Presentation is loading. Please wait.

Presentation is loading. Please wait.

Planning and Administering Windows Server® 2008 Servers

Published byElijah Callahan Modified over 10 years ago

Similar presentations

Presentation on theme: "Planning and Administering Windows Server® 2008 Servers"— Presentation transcript:

1 Planning and Administering Windows Server® 2008 Servers
Course 6430A Module 5: Managing Windows Server 2008 Security Presentation: 40 minutes Lab: 80 minutes Planning and Administering Windows Server® 2008 Servers This module helps students to plan and implement Windows Server 2008 security. After completing this module, students will be able to: Plan a defense-in-depth strategy for Windows Server 2008 security. Implement host-level security for Windows Server 2008. Implement network security for Windows Server 2008 servers. Required materials To teach this module, you need the Microsoft Office PowerPoint® file 6430A_05.ppt. Important It is recommended that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be displayed correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Make sure that students are aware that there are additional information and resources for the module on the Course Companion CD.

2 Module 5: Managing Windows Server 2008 Security
Course 6430A Module 5: Managing Windows Server 2008 Security Module 5: Managing Windows Server 2008 Security Planning a Defense-in-Depth Strategy Implementing Host-Level Security for Windows Server 2008 Implementing Network Security for Windows Server 2008 Explain to students that this module outlines the defense-in-depth approach to IT security, but it does not cover every aspect of this approach in detail. Reiterate to students that this course is aimed at server administrators. This is not a “how-to” course; therefore, it has a significant number of planning exercises with less focus on “hands-on” exercises than some courses. The course content and exercises direct students toward making decisions and providing guidance to others. A server administrator is often a person that is moving from a technical specialist role to a decision-making role. This course reflects the decision making tasks that a server administrator undertakes. Server administrators often act as an escalation point and sit between the technical specialist role and architect role. Students should expect to undertake many of the actions that are required of a server administrator during this course, including: Planning tasks. Relating business requirements to technical capabilities. Use the questions in the student notes for each topic to interact with the students and determine their level of understanding, and then use this information to pitch the course at a level that is appropriate to the audience.

3 Lesson: Planning a Defense-in-Depth Strategy
Course 6430A Lesson: Planning a Defense-in-Depth Strategy Module 5: Managing Windows Server 2008 Security Characteristics of a Defense-in-Depth Strategy Layers in a Defense-in-Depth Strategy Introduce the lesson as an overview of the requirements and considerations for a defense-in- depth strategy.

4 Characteristics of a Defense in Depth Strategy
Course 6430A Characteristics of a Defense in Depth Strategy Module 5: Managing Windows Server 2008 Security A robust defense-in-depth strategy includes: A security risk management framework Identity and access management policies Network protection Update management Education Incident response Continual reassessment and optimization ü ü Remind students that security is always changing, so a good security strategy must re-assess and adapt as new threats are identified. Reinforce each bullet point with examples, pay particular note to education, as users are often the weak link in the “security chain.” Reference (TechNet) - ms- help://MS.TechNet.2007JUL.1033/itsolutions/tnoffline/itsolutions/msit/security/mssecbp.ht m Or ü ü ü ü ü

5 Layers in a Defense-in-Depth Strategy
Course 6430A Layers in a Defense-in-Depth Strategy Module 5: Managing Windows Server 2008 Security Policies and procedures Physical security Perimeter defenses Network defenses Question students about the different devices or methods used to secure each level. Emphasize that policies and procedures should encompass all the requirements at each level. A good set of policies should be understood by employees, because it tells them what they should do to help secure the network. Reference - Host defenses Application defenses Data defenses

6 Lesson: Implementing Host-Level Security for Windows Server 2008
Course 6430A Lesson: Implementing Host-Level Security for Windows Server 2008 Module 5: Managing Windows Server 2008 Security Assigning Administrative Permissions Windows Server 2008 Firewall Configuration Implementing Security Policies Implementing Security Templates Converting Security Configuration Wizard Settings to Security Templates Emphasize to students that this lesson will focus on the host-layer aspects of security.

7 Assigning Administrative Permissions
Course 6430A Assigning Administrative Permissions Module 5: Managing Windows Server 2008 Security Principle of least privilege Identify administrative permissions or privileges required Grant only those permissions or privileges Granting privileges Factors affecting decision Relinquishing rights Ask students why the principle of least privilege for user accounts is important. Ask students what accounts might require administrative privileges – don’t forget service accounts.

8 Windows Server 2008 Firewall Configuration
Course 6430A Windows Server 2008 Firewall Configuration Module 5: Managing Windows Server 2008 Security Direction Port Program Protocol Source IP address Destination IP address Connection security rule Run through each of the configuration options and give examples to students. Explain that rules can be configured to override other rules (such as block rules). You may want to recap some common port numbers with students. Discuss firewall best practice of blocking all traffic (inbound and outbound) and allowing only known protocols or ports. Discuss with students the tools available to configure Windows Firewall: Windows Firewall with Advanced Security MMC snap-in SCW Group Policy

9 Implementing Security Policies
Course 6430A Implementing Security Policies Module 5: Managing Windows Server 2008 Security Security Configuration Wizard template settings include: Server roles Client features Additional services Firewall rules Authentication options Audit policy Remind students that network servers must also function as network clients, for example, using DNS or DHCP. Explain to students that a single security template does not have to include all these settings, and that you can include other template settings when you create a new template. You may want to elaborate further on what audit settings are available and when you would use them. Explain to students that too much auditing can be as much a problem as too little auditing. The next two slides discuss how to implement these templates after you create them. Remind students that these templates should be documented and tested before being applied to a production server.

10 Implementing Security Templates
Course 6430A Implementing Security Templates Module 5: Managing Windows Server 2008 Security Built-in templates Configure default security settings or recommended values Describe to students the importance of uniformity and consistency of security configurations. Microsoft templates Download additional templates with security guides Custom templates Security Templates MMC snap-in Security Configuration and Analysis MMC snap-in

11 Module 5: Managing Windows Server 2008 Security
Course 6430A Converting Security Configuration Wizard Settings to Security Templates Module 5: Managing Windows Server 2008 Security Convert SCW security policies directly to GPOs Scwcmd.exe transform /p:SCWpolicyname.xml /g:GPOname Point out to students that this conversion creates a new GPO in the domain. Also point out to the students that there are no sample templates provided in Window Server The following is a link to the security templates provided with the Windows Server Security Guide.

12 Lesson: Implementing Network Security for Windows Server 2008
Course 6430A Lesson: Implementing Network Security for Windows Server 2008 Module 5: Managing Windows Server 2008 Security Windows Server 2008 Server Locations Options for Network Security Recommendations for Implementing Windows Server Server Core This lesson focuses on some aspects of network security for Windows Server 2008.

13 Windows Server 2008 Server Locations
Course 6430A Windows Server 2008 Server Locations Module 5: Managing Windows Server 2008 Security Bastion host Ask students, or suggest, server types for each location. Discuss with students whether the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) and bastion host will include domain members. Typically, best practice security policies restrict the deployment of computers that are domain members into a perimeter network, but there may be exceptions. In some enterprise networks with large perimeter networks, there may be a separate forest deployed to the perimeter network. The following slide will expand on the use of segmented networks. Internal Perimeter Network Perimeter network Bastion host Internal Segmented networks Segmented networks

14 Options for Network Security
Course 6430A Options for Network Security Module 5: Managing Windows Server 2008 Security Requirement Security Measures Secure Network Access Physical security 802.1x authentication Network segmentation Firewalls Network Access Protection (NAP) Secure Network Traffic IPSec Discuss the requirements and implementation of 802.1x, such as machine certificate or MAC address based authentication. Ask delegates how network segmentation, firewalls, or the use of TCP/IP filtering could be used to protect servers holding confidential data.

15 Recommendations for Implementing Windows Server 2008 Server Core
Course 6430A Recommendations for Implementing Windows Server 2008 Server Core Module 5: Managing Windows Server 2008 Security Server Core enables you to install roles without additional services or the GUI Ask students why Server Core installations can be more secure. Ask students how Server Core installations can be managed – remind them that remote management tools will require matching firewall rules. Ask students if they can think of other locations or uses where Server Core could be beneficial. Extranet AD DS AD LDS DHCP DNS File Server Print Server IIS Streaming Media Perimeter network

16 Lab: Managing Windows Server 2008 Security
Course 6430A Lab: Managing Windows Server 2008 Security Module 5: Managing Windows Server 2008 Security Exercise 1: Planning a Windows Server 2008 Security Configuration Exercise 2: Implementing File Server Security In this lab, students will plan a Windows Server 2008 security configuration. Exercise 1 In this exercise, students will plan firewall rules and audit policy requirements. Exercise 2 In this exercise, students will implement a security policy by using the SCW and Group Policy. Before the students begin the lab, read the scenario associated with each exercise to the class. This will reinforce the broad issue that the students are troubleshooting and will help to facilitate the lab discussion at the end of the module. Remind the students to complete the discussion questions after the last lab exercise. Note: The lab exercise answer keys are provided on the Course Companion CD. To access the answer key, click the link located at the bottom of the relevant lab exercise page. Logon information Virtual machine 6430A-NYC-DC1-05 6430A-NYC-SVR1-05 User name Woodgrovebank\Administrator Password Pa$$w0rd Estimated time: 45 minutes

17 Module Review and Takeaways
Course 6430A Module Review and Takeaways Module 5: Managing Windows Server 2008 Security Review Questions Best Practices Tools Review Questions Point the students to the appropriate section in the course so that they are able to answer the questions presented in this section. Best Practices Help the students understand the best practices presented in this section. Ask students to consider these best practices in the context of their own business situations. Tools Point out the location from which each key tool can be installed. Let students review the function and usage of each tool on their own. Remind students that they can use this as a master list to help them gather all the tools required to facilitate their application support work.

Download ppt "Planning and Administering Windows Server® 2008 Servers"

Similar presentations

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Implementing and Administering AD FS

Implementing and Administering AD FS
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Chapter 13 Securing Windows Server 2008

Chapter 13 Securing Windows Server 2008
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.

IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
Understanding Active Directory

Understanding Active Directory
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Module 7: Implementing Security Using Group Policies.

Module 7: Implementing Security Using Group Policies.
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services

Similar presentations

Ads by Google