1 / 17

Windows Security

FORE SEC Academy Security Essentials (V). Windows Security. Agenda. Chapter 25 : The Windows Security Infrastructure Chapter 26 : Permissions and User Rights Chapter 27 : Security Templates and Group Policy Chapter 28 : Service Packs, Hotfixes, and Backups

cheryl
Download Presentation

Windows Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FORESEC AcademySecurity Essentials (V) Windows Security

  2. Agenda • Chapter 25: The Windows Security Infrastructure • Chapter 26: Permissions and User Rights • Chapter 27: Security Templates and Group Policy • Chapter 28: Service Packs, Hotfixes, and Backups • Chapter 29: Securing Windows Network Services • Chapter 30: Automation and Auditing

  3. FORESEC AcademySecurity Essentials (V) The Windows Security Infrastructure

  4. Windows Operating Systems • Windows 9x/Me • Windows NT • Windows 2000 • Windows XP • Windows 2003

  5. Windows 9x/Me (1 of 2) • Not designed for security and cannot be secured, period. - No filesystem security - Can't really require initial logon - Weak authentication protocol (LM) - Extremely vulnerable to DoS attacks - Virtually no logging capabilities - Prone to lock-ups and crashes - Boot into other OS to circumvent everything

  6. Windows 9x/Me (2 of 2) But if you’re stuck with 9x/Me, then: - Use them as “thin clients” to Terminal Services or Citrix servers - Keep all mail on Exchange Server, not in local personal storage files (.PST) - Store all documents on servers - Install ADCE for NTLMv2 support

  7. Windows NT 4.0 • Windows NT is dead, Dead, DEAD. • Service Pack 6a is the last one. • Was at least intendedto be secure: -User-based access control - Domain controllers, trusts, and single sign-on - NTFS and NTLM - Detailed logging - Protected memory spaces in OS - VMS pedigree

  8. Windows 2000 (1 of 2) It's more like Windows NT version 9.0: - Active Directory - Group Policy - Kerberos - IPSec - PKI & Smart Cards - EFS - Scriptability & CMD Tools

  9. Windows 2000 (2 of 2)

  10. Windows XP • A better Windows 2000 Professional... • XP Professional vs. Home Edition • Only with XP Professional: - Ability to join a domain - Encrypting File System - Editable file ACLs - Remote Desktop support - Roaming user profiles - Dual CPU support

  11. Windows Server 2003 (1 of 3) • Successor to Windows 2000 Server - Not intended for desktops. - Mostly an incremental upgrade to Win2000. - Scalability and fault-tolerance enhancements. • Cross-forest trusts. • You can mix-and-match your Windows 2000and 2003 Servers fairly easily.

  12. Windows Server 2003 (2 of 3)

  13. Windows Server 2003 (3 of 3) • Windows Server 2003 Web Edition - Dedicated-purpose operating system - Not available through retail channels. - Intended for ISP.s and ASP.s. - Intended for turn-key hardware appliances. • Only supports two 32-bit CPUs and no more than 2 GB of RAM. (Why???) • Probably better off with Standard Server...

  14. Workgroups (1 of 3) • Users are typically local administrators of • their own machines. • A “workgroup administrator” simply has • a separate administrative account on • every machine. • Workgroups tend to be small, e.g., less • than 100 boxes. • You can have stand-alones or entire • workgroups in the midst of domain • members, e.g., IIS servers on a service • subnet. • No domain controllers! • Stand-alone computers only. • Local accounts and local accounts • databases only. - Permissions can be assigned • to local users and groups only. - Local groups cannot have • users from other machines. - User names may be identical • across machines, but their • SIDs are different (more on • this in just a moment).

  15. Workgroups (2 of 3) • Benefits of workgroups: - Conceptual simplicity. - Lower initial cost. - Each computer protects itself. - Each user is typically an administrator of his or her own machine, allowing personal creative expression and joy.

  16. Workgroups (3 of 3) • Drawbacks of workgroups: - Users are insane. - Workgroup = Anarchy Very difficult to manage a large number of stand-alones (no scalability). - No single sign-on without great effort. - No consistent permissions or rights.

  17. Manage Local Accounts • Windows NT - User Manager • Windows 2000/XP/2003 - User Accounts applet in control Panel. - Computer Management snap-in in Administrative Tools folder. - NET.EXE

More Related