Module 3 Windows Server 2008 Branch Office Scenario.

Slides:

Advertisements

Similar presentations

What’s New in Windows Server 2008 AD?

Advertisements

Configuring and Troubleshooting Network Connections

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Chapter 13 Securing Windows Server 2008

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Chapter 7 HARDENING SERVERS.

Security and Policy Enforcement Mark Gibson Dave Northey

1.1 Installing Windows Server 2008 Windows Server 2008 Editions Windows Server 2008 Installation Requirements X64 Installation Considerations Preparing.

Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Understanding Active Directory

Module 16: Software Maintenance Using Windows Server Update Services.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Module 1: Installing Active Directory Domain Services

Implementing Dynamic Host Configuration Protocol

Clinic Security and Policy Enforcement in Windows Server 2008.

Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.

Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Windows Server 2008 Chapter 10 Last Update

Welcome Thank you for taking our training. Collection 6421: Configure and Troubleshoot Windows Server® 2008 Network Course 6690 – 6709 at

Implementing Dynamic Host Configuration Protocol

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Technical Overview. SecurityWebVirtualization Solid Foundation for Your Business Workloads Windows Server 2008 pillars Reduces costs, increases hardware.

Week #7 Objectives: Secure Windows 7 Desktop

Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.

70-411: Administering Windows Server 2012

Implementing Network Access Protection

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Module 14: Configuring Server Security Compliance

Securing AD DS Module A 3: Securing AD DS

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Module 1: Installing and Configuring Servers. Module Overview Installing Windows Server 2008 Managing Server Roles and Features Overview of the Server.

Module 11: Remote Access Fundamentals

Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.

Module 8: Configuring Network Access Protection

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Configuring Network Access Protection

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Module 1: Implementing Active Directory ® Domain Services.

Module 5: Designing Security for Internal Networks.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Module 7: Implementing Security Using Group Policy.

Understand Server Protection LESSON Security Fundamentals.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Module 8 Implementing Security Using Group Policy.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Implementing Network Access Protection

Securing the Network Perimeter with ISA 2004

Configuring and Troubleshooting Routing and Remote Access

{ Security Technologies}

Presentation transcript:

Module 3 Windows Server 2008 Branch Office Scenario

Clinic Outline Branch Office Server Deployment and Administration Branch Office Security Branch Corp RODC

Branch Office Server Deployment and Administration

Domain Name System (DNS) Server Role Background zone loading Read-only domain controller support Global Names zone DNS client changes Link-Local multicast name resolution (LLMNR) Domain controller location Background zone loading Read-only domain controller support Global Names zone DNS client changes Link-Local multicast name resolution (LLMNR) Domain controller location

AD Domain Services New AD MMC Snap-In Features Find Command New Options for Unattended Installs New AD MMC Snap-In Features Find Command New Options for Unattended Installs

Restartable AD Domain Services (AD DS) 3 Possible States: AD DS Started AD DS Stopped Active Directory Restore Mode 3 Possible States: AD DS Started AD DS Stopped Active Directory Restore Mode

Demonstration: Branch Office Server Deployment and Administration AD DS Installation Wizard Stopping and restarting AD DS

AD Domain Services Auditing What changes have been made to AD DS auditing?

AD Domain Services Backup and Recovery Considerations What’s New? General Requirements

Improved Server Deployment (Windows Server Virtualization) Addresses the following challenges: Server Consolidation Development and Testing Business Continuity/Disaster Recovery Addresses the following challenges: Server Consolidation Development and Testing Business Continuity/Disaster Recovery 64-bit Next Generation technology Server Core as a host system

File Services DFS Names Spaces Replication SYSVOL DFS Names Spaces Replication SYSVOL Server Message Block (SMB) 2.0

Next Generation TCP/IP Stack Receive Windows Auto-Tuning Compound TCP Throughput Optimization in High- Loss Environments Neighbor Unreachability Detection Changes in Dead Gateway Detection Receive Windows Auto-Tuning Compound TCP Throughput Optimization in High- Loss Environments Neighbor Unreachability Detection Changes in Dead Gateway Detection Changes in PTMU Black Hole Router Detection Routing Compartments ESTATS Support Network Diagnostics Framework Support New Packet Filtering Model with Windows Filtering Platform Changes in PTMU Black Hole Router Detection Routing Compartments ESTATS Support Network Diagnostics Framework Support New Packet Filtering Model with Windows Filtering Platform

Read-Only Domain Controller (RODC) New Functionality AD Database Unidirectional Replication Credential Caching Password Replication Policy Administrator Role Separation Read-Only DNS New Functionality AD Database Unidirectional Replication Credential Caching Password Replication Policy Administrator Role Separation Read-Only DNS Requirements/Special Considerations RODC

Read-only DC, RODC 管理員的處置方式入侵者看到的資訊

Implementation/Usage Scenarios Maintain physical security of data at the branch office Maintain physical security of servers at the branch office Provide secure IP-based communications with the branch office Control which computers can communicate on the branch office network

Recommendations Implement a Password Replication Policy Deploy a Read-Only Domain Controller at the branch office Implement administrator role separation Implement BitLocker Drive Encryption; do not require a PIN or USB device if no local admin Implement Network Access Protection Use IPSec for network communications

Module 4 Security and Policy Enforcement in Windows Server 2008

Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

Technical Background Windows Firewall with Advanced Security Internet Security Protocol (IPSec) Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) Enterprise PKI BitLocker Drive Encryption

Windows Firewall with Advanced Security

Demonstration: Windows Firewall with Advanced Security Creating Inbound and Outbound Rules Creating a Firewall Rule Limiting a Service

IPSec Integrated with WFAS IPSec Improvements Simplified IPSec Policy Configuration Client-to-DC IPSec Protection Improved Load Balancing and Clustering Server Support Improved IPSec Authentication Integration with NAP Multiple Authentication Methods New Cryptographic Support Integrated IPv4 and IPv6 Support Extended Events and Performance Monitor Counters Network Diagnostics Framework Support Integrated with WFAS IPSec Improvements Simplified IPSec Policy Configuration Client-to-DC IPSec Protection Improved Load Balancing and Clustering Server Support Improved IPSec Authentication Integration with NAP Multiple Authentication Methods New Cryptographic Support Integrated IPv4 and IPv6 Support Extended Events and Performance Monitor Counters Network Diagnostics Framework Support

BitLocker Drive Encryption (BDE) Data Protection Drive Encryption Integrity Checking Data Protection Drive Encryption Integrity Checking BDE Hardware and Software Requirements

Implementation/Usage Scenarios Enforce Security Policy Improve Domain Security Improve System Security Improve Network Communications Security

Recommendations Implement Network Access Protection Use Windows Firewall and Advanced Security to implement IPSec Deploy Read-Only Domain Controllers, where appropriate Implement BitLocker Drive Encryption Carefully test and plan all security policies Take advantage of PKI improvements

Network Access Protection in Windows Server 2008

Overview Network Access Protection Network Access Quarantine Control Internal, VPN and Remote Access Client Only VPN and Remote Access Clients IPSec, 802.1X, DHCP and VPNDHCP and VPN NAP NPS and Client included in Windows Server 2008 ; NAP client included in Vista Installed from Windows Server 2003 Resource Kit

NAP Infrastructure Health Policy Validation Health Policy Compliance Automatic Remediation Limited Access

NAP Enforcement Client 802.1X VPN IPSec DHCP NPS RADIUS

Demonstration: Network Access Protection Create a NAP Policy Using the MMC to Create NAP Configuration settings Create a new RADIUS Client Create a new System Health Validator for Windows Vista and Windows XP SP2

Implementation/Usage Scenarios Ensuring the Health of Corporate Desktops Checking the Health and Status of Roaming Laptops Determining the Health of Visiting Laptops Verify the Compliance of Home Computers

Recommendations Carefully test and verify all IPSec Policies Use Quality of Service to improve bandwidth When using IPSec – employ ESP with encryption Plan to Prioritize traffic on the network Apply Network Access Protection to secure client computers Consider Using Domain Isolation