Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Clinic PowerPoint Presentation

Clinic

126 Views Download Presentation
Download Presentation

Clinic

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Clinic Security and Policy Enforcement in Windows Server 2008

  2. Introduction • Name • Company affiliation • Title/function • Job responsibility • Windows Server 2003, XP and Vista experience • Security Experience • Expectations

  3. Facilities • Class hours • Building hours • Parking • Restrooms • Meals • Phones • Messages • Smoking • Recycling

  4. About This Clinic • Description • Clinic Objectives • Audience • Prerequisites

  5. Clinic Outline • Security Enhancements in Windows Server 2008 • Network Access Protection

  6. Infrastructure Optimization • Technology framework to help maximize the value of your IT investments • Structured way to drive cost reduction, security & efficiency gains and boost agility • Based on industry analyst and academic work • Provides guidance and best practices for step-by-step implementation

  7. Security Enhancements in Windows Server 2008

  8. Overview • Methods of Security and Policy Enforcement • Network Location Awareness • Network Access Protection • Windows Firewall with Advanced Security (WFAS) • Internet Protocol Security (IPSec) • Windows Server Hardening • Server and Domain Isolation • Active Directory Domain Services Auditing • Read-Only Domain Controller (RODC) • BitLocker Drive Encryption • Removable Device Installation Control • Enterprise PKI

  9. Technical Background • Windows Firewall with Advanced Security • Internet Security Protocol (IPSec) • Active Directory Domain Services Auditing • Read-Only Domain Controller (RODC) • BitLocker Drive Encryption • Enterprise PKI

  10. Windows Firewall with Advanced Security

  11. Demonstration: Windows Firewall with Advanced Security • Creating Inbound and Outbound Rules • Creating a Firewall Rule Limiting a Service

  12. IPSec • Integrated with WFAS • IPSec Improvements • Simplified IPSec Policy Configuration • Client-to-DC IPSec Protection • Improved Load Balancing and Clustering Server Support • Improved IPSec Authentication • Integration with NAP • Multiple Authentication Methods • New Cryptographic Support • Integrated IPv4 and IPv6 Support • Extended Events and Performance Monitor Counters • Network Diagnostics Framework Support

  13. Demonstration: Creating IPSec Policies • Creating an IPSec Rule • Specifying different Authentication Methods • Activate and Deactivate Rules

  14. AD Domain Services Auditing • What changes have been made to AD DS auditing?

  15. Read-Only Domain Controller (RODC) • New Functionality • AD Database • Unidirectional Replication • Credential Caching • Password Replication Policy • Administrator Role Separation • Read-Only DNS RODC • Requirements/Special Considerations

  16. BitLocker Drive Encryption (BDE) • Data Protection • Drive Encryption • Integrity Checking • BDE Hardware and Software Requirements

  17. Enterprise PKI • Easier management through PKIView • Certificate Web Enrollment • Network Device Enrollment Service • Managing Certificate with Group Policy • Certificate Deployment Changes • Online Certificate Status Protocol (OCSP) Support • Cryptographic Next Generation

  18. Implementation/Usage Scenarios • Enforce Security Policy • Improve Domain Security • Improve System Security • Improve Network Communications Security

  19. Recommendations • Carefully test and plan all security policies • Implement Network Access Protection • Use Windows Firewall and Advanced Security to implement IPSec • Deploy Read-Only Domain Controllers, where appropriate • Implement BitLocker Drive Encryption • Take advantage of PKI improvements

  20. Summary • Windows Server 2008 includes a variety of new security initiatives and features: • Network Access Protection • Windows Firewall and Advanced Security (WFAS) enhancements • IPSec improvements • Windows Server Hardening • Server and Domain Isolation • Active Directory Domain Services Auditing • Read-Only Domain Controllers (RODCs) • BitLocker Drive Encryption • Removeable Device Installation Control • Improvements to Enterprise PKI capabilities

  21. Questions and Answers

  22. Network Access Protection in Windows Server 2008

  23. Overview • Network Access Protection

  24. Technical Background • NAP Infrastructure • NAP Platform Architecture • NAP Enforcement Methods • NAP Client Architecture • NAP Server Architecture • Component Communication

  25. NAP Infrastructure • Automatic Remediation • Health Policy Validation • Health Policy Compliance • Limited Access

  26. NAP Platform Architecture

  27. NAP Enforcement Client • IPSec • 802.1X • VPN • DHCP • NPS RADIUS

  28. Demonstration: Network Access Protection Create a NAP Policy Using the MMC to Create NAP Configuration settings Create a new RADIUS Client Create a new System Health Validator for Windows Vista and Windows XP SP2

  29. How NAP Works • Logical Networks • IPSec Enforcement • IEEE 802.1X • Remote Access VPNs • DHCP

  30. IPSec Enforcement in Logical Networks

  31. Communication Initiation Process with IPSec Enforcement

  32. NAP Client Health Certificate Process

  33. IPSec Enforcement in NAP

  34. 802.1x Authenticated Connections

  35. NAP Authentication Process Background • Authentication Process • Network Access Protection Settings • Authorization Policies

  36. Implementation/Usage Scenarios • Checking the Health and Status of Roaming Laptops • Ensuring the Health of Corporate Desktops • Determining the Health of Visiting Laptops • Verify the Compliance of Home Computers

  37. Recommendations • When using IPSec – employ ESP with encryption • Carefully test and verify all IPSec Policies • Consider Using Domain Isolation • Use Quality of Service to improve bandwidth • Plan to Prioritize traffic on the network • Apply Network Access Protection to secure client computers

  38. Summary • Network Access Protection: • Secures Remote Computers before accessing the Network • Has Client and Server Components • Can Use One or More of Several methods for Enforcement • IPSec • 802.1X • VPN • DHCP • Provides Support for Third Party Software

  39. Questions and Answers

  40. Lab: Network Access Protection In this lab, you will: • Network Communications using WFAS • Enforcing network communication policy using Policy-based QoS • Network Access Protection with Windows Server 2008

  41. What Next? Windows Server 2008 Beta: https://connect.microsoft.com Home Page: http://www.microsoft.com/windowsserver/longhorn/default.mspx Webcasts: http://www.microsoft.com/windowsserver/longhorn/webcasts.mspx Forums: http://forums.microsoft.com/TechNet/default.aspx?ForumGroupID=161&SiteID=17 Network Access Protection • Home Page: http://www.microsoft.com/nap • Introduction to Network Access Protection: http://go.microsoft.com/fwlink/?LinkId=49884 • Network Access Protection Platform Architecture: http://go.microsoft.com/fwlink/?LinkId=49885 • Network Access Protection Frequently Asked Questions: http://go.microsoft.com/fwlink/?LinkId=49886 • IPSec: http://www.microsoft.com/ipsec • Server and Domain Isolation: http://www.microsoft.com/technet/network/sdiso/default.mspx