Understand Server Protection LESSON 4.3 98-367 Security Fundamentals.

Slides:



Advertisements
Similar presentations
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Advertisements

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 5: Configuring Access for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Module 3 Windows Server 2008 Branch Office Scenario.
Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Clinic Security and Policy Enforcement in Windows Server 2008.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.
Name Resolution Domain Name System.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Using Windows Firewall and Windows Defender
Hands-On Microsoft Windows Server 2008
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Module 14: Configuring Server Security Compliance
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 11: Remote Access Fundamentals
Module 8: Configuring Network Access Protection
Connecting to a Network Lesson 5. Objectives Understand the OSI Reference Model and its relationship to Windows 7 networking Install and configure networking.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.
Module 7 Active Directory and Account Management.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
1 Part-1 Chap 5 Configuring Accounts Definitions.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Configuring Network Access Protection
Module 1: Implementing Active Directory ® Domain Services.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
Module 7: Implementing Security Using Group Policy.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Configuring Network Connectivity Lesson 7. Skills Matrix Technology SkillObjective DomainObjective # Using the Network and Sharing Center Use the Network.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Introduction to Active Directory
1 Configuring Sites Configuring Site Settings Configuring Inter-Site Replication Troubleshooting Replication Maintaining Server Settings.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.
11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.
Module Overview Installing and Configuring a Network Policy Server
Configuring Windows Firewall with Advanced Security
Implementing Network Access Protection
Configuring and Troubleshooting Routing and Remote Access
Presentation transcript:

Understand Server Protection LESSON Security Fundamentals

LESSON 4.3 Lesson Overview In this lesson, you will learn:  Separation of services  Hardening  Keeping servers updated  Secure dynamic DNS updates  Disabling unsecure authentication protocols  Read-only domain controllers  Separate management VLAN  Microsoft ® Baseline Security Analyzer

Security Fundamentals LESSON 4.3 Anticipatory Set Introducing the Security Compliance Toolkit Series Vlad Pigin, Senior Program Manager and Shruti Kala, Product Manager Run time: 6:37

Security Fundamentals LESSON 4.3 Service Oriented Architecture  The key to separation is to define a virtual platform that is equally relevant to a number of real platforms.  The objective of the virtual platform is to enable the separation of services from the implementation and allow components built on various implementation platforms to offer services with no implementation dependencies.  The SOA platform becomes essentially a blueprint that covers the development and implementation platforms.  Provides guidance on the development and implementation of applications  Common architectural style—different applications can all share the same structure, and the relationships between the parts of the structure are the same.

Security Fundamentals LESSON 4.3 Service Oriented Architecture (continued) Example platform components of a virtual platform include:  Host environment  Consumer environment  Middleware  Integration and assembly environment  Development environment  Asset management  Publishing & discovery  Service level management  Security infrastructure  Monitoring & measurement  Diagnostics & failure  Consumer/Subscriber management  Web service protocols  Identity management  Certification  Deployment & versioning

Security Fundamentals LESSON 4.3 Baseline Server Hardening  Requirements to ensure that the server hardening processes achieve their security goals: o The base install of all operating system and post-operating system software comes from a trusted source. o Servers are connected only to a completely trusted network during the install and hardening processes. o The base install includes all current service packs and is reasonably current with regard to post-service pack updates. o After the base install finishes, you must update the target servers.

Security Fundamentals LESSON 4.3 Baseline Server Hardening (Security Goals)  Use a strong password on administrator accounts.  Rename the administrator account.  Disable the guest account.  Set account lockout policy.  Remove all unnecessary file shares.  Set appropriate ACLs on all necessary file shares.  Install antivirus software and updates.

Security Fundamentals LESSON 4.3 Windows Server Update Services (WSUS)  Provides a management infrastructure: o Microsoft Update: The Microsoft website that distributes updates to Microsoft products. o WSUS server: The server component that is installed on a computer running a supported operating system inside the corporate firewall. Enables administrators to manage and distribute updates through an administrative console, which can be used to manage any WSUS server in any domain with which it has a trust relationship.

Security Fundamentals LESSON 4.3 WSUS (continued)  At least one WSUS server in the network must connect to Microsoft Update to get available updates.  The administrator can decide how many WSUS servers should connect directly to Microsoft Update. o These servers can then distribute updates to other downstream WSUS servers.  Automatic Updates o The client computer component built into Windows ® operating systems. o Enables both server and client computers to receive updates either from Microsoft Update or from a WSUS server.

Security Fundamentals LESSON 4.3 Software Updates Consist of Two Parts: 1. Update files: The actual files that are installed on client computers 2. Update metadata: Information needed to perform the installation, which includes: o Update properties: Title, description, Knowledge Base article, Microsoft Security Response Center number. o Applicability rules: Used by Automatic Updates to determine whether or not the update is needed on a particular computer. o Installation information: Command-line options to apply when installing the updates.

Security Fundamentals LESSON 4.3 Secure Dynamic Update  DNS update security is available only for zones that are integrated into Active Directory ®.  By default, dynamic update security for DNS servers and clients can be handled as follows: o DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. o Clients use a default update policy that permits them to attempt to overwrite a previously registered resource record, unless they are specifically blocked by update security.

Security Fundamentals LESSON 4.3 Enable or Disable a Network Protocol or Component  Network performance is enhanced and network traffic is reduced when only the required protocols and clients are enabled.  If a computer encounters a problem with a network or dial-up connection, it attempts to establish connectivity by using every network protocol that is installed and enabled.  By enabling only the protocols that the computer can use, the operating system does not attempt to connect by using protocols it cannot use, and returns status information to you more efficiently.  Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

Security Fundamentals LESSON 4.3 Enable or Disable a Network Protocol or Component (continued) 1. Right-click the connection for which you want to enable or disable a network protocol or component, and then click Properties. 2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 3. Do one of the following: o For a local area connection, on the General tab, in This connection uses the following items, select the check box next to the component you want to enable it, or clear to disable it. o If a dial-up or VPN connection, on the Networking tab, in This connection uses the following items, select the check box next to the component you want to enable it, or clear to disable it. o If this is an incoming connection, on the Networking tab, in Network components, select the check box next to the component you want to enable it, or clear the check box to disable it.

Security Fundamentals LESSON 4.3 Read-Only Domain Controllers (RODC)  A new type of domain controller in the Windows Server ® 2008 operating system.  Hosts read-only partitions of the Active Directory database.  Makes it possible for organizations to deploy a domain controller in scenarios where physical security cannot be guaranteed: o Branch office locations. o Where local storage of all domain passwords is considered a primary threat.

Security Fundamentals LESSON 4.3 ROCD (continued)  Has reduced management requirements that are provided by such features as unidirectional replication.  Well suited for a site that should not have a user who is a member of the Domain Administrators group.

Security Fundamentals LESSON 4.3 Separate Management VLAN  Network segmentation is the physical isolation of network traffic that flows between communicating systems.  The physical network is divided into distinct parts (segments) such as subnets (performed by a router) or VLANs (switch).  Microsoft NAP supports a variety of policy enforcement methods that work in conjunction with a number of network technologies including IPsec, DHCP, and 802.1x.

Security Fundamentals LESSON 4.3 Microsoft NAP Protection Enforcement Methods EnforcementHealthy HostUnhealthy Host IPsecFull Access: Can communicate with any trusted peer in any location over any network(s) Healthy peers reject connection requests from unhealthy systems; remediation to restricted VLAN or other policy possible 802.1xFull accessRestricted VLAN VPNFull accessRestricted VLAN DHCPFull IP address given, full access Restricted set of routes

Security Fundamentals LESSON 4.3 Microsoft Baseline Security Analyzer (MBSA)  An easy-to-use tool that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.  Detects common security misconfigurations and missing security updates on your computer systems.  Ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS).

Security Fundamentals LESSON 4.3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.