Configuring Windows Firewall with Advanced Security

Slides:



Advertisements
Similar presentations
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Chapter 13 Securing Windows Server 2008
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Module 7: Implementing Security Using Group Policies.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Securing Windows Servers Using Group Policy Objects
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.
Windows Server 2008 Chapter 10 Last Update
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Designing Active Directory for Security
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
Troubleshooting Windows Vista Security Chapter 4.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Windows 7 Firewall.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Module 7: Managing the User Environment by Using Group Policy.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
If a bad guy can alter the operating system on your computer, it's not your computer anymore A bad guy could have altered the operating system on EVERY.
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Security and Security Permissions Lesson Nine.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Module 10: Windows Firewall and Caching Fundamentals.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Windows Server 2003 群組原則設定與管理 林寶森
Module 8 Implementing Security Using Group Policy.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Managing User Desktops with Group Policy
.
Implementing Client Security on Windows 2000 and Windows XP
Enabling Secure Internet Access with TMG
HARDENING CLIENT COMPUTERS
Utilize Group Policy Terminal Server Settings
Lesson 16-Windows NT Security Issues
Implementing Client Security on Windows 2000 and Windows XP Level 150
Chapter 8: Managing Accounts and Client Connectivity
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Configuring Windows Firewall with Advanced Security 20410B Week 5 Objectives 12: Securing Windows Servers Using Group Policy Objects Configuring Windows Firewall with Advanced Security

Security Risks and Costs 20410B Security Risks and Costs 12: Securing Windows Servers Using Group Policy Objects Malware Malware can be used to steal passwords and other useful information from your organization. Malware can also use your computers to send out spam. The most sophisticated malware could be written specifically to target your organization. Stolen data. Stolen data can be used by a competitor, or used to embarrass your organization. Legal issues. Customer confidential or private data is stolen or made public. Deleted data. lost data can be expensive and time-consuming to recover.

Applying Defense-In-Depth to Increase Security 20410B Applying Defense-In-Depth to Increase Security 12: Securing Windows Servers Using Group Policy Objects Defense-in-depth uses a layered approach to security Reduces an attacker’s chance of success Increases an attacker’s risk of detection Policies, procedures, and awareness Security documents, user education Physical security Guards, locks, tracking devices Perimeter Firewalls, network access quarantine control Networks Network segments, IPsec, Forefront TMG 2010 Host Hardening, authentication, update management Application Application hardening, antivirus Data ACLs, EFS, backup/restore procedures

Best Practices for Increasing Security 12: Securing Windows Servers Using Group Policy Objects Some best practices for increasing security are: Apply all available security updates quickly Follow the principle of least privilege Restrict console login Restrict physical access

Configuring Security Templates 20410B Configuring Security Templates 12: Securing Windows Servers Using Group Policy Objects Security Templates categories: Account Policies Local Policies Event Log Restricted Groups System Services Registry File System How Security Templates are distributed: Secedit.exe Security Template Snap-in Security Configuration Wizard Group Policy Security Compliance Manager

Configuring User Rights 20410B Configuring User Rights 12: Securing Windows Servers Using Group Policy Objects User Rights Types: Privileges Logon Rights Examples: Add workstations to a domain Allow log on locally Back up files and directories Change the system time Force shutdown from a remote computer Shut down the system

Configuring Security Options 20410B Configuring Security Options 12: Securing Windows Servers Using Group Policy Objects Security options settings: Administrator and Guest account names Access to CD/DVD drives Digital data signatures Driver installation behavior Logon prompts User account control Examples: Prompt user to change password before expiration Do not display last user name Rename administrator account Restrict CD-ROM access to locally logged-on users only

Configuring Restricted Groups 20410B Configuring Restricted Groups 12: Securing Windows Servers Using Group Policy Objects Group Policy can control group membership: For any group on a local computer, by applying a GPO to the OU containing the computer account For any group in AD DS, by applying a GPO to the Domain Controller’s OU

Configuring Account Policy Settings 20410B Configuring Account Policy Settings 12: Securing Windows Servers Using Group Policy Objects Account policies mitigate the threat of brute force guessing of account passwords Policies Default settings Password Controls complexity and lifetime of passwords Max password age: 42 days Min password age: 1 day Min password length: 7 characters Complex Password: enabled Store password using reversible encryption: disabled Account lockout Controls how many incorrect attempts can be made Lockout duration: not defined Lockout threshold: 0 invalid logon attempts Reset account lockout after: not defined Kerberos Subset of the attributes of domain security policy Can only be applied at the domain level

What Are Software Restriction Policies? 20410B What Are Software Restriction Policies? 12: Securing Windows Servers Using Group Policy Objects SRPs allow administrators to identify which applications are allowed to run on client computers SRPs can be based on the following: Hash Certificate Path Zone SRPs are applied through Group Policy

20410B What Is AppLocker? 12: Securing Windows Servers Using Group Policy Objects AppLocker applies Application Control Policies in Windows Server 2012 and Windows 8 AppLocker contains capabilities and extensions that: Reduce administrative overhead Helps administrators control how users can access and use files: .exe files scripts Windows Installer files (.msi and .msp files) DLLs Benefits of AppLocker: Controls how users can access and run all types of applications Allows the definition of rules based on a wide variety of variables Provides for importing and exporting entire AppLocker policies

20410B AppLocker Rules 12: Securing Windows Servers Using Group Policy Objects AppLocker defines rules based on file attributes such as: Rule actions Publisher name Product name File name File version Allow or Deny conditions Enforce or Audit Only policies

What Is Windows Firewall with Advanced Security? 20410B What Is Windows Firewall with Advanced Security? 12: Securing Windows Servers Using Group Policy Objects Windows Firewall is a stateful, host-based firewall that allows or blocks network traffic according to its configuration Supports filtering for both incoming and outgoing traffic Integrates firewall filtering and IPsec protection settings Enables you to configure rules to control network traffic Provides network location-aware profiles Enables you to import or export policies Windows Server 2008 Internet LAN Firewall Firewall rules control inbound and outbound traffic

20410B Firewall Profiles 12: Securing Windows Servers Using Group Policy Objects Firewall profiles are a set of configuration settings that apply to a particular network type The firewall profiles are: Domain Public Private Windows Server 2012 includes the ability to have multiple active firewall profiles

Connection Security Rules 20410B Connection Security Rules 12: Securing Windows Servers Using Group Policy Objects Connection security rules: Authenticate two computers before they begin communications Secure information being sent between two computers Use key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: Firewall rules allow traffic through, but do not secure that traffic Connection security rules can secure the traffic, but only if a firewall rule was previously configured

Deploying Firewall Rules 20410B Deploying Firewall Rules 12: Securing Windows Servers Using Group Policy Objects You can deploy Windows Firewall rules: By using Windows Firewall with Advanced Security By using Group Policy By exporting and importing firewall rules

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.