windows server 2003 security l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Windows Server 2003 Security PowerPoint Presentation
Download Presentation
Windows Server 2003 Security

Loading in 2 Seconds...

play fullscreen
1 / 35

Windows Server 2003 Security - PowerPoint PPT Presentation


  • 342 Views
  • Uploaded on

Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos College What we are looking at today Priority Shift Access was a top priority Open-by-default

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Windows Server 2003 Security' - Faraday


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
windows server 2003 security

Windows Server 2003 Security

Donald E. Hester

CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV

Maze & Associates

San Diego City College

Los Medanos College

priority shift
Priority Shift
  • Access was a top priority
    • Open-by-default
    • Start with everything open and then start locking down as needed
  • Control is now a top priority
    • Closed-by-default
    • Start with everything closed and open only what is needed
server 2003 defaults
Server 2003 Defaults
  • IIS – Internet Information Services
    • IIS is not installed by default
    • When you install IIS 6 it is locked down
  • More startup services are disabled in 2003
  • Everyone Group
    • No longer has full control it has read and execute
    • No longer includes anonymous users
server 2003 defaults6
Server 2003 Defaults
  • Accounts with null passwords are console-bound
  • Software restriction policies
    • Hash rule
    • Path rule
    • Certificate rule
    • Internet Zone rule
  • Protected EAP (PEAP)
  • Detailed security auditing
file system
File System
  • NTFS
    • Permissions & auditing
    • EFS - Encrypted File System (multiple users)
    • VSS - Volume Shadow Copy (Server 2003)
    • Quotas
    • ABE (Server 2003 SP1)
  • Future developments WinFS
    • Won’t be in Longhorn
icf vs windows firewall
Boot-time Security

Global configuration

Audit logging

Scope restrictions

Command-line support

Program-based exceptions

Multiple Profiles

Unattended setup support

Enhanced multicast and broadcast support

IPv6 support

New Group Policy Support

ICF vs. Windows Firewall
pssu post setup security updates
PSSU (Post-Setup Security Updates)
  • Service Pack 1 enhancement
  • Protects the computer until it can update
  • Uses Windows Firewall
dep data execution prevention
DEP (Data Execution Prevention)
  • Prevent malicious software rather than error out and potentially crashing the system
  • Hardware-enforced DEP
    • Protects memory locations
    • The no-execute page-protection (NX) processor feature as defined by AMD.
    • The Execute Disable Bit (XD) feature as defined by Intel.
  • Software-enforced DEP
    • Protects system binaries and exception-handling
    • Software built with SafeSEH
tcp ip protection
TCP/IP protection
  • Enhancements:
    • Smart TCP port allocation
    • SYN attack protection is enabled by default
    • New SYN attack notification IP Helper APIs
    • Winsock self-healing
what is network access quarantine

RAS client placed in Quarantine

RAS client meets Quarantine policies

  • RAS client fails policy check
  • Quarantine timeout Reached

RAS client disconnected

RAS client gets full access to network

What Is Network Access Quarantine?

Remote access client authenticates

trusts in windows server 2003

Forest

(root)

Trusts in Windows Server 2003

Forest 1

Forest 2

Tree/Root

Trust

Forest

Trust

Parent/ChildTrust

Forest

(root)

Domain D

Domain E

Domain A

Domain B

Domain P

Domain Q

Shortcut Trust

External

Trust

Realm

Trust

Domain F

Domain C

Kerberos Realm

coming soon ie 7
Coming Soon: IE 7
  • Information Security Magazine (Jan 2006)
server hardening18
Server Hardening
  • Appropriate settings for a secure baseline
    • Settings for applications and services
    • Operating system components
    • Permissions and rights
    • Administrative procedures
    • Physical access
server hardening templates
Server Hardening - Templates
  • Predefined Security Templates
  • Security Guide Templates
  • Industrial Templates
    • SANS
    • CIAC
    • NSA
    • DoD
  • Custom Templates
template deployment
Template Deployment
  • Test before deployment
  • Periodic analysis
    • Security Configuration and Analysis snap-in
    • Scripting (Secedit.exe)
  • Deployment Methods
    • Group Policy (Active Directory)
    • Security Configuration and Analysis snap-in
    • Scripting (Secedit.exe)
server hardening21
Server Hardening
  • Security Configuration Wizard (SCW)
    • Comes with Service Pack 1 (Server 2003)
    • Disables unneeded services
    • Blocks unused ports
    • Allows further address or security restrictions for ports that are left open
    • Prohibits unnecessary Internet Information Services (IIS) Web extensions, if applicable
    • Reduces protocol exposure to server message block (SMB), NTLM, LanMan, and Lightweight Directory Access Protocol (LDAP)
    • Defines a high signal-to-noise audit policy
    • Best for servers with multiple roles
security configuration wizard
Security Configuration Wizard
  • Supports
    • Rollback
    • Analysis
    • Remote configuration
    • Command-line support
    • Active Directory integration
    • Policy editing
    • Export to Group Policy
updates
Updates
  • Manual
    • Requires user intervention – labor intensive
  • Windows Updates
    • Automatic process fine for small deployments
  • SUS
    • Updates approved critical patches for multiple machines at an administrator appointed time (replaced with WSUS)
  • WSUS
    • Same as SUS but includes support for other patches such as Office and critical drivers
slide25
PKI
  • Some uses
    • EFS, Authentication, Smart Card, IPSec, Servers
  • Auto enrollment
  • Command line tools (Certreq.exe, Certutil.exe)
  • Key recovery (DRA or KRA)
  • Delta CRL
available tools gpmc
Available Tools - GPMC
  • New User Interface
  • Backup and restore
  • Import and export
  • Group Policy Modeling
  • Resultant Set of Policy (RSoP)
available tools mbsa
Available Tools - MBSA
  • Microsoft Baseline Security Analyzer (v2)
available tools msat
Available Tools - MSAT
  • Microsoft Security Assessment Tool
available tools windows defender
Available Tools – Windows Defender
  • Microsoft Anti-Spyware – Windows Defender
    • Spyware detection
    • Scheduled scanning and removal
    • Straightforward operation and thorough removal technology
available tools
Available Tools
  • Security Resource Kit
    • Various tools to enumerate access control lists, list drivers, list services, dump event logs, parse logs, determine authentication method, and much more
  • Security Guide
    • Templates
    • Various test scripts
3 rd party tools
3rd Party Tools
  • Winternals http://www.winternals.com/
  • Sysinternals http://www.systernals.com/
  • CERT http://www.cert.org/
  • SANS http://www.sans.org/
resources
Resources
  • Windows Server 2003 Security Guide
    • http://go.microsoft.com/fwlink/?LinkId=14846
  • WindowSecurity.com
  • SecWish@microsoft.com (Feedback email)
  • Microsoft Windows Security Resource Kit (2nd Ed.) ISBN 0-7356-2174-8
  • Service Pack 1 Overview
    • http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/overview.mspx
resources33
Resources
  • Microsoft Security Assessment Tool (MSAT)
  • https://www.securityguidance.com/
  • Microsoft Security
  • http://www.microsoft.com/security/default.mspx
  • Microsoft Baseline Security Analyzer (MBSA)
  • http://www.microsoft.com/technet/security/tools/mbsahome.mspx
  • Microsoft Anti-Spyware (beta) Defender
  • http://www.microsoft.com/athome/security/spyware/software/default.mspx
resources34
Resources
  • RootKit Revealer
  • http://www.sysinternals.com/Utilities/RootkitRevealer.html
  • Strider GhostBuster Project (Rootkit detector)
  • http://research.microsoft.com/rootkit/
  • Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
  • http://go.microsoft.com/fwlink/?LinkId=15160
contact info
Contact Info
  • Donald E. Hester
    • DonaldH@MazeAssociates.com
    • https://www.linkedin.com/in/donaldehester