Clinic Security and Policy Enforcement in Windows Server 2008.

Slides:



Advertisements
Similar presentations
Ljubomir Ivaniš CPU d.o.o.
Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Agenda Introduction Network Access Protection platform architecture
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Module 3 Windows Server 2008 Branch Office Scenario.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India
Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Welcome to the course: Designing and Optimizing Database Solutions with Microsoft® SQL Server® 2008.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Windows Server 2008 Chapter 10 Last Update
Welcome Thank you for taking our training. Collection 6421: Configure and Troubleshoot Windows Server® 2008 Network Course 6690 – 6709 at
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Course 6420A Fundamentals of Windows Server® 2008 Network and Applications Infrastructure.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
Module 5: Designing Security for Internal Networks.
Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Module 7: Implementing Security Using Group Policy.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
Microsoft Windows 2008 Features and Functionality Guy Wilkin.
Course 2277: Implementing, Managing, and Maintaining a Microsoft ® Windows ® Server 2003 Network Infrastructure: Network Services.
Understand Server Protection LESSON Security Fundamentals.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Module 6: Network Policies and Access Protection.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
Module 5: Network Policies and Access Protection
Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.
Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.
Module Overview Installing and Configuring a Network Policy Server
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Implementing Network Access Protection
Configuring and Troubleshooting Routing and Remote Access
Server-to-Client Remote Access and DirectAccess
Goals Introduce the Windows Server 2003 family of operating systems
{ Security Technologies}
Presentation transcript:

Clinic Security and Policy Enforcement in Windows Server 2008

Introduction Name Company affiliation Title/function Job responsibility Windows Server 2003, XP and Vista experience Security Experience Expectations

Facilities Class hours Building hours Parking Restrooms Meals Phones Messages Smoking Recycling

About This Clinic Description Clinic Objectives Audience Prerequisites

Clinic Outline Security Enhancements in Windows Server 2008 Network Access Protection

Technology framework to help maximize the value of your IT investments Structured way to drive cost reduction, security & efficiency gains and boost agility Based on industry analyst and academic work Provides guidance and best practices for step-by-step implementation Infrastructure Optimization

Security Enhancements in Windows Server 2008

Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

Technical Background Windows Firewall with Advanced Security Internet Security Protocol (IPSec) Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) Enterprise PKI BitLocker Drive Encryption

Windows Firewall with Advanced Security

Demonstration: Windows Firewall with Advanced Security Creating Inbound and Outbound Rules Creating a Firewall Rule Limiting a Service

IPSec Integrated with WFAS IPSec Improvements Simplified IPSec Policy Configuration Client-to-DC IPSec Protection Improved Load Balancing and Clustering Server Support Improved IPSec Authentication Integration with NAP Multiple Authentication Methods New Cryptographic Support Integrated IPv4 and IPv6 Support Extended Events and Performance Monitor Counters Network Diagnostics Framework Support Integrated with WFAS IPSec Improvements Simplified IPSec Policy Configuration Client-to-DC IPSec Protection Improved Load Balancing and Clustering Server Support Improved IPSec Authentication Integration with NAP Multiple Authentication Methods New Cryptographic Support Integrated IPv4 and IPv6 Support Extended Events and Performance Monitor Counters Network Diagnostics Framework Support

Demonstration: Creating IPSec Policies Creating an IPSec Rule Specifying different Authentication Methods Activate and Deactivate Rules

AD Domain Services Auditing What changes have been made to AD DS auditing?

Read-Only Domain Controller (RODC) New Functionality AD Database Unidirectional Replication Credential Caching Password Replication Policy Administrator Role Separation Read-Only DNS New Functionality AD Database Unidirectional Replication Credential Caching Password Replication Policy Administrator Role Separation Read-Only DNS Requirements/Special Considerations RODC

BitLocker Drive Encryption (BDE) Data Protection Drive Encryption Integrity Checking Data Protection Drive Encryption Integrity Checking BDE Hardware and Software Requirements

Enterprise PKI Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation

Enterprise PKI Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation

Implementation/Usage Scenarios Enforce Security Policy Improve Domain Security Improve System Security Improve Network Communications Security

Recommendations Implement Network Access Protection Use Windows Firewall and Advanced Security to implement IPSec Deploy Read-Only Domain Controllers, where appropriate Implement BitLocker Drive Encryption Carefully test and plan all security policies Take advantage of PKI improvements

Summary Windows Server 2008 includes a variety of new security initiatives and features: Network Access Protection Windows Firewall and Advanced Security (WFAS) enhancements IPSec improvements Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controllers (RODCs) BitLocker Drive Encryption Removeable Device Installation Control Improvements to Enterprise PKI capabilities Windows Server 2008 includes a variety of new security initiatives and features: Network Access Protection Windows Firewall and Advanced Security (WFAS) enhancements IPSec improvements Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controllers (RODCs) BitLocker Drive Encryption Removeable Device Installation Control Improvements to Enterprise PKI capabilities

Questions and Answers

Network Access Protection in Windows Server 2008

Overview Network Access Protection Network Access Quarantine Control Internal, VPN and Remote Access Client Only VPN and Remote Access Clients IPSec, 802.1X, DHCP and VPNDHCP and VPN NAP NPS and Client included in Windows Server 2008 ; NAP client included in Vista Installed from Windows Server 2003 Resource Kit

Technical Background NAP Platform Architecture NAP Enforcement Methods NAP Infrastructure NAP Client Architecture NAP Server Architecture Component Communication

NAP Infrastructure Health Policy Validation Health Policy Compliance Automatic Remediation Limited Access

NAP Platform Architecture

NAP Enforcement Client 802.1X VPN IPSec DHCP NPS RADIUS

Demonstration: Network Access Protection Create a NAP Policy Using the MMC to Create NAP Configuration settings Create a new RADIUS Client Create a new System Health Validator for Windows Vista and Windows XP SP2

How NAP Works IPSec Enforcement IEEE 802.1X Logical Networks Remote Access VPNs DHCP

IPSec Enforcement in Logical Networks

Communication Initiation Process with IPSec Enforcement

NAP Client Health Certificate Process

IPSec Enforcement in NAP

802.1x Authenticated Connections

NAP Authentication Process Background Network Access Protection Settings Authorization Policies Authentication Process

Implementation/Usage Scenarios Ensuring the Health of Corporate Desktops Checking the Health and Status of Roaming Laptops Determining the Health of Visiting Laptops Verify the Compliance of Home Computers

Recommendations Carefully test and verify all IPSec Policies Use Quality of Service to improve bandwidth When using IPSec – employ ESP with encryption Plan to Prioritize traffic on the network Apply Network Access Protection to secure client computers Consider Using Domain Isolation

Summary Network Access Protection: Secures Remote Computers before accessing the Network Has Client and Server Components Can Use One or More of Several methods for Enforcement IPSec 802.1X VPN DHCP Provides Support for Third Party Software Network Access Protection: Secures Remote Computers before accessing the Network Has Client and Server Components Can Use One or More of Several methods for Enforcement IPSec 802.1X VPN DHCP Provides Support for Third Party Software

Questions and Answers

Lab: Network Access Protection In this lab, you will: Network Communications using WFAS Enforcing network communication policy using Policy-based QoS Network Access Protection with Windows Server 2008

What Next? Windows Server 2008 Beta: Home Page: Webcasts: Forums: Network Access Protection Home Page : : Introduction to Network Access Protection : Network Access Protection Platform Architecture : Network Access Protection Frequently Asked Questions : IPSec : Server and Domain Isolation :

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.