HARDENING CLIENT COMPUTERS

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 18: Configuring Application Restriction Policies
Maintaining and Updating Windows Server 2008
Module 8: Implementing Administrative Templates and Audit Policy.
Group Policy in Microsoft Windows Active Directory.
Chapter 7 WORKING WITH GROUPS.
Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Chapter Six Windows XP Security and Access Controls.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
Module 14: Configuring Server Security Compliance
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Managing User Desktops with Group Policy
Performing Software Installation with Group Policy Lesson 9.
Module 6: Configuring User Environments Using Group Policy.
Module 7: Managing the User Environment by Using Group Policy.
Module 7 Configure User and Computer Environments By Using Group Policy.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Module 5: Configuring Internet Explorer and Supporting Applications.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Module 10: Implementing Administrative Templates and Audit Policy.
Lesson 6: Controlling Access to Local Hardware and Applications
Module 8 Implementing Security Using Group Policy.
1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.
ITMT Windows 7 Configuration Chapter 7 – Working with Applications.
Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.
Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.
Maintaining and Updating Windows Server 2008 Lesson 8.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Microsoft Installing & Configuring Windows Server Exam Questions Answers Powered By:
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Labs. Session 1 Lab: Installing and Configuring Windows 7 Exercise 1: Migrating Settings by Using Windows Easy Transfer Exercise 2: Configuring a Reference.
Implementing Client Security on Windows 2000 and Windows XP
Chapter 6 Application Hardening
Configuring Windows Firewall with Advanced Security
VCE Questions Dumps
Printers.
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Chapter 9 MANAGING SOFTWARE.
Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016
Securing Windows 7 Lesson 10.
Introduction to Group Policy
Operating System Hardening
Presentation transcript:

HARDENING CLIENT COMPUTERS Chapter 8 HARDENING CLIENT COMPUTERS

OPERATING SYSTEM SECURITY FEATURES Chapter 8: Hardening Client Computers OPERATING SYSTEM SECURITY FEATURES Microsoft Windows 98/Windows Me Windows NT 4.0 Windows 2000 Professional Windows XP with Service Pack 2

DESIGNING CLIENT SECURITY TEMPLATES Chapter 8: Hardening Client Computers DESIGNING CLIENT SECURITY TEMPLATES Create a custom security template for each client role: Desktop Laptop Kiosk Base custom templates on default workstation templates Never modify default security templates

DESIGNING A CLIENT COMPUTER OU MODEL Chapter 8: Hardening Client Computers DESIGNING A CLIENT COMPUTER OU MODEL Create OUs for different operating system versions Avoid using Windows Management Instrumentation (WMI) filtering Create OUs for different computer roles Create OUs for organizations with special security requirements Use security groups to apply GPOs to cross-sections of client computers

CLIENT COMPUTER OU MODEL SAMPLE 1 Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 1

CLIENT COMPUTER OU MODEL SAMPLE 2 Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 2

CLIENT COMPUTER OU MODEL SAMPLE 3 Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 3

THIRD-PARTY SECURITY SOFTWARE Chapter 8: Hardening Client Computers THIRD-PARTY SECURITY SOFTWARE Antivirus protection Antispyware protection Network backups Host-based firewalls for earlier versions of Windows

DESIGNING SOFTWARE RESTRICTION POLICIES Chapter 8: Hardening Client Computers DESIGNING SOFTWARE RESTRICTION POLICIES Hash rules Certificate rules Path rules Internet zone rules

RESTRICTING THE DESKTOP ENVIRONMENT Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT Windows components The Start menu The desktop The Control Panel

RESTRICTING THE DESKTOP ENVIRONMENT (CONT.) Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT (CONT.) Shared folders The network System settings Printers

RESTRICTING THE START MENU: BEFORE Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: BEFORE

RESTRICTING THE START MENU: AFTER Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: AFTER

PROTECTING DESKTOP COMPUTERS Chapter 8: Hardening Client Computers PROTECTING DESKTOP COMPUTERS Grant users only local User privileges or less Remove unnecessary items from the desktop and the Start menu Leverage the Hisecws.inf security template Use Group Policy settings to rename default accounts

PROTECTING MOBILE COMPUTERS Chapter 8: Hardening Client Computers PROTECTING MOBILE COMPUTERS At greater risk than desktop computers, mobile computers might be: Stolen Damaged Used for personal use Mobile computers require greater flexibility than desktop computers: Connect to home networks and wireless hotspots Users might need to install printer drivers Mobile computers use EFS to protect confidential files

Chapter 8: Hardening Client Computers PROTECTING KIOSKS Very likely to be abused Should be extremely restricted Should not be connected to the internal network

Chapter 8: Hardening Client Computers THE .NET FRAMEWORK Next-generation application environment: Required for many new applications Dramatically more secure Included with Windows Server 2003 Free download for earlier operating systems

Chapter 8: Hardening Client Computers CAS OVERVIEW Role-based security restricts what users can do CAS restricts what applications can do Grants access to the file system, registry, printers, the network, and other resources based on permissions assigned to an application Enables you to run potentially malicious applications safely Works only with .NET Framework applications

Chapter 8: Hardening Client Computers CAS AT WORK

Chapter 8: Hardening Client Computers CAS ELEMENTS Evidence Permission Permission set Code groups

CAS AND OPERATING SYSTEM SECURITY Chapter 8: Hardening Client Computers CAS AND OPERATING SYSTEM SECURITY

GUIDELINES FOR USING CAS Chapter 8: Hardening Client Computers GUIDELINES FOR USING CAS Use the principle of least privilege Test applications thoroughly after restricting CAS Push developers to use the .NET Framework Encourage software vendors to migrate to the .NET Framework

Chapter 8: Hardening Client Computers SUMMARY Earlier versions of Windows lack important security features Use security templates and GPOs to implement client security Create different configuration settings for client roles, operating systems, and security requirements Use .NET Framework and CAS to reduce the risks of malicious or vulnerable software

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.