offer some solutions to the weaknesses • Practical: IPsec and domain isolation

  3. Features of a Corporate Network • Corporate = lots of computers & users (1000’s) • Multiple sites (and perhaps domains) • Many servers (25 or more) • One or more connections in and out: • Internet • Remote Access • Wireless • Site links • Result: we have lots of networks to look after, and we have lots risks

  4. Targets and Holes Theft Unknowns Hackers Hackers & Unknowns Virus Loss of Info Hacker Virus Users War Driving

  5. Assessing Risk • What risks for different attack vectors? • What’s the chance it could happen? • What’s would be the impact to the business? • Need to find solutions that reduces the risk which doesn’t affect the business too much

  6. Risk Assessment Table Take the risk factor and propose how likely it is to happen Then decide what the impact would be to the business if the worst happened Multiply the results and you get an idea of the priorities • Consider the risk of a successful hack • Not likely but what if it did happen? • Bring down the network • Steal corporate information / licenses • Bad advertising if it gets public

  7. Plugging The Holes • External factors: • Hacking, Virus Attack, DoS, Spyware, Theft • Internal factors: • Users • Need to consider each vector on it’s own • Then analyse what could happen and what we can do to prevent it

  8. 1. Users & Workstations • Biggest cause of security problems • Dangers: • Unrecoverable deletion of files • Primary vector for virus and spyware infection • Access to privileged / unsuitable material • Installation of illegal or unlicensed software • Wasted time fixing / rebuilding computers messed up by users with too many rights

  9. Least Privilege (link) • Least Privilege - only the rights to do what you’re allowed to do • Running in the User context users cannot change settings or install software on PCs • Presents problems when using poorly designed software, or mobile users with laptops (fix by granting specific rights on pc after analysing with sysinternals utilities) • Handle politics of users wanting rights by demonstrating no need for admin rights

  10. Group Policy • Allows us to enforce highly granular settings on users and computers • Makes it possible to make changes to every or a just sub-set of computers or users with very little effort • Can deploy software to computers with it and configure the software too (e.g. MS Office) • Can make custom policies for changing settings which aren’t already available to be changed, e.g. deep networking settings • Can relax security some settings without giving users full control of their computers, e.g. network connections

  11. Setting Up A Group Policy (link) • Decide what we want to apply, and where we want to apply it, e.g. change desktop background for all PCs… • Run Group Policy Management Console from a DC or an administrative workstation. Need gpmc.msi

  12. Create a new GPO in the Group Policy Objects folder, then right-click the new object to edit it • Choose the settings you want then close the GPO • Finally apply the GPO to the Organisational Unit of your choice, e.g. Computers container for computer settings, or Users container for user settings • Since we are working with a tree structure of OUs, we have to consider Inheritance. • Domain • Staff • Computers • Users • Students • Computers • Users Applied here all computers will get the settings Applied here all Staff computers will get the settings Applied here all Student computers will get the settings and we can apply user settings too without having to make a second GPO (not best-practice though)

  13. Filtering GPOs • Can apply security settings to GPOs so that only certain security groups receive the settings • We can Deny or Allow settings to be applied based on group membership • For example if in Admins group deny applying the policy, otherwise enforce the policy for all users • On a Windows 2003 or later domain we can filter also based on WMI rules • For example we can apply Vista settings only to PCs that actually have Vista installed, and therefore keep all Vista and XP PCs in the same OU

  14. 2. ISA Server – Web Security • Microsoft’s strongest firewall technology • Used to protect networks from the wild internet • Acts as a proxy to enhance internet speeds for users, and as a reverse-proxy to accelerate web-server publishing out to the internet • Layer 7 firewall – filters based on application usage and user rights, not just on IP addresses and packet filtering rules • Extendible into arrays so we can use additional servers to improve performance • ISA servers are basically hardened servers with multiple network interfaces that sit in between the internet and the corporate network • Can also be used as a VPN server so users can connect to the network when on the road

  15. Typical ISA Implementation • Publish a web server to the internet and internal users (e.g. outlook web access) • Allow access to internet for internal users, protecting users from internet by filtering websites and logging usage • Can filter based on user groups or other factors (requires agent installed on workstations) Internet User ISA Server Web Server Internal User

  16. 3. Public Key Infrastructures (PKI) • Extension to authentication methods using certificates • All computers and users are issued private certificates by a certificate authority server (CA) • The associated AD objects for the computers and users include the public certificates • When authentication takes place between computers the authentication process is verified against the public/private certificates • With certificates users can sign or encrypt email messages and log-in to systems without needing passwords • Permits use of WPA wireless encryption – computer is authenticated with the certificate and a large encryption key is issued to the computer to get in via WiFi

  17. Setting Up a CA and PKI (link) • Create a Stand-alone Root Certificate Authority • Holds the master certificate, kept switched off • Perfect for virtual server - store the whole server on CD in a safe • Create an Enterprise Intermediate Certificate Authority • Signed by Stand-alone Root CA • Stores all information in Active Directory • Able to automatically issue certificates to computers and users • We can get certificates manually: https://<server>/certsrv • Need to set domain level group policies to force automatic certificate enrolment • PKI’s require careful planning and backing up – see link • With a PKI in place we can start enabling certificate based authentication and/or two-factor sign-on for users

  18. Network Isolation using GP & IPSec • Excellent method of implementing super high security with very little expense or complicated planning • Uses advanced group policy and IPsec encryption to save money on expensive switches and cabling • See following webcasts:http://blogs.technet.com/jhoward/archive/2006/02/14/419491.aspx • Case study:http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49593

  19. What to use to close the Holes GROUP POLICY & PKI ISA SERVER IPSEC GROUP POLICY PKI + WPA

  20. Questions nick.clark@uwe.ac.uk ? Links for Practical: TechNet Virtual Lab: Security with Group Policy Event: http://tinyurl.com/2ctl36 TechNet Virtual Lab: Group Policy Security Templates and IPSec Event: http://tinyurl.com/2gllb2

More Related