Chapter 7 HARDENING SERVERS.

Slides:



Advertisements
Similar presentations
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Advertisements

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Paula Kiernan Senior Consultant Ward Solutions
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Implementing Application and Data Security Fred Baumhardt Senior Consultant – Security and Architecture Microsoft Consulting Services - UK.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
© 2003 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied,
Implementing Application and Data Security Presenter Name Job Title Company.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 8: Implementing Administrative Templates and Audit Policy.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Module 6: Designing Active Directory Security in Windows Server 2008.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
70-411: Administering Windows Server 2012
Module 14: Configuring Server Security Compliance
Module 11: Remote Access Fundamentals
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Module 9: Fundamentals of Securing Network Communication.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Implementing Application and Data Security Rafal Lukawiecki Strategic Consultant & Director Project Botticelli Ltd
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.
Module 7: Implementing Security Using Group Policy.
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Module 10: Windows Firewall and Caching Fundamentals.
Module 10: Implementing Administrative Templates and Audit Policy.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Implementing Server Security on Windows 2000 and Windows Server 2003
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Implementing Application and Data Security Brjann Brekkan Senior System Engineer Microsoft.
Module 8 Implementing Security Using Group Policy.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Windows Server 2003 群組原則設定與管理 林寶森
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
.
Module Overview Installing and Configuring a Network Policy Server
Configuring Windows Firewall with Advanced Security
HARDENING CLIENT COMPUTERS
Operating System Hardening
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Chapter 7 HARDENING SERVERS

DEFAULT SECURITY TEMPLATES Chapter 7: Hardening Servers DEFAULT SECURITY TEMPLATES Set up Security.inf and DC Security.inf Compatws.inf Securews.inf and Securedc.inf Hisecws.inf and Hisecdc.inf Rootsec.inf Iesacls.inf

DESIGNING SECURITY TEMPLATES Chapter 7: Hardening Servers DESIGNING SECURITY TEMPLATES Create a custom security template for each role, not each computer Base custom templates on a default template Never modify default security templates Apply multiple security templates to computers with multiple roles

SECURITY TEMPLATE SETTINGS Chapter 7: Hardening Servers SECURITY TEMPLATE SETTINGS Account policies Local policies Event logs Group memberships Services Registry permissions File and folder permissions

SETTING NOT AVAILABLE IN SECURITY TEMPLATES Chapter 7: Hardening Servers SETTING NOT AVAILABLE IN SECURITY TEMPLATES Configuration of Automatic Updates Which Microsoft Windows components and applications are installed IPSec policies Software restrictions Wireless network policies EFS settings Certification Authority (CA) settings

CONFIGURING EARLIER VERSIONS OF WINDOWS Chapter 7: Hardening Servers CONFIGURING EARLIER VERSIONS OF WINDOWS Support Group Policy: Windows Server 2003 Windows 2000 Server Windows 2000 Professional Windows XP Professional Support System Policy: Windows NT 4.0 Windows 95 Windows 98 Windows Me

Chapter 7: Hardening Servers SYSTEM POLICY EDITOR

DEPLOYING SECURITY CONFIGURATION WITH GROUP POLICY Chapter 7: Hardening Servers DEPLOYING SECURITY CONFIGURATION WITH GROUP POLICY Import templates into Group Policy Leverage inheritance Filter Group Policy objects (GPOs) with security groups Use Windows Management Instrumentation (WMI) filtering only where necessary

SERVER HARDENING BEST PRACTICES Chapter 7: Hardening Servers SERVER HARDENING BEST PRACTICES Use the Configure Your Server Wizard Disable unnecessary services Develop a process for updating all software Change default port numbers Use network and host-based firewalls

SERVER HARDENING BEST PRACTICES (CONT.) Chapter 7: Hardening Servers SERVER HARDENING BEST PRACTICES (CONT.) Require IPSec Place Internet servers in perimeter networks Use physical security Restrict removable media Backup application-specific information

SERVER HARDENING BEST PRACTICES (CONT.) Chapter 7: Hardening Servers SERVER HARDENING BEST PRACTICES (CONT.) Audit backups and restores Rename default user accounts Develop security requirements for application-specific user databases Monitor each server role for failures Read security guides at http://www.microsoft.com

HARDENING DOMAIN CONTROLLERS Chapter 7: Hardening Servers HARDENING DOMAIN CONTROLLERS A compromised domain controller can lead to compromises of domain members Domain controllers can be identified with a DNS query Avoid storing application data in Active Directory Create a separate security group for users with privileges to backup domain controllers Use source-IP filtering to block domain requests from external networks

REQUIRE DOMAIN CONTROLLER SERVICES Chapter 7: Hardening Servers REQUIRE DOMAIN CONTROLLER SERVICES File Replication Service Intersite Messaging Kerberos Key Distribution Center Netlogon Remote Procedure Call (RPC) Locator Windows Management Instrumentation Windows Time

Chapter 7: Hardening Servers HARDENING DNS SERVERS When DNS servers are compromised, attackers can use them to: Identify internal network resources Launch man-in-the-middle attacks Perform a denial-of-service (DoS) attack

BEST PRACTICES FOR HARDENING DNS SERVERS Chapter 7: Hardening Servers BEST PRACTICES FOR HARDENING DNS SERVERS Use Active Directory–integrated zones. If not Active Directory integrated: Restrict permissions on zone files Use IPSec to protect zone transfers Disable recursion where possible Use separate internal and Internet servers Remove root hints on internal servers Allow only secure DNS updates if possible

HARDENING DHCP SERVERS Chapter 7: Hardening Servers HARDENING DHCP SERVERS Dynamic Host Configuration Protocol (DHCP) servers running Windows 2000 and later must be authorized in a domain DHCP servers can automatically update DNS Protect DHCP servers with 802.1X authentication

HARDENING FILE SERVERS Chapter 7: Hardening Servers HARDENING FILE SERVERS Carefully audit share permission and NTFS file system permissions Use source-IP filtering to block requests from external networks Audit access to critical and confidential files

Chapter 7: Hardening Servers HARDENING IAS SERVERS Enable Remote Authentication Dial-In User Service (RADIUS) message authenticators Use quarantine control Enable logging Audit logs frequently

HARDENING EXCHANGE SERVER COMPUTERS Chapter 7: Hardening Servers HARDENING EXCHANGE SERVER COMPUTERS Encrypt mail traffic with Transport Layer Security (TLS) Use Secure Sockets Layer (SSL) to protect Outlook Web Access (OWA) Enable Security events logging Audit for open relays to protect against spam

HARDENING EXCHANGE SERVER COMPUTERS (CONT.) Chapter 7: Hardening Servers HARDENING EXCHANGE SERVER COMPUTERS (CONT.) Use antispam software Use antivirus software Require strong passwords Audit with MBSA

HARDENING SQL SERVER COMPUTERS Chapter 7: Hardening Servers HARDENING SQL SERVER COMPUTERS Use Windows authentication when possible Use delegated authentication Configure granular authentication in SQL Server databases Audit SQL authentication requests Disable SQL communication protocols except TCP/IP, and require encryption Change the default port number

HARDENING SQL SERVER COMPUTERS (CONT.) Chapter 7: Hardening Servers HARDENING SQL SERVER COMPUTERS (CONT.) Audit custom applications for vulnerability to SQL injection attacks Audit databases for unencrypted confidential contents: User names and passwords Credit-card numbers Social Security numbers

Chapter 7: Hardening Servers SUMMARY Create security templates for every server role in your organization Apply security templates by using GPOs Techniques such as disabling unnecessary services and enabling host-based firewalls can be used to harden any type of server Server roles each have role-specific considerations, including: Services that should be enabled Ports that must be allowed Logging that should be enabled

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.