Module 14: Securing Windows Server 2003. Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Slides:



Advertisements
Similar presentations
Planning and Administering Windows Server® 2008 Servers
Advertisements

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
Paula Kiernan Senior Consultant Ward Solutions
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.
Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.
Implementing Application and Data Security Presenter Name Job Title Company.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Secure SQL Server configuration Pat Larkin Ward Solutions
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Module 8: Implementing Administrative Templates and Audit Policy.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Module 7: Implementing Security Using Group Policies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Securing Windows Servers Using Group Policy Objects
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Securing Microsoft® Exchange Server 2010
Module 6: Designing Active Directory Security in Windows Server 2008.
1 Objectives Audit Policies Update and maintain your clients using Windows Server Update Service Microsoft Baseline Security Analyzer Windows Firewalls.
Module 14: Configuring Server Security Compliance
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Module 6: Designing Security for Network Hosts
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Module 7: Implementing Security Using Group Policy.
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
NetTech Solutions Protecting the Computer Lesson 10.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Module 10: Windows Firewall and Caching Fundamentals.
Module 10: Implementing Administrative Templates and Audit Policy.
Understand Server Protection LESSON Security Fundamentals.
Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Implementing Server Security on Windows 2000 and Windows Server 2003
Implementing Application and Data Security Brjann Brekkan Senior System Engineer Microsoft.
Module 8 Implementing Security Using Group Policy.
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
.
Configuring Windows Firewall with Advanced Security
HARDENING CLIENT COMPUTERS
Securing the Network Perimeter with ISA 2004
Hands-On Ethical Hacking and Network Defense
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Implementing Security Patch Management
Implementing Advanced Server and Client Security
Presentation transcript:

Module 14: Securing Windows Server 2003

Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline Security Analyzer

Lesson: Introduction to Securing Servers Security Challenges for Small and Medium-Sized Businesses Fundamental Security Trade-Offs What Is the Defense-in-Depth Model? Microsoft Windows Server Security Guidance

Security Challenges for Small and Medium- Sized Businesses Servers with a Variety of Roles Limited Resources to Implement Secure Solutions Internal or Accidental Threat Older Systems in Use Physical Access Negates Many Security Measures Lack of Security Expertise Legal Consequences

Fundamental Security Trade-Offs Security Trade-Offs Usability Low Cost Security

What Is the Defense-in-Depth Model? Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security documents, user education Policies, Procedures, & Awareness Physical Security OS hardening, authentication Firewalls Guards, locks Network segments, IPSec Application hardening, antivirus ACLs, encryption, EFS Perimeter Internal Network Host Application Data

Microsoft Windows Server Security Guidance Threats and Countermeasures Guide Windows Server 2003 Security Guide Default Access Control Settings in Windows Server 2003 Security Innovations in Windows Server 2003 Technical Overview of Windows Server 2003 Security Services

Lesson: Implementing Core Server Security Core Server Security Practices Recommendations for Hardening Servers Windows Server 2003 SP1 Security Enhancements What Is Windows Firewall? Post-Setup Security Updates What Is the Security Configuration Wizard? Practice: Implementing Core Server Security

Core Server Security Practices Apply the latest service pack and all available security updates Use Group Policy to harden servers Use MBSA to scan server security configurations Restrict physical and network access to servers Apply the latest service pack and all available security updates Use Group Policy to harden servers Use MBSA to scan server security configurations Restrict physical and network access to servers

Rename the built-in Administrator and Guest accounts Use restricted groups Restrict who can log on locally to servers Restrict access for built-in and non-operating- system service accounts Do not configure a service to log on using a domain account Use NTFS permissions to secure files and folders Recommendations for Hardening Servers

Windows Server 2003 SP1 Security Enhancements SP1 uses a proactive approach to securing the server by reducing the attack surface Restricts anonymous access to RPC services Restricts DCOM activation, launch, and call privileges and differentiate between local and remote clients Supports no execute hardware to prevent executables from running in memory spaces marked as nonexecutable Supports VPN Quarantine Supports IIS 6.0 metabase auditing Restricts anonymous access to RPC services Restricts DCOM activation, launch, and call privileges and differentiate between local and remote clients Supports no execute hardware to prevent executables from running in memory spaces marked as nonexecutable Supports VPN Quarantine Supports IIS 6.0 metabase auditing

What Is Windows Firewall? Enabled by default in new installs Audit logging to track firewall activity Boot-time security Global configuration Port restrictions based on the client network On with no exceptions Exceptions list Group Policy support

Post-Setup Security Updates

What Is the Security Configuration Wizard? SCW provides guided attack surface reduction Disables unnecessary services and IIS Web extensions Blocks unused ports and secure ports that are left open using IPSec Reduces protocol exposure Configures audit settings Disables unnecessary services and IIS Web extensions Blocks unused ports and secure ports that are left open using IPSec Reduces protocol exposure Configures audit settings SCW supports: Rollback Analysis Remote configuration Command-line support Active Directory integration Policy editing Rollback Analysis Remote configuration Command-line support Active Directory integration Policy editing

Practice: Implementing Core Server Security In this practice, you will: Configure Windows Firewall Install the Security Configuration Wizard Use the Security Configuration Wizard

Lesson: Hardening Servers What Is Server Hardening? What Is the Member Server Baseline Security Template? Security Threats to Domain Controllers Implement Password Security Security Templates for Specific Server Roles Best Practices for Hardening Servers for Specific Roles Practice: Hardening Servers

What Is Server Hardening? Bastion Hosts Verify settings application Apply Baseline Settings Securing Active Directory Infrastructure Servers File and Print Servers IIS Servers RADIUS (IAS) Servers Certificate Services Servers

Modify and apply the Member Server Baseline security template to all member servers Audit Policy User Rights Assignment Security Options Event Log System Services Audit Policy User Rights Assignment Security Options Event Log System Services Settings in the Member Server Baseline security template: What Is the Member Server Baseline Security Template?

Security Threats to Domain Controllers Modification of Active Directory data Password attacks against administrator accounts Denial-of-service attacks Replication prevention attacks Exploitation of known vulnerabilities Modification of Active Directory data Password attacks against administrator accounts Denial-of-service attacks Replication prevention attacks Exploitation of known vulnerabilities

Implement Password Security Use complex passwords to help prevent security breaches Do not implement authentication protocols that require reversible encryption Disable LM hash value storage in Active Directory Use complex passwords to help prevent security breaches Do not implement authentication protocols that require reversible encryption Disable LM hash value storage in Active Directory

Security Templates for Specific Server Roles Organize servers that perform specific roles by OU under the Member Servers OU Apply the Member Server Baseline security template to the Member Servers OU Customize security templates for servers that perform multiple roles Apply the appropriate role-based security template to each OU under the Member Servers OU

Best Practices for Hardening Servers for Specific Roles Modify security templates as needed for servers with multiple roles Enable only services required by role Enable service logging Use IPSec filtering to block all ports except the specific ports needed Secure service accounts and well-known user accounts

Practice: Hardening Servers In this practice, you will apply a security template by using Group Policy

Lesson: Microsoft Baseline Security Analyzer What Is MBSA? MBSA Benefits How MBSA Works MBSA Scan Options Practice: Microsoft Baseline Security Analyzer

What Is MBSA? Scans systems for:  Missing security updates  Potential configuration issues Works with a broad range of Microsoft software Allows an administrator to centrally scan multiple computers simultaneously MBSA is a free tool, and can be downloaded from the Microsoft TechNet Web site

MBSA Benefits MBSA reports important vulnerabilities: Password weaknesses Guest account not disabled Auditing not configured Unnecessary services installed IIS product vulnerabilities IE zone settings Automatic Updates configuration Windows XP firewall configuration Password weaknesses Guest account not disabled Auditing not configured Unnecessary services installed IIS product vulnerabilities IE zone settings Automatic Updates configuration Windows XP firewall configuration

How MBSA Works Windows Download Center MBSA Computer MSSecure.xml

MBSA Scan Options MBSA has three scan options: MBSA graphical user interface (GUI) MBSA standard command-line interface (mbsacli.exe) HFNetChk scan (mbsacli.exe /hf) MBSA graphical user interface (GUI) MBSA standard command-line interface (mbsacli.exe) HFNetChk scan (mbsacli.exe /hf)

Practice: Microsoft Baseline Security Analyzer In this practice, you will: Install MBSA Scan a computer by using MBSA

Lab: Securing Windows Server 2003 In this lab, you will: Use the Security Configuration Wizard Configure a Group Policy object for member servers Scan a range of computers by using MBSA

Course Evaluation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.