Download
chapter 8 n.
Skip this Video
Loading SlideShow in 5 Seconds..
HARDENING CLIENT COMPUTERS PowerPoint Presentation
Download Presentation
HARDENING CLIENT COMPUTERS

HARDENING CLIENT COMPUTERS

409 Views Download Presentation
Download Presentation

HARDENING CLIENT COMPUTERS

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chapter 8 HARDENING CLIENT COMPUTERS

  2. Chapter 8: Hardening Client Computers OPERATING SYSTEM SECURITY FEATURES • Microsoft Windows 98/Windows Me • Windows NT 4.0 • Windows 2000 Professional • Windows XP with Service Pack 2

  3. Chapter 8: Hardening Client Computers DESIGNING CLIENT SECURITY TEMPLATES • Create a custom security template for each client role: • Desktop • Laptop • Kiosk • Base custom templates on default workstation templates • Never modify default security templates

  4. Chapter 8: Hardening Client Computers DESIGNING A CLIENT COMPUTER OU MODEL • Create OUs for different operating system versions • Avoid using Windows Management Instrumentation (WMI) filtering • Create OUs for different computer roles • Create OUs for organizations with special security requirements • Use security groups to apply GPOs to cross-sections of client computers

  5. Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 1

  6. Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 2

  7. Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 3

  8. Chapter 8: Hardening Client Computers THIRD-PARTY SECURITY SOFTWARE • Antivirus protection • Antispyware protection • Network backups • Host-based firewalls for earlier versions of Windows

  9. Chapter 8: Hardening Client Computers DESIGNING SOFTWARE RESTRICTION POLICIES • Hash rules • Certificate rules • Path rules • Internet zone rules

  10. Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT • Windows components • The Start menu • The desktop • The Control Panel

  11. Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT (CONT.) • Shared folders • The network • System settings • Printers

  12. Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: BEFORE

  13. Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: AFTER

  14. Chapter 8: Hardening Client Computers PROTECTING DESKTOP COMPUTERS • Grant users only local User privileges or less • Remove unnecessary items from the desktop and the Start menu • Leverage the Hisecws.inf security template • Use Group Policy settings to rename default accounts

  15. Chapter 8: Hardening Client Computers PROTECTING MOBILE COMPUTERS • At greater risk than desktop computers, mobile computers might be: • Stolen • Damaged • Used for personal use • Mobile computers require greater flexibility than desktop computers: • Connect to home networks and wireless hotspots • Users might need to install printer drivers • Mobile computers use EFS to protect confidential files

  16. Chapter 8: Hardening Client Computers PROTECTING KIOSKS • Very likely to be abused • Should be extremely restricted • Should not be connected to the internal network

  17. Chapter 8: Hardening Client Computers THE .NET FRAMEWORK • Next-generation application environment: • Required for many new applications • Dramatically more secure • Included with Windows Server 2003 • Free download for earlier operating systems

  18. Chapter 8: Hardening Client Computers CAS OVERVIEW • Role-based security restricts what users can do • CAS restricts what applications can do • Grants access to the file system, registry, printers, the network, and other resources based on permissions assigned to an application • Enables you to run potentially malicious applications safely • Works only with .NET Framework applications

  19. Chapter 8: Hardening Client Computers CAS AT WORK

  20. Chapter 8: Hardening Client Computers CAS ELEMENTS • Evidence • Permission • Permission set • Code groups

  21. Chapter 8: Hardening Client Computers CAS AND OPERATING SYSTEM SECURITY

  22. Chapter 8: Hardening Client Computers GUIDELINES FOR USING CAS • Use the principle of least privilege • Test applications thoroughly after restricting CAS • Push developers to use the .NET Framework • Encourage software vendors to migrate to the .NET Framework

  23. Chapter 8: Hardening Client Computers SUMMARY • Earlier versions of Windows lack important security features • Use security templates and GPOs to implement client security • Create different configuration settings for client roles, operating systems, and security requirements • Use .NET Framework and CAS to reduce the risks of malicious or vulnerable software