© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

Slides:



Advertisements
Similar presentations
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Advertisements

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
Understanding Active Directory
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Web Server Administration Chapter 5 Managing a Server.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Working with Workgroups and Domains
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
The University of Akron Summit College Business Technology Dept.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Gorman, Stubbs, & CEP Inc. 1 Introduction to Operating Systems Lesson 12 Windows 2000 Server.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Configuring Encryption and Advanced Auditing
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Module 11: Remote Access Fundamentals
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Chapter 10: Rights, User, and Group Administration.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Managing Applications, Services, Folders, and Libraries Lesson 4.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Privilege Management Chapter 22.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Configuring and Managing Resource Access Lecture 5.
IS3220 Information Technology Infrastructure Security
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Introduction to Networking.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Lesson 14: Configuring File and Folder Access MOAC : Configuring Windows 8.1.
ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.
Lesson 4: Configuring File and Share Access
Module Overview Installing and Configuring a Network Policy Server
Securing the Network Perimeter with ISA 2004
To Join the Teleconference
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
IS4550 Security Policies and Implementation
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls

© ITT Educational Services, Inc. All rights reserved.Page 2 IS3230 Access Security Class Agenda 10/15/15  Chapter 8  Learning Objectives  Lesson Presentation and Discussions.  Class project outline due  Lab Activities will be performed in class..  Assignments will be given in class.  Break Times. 10 Minutes break in every 1 Hour.  Note: All Assignment and labs due today.

© ITT Educational Services, Inc. All rights reserved.Page 3 IS3230 Access Security Learning Objective  Implement appropriate access controls for information systems within information technology (IT) infrastructures.

© ITT Educational Services, Inc. All rights reserved.Page 4 IS3230 Access Security Key Concepts  The three states of data  File system access control lists  User account type privilege management  Access control best practices  Organization-wide layered infrastructure access control

© ITT Educational Services, Inc. All rights reserved.Page 5 IS3230 Access Security EXPLORE: CONCEPTS

© ITT Educational Services, Inc. All rights reserved.Page 6 IS3230 Access Security The Three States of Data Stored on some device Archived records Data at Rest (DAR) Sending an Retrieving a Web page Data in Motion (DIM) Creating a new document Processing a payment Data in Process

© ITT Educational Services, Inc. All rights reserved.Page 7 IS3230 Access Security DAR  Discussion:  As Students to give example of  Data at rest  Data in Motion  Data in Process.

© ITT Educational Services, Inc. All rights reserved.Page 8 IS3230 Access Security Securing DAR  Use of access Control mechanisms  Data Encryption.  Back ups  Physical Security

© ITT Educational Services, Inc. All rights reserved.Page 9 IS3230 Access Security  Use encryption to protect stored data: Elements in databases Files on network and shared drives Files on portable or movable drives, Universal serial bus (USB), and flash drives Files and shared drives accessible from the Internet Personal computers (PCs), laptop hard drives, and full disk encryption Protecting DAR

© ITT Educational Services, Inc. All rights reserved.Page 10 IS3230 Access Security DIM Gateway Network A Gateway Network B Direct Connection Remote virtual private network (VPN) Connection

© ITT Educational Services, Inc. All rights reserved.Page 11 IS3230 Access Security Protecting, DIM,  Vulnerable as it travels  Less risky than DAR  Attacker will have to get access to physical connection.  Boarder protection are needed –Firewalls and IDS

© ITT Educational Services, Inc. All rights reserved.Page 12 IS3230 Access Security Securing DIM  Encryption mechanisms to secure communication channel  SLL  HTTPS  VPN

© ITT Educational Services, Inc. All rights reserved.Page 13 IS3230 Access Security Difficult to protect since it is being operated on by the central processing unit (CPU) Protecting DIP

© ITT Educational Services, Inc. All rights reserved.Page 14 IS3230 Access Security Object level Security  Object is an item or group of items or group of information.  As in object oriented programming.  Security rules can be set on objects to secure data at rest of in motion  Example Firewalls and Web content filters

© ITT Educational Services, Inc. All rights reserved.Page 15 IS3230 Access Security File System Access Controls  File system access controls will include logging of user activities on the: Files Applications Systems Access Controls at Different Levels in a System

© ITT Educational Services, Inc. All rights reserved.Page 16 IS3230 Access Security  Trust-Based Peer to Peer (P2P)  Workgroup  Role-Based Access  Group-Based Files Access Types of File System Access Controls

© ITT Educational Services, Inc. All rights reserved.Page 17 IS3230 Access Security Access Control list  Security policies assigned to objects  Access control entities  Access denied, Access allowed, System audit.

© ITT Educational Services, Inc. All rights reserved.Page 18 IS3230 Access Security  Microsoft (MS) Windows versus UNIX  File system controls in MS Windows and UNIX are different, but used to accomplish the same objective–control access to data assets  Windows file access rights are inherited Types of File System Access Controls (Continued)

© ITT Educational Services, Inc. All rights reserved.Page 19 IS3230 Access Security Basic Access control rights in Windows.  Use in both Widows workstations and Servers for files and folders  Full Control  Modify  Read and execute  List Folder content  Read  Write

© ITT Educational Services, Inc. All rights reserved.Page 20 IS3230 Access Security Advanced Rights for file  Full Control  Traverse Folder  Read Attribute  Create files/Write data  Write Attribute  Create folder/ Append data  Delete  Read Permission  Change permission  Take ownership

© ITT Educational Services, Inc. All rights reserved.Page 21 IS3230 Access Security Windows Administrator Rights  A domain Administer – Full control of all computers in a Domain  Supper Administrator- Build in Secret administrator.

© ITT Educational Services, Inc. All rights reserved.Page 22 IS3230 Access Security EXPLORE: PROCESSES

© ITT Educational Services, Inc. All rights reserved.Page 23 IS3230 Access Security UNIX and Linux  Simplify ACL is based file permission system  Access rights are not inherited.  Rights in UNIX-Read, Write and Execute.  Root is a special class user in a UNIX or Linux  Also known as Super user  Supper user do (sudo) – allow user have privilege as a super user.

© ITT Educational Services, Inc. All rights reserved.Page 24 IS3230 Access Security Layered Protection Through IT Infrastructure

© ITT Educational Services, Inc. All rights reserved.Page 25 IS3230 Access Security Layered Protection Through IT Infrastructure (Continued) DMZ 2 DMZ 1 Dual DMZ Configuration

© ITT Educational Services, Inc. All rights reserved.Page 26 IS3230 Access Security EXPLORE: ROLES

© ITT Educational Services, Inc. All rights reserved.Page 27 IS3230 Access Security Roles and Responsibilities RoleResponsibilities System Owner  Owns System  Authorizes access  Performs non-technical access control review Network Administrator  Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users  Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties System Administrator  Grants access to system, applications, and data  Provides special access as required  Creates groups and assigns users and privileges  Provides backup and recovery capabilities of systems, applications, and data

© ITT Educational Services, Inc. All rights reserved.Page 28 IS3230 Access Security Roles and Responsibilities (Continued) RoleResponsibilities Application Owner  Grants access to applications that manipulate data  Maintains integrity of applications and processes Data Owner  Maintains data integrity  Authorizes distribution to internal and external parties User  Uses systems, applications, and data to perform functions  Creates file  Assigns data classification

© ITT Educational Services, Inc. All rights reserved.Page 29 IS3230 Access Security Summary  Three states of data  Protecting DIM and DAR  File system access controls  Layered protection  Roles and responsibilities

© ITT Educational Services, Inc. All rights reserved.Page 30 IS3230 Access Security Unit 6 Lab Activities  Lab # 6: Enhance Security Controls Leveraging Group Policy Objects  Complete the lab activities in class

© ITT Educational Services, Inc. All rights reserved.Page 31 IS3230 Access Security Unit 6 Assignments  Unit 6 Assignment: Aligning Account Types and Privileges  A copy of the assignment will be given in class.  Reading assignment: Read Chapters 9

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.