slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Feat PowerPoint Presentation
Download Presentation
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Feat

Loading in 2 Seconds...

play fullscreen
1 / 48

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Feat - PowerPoint PPT Presentation


  • 359 Views
  • Uploaded on

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features. Objectives. Identify the various elements and techniques that can be used to secure a Windows Server 2003 system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Feat' - leland


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 EnvironmentChapter 14:Windows Server 2003 Security Features

objectives
Objectives
  • Identify the various elements and techniques that can be used to secure a Windows Server 2003 system
  • Use Security Configuration and Analysis tools to configure and review security settings
  • Audit access to resources and review Security log settings

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

securing your windows 2003 system
Securing Your Windows 2003 System
  • Five broad categories of security-related features:
    • Authentication
    • Access control
    • Encryption
    • Security policies
    • Service packs and hot fixes

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

authentication
Authentication
  • Most basic level is requiring a user id and password to log on to some system
  • In a domain environment, authentication is centralized on the network while in a workgroup environment, authentication is local
  • In a domain environment, a single authentication can provide access to multiple domains and forests
  • Additional authentication methods can apply to other services (e.g., IIS)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

access control
Access Control
  • Access control is used to secure resources such as files, folders, and printers
  • Common types of access control are NTSF and shared folder permissions, printer permissions, Active Directory object permissions
  • The “principle of least privilege” implies that users should only have the access that they really need

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

encryption
Encryption
  • Confidential files can be encrypted using the Encrypting File System (EFS) for local files stored on NTFS volumes
  • EFS uses a combination of public and private keys
  • The IPSec protocol can encrypt the contents of packets sent across a TCP/IP network
  • There are two IPSec modes: transport and tunnel
  • IPSec is used to make it difficult for hackers to intercept sensitive network data

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

security policies
Security Policies
  • Security policy settings can be configured from the Local Security Policy and Group Policy Object Editor MMC snap-ins
  • Security policies control a range of security settings
  • Windows Server 2003 includes tools that analyze policy settings compared to pre-configured security templates
    • Security Configuration and Analysis MMC snap-in
    • Command-line SECEDIT utility

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

service packs and hot fixes
Service Packs and Hot Fixes
  • Many critical updates and patches are related to security issues
  • Hot fixes address a specific identified issue
  • A service pack is a cumulative collection of hot fixes and updates
  • Service packs and hot fixes can be downloaded and installed from Microsoft
  • Software Update Services can assist in automating and managing the distribution of updates

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

using security configuration manager tools
Using Security Configuration Manager Tools
  • Windows Server 2003 provides tools specifically designed to help configure and manage security settings (Security Configuration Manager tools)
  • These tools plus Group Policies can be used to set up a Security Policy template which is administered centrally

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

using security configuration manager tools continued
Using Security Configuration Manager Tools (continued)
  • The Security Configuration and Analysis tool will compare a security template to existing settings
  • The Security Configuration Manager tools include these components:
    • Security templates
    • Security settings in Group Policy objects
    • Security Configuration and Analysis tool
    • SECEDIT command-line tool

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

security templates
Security Templates
  • Templates help ensure consistency and ease maintenance across multiple machines
  • Templates are text-based files
    • Should not be edited or changed using a text-based editor
  • There are a number of pre-defined templates for various settings

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

security templates continued
Security Templates (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 1 browsing security templates
Activity 14-1: Browsing Security Templates
  • Objective: To become familiar with built-in security templates
  • Start  Run  type mmc  OK  File  Add/Remove Snap-in  Add
  • Locate and view the available templates as directed
  • Browse through the available templates and the specific policies associated with them

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

analyzing the pre configured security templates
Analyzing the Pre-configured Security Templates
  • Network computers can be categorized as:
    • Workstations
    • Servers
    • Domain controllers
  • Pre-configured templates are applicable to a specific category of computer
  • Only Windows Server 2003, Windows XP, and Windows 2000 can use security templates

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

the default template
The Default Template
  • The Setup Security.inf template contains default security settings applied when Windows Server 2003 is installed
  • Contents depend upon the original configuration of computer (fresh install, upgrade, etc.)
  • Allows an administrator to return to original settings easily
  • Should not be applied using Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

incremental templates
Incremental Templates
  • Modify security configurations incrementally
  • Can only be applied on top of default security settings because they do not specify baseline configurations
  • Templates include: compatws.inf, securews.inf, securedc.inf, hisecws.inf, hisecdc.inf, iesacls.inf, dc security.inf, rootsec.inf
  • Custom templates can also be created

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

applying security templates
Applying Security Templates
  • Security templates can be applied to local machine or a domain
  • For local machine
    • Open Local Security Setting MMC snap-in and import a policy
  • For domain
    • Use Group Policy Objects
  • Security settings from GPOs override local settings

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

applying security templates continued
Applying Security Templates (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 2 creating a security template
Activity 14-2: Creating a Security Template
  • Objective: to explore the creation of a custom security template
  • Open a New Template from the MMC Security Templates snap-in as directed
  • Configure settings for the new template as specified
  • Save the template
  • View the template file

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 3 applying security template settings to group policy objects
Activity 14-3: Applying Security Template Settings to Group Policy Objects
  • Objective: to use Group Policy to deploy security template settings
  • Start  Administrative Tools  Active Directory Users and Computers
  • Open the Default Domain Policy from the Properties of the domain
  • Import the previously created template as directed
  • Verify settings

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

security configuration and analysis
Security Configuration and Analysis
  • The Security Configuration and Analysis snap-in permits the comparison of current system settings to those configured in templates
  • The comparison identifies changes and potential weaknesses
  • Multiple templates can be compared at once
  • Multiple templates can be combined and saved
  • Changes can be made directly within the snap-in by selecting the desired configuration

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

security configuration and analysis continued
Security Configuration and Analysis (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 2 creating a security template continued
Activity 14-2: Creating a Security Template (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 4 analyzing security settings using security configuration and analysis
Activity 14-4: Analyzing Security Settings Using Security Configuration and Analysis
  • Objective: To use the Security Configuration and Analysis snap-in to compare current configuration with security template settings
  • Open the Security Configuration and Analysis snap-in as directed and open a new database
  • Import the hisecdc.inf template for comparison
  • Perform the analysis
  • Review and compare the settings as directed

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 4 continued
Activity 14-4 (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

secedit command line tool
SECEDIT Command-Line Tool
  • SECEDIT is a command-line tool used to create and apply security templates and analyze settings
  • Can be used where Group Policy cannot be applied
  • Six main switches
    • Analyze
    • Configure
    • Export
    • Import
    • Validate
    • GenerateRollback

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

auditing access to resources and analyzing security logs
Auditing Access to Resources and Analyzing Security Logs
  • Auditing is used to track events on a network
  • An audit policy defines which events should be recorded
    • and whether successes and/or failures should be recorded
  • Audited events are written into a security log which can be viewed with Event Viewer

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 5 exploring default auditing settings
Activity 14-5: Exploring Default Auditing Settings
  • Objective: to explore the auditing settings of the default domain controller GPO
  • Open the Properties of the Domain Controllers OU in Active Directory Users and Computers
  • Edit the Default Domain Controllers Policy on the Group Policy tab as directed
  • Open the Audit Policy node and browse through the various policy settings

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 5 continued
Activity 14-5 (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 5 continued30
Activity 14-5 (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

configuring auditing
Configuring Auditing
  • The role of a computer on the network influences how an audit policy is configured
  • For member servers or workstations
    • Audit policies are implemented using GPOs assigned to the domain or OUs
  • For domain controllers
    • Audit policies are implemented via the Default Domain Controllers Policy applied to Domain Controllers OU
  • For standalone workstations and servers
    • Audit policies defined using Local Security Policy tool

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

requirements and configuring an audit policy
Requirements and Configuring an Audit Policy
  • Requirements
    • You must have proper permissions (Administrators Group or Manage auditing and security log user right)
    • Auditing files and folders can only be done on NTFS volumes
  • Configuring an audit policy
    • Configure auditing on events to be monitored and if logging occurs on success and/or failure
    • Configure auditing on specific resource objects such as files, folders, printers, and Active Directory objects

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

configuring an audit policy continued
Configuring an Audit Policy (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 6 configuring and testing new audit policy settings
Activity 14-6: Configuring and Testing New Audit Policy Settings
  • Objective: to become familiar with changing and testing the configuration of audit policy settings
  • Open the Default Domain Controllers Policy GPO auditing settings
  • Reconfigure the settings as directed
  • Manually refresh the Group Policy settings
  • Test the new settings and view results using Event Viewer

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

auditing object access
Auditing Object Access
  • When files and folders reside on an NTFS volume, you can monitor attempted and successful accesses of these objects
  • Caution -- this can result in a large number of events being logged
  • Object auditing is configured through the Advanced Security Settings on the resource
  • Auditing is also possible for Active Directory objects

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

auditing object access continued
Auditing Object Access (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 7 configuring auditing on an ntfs folder
Activity 14-7: Configuring Auditing on an NTFS Folder
  • Objective: to log failed and successful accesses to an NTFS folder
  • Create and configure NTFS permissions for a new folder
  • Configure auditing settings for the folder
  • Test the auditing settings and permissions by attempting to access and delete the folder
  • Use Event Viewer to verify correct auditing

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 7 continued
Activity 14-7 (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

best practices
Best Practices
  • Plan carefully before implementing an audit policy
  • General guidelines:
    • Only audit events that provide truly useful information
    • Review entries in the security log regularly
    • Audit sensitive and confidential information
    • Audit the Everyone group – it includes unauthenticated users
    • Audit the assignment of user rights
    • Audit the Administrators group

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

analyzing security logs
Analyzing Security Logs
  • For each event defined in an audit policy, an entry is written in the Security log if that event occurs
  • Use Event Viewer to examine the Security log
  • The log provides a summary of the date and time of each event, and the user performing the action
  • More details by double-clicking the entry
  • Event Viewer provides find and filter options to assist in managing the Security log

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

analyzing security logs continued
Analyzing Security Logs (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

analyzing security logs continued42
Analyzing Security Logs (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 8 configuring event viewer log properties
Activity 14-8: Configuring Event Viewer Log Properties
  • Objective: to use the find and filter features in Event Viewer to manage log files
  • Open Event Viewer and view local Security log
  • Use the Find feature to locate specific types of events as directed
  • Next, use the Filter feature to manage the log, displaying only events meeting specified criteria
  • Redisplay all records in the log as directed

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

configuring event viewer
Configuring Event Viewer
  • There are a number of configurable settings that determine the size, number of entries, and overwrite policy in a security log
  • Default initial security log size is 16 MB in Windows Server 2003 (up from 512 KB in 2000)
  • Settings are configured from the Properties of the Security log in Event Viewer

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

configuring event viewer continued
Configuring Event Viewer (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

activity 14 9 editing security log settings and saving events
Activity 14-9: Editing Security Log Settings and Saving Events
  • Objective: to configure properties of the Security log and save event entries for archiving purposes
  • Open the Properties of the Security log through Event Viewer
  • Reconfigure the Security log size and overwrite properties as directed
  • Save and clear the Security log as noted
  • Open the saved log to verify

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

summary
Summary
  • Windows Server 2003 offers security-related features in five categories: authentication, access control, encryption, security policies, and service packs and hot fixes
  • Windows Server 2003 offers a package of Security Configuration Manager tools:
    • Security templates, security settings in GPOs, Security Configuration and Analysis tool, SECEDIT command-line tool

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

summary continued
Summary (continued)
  • Auditing is used to log specific events within a Windows Server 2003 configuration
  • An audit policy defines the events to be monitored
  • Specific resources and objects can be configured for auditing access attempts
  • A Security log contains record of audited events
  • Event Viewer is used to display and manage Security logs

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment