1 / 34

Chapter 10

Chapter 10. Windows System Security. Objectives. In this chapter, you will: Understand the concerns with default Windows configurations Use preventive security controls to protect user accounts, passwords, groups, data, and software Understand detective controls available to Windows systems

Download Presentation

Chapter 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 10 Windows System Security

  2. Objectives In this chapter, you will: • Understand the concerns with default Windows configurations • Use preventive security controls to protect user accounts, passwords, groups, data, and software • Understand detective controls available to Windows systems • Outline the corrective controls necessary to recover from a security incident

  3. Default Windows Configurations • Install Windows • Follow hardening checklists to improve security • www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist

  4. Preventive System Security • Physical security • Enable BIOS passwords • Require each user to logon • Restrict access to the floppy or other drives • Lock screen when away

  5. Preventive System Security • Vulnerability management • Receive security advisories from trusted source • Apply patches or workarounds in a timely manner • Windows Updates • Windows Update Catalog • Automatic Updates • Software Update Services • Test systems to ensure patches are applied

  6. Preventive System Security

  7. Preventive System Security • Remove unnecessary software • Disable unused services • Remove unused applications using Add or Remove Programs applet

  8. Preventive System Security • User management • Active Directory domains • Domain controller – authenticates users and replicates necessary AD information • Domain – a single security boundary of network objects on a Windows network • Tree – a set of domains connected by one or more trusts • Forest – a group of trees that are connected by one or more trusts • Organizational unit (OU) – another container used within a domain to further group and organize network objects

  9. Preventive System Security • User management • Windows NT 4.0 domains • PDC – primary domain controller • BDC – backup domain controller • Domain • Local users • Guest • Administrator

  10. Preventive System Security

  11. Preventive System Security • Password management • SAM database (%systemroot%\system32\config) • User names • Encrypted passwords • SIDs • Other user attributes • Passfilt.dll • Syskey • Group policies

  12. Preventive System Security • Group management • Create groups to effectively manage rights • Review user membership regularly

  13. Preventive System Security

  14. Preventive System Security • Authentication Mechanisms • NTLMv2 • Certificates • Smart cards • Biometrics • Kerberos

  15. Preventive System Security

  16. Preventive System Security • NTFS security • File/directory permissions • Read • Write • List Folder Contents • Read & Execute • Modify • Full Control • Special

  17. Preventive System Security

  18. Preventive System Security

  19. Preventive System Security • EFS – Encrypting File Systems • NTFS – Windows NT file system • DESX • FEK – File encryption key • Recovery Agents

  20. Preventive System Security • Windows shares • Read • Change • Full control • Interaction between NTFS permissions and shares

  21. Preventive System Security

  22. Preventive System Security • Registry • Full control • Read • Special

  23. Preventive System Security • Web server (IIS) • Use the IIS Lockdown tool • Install URLScan • Use nonprivileged account • Protect files with NTFS permissions • Require passwords for sensitive information • Enable logging • Require the use of SSL

  24. Preventive System Security • Remote administration tools • Remote Desktop for Administration • Windows Terminal Services • Strictly control these features

  25. Preventive System Security • Policy verification • Security Configuration and Analysis • Analyze settings and compare against template • Change and set settings • Modifying security templates

  26. Detective System Security • Antivirus • Update signatures weekly (at minimum) • Scan files weekly • Activate real-time virus detection

  27. Detective System Security

  28. Detective System Security • Auditing and Logging • Application log file – records events raised by applications or programs installed on the system • Security log file – records valid and invalid logon attempts and instances where users exercise rights to access files, directories, or resources • System – records events raised by the operating systems such as component failures

  29. Detective System Security • Events • Information – indicates the successful operation of an application, driver, or service • Warning – indicates events that may cause future problems • Error – indicates a significant problem with an application, driver, or service • Failure Audit – indicates a case where a user tries to access a resource and fails • Success Audit – indicates a case where a user tries to access a resource and succeeds

  30. Corrective System Security • Backups • Keep original installation media • Use bundled tool Windows Backup with ASR • Use commercial tools ArcserveIT, NetBackup, or NetWorker • Properly store backup media • Test backups periodically

  31. Summary • Windows, right out of the box, may not have all of the necessary security controls in place. It is important that administrators go through a checklist to harden systems before installing them. • Windows Update, Windows Update Catalog, Automatic Updates, and SUS offer administrators a variety of choices to help continually address Windows software vulnerabilities. • Disabling unused services and uninstalling unnecessary software available on systems reduces the doors available to abusers.

  32. Summary • AD, domains, and Local Users and Groups tools can be used to effectively manage the user accounts and groups allowed access to the Windows server. • Windows supports a variety of authentication mechanisms to supplement or replace the weaker and more traditional user account and password authentication mechanisms. • NTFS is a crucial component in protecting data files. Access control lists and the EFS add an important layer of security in protecting data stored on Windows servers. • Windows shares should be used sparingly to share data across the network. • Like access to files and directories, access to the Registry should be tightly controlled.

  33. Summary • Security Configuration and Analysis can be used to effectively assess and manage the access polices on the Windows 2000 or Windows Server 2003. • Remote Desktop for Administration is a new feature in Windows Server 2003 that allows administrators to remotely manage servers. Because this service has the potential for damage, access to the tool should be tightly controlled. • Antivirus tools are crucial in preventing malicious software. There are numerous vendors that offer effective tools.

  34. Summary • Auditing is an important way to determine whether malicious activity has occurred on the server. • The Security Configuration and Analysis tool can be used to configure the necessary auditing and log retention options. • Effective backups provide crucial corrective security controls in recovering from damaging system activity.

More Related