Chapter 4
Download
1 / 59

- PowerPoint PPT Presentation


  • 387 Views
  • Updated On :

Chapter 4 Account-based Security Objectives Discuss how to develop account naming and security policies Explain and configure user accounts Discuss and configure account policies and logon security techniques Discuss and implement global access privileges

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - niveditha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 4 l.jpg

Chapter 4

Account-based Security


Objectives l.jpg
Objectives

  • Discuss how to develop account naming and security policies

  • Explain and configure user accounts

  • Discuss and configure account policies and logon security techniques

  • Discuss and implement global access privileges

  • Use group policies and security templates in Windows 2000 Server and Windows Server 2003

Guide to Operating System Security


Account naming l.jpg
Account Naming

  • Provides orderly access to server and network resources

  • Enables administrators to monitor security:

    • Which users are accessing the server

    • What resources they are using

  • Establish conventions for account names

    • User’s actual name

    • User’s function

Guide to Operating System Security


Security policies l.jpg
Security Policies

  • Apply to all accounts or to all accounts in a particular directory service container

  • Affected elements:

    • Password security

      • Expiration period

      • Minimum length

      • Password recollection

    • Account lockout

    • Authentication method

Guide to Operating System Security


Creating user accounts in windows 2000 professional l.jpg
Creating User Accounts in Windows 2000 Professional

  • Typically installed with:

    • Administrator account

    • Guest account

  • To create and manage user accounts:

    • Start – Settings – Control Panel – Users and Passwords, or

    • Right-click My Computer – Manage – Local Users and Groups – Users

Guide to Operating System Security


Creating user accounts in windows xp professional l.jpg
Creating User Accounts in Windows XP Professional

  • Installed with:

    • Account that usually consists of user’s name

    • Administrator account

    • Guest account

    • HelpAssistant account for remote desktop help

    • Support accounts for Microsoft and computer manufacturer

  • To create and manage user accounts:

    • Start – Control Panel – User Accounts, or

    • Right-click My Computer – Manage – Local Users and Groups – Users

Guide to Operating System Security


Managing user accounts in windows xp professional l.jpg
Managing User Accounts in Windows XP Professional

Guide to Operating System Security


Creating user accounts in windows 2000 server server 2003 l.jpg
Creating User Accounts in Windows 2000 Server/Server 2003

  • Installed with:

    • Administrator account

    • Guest account

    • Other accounts, depending on services installed on server

  • Create new accounts by entering account information and password controls

    • Local user account on a server that is not part of a domain

    • Account in the Active Directory

Guide to Operating System Security


Managing user accounts in windows 2000 server l.jpg
Managing User Accounts in Windows 2000 Server

Guide to Operating System Security


Creating a new user l.jpg
Creating a New User

  • Complete name, user logon name, password, and password confirmation information

    • User must change password at next logon

    • User cannot change password

    • Password never expires

    • Account is disabled

  • Further configure associated properties

Guide to Operating System Security


Account properties in windows server 2003 l.jpg

General tab

Address tab

Account tab

Profile tab

Telephones tab

Organization tab

Member Of

Dial-in

Environment

Sessions

Remote Control

Terminal Services Profile

COM+ tab

Account Properties in Windows Server 2003

Guide to Operating System Security


Account properties in windows server 200312 l.jpg
Account Properties in Windows Server 2003

Guide to Operating System Security


Account tab l.jpg
Account Tab

Guide to Operating System Security


Creating user accounts in red hat linux 9 x l.jpg
Creating User Accounts inRed Hat Linux 9.x

  • Each user account is associated with a user identification number (UID)

  • Assign users with common access needs to a group via a group identification number (GID)

Guide to Operating System Security


Contents of linux password file etc passwd l.jpg
Contents of Linux Password File (/etc/passwd)

  • Username

  • Encrypted password or reference to shadow file

  • UID and GID

  • Information about the user

  • Location of user’s home directory

  • Command that is executed as user logs on

Guide to Operating System Security


Linux shadow file etc shadow l.jpg
Linux Shadow File (/etc/shadow)

  • Available only to system administrator

  • Contains password restriction information

    • Minimum/maximum number of days between password changes

    • When password was last changed

    • When password will expire

    • Amount of time account can be inactive before access is prohibited

Guide to Operating System Security


Creating user accounts and groups in linux l.jpg
Creating User Accounts and Groups in Linux

  • Use command-line commands

    • Create new user with useradd

    • Modify parameters with usermod

    • Delete accounts with userdel

  • Use Red Hat User Manger from GNOME desktop

Guide to Operating System Security


Creating accounts with the command line l.jpg
Creating Accounts with the Command Line

Guide to Operating System Security


Creating accounts with red hat user manager l.jpg
Creating Accounts with Red Hat User Manager

Guide to Operating System Security


Creating user accounts in netware 6 x l.jpg
Creating User Accounts in NetWare 6.x

  • Use ConsoleOne tool

Guide to Operating System Security


Creating user accounts in mac os x continued l.jpg
Creating User Accounts inMac OS X (Continued)

  • Choose Accounts icon in System Preferences window

    • Name of account holder

    • Short name for logging on

    • Password

    • Password hint

Guide to Operating System Security


Creating user accounts in mac os x continued22 l.jpg
Creating User Accounts inMac OS X (Continued)

  • Tools that enable server management (Mac OS X Server)

    • Server Admin

    • Macintosh Manager

Guide to Operating System Security


Accounts option in mac os x l.jpg
Accounts Option in Mac OS X

Guide to Operating System Security


Mac os x logon options l.jpg
Mac OS X Logon Options

  • Automatically log on to specific account when computer is booted

  • Log on by viewing a name and password box, or by seeing a list of user accounts

  • Hide Restart and Shut Down buttons

  • Show password hint after three unsuccessful logon attempts

Guide to Operating System Security


Mac os x server l.jpg
Mac OS X Server

  • Tools

    • Server Admin

    • MacIntosh Manager

Guide to Operating System Security


Setting account policies and configuring logon security l.jpg
Setting Account Policies and Configuring Logon Security

  • Place restrictions on passwords

  • Automatically lock out accounts after a specified number of unsuccessful logon attempts

Guide to Operating System Security


Guidelines for building strong passwords l.jpg
Guidelines for Building Strong Passwords

Guide to Operating System Security


Using account policies in windows server 2000 server 2003 l.jpg
Using Account Policies in Windows Server 2000/Server 2003

  • Set up as part of group policy that applies to all accounts in an Active Directory container

  • Can also be configured for a local computer

  • Account policy options affect:

    • Password security

    • Account lockout

Guide to Operating System Security


Password security options in windows server 2000 server 2003 l.jpg
Password Security Options in Windows Server 2000/Server 2003

  • Enforce password history

  • Maximum password age

  • Minimum password age

  • Minimum password length

  • Password(s) must meet complexity requirements

  • Store password using reversible encryption

Guide to Operating System Security


Account lockout options in windows server 2000 server 2003 l.jpg
Account Lockout Options in Windows Server 2000/Server 2003

  • Account lockout duration

  • Account lockout threshold

  • Reset account lockout container after

Guide to Operating System Security


Account security options in red hat linux 9 x l.jpg
Account Security Options in Red Hat Linux 9.x

  • No formal account security policies

  • Enables configuration of security options associated with individual accounts (using Red Hat User Manager)

  • Stores security information in shadow file (/etc/shadow) as properties associated with accounts

Guide to Operating System Security


Account password configuration options in red hat linux l.jpg
Account Password Configuration Options in Red Hat Linux

  • Setting an account to expire on a particular date

  • Locking a user account

  • Expiration of account passwords so that users have to reset them

Guide to Operating System Security


Red hat linux account password configuration l.jpg

9.x

Red Hat Linux Account Password Configuration

Guide to Operating System Security


Using account templates in netware 6 x l.jpg
Using Account Templates in NetWare 6.x

  • Configure through user templates before accounts are created

  • Use ConsoleOne utility to create user templates

Guide to Operating System Security


Establishing account properties with user template netware 6 x continued l.jpg
Establishing Account Properties with User Template (NetWare 6.x) (Continued)

  • Home directory location and access rights to that directory

  • Requirement for a password

  • Minimum password length

  • Requirement that password be changed within specified interval of time

  • Grace period that limits number of times user can log in after password has expired

Guide to Operating System Security


Establishing account properties with user template netware 6 x l.jpg
Establishing Account Properties with User Template (NetWare 6.x)

  • Requirement that a new password be used each time the old one is changed

  • Time restrictions

  • Intruder detection capabilities

  • Limit on number of simultaneous connections

  • Workstation logon restrictions

Guide to Operating System Security


Intruder detection in netware 6 x l.jpg
Intruder Detection in 6.x) NetWare 6.x

Guide to Operating System Security


Using global access privileges l.jpg
Using Global Access Privileges 6.x)

  • Windows 2000 Server/Server 2003

    • User rights govern user and administrative functions

  • NetWare 6.x

    • Uses access rights, applied in a different way, for more fine-tuned access functions

    • Role-based security establishes administrative roles for managing a server

Guide to Operating System Security


Windows server 2000 server 2003 user rights continued l.jpg
Windows Server 2000/ 6.x) Server 2003 User Rights (Continued)

  • Enable account or group to perform predefined tasks

    • Basic rights: access a server

    • Advanced: create accounts and manage server functions

  • Can be assigned to user accounts or to groups

    • Groups are more efficient (inherited rights)

Guide to Operating System Security


Windows server 2000 server 2003 user rights continued40 l.jpg
Windows Server 2000/ 6.x) Server 2003 User Rights (Continued)

  • Give server administrative security controls over who can access server and Active Directory resources

  • Two categories

    • Privileges

      • Manage server or Active Directory functions

    • Logon rights

      • Access accounts, computers, and services

Guide to Operating System Security


Windows server 2000 server 2003 privileges continued l.jpg
Windows Server 2000/ 6.x) Server 2003 Privileges (Continued)

Guide to Operating System Security


Windows server 2000 server 2003 privileges continued42 l.jpg
Windows Server 2000/ 6.x) Server 2003 Privileges (Continued)

Guide to Operating System Security


Windows server 2000 server 2003 privileges continued43 l.jpg
Windows Server 2000/ 6.x) Server 2003 Privileges (Continued)

Guide to Operating System Security


Windows server 2000 server 2003 logon rights l.jpg
Windows Server 2000/ 6.x) Server 2003 Logon Rights

Guide to Operating System Security


Role based security in netware 6 x l.jpg
Role-based Security in 6.x) NetWare 6.x

  • Allocated according to administrative roles (managing tasks or network services)

    • DHCP Management

    • DNS Management

    • eDirectory

    • iPrint Management

    • License Management

Guide to Operating System Security


Using group policies in windows server 2000 server 2003 l.jpg
Using Group Policies in Windows Server 2000/Server 2003 6.x)

  • Enables standardization by setting policies in Active Directory or on local computer (eg, account policies, user rights, IPSec policies)

  • Evolved from Windows NT Server 4.0 concept of system policy

    • Use Poledit.exe to configure basic user account and computer parameters (domain-wide or specific)

Guide to Operating System Security


Differences between system policy and group policy l.jpg
Differences Between System Policy and Group Policy 6.x)

Guide to Operating System Security


Defining characteristics of group policy l.jpg
Defining Characteristics of Group Policy 6.x)

  • Can be set for a site, domain, OU, or local computer

  • Stored in group policy objects

  • Local and nonlocal GPOs

Guide to Operating System Security


Configuring client security using policies l.jpg
Configuring Client Security Using Policies 6.x)

  • Advantages to customizing settings used by clients

    • Improved security

    • Consistent working environment

  • Customize settings by configuring policies on Windows 2000/2003 servers that clients access

    • When client logs on, policies are applied

Guide to Operating System Security


Manually configuring policies for clients l.jpg
Manually Configuring Policies for Clients 6.x)

  • Use either:

    • Group Policy Snap-in (Windows 2000 Server)

    • Group Policy Object Editor Snap-in (Windows Server 2003)

  • Use Administrative Templates object under User Configuration in a group policy object to customize desktop settings for client computers

Guide to Operating System Security


Manually configuring policies for clients51 l.jpg
Manually Configuring Policies for Clients 6.x)

Guide to Operating System Security


Configuring administrative templates l.jpg
Configuring Administrative Templates 6.x)

Guide to Operating System Security


Automated configuration of administrative templates l.jpg
Automated Configuration of Administrative Templates 6.x)

Guide to Operating System Security


Configuring administrative templates54 l.jpg
Configuring Administrative Templates 6.x)

Guide to Operating System Security


Configuring additional security options l.jpg
Configuring Additional Security Options 6.x)

  • Fine-tune security on a server by configuring security options within local policies in a GPO

  • Enables you to configure group policy security for special needs

Guide to Operating System Security


Configuring additional security options56 l.jpg
Configuring Additional Security Options 6.x)

Guide to Operating System Security


Slide57 l.jpg

Group Policy Security Options 6.x)

Guide to Operating System Security


Configuring additional security options58 l.jpg
Configuring Additional Security Options 6.x)

Guide to Operating System Security


Summary l.jpg
Summary 6.x)

  • Considerations when creating formal policies about account naming and security

  • How to set up accounts in different operating systems

  • How to configure those accounts to implement an organization’s policies

  • User rights and role-based security

  • How to work with group policies and security templates

Guide to Operating System Security


ad