1 / 17

Objectives

Objectives. Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline Security Analyzer. Security Configuration Wizard. Security Configuration Wizard (SCW)

emmly
Download Presentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Objectives • Windows Firewalls with Advanced Security • Bit-Lock • Update and maintain your clients using Windows Server Update Service • Microsoft Baseline Security Analyzer

  2. Security Configuration Wizard Security Configuration Wizard (SCW) Provides a step-by-step wizard for hardening your network servers Available in Administrative Tools Security policies can be created for: Role-based service configuration Network security Registry settings Audit policy MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 2

  3. Windows Firewall Allows users to turn the firewall off or on By default, Windows Firewall is turned on and allows exceptions for programs and ports Allows you to create exceptions for inbound traffic Exception Instruction to open a port briefly, allow a program or service to pass information, and then close the port MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 3

  4. MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 4

  5. MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 5

  6. Windows Firewall with Advanced Security Used to manage Windows Firewall based on port, services, applications, and protocols MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 6

  7. Windows Firewall with Advanced Security Available Nodes: Inbound rules Outbound rules Connection security rules Monitoring Available network profiles Public Private Domain Deploying Windows Firewall Settings via Group Policy WFAS allows you to import or export firewall policies MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 7

  8. BitLocker Provides hard drive–based encryption of servers and Windows Vista computers Encrypts entire Windows system volume of a computer running Windows Server 2008 Designed to enhance protection against data theft or exposure on computers that are lost or stolen MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 8

  9. BitLocker (continued) Four authentication modes used by BitLocker BitLocker with a TPM BitLocker with Universal Serial Bus (USB) flash drive in place of TPM BitLocker with a TPM and a personal identification number (PIN) BitLocker with a TPM and a USB flash drive MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 9

  10. BitLocker (continued) Installing BitLocker Hard drive that supports BitLocker needs to be configured before installing BitLocker BitLocker requires at least 1.5 GB of unallocated or available drive space System volume is responsible for maintaining the unencrypted boot information Boot volume will contain the OS files and be encrypted by BitLocker MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 10

  11. Updating Windows Server 2008 • Windows Update (in Control Panel) • Suite of tools and services for applying updates to systems • Responsible for download and install updates from Microsoft • Requires access to the Internet

  12. Windows Server Update Services • Benefits: • Centralizes the updating tasks for client and server • Minimizes effects on the WAN connection • Improves network security and reliability • Improves installation of relevant updates • Targets updates to specific computers and groups • Basic requirements before installing WSUS 3.0 SP1 • Microsoft Internet Information Services (IIS) 7.0 • Microsoft Report Viewer Redistributable 2005 • Minimum of 6 GB of free space for storing downloaded updates • WSUS requires a database to keep records of updates • Internal DB or SQL Sever 2005 SP1 or later • Windows authentication (SQL authentication is not supported)

  13. Working with WSUS • WSUS Administrative console allows you to: • Generate reports Daily/Weekly reports via email & email when updates are synchronized. • Manage updates • Monitor the computer through the console • WSUSutil.exe: a command-line tool managing WSUS

  14. Windows Server Update Services • Configuring clients • To use the WSUS server for updates • Clients must be Windows 2000 SP3 or later • By default, client checks for update every 17 – 22 hrs. • Approving and deploying updates • Using the Update Services console, you can control • Which updates are applied • Which computers receive the updates • When the updates are distributed

  15. Microsoft Baseline Security Analyzer 2.1 • A tool to analyze your current security posture • MBSA scans for missing security updates for the following products • Windows 2000 SP4 and later • Microsoft Office XP and later • Microsoft Exchange Server 2000 and later • Microsoft SQL Server 2000 SP4 and later • MBSA • Free download from Microsoft • Can be used on a local computer or to connect to one or more remote computers on your network • Options for running MBSA on remote computers • Domain name and IP address range

  16. Microsoft Baseline Security Analyzer (Continue) When MBSA scans a computer, it creates a report that is organized into the following areas Security Assessment Security Update Scan Results Windows Scan Results Internet Information Services (IIS) Scan Results SQL Server Scan Results Desktop Application Scan Results Scanning a computer with MBSA You can perform MBSA scans using: The GUI-based tool The mbsacli.exe command- line tool Requires Internet connectivity Can scan computer, remote computer, or groups of remote computers. 17

More Related