1 / 12

Microsoft Security Resources

This talk provides an in-depth overview of security configurations and best practices for Active Directory, IIS, and SQL Server. Topics include automating client security settings, IPSec implementation, and utilizing Software Update Services for efficient patch management. The presentation also covers vital measures for IIS and SQL security, including the use of IIS Lockdown Wizard and SQL password management. Furthermore, it addresses incident response strategies for compromised systems, emphasizing the importance of proactive protection and proper recovery processes.

atira
Download Presentation

Microsoft Security Resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Security Resources

  2. URL’s for this talk • All URL’s mentioned in this talk can be found here: http://www.cs.cmu.edu/~help/security/pc_talk.html

  3. Active Directory / Group Policy • Windows 2000, XP clients only • Automate client security settings • Policies at the Site, Domain, OU, local level • Delegation of Organizational units

  4. Local Policy Settings • Most of the same functions as Active Directory based policy, but applied on a per machine basis. • IPSec based TCP/IP filtering for common types of network traffic (Netbios, HTTP, etc.) • IPSEC Policies can be downloaded from: http://www.cs.cmu.edu/~help/security/pc/windows_security.html

  5. Software Update Services • Local version of Windows Update • Ability to block patches • Patches download from a local server • Client must initiate installation • Settings applied via a Domain Group Policy • Evaluating Shavlik HFnetChkPro for automated patch management for infrastructure servers

  6. IIS Security • IIS Lockdown Wizard – removes legacy components and tightens folder security on the IIS directory structure. • URLScan - ISAPI filter which reads incoming http requests and filters requests which do not meet the proper criteria. • Configurable via .INI file

  7. SQL Security • Reset the “SA” password • Apply Service packs and critical security hotfixes • Proper validation of form fields that access SQL databases.

  8. Terminal Services Security • Port 3389 is blocked • Requires Cisco VPN client to access a workstation/server running Terminal Services

  9. Microsoft Baseline Security Analyzer • Checks for security misconfiguration and missing security patches. • Developed by Shavlik technologies (HFnetchk). • Output from the tool should be kept in a secure area or external media.

  10. Anti-Virus Software • All PC’s should have Symantec’s Anti-virus corporate edition installed. • Machines installed by SCS facilities have the following settings pre-applied (via GRC.DAT): • Weekly scan • Nightly Live Update • Application requires a password to remove • Real-time scan settings are locked

  11. Help! I’ve been hacked … • Clauss will usually provide port information (where a malicious process is listening) • Process to port mapping. Use “netstat –aon” (XP only). • Fport (available from Foundstone) • TCPview(available from Sysinternals.com) • Kill the malicious process(es). Patch the machine, reset passwords, remove artifacts.

  12. Help! Iv’e been hacked (cont.) • In a lot of cases, it is easier to just wipe and reinstall the machine, rather than doing a detailed analysis. • Domain and Unix passwords should still be reset, since keystroke loggers are fairly common. • Detailed help on cleaning hacked machines: http://www.cs.cmu.edu/~help/security/pc/break_ins.html

More Related