Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 7: Designing Security for Accounts and Services.

Published byPatrick Henderson Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 7: Designing Security for Accounts and Services."— Presentation transcript:

1 Module 7: Designing Security for Accounts and Services

2 Overview Creating a Security Plan for Accounts Creating a Security Plan for Services Creating a Design for Security of Accounts and Services

3 Lesson 1: Creating a Security Plan for Accounts MSF and Security of Accounts STRIDE Threat Model and Security of Accounts Activity: Identifying Threats to Accounts

4 MSF and Security of Accounts The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Identify the level of trust for accounts: External users Internal users Administrators Decide which locations your plan will help to protect Identify the level of trust for accounts: External users Internal users Administrators 3 3 4 4 5 5 Plan Envision

5 STRIDE Threat Model and Security of Accounts Sharing or writing down of passwords by users Spoofing Weak passwords Tampering Passwords are stored on computers Repudiation Use of an administrator account for non-administrative tasks Information disclosure Services that do not run as the system account Denial of service Users who have local administrator privileges Elevation of privilege

6 Activity: Identifying Threats to Accounts In this practice you will: Read the scenario Answer the questions Discuss with the class Read the scenario Answer the questions Discuss with the class

7 Lesson 2: Creating a Security Plan for Services MSF and Security of Services Considerations When Securing Services STRIDE Threat Model and Security of Services Practice: Identifying Threats to Services

8 MSF and Security of Services The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that you use: The Local Service account The Network Service account Decide which locations your plan will help to protect Ensure that you use: The Local Service account The Network Service account 3 3 4 4 5 5 Plan Envision

9 Follow the three core principles: Considerations When Securing Services Know your system Use the principle of least privilege Use the principle of least service Know your system Use the principle of least privilege Use the principle of least service

10 STRIDE Threat Model and Security of Services Security exposure occurs whenever you configure a service to log on as a user Spoofing The potential for exploitation increases with each poorly secured server Tampering If an attacker steals the user name and password used by a service, they can gain access to other servers Repudiation The larger the scope of privilege, the greater the number of resources at risk Information disclosure The scope of the vulnerability to the network is all the computers residing in the domain Denial of service Domain administrator credentials create transitive opportunities for escalation across the domain Elevation of privilege

11 Practice: Identifying Threats to Services Create a list of services currently running on Windows Server 2003 View a list of default services on Windows Server 2003

12 Lesson 3: Creating a Design for Security of Accounts and Services Securing Accounts Securing Services Considerations for Password Policies

13 Securing Accounts To secure accounts: Define levels of trust Develop processes for creating and deleting accounts Develop processes for rights/permissions for accounts Develop processes for enforcing and monitoring Develop processes for using administrative accounts Define levels of trust Develop processes for creating and deleting accounts Develop processes for rights/permissions for accounts Develop processes for enforcing and monitoring Develop processes for using administrative accounts 1 1 3 3 4 4 2 2 5 5

14 To secure services: Audit all servers to determine essential services Determine which services must run Eliminate all domain admin accounts for services Use a least privilege hierarchy for service deployment Manage service account password changes Enforce strong passwords Audit all servers to determine essential services Determine which services must run Eliminate all domain admin accounts for services Use a least privilege hierarchy for service deployment Manage service account password changes Enforce strong passwords 1 1 3 3 4 4 5 5 6 6 2 2 Securing Services

15 Configure the following password policy settings: Considerations for Password Policies Maximum password age Enforce password history Minimum password age Minimum password length Passwords must meet complexity requirements Account lockout Maximum password age Enforce password history Minimum password age Minimum password length Passwords must meet complexity requirements Account lockout

16 Lab: Designing Security for Accounts and Services Exercise 1 Identifying Potential Account Vulnerabilities Exercise 2 Implementing Countermeasures

Download ppt "Module 7: Designing Security for Accounts and Services."

Similar presentations

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Information Security Policies and Standards

Information Security Policies and Standards
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Securing Windows Servers Using Group Policy Objects

Securing Windows Servers Using Group Policy Objects
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref:www.microsoft.com. Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Similar presentations

Ads by Google