Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Published byElijah Lee Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration."— Presentation transcript:

1 Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

2 2 Objectives Manage security in Windows Server 2008 with various Windows utilities Discuss threats to Internet Protocol Security Create Internet Protocol Security policies Discuss Network Access Protection Install Network Access Protection

3 Managing Security in Server 2008 Tools for managing network security –Security Configuration Wizard –Windows Firewall –Encrypting File System –BitLocker –Microsoft Baseline Security Analyzer MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 3

4 Security Configuration Wizard Security Configuration Wizard (SCW) –Provides a step-by-step wizard for hardening your network servers Security policies can be created for: –Role-based service configuration –Network security –Registry settings –Audit policy MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 4

5 Security Configuration Wizard (continued) Activity 10-1: Creating a Role-Based Security Policy Time Required: 15 minutes Objective: Create a security policy using the SCW MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 5

6 Windows Firewall Allows users to turn the firewall off or on By default, Windows Firewall is turned on and allows exceptions for programs and ports Allows you to create exceptions for inbound traffic Exception –Instruction to open a port briefly, allow a program or service to pass information, and then close the port MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 6

7 7

8 8

9 Windows Firewall (continued) Activity 10-2: Working with Windows Firewall Time Required: 10 minutes Objective: Become familiar with the Windows Firewall interface MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 9

10 Windows Firewall (continued) Windows Firewall with Advanced Security –Provides a more robust interface for managing the firewall policies in detail –Used to manage Windows Firewall based on port, services, applications, and protocols MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 10

11 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 11

12 Windows Firewall (continued) Activity 10-3: Working with WFAS Time Required: 10 minutes Objective: Modify an inbound rule MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 12

13 Windows Firewall (continued) Windows Firewall with Advanced Security Console –Can be used to manage the following areas Inbound rules Outbound rules Connection security rules Monitoring MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 13

14 Windows Firewall (continued) Activity 10-4: Creating a New Firewall Rule Time Required: 10 minutes Objective: Create a firewall rule MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 14

15 Windows Firewall (continued) Windows Server 2008 uses the following network profiles –Public –Private –Domain Deploying Windows Firewall Settings via Group Policy – WFAS allows you to import or export firewall policies MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 15

16 Windows Firewall (continued) Activity 10-5: Configuring Firewall Rules with Network Profiles Time Required: 10 minutes Objective: Configure firewall rules with network profiles MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 16

17 Windows Firewall (continued) Activity 10-6: Working with Firewall Policies in the Group Policy Management Editor Time Required: 15 minutes Objective: Using Group Policy objects and firewall policies to deploy firewall settings MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 17

18 Encrypting File Services Symmetric encryption –Uses a single key and is faster and more efficient than public key encryption Public key (asymmetric) encryption –Each user has a public key available to everyone and a private key known only to the user EFS in Windows Server 2008 –When a user encrypts a file, a symmetric file encryption key (FEK) is generated that EFS uses to encrypt the file MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 18

19 Encrypting File Services (continued) Activity 10-7: Working with cipher.exe Time Required: 10 minutes Objective: Using cipher.exe with EFS MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 19

20 Encrypting File Services (continued) Activity 10-8: Using Windows Explorer to Encrypt Files with EFS Time Required: 10 minutes Objective: Configure file and folder encryption through the graphical user interface (GUI) MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 20

21 BitLocker Provides hard drive–based encryption of servers and Windows Vista computers Encrypts entire Windows system volume of a computer running Windows Server 2008 Designed to enhance protection against data theft or exposure on computers that are lost or stolen MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 21

22 BitLocker (continued) Four authentication modes used by BitLocker –BitLocker with a TPM –BitLocker with Universal Serial Bus (USB) flash drive in place of TPM –BitLocker with a TPM and a personal identification number (PIN) –BitLocker with a TPM and a USB flash drive MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 22

23 BitLocker (continued) Installing BitLocker –Hard drive that supports BitLocker needs to be configured before installing BitLocker –BitLocker requires at least 1.5 GB of unallocated or available drive space –System volume is responsible for maintaining the unencrypted boot information –Boot volume will contain the OS files and be encrypted by BitLocker MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 23

24 BitLocker (continued) Activity 10-9: Installing the BitLocker and the BitLocker Drive Preparation Tool in Windows Server 2008 Time Required: 15 minutes Objective: Install the BitLocker and BitLocker Drive Preparation tool MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 24

25 BitLocker (continued) Activity 10-10: Configuring BitLocker to Use a USB Flash Drive Time Required: 15 minutes Objective: Configure BitLocker to use a USB flash drive MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 25

26 Microsoft Baseline Security Analyzer Excellent tool for performing an initial analysis of your current security setup When MBSA scans a computer, it creates a report that is organized into the following areas –Security Assessment –Security Update Scan Results –Windows Scan Results –Internet Information Services (IIS) Scan Results –SQL Server Scan Results –Desktop Application Scan Results MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 26

27 Microsoft Baseline Security Analyzer (continued) Scanning a computer with MBSA –You can perform MBSA scans using: The GUI-based tool The mbsacli.exe command- line tool –One requirement of MBSA is Internet connectivity MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 27

28 Microsoft Baseline Security Analyzer (continued) Activity 10-11: Working with MBSA Time Required: 15 minutes Objective: Analyze Windows Server 2008 with MBSA MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 28

29 Internet Protocol Security An open-standards framework for securing network communications IPSec meets three basic goals –Authentication –Integrity –Confidentiality MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 29

30 IPSec Threats Depending on the configuration of IPSec, it provides protection from the following threats –Data tampering –Denial of service –Identity spoofing –Man-in-the-middle attacks –Repudiation –Network traffic sniffing MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 30

31 How IPSec Works IPSec modes of operation –Transport mode –Tunnel mode Scenarios available when deploying IPSec –Site to site –Client to client –Client to site MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 31

32 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 32

33 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 33

34 How IPSec Works (continued) IPSec security association modes –IPSec uses the Internet Key Exchange (IKE) to negotiate security protocols –IKE generates the encryption and authentication keys used by IPSec for the transaction –IPSec performs transactions in two phases Main mode/Phase 1 Quick mode/Phase 2 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 34

35 How IPSec Works (continued) IPSec security methods –IPSec uses two security services Encapsulating Security Payload Authentication Header IPSec policies –Can be managed with the following tools WFAS, IP Security Policy snap-in Netsh, GPME MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 35

36 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 36

37 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 37

38 How IPSec Works (continued) Activity 10-12: Creating an IPSec Policy for Domain Isolation Time Required: 15 minutes Objective: Use IPSec to isolate domain computers from nondomain computers MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 38

39 How IPSec Works (continued) Activity 10-13: Creating an IPSec Policy for Server- to-Server Communications Time Required: 15 minutes Objective: Use IPSec to secure communication between two hosts MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 39

40 Network Authentication in Windows Server 2008 Server 2008 supports the following authentication protocols to some degree –LAN Manager authentication –NTLM version 1 authentication –NTLM version 2 authentication All forms of NTLM use the challenge-response protocol MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 40

41 Introduction to Network Access Protection NAP can be broken into three parts –Health policy validation –Health policy compliance –Access limitation MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 41

42 NAP Terminology Enforcement Client Enforcement Server Host Credential Authorization Protocol Health Registration Authority Network Policy Server Remediation Server System Health Agent System Health Validator MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 42

43 NAP Enforcement Methods The five types of NAP enforcement methods used by NAP –802.1x-authenticated connections –Dynamic Host Configuration Protocol (DHCP) address configurations –IPSec communications –Terminal Services Gateway (TS Gateway) connections –Virtual Private Network (VPN) connections MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 43

44 Implementing NAP NAP –Designed by Microsoft to allow you to customize it to meet the unique needs of your networks –Implementing and configuring NAP differs from network to network based on requirements and policies MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 44

45 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 45

46 Installing NAP NAP is part of the NPS role To install NAP components –Add the NPS role either through the Role Services Wizard or from the command line using servermanagercmd.exe MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 46

47 Installing NAP (continued) Activity 10-14: Installing and Configuring NAP Time Required: 10 minutes Objective: Install NAP and configure a NAP policy MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 47

48 48 Summary The SCW –Guides you through the steps of hardening your network servers Windows Firewall –Provides inbound and outbound traffic enforcement through the Windows Firewall and WFAS consoles EFS –Microsoft’s built-in service for providing folder- and file-level encryption BitLocker –Provides hard drive–based encryption of servers MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

49 Summary (continued) At startup –BitLocker performs a system integrity authentication prior to booting into the OS MBSA –Scans single or multiple computers on a network and lets you view existing security scan reports IPSec –An open-standards framework for securing network communications –Works at the network layer of the OSI model MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 49

50 Summary (continued) On Windows networks –Windows Server 2008 uses Kerberos as its default authentication method in Active Directory domains To use NAP policies –A client must be a part of the NAP infrastructure on a network The HRA –Distributes health certificates to NAP clients that comply with network health Requirements MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 50

Download ppt "Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration."

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 13 Securing Windows Server 2008

Chapter 13 Securing Windows Server 2008
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Security Data Transmission and Authentication

Security Data Transmission and Authentication
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google