Module 6: Designing Security for Network Hosts

Slides:

Advertisements

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Advertisements

Patch Management Patch Management in a Windows based environment

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 1: Installing Windows XP Professional

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Module 5: Creating and Configuring Group Policy

Paula Kiernan Senior Consultant Ward Solutions

Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.

System and Network Security Practices COEN 351 E-Commerce Security.

Chapter 7 HARDENING SERVERS.

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Essentials of Security Steve Lamb Technical Security Advisor

IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Maintaining and Updating Windows Server 2008

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

VMware vCenter Server Module 4.

Module 8: Implementing Administrative Templates and Audit Policy.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Microsoft ® Official Course Module 9 Configuring Applications.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Module 13: Configuring Availability of Network Resources and Content.

Module 4: Add Client Computers and Devices to the Network.

Securing Microsoft® Exchange Server 2010

Module 14: Configuring Server Security Compliance

Module 7: Fundamentals of Administering Windows Server 2008.

The Microsoft Baseline Security Analyzer A practical look….

Module 1: Installing and Configuring Servers. Module Overview Installing Windows Server 2008 Managing Server Roles and Features Overview of the Server.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Module 1: Installing Microsoft Windows XP Professional.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Small Business Security Keith Slagle April 24, 2007.

Enterprise Network Security Accessing the WAN – Chapter 4.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Module 11: Designing Security for Network Perimeters.

Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.

Microsoft Management Seminar Series SMS 2003 Change Management.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 7: Implementing Security Using Group Policy.

NetTech Solutions Protecting the Computer Lesson 10.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 2: Designing Network Security

Module 9 Planning and Implementing Monitoring and Maintenance.

Module 10: Implementing Administrative Templates and Audit Policy.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.

Module 7: Designing Security for Accounts and Services.

Maintaining and Updating Windows Server 2008 Lesson 8.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Module 5: Designing Physical Security for Network Resources

Securing Network Servers

Implementing Client Security on Windows 2000 and Windows XP Level 150

IS4680 Security Auditing for Compliance

Presentation transcript:

Module 6: Designing Security for Network Hosts

Overview Creating a Security Plan for Network Hosts Creating a Design for the Security of Network Hosts

Lesson 1: Creating a Security Plan for Network Hosts MSF and Security of Network Hosts Defense in Depth and Security of Network Hosts Types of Security Settings for Network Host Security STRIDE Threat Model and Security of Network Hosts Practice: Identifying Security Threats to Network Hosts

MSF and Security of Network Hosts The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Classify your environment: Legacy Client Enterprise Client Specialized Security Limited Functionality 3 4 5 Plan Envision

Defense in Depth and Security of Network Hosts Policies, Procedures, and Awareness Physical Security Perimeter Internal Network Host Application Data

Types of Security Settings for Network Host Security The Security Guides for Windows XP and Windows Vista include sample security templates based on classification Client Hardening The “Windows Server 2003 Security Guide” includes sample security templates based on distinct server roles Server Hardening Proactive management of security updates is a requirement for keeping your technology environment secure and reliable Patch Management Control the download and installation of antivirus updates on your computers Antivirus Distributed firewalls are installed on each individual system, but they must use a centralized access policy Distributed Firewall

STRIDE Threat Model and Security of Network Hosts Administrative password is exposed during installation Spoofing Baseline security is not deployed uniformly Tampering Security configuration is not updated when a computer’s role changes Repudiation Sensitive data remains on hard disks and other storage media when the computer is decommissioned Information disclosure Virus infects a computer before virus protection software is installed Denial of service Computer is not secured properly for its role Elevation of privilege

Practice: Identifying Security Threats to Network Hosts Test for spoofing threats Test for tampering and repudiation threats Test for information disclosure threats

Lesson 2: Creating a Design for the Security of Network Hosts Life Cycle of a Network Host Methods for Securing Initial Host Installation Process for Creating a Secure Baseline Security for Specific Computer Roles Methods for Applying Security Updates Host-Based Firewalls Methods for Assessing the Security of Network Hosts Secure Decommissioning of Network Hosts Practice: Applying Security to a Network Host

Life Cycle of a Network Host Life-cycle Phase Security consideration Initial installation Viruses and configuration errors can compromise the security of a computer Baseline configuration After initial installation, configure the baseline configuration settings that you require Role-specific security Apply additional configuration beyond the baseline configuration for roles that require specific security Application of security updates To maintain the baseline security configuration, install the service packs and security updates Decommissioning Dispose of computers in a way that makes it impossible for attackers to obtain information

Methods for Securing Initial Host Installation Details Isolated networks Protects computers from attackers before security measures are applied Updated media Ensures that all security updates and service packs are installed during initial configuration Custom scripts Ensures that only required services are installed for the computers’ role Enables the configuration of secure default settings Hard disk imaging Uses a copy of a secure installation, including applications and security measures Remote Installation Services Centrally manages the installation of custom scripts and hard disk images

Process for Creating a Secure Baseline To create a secure baseline for computers: Create a baseline security policy for computers Create custom security templates Test the custom security templates Deploy the custom security templates 1 2 3 4

Security for Specific Computer Roles When applying security for specific computer roles: Predict unique threats to a computer based on its role Consider the value of data on the computer Use the baseline procedure to create a unique security template for each computer role Domain Controller File Server Web Server

Methods for Applying Security Updates Methods include: Microsoft Update Windows Server Update Services Systems Management Server Domain Controller File Server Web Server

Host-Based Firewalls

Methods for Assessing the Security of Network Hosts Methods include: The Microsoft Security Assessment Tool Microsoft Baseline Security Analyzer Security Configuration Wizard Third-party software that tests for vulnerabilities Vulnerability or penetration testing Domain Controller File Server Web Server

Secure Decommissioning of Network Hosts Destroy the data that computers store to ensure that attackers cannot retrieve confidential information Remove media from storage devices before disposal Consider physically destroying the media after you erase or format the data on the media Dispose of printed confidential information in a secure manner, for example, by shredding

Practice: Applying Security to a Network Host Apply security by using SCW

Lab: Designing Security for Network Hosts Exercise 1 Identifying Vulnerabilities When Applying Security Updates Exercise 2 Identifying Vulnerabilities When Decommissioning Computers