Presentation is loading. Please wait.

Presentation is loading. Please wait.

Planning and Administering Windows Server ® 2008 Servers.

Similar presentations


Presentation on theme: "Planning and Administering Windows Server ® 2008 Servers."— Presentation transcript:

1 Planning and Administering Windows Server ® 2008 Servers

2 Module 5: Managing Windows Server 2008 Security Planning a Defense-in-Depth Strategy Implementing Host-Level Security for Windows Server 2008 Implementing Network Security for Windows Server 2008

3 Lesson: Planning a Defense-in-Depth Strategy Characteristics of a Defense-in-Depth Strategy Layers in a Defense-in-Depth Strategy

4 Characteristics of a Defense in Depth Strategy A robust defense-in-depth strategy includes: A security risk management framework Identity and access management policies Network protection Update management Education Incident response Continual reassessment and optimization A security risk management framework Identity and access management policies Network protection Update management Education Incident response Continual reassessment and optimization

5 Layers in a Defense-in-Depth Strategy Policies and procedures Physical security Perimeter defenses Network defenses Host defenses Application defenses Data defenses

6 Lesson: Implementing Host-Level Security for Windows Server 2008 Assigning Administrative Permissions Windows Server 2008 Firewall Configuration Implementing Security Policies Implementing Security Templates Converting Security Configuration Wizard Settings to Security Templates

7 Assigning Administrative Permissions Principle of least privilege Identify administrative permissions or privileges required Grant only those permissions or privileges Granting privileges Factors affecting decision Relinquishing rights Principle of least privilege Identify administrative permissions or privileges required Grant only those permissions or privileges Granting privileges Factors affecting decision Relinquishing rights

8 Windows Server 2008 Firewall Configuration Direction Port Program Protocol Source IP address Destination IP address Connection security rule Direction Port Program Protocol Source IP address Destination IP address Connection security rule

9 Implementing Security Policies Security Configuration Wizard template settings include: Server roles Client features Additional services Firewall rules Authentication options Audit policy Security Configuration Wizard template settings include: Server roles Client features Additional services Firewall rules Authentication options Audit policy

10 Implementing Security Templates Built-in templates Configure default security settings or recommended values Built-in templates Configure default security settings or recommended values Microsoft templates Download additional templates with security guides Microsoft templates Download additional templates with security guides Custom templates Security Templates MMC snap-in Security Configuration and Analysis MMC snap-in Custom templates Security Templates MMC snap-in Security Configuration and Analysis MMC snap-in

11 Converting Security Configuration Wizard Settings to Security Templates Convert SCW security policies directly to GPOs Scwcmd.exe transform /p:SCWpolicyname.xml /g:GPOname

12 Lesson: Implementing Network Security for Windows Server 2008 Windows Server 2008 Server Locations Options for Network Security Recommendations for Implementing Windows Server 2008 Server Core

13 Windows Server 2008 Server Locations Perimeter network Bastion host Internal Segmented networks Perimeter network Bastion host Internal Segmented networks Perimeter Network Internal Bastion host

14 Options for Network Security RequirementSecurity Measures Secure Network Access Physical security 802.1x authentication Network segmentation Firewalls Network Access Protection (NAP) Secure Network Traffic Network segmentation Firewalls IPSec

15 Server Core enables you to install roles without additional services or the GUI Recommendations for Implementing Windows Server 2008 Server Core AD DS AD LDS DHCP DNS File Server Print Server IIS Streaming Media AD DS AD LDS DHCP DNS File Server Print Server IIS Streaming Media Extranet Perimeter network

16 Lab: Managing Windows Server 2008 Security Exercise 1: Planning a Windows Server 2008 Security Configuration Exercise 2: Implementing File Server Security Logon information Virtual machine 6430A-NYC-DC1-05 6430A-NYC-SVR1-05 User name Woodgrovebank\Administrator Password Pa$$w0rd Estimated time: 45 minutes

17 Module Review and Takeaways Review Questions Best Practices Tools


Download ppt "Planning and Administering Windows Server ® 2008 Servers."

Similar presentations


Ads by Google