Presentation is loading. Please wait.

Presentation is loading. Please wait.

<none>.

Published byAllyson Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "<none>."— Presentation transcript:

1 <none>

2 Implementing Application and Data Security
<none> Presenter Name Job Title Company

3 Session Prerequisites
Understanding of network security essentials Hands-on experience with Windows® 2000 Server or Windows Server™ 2003 Experience with Windows management tools Hands-on experience with Exchange Server and SQL Server management tools <none> Level 300

4 Agenda Introduction Protecting Exchange Server Protecting SQL Server
Securing Small Business Server Providing Data Security <none>

5 Policies, Procedures, & Awareness
Defense in Depth Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success <none> Policies, Procedures, & Awareness Physical Security Data ACL, encryption Application Application hardening, antivirus OS hardening, update management, authentication, HIDS Host Internal Network Network segments, IPSec, NIDS Perimeter Firewalls, VPN quarantine Guards, locks, tracking devices User education

6 Why Application Security Matters
Perimeter defenses provide limited protection Many host-based defenses are not application specific Most modern attacks occur at the application layer <none>

7 Why Data Security Matters
Secure your data as the last line of defense Configure file permissions Configure data encryption Protects the confidentiality of information when physical security is compromised <none>

8 Application Server Best Practices
Configure security on the base operating system Apply operating system and application service packs and patches <none> Install or enable only those services that are required Assign only those permissions needed to perform required tasks Applications accounts should be assigned with the minimal permissions Apply defense-in-depth principles to increase protection

9 Agenda Introduction Protecting Exchange Server Protecting SQL Server
Securing Small Business Server Providing Data Security <none>

10 Exchange Security Dependencies
Exchange security is dependent on: Operating system security Network security IIS security (if you use OWA) Client security (Outlook) Active Directory security <none> Remember: Defense in Depth

11 Securing Exchange Servers
Exchange 2000 Back-End Servers Apply baseline security template and the Exchange back-end incremental template Exchange 2000 Front-End Servers Apply baseline security template and the Exchange front-end incremental template Dismount private and public stores Exchange 2000 OWA Server Apply IIS Lockdown, including URLScan Exchange 2003 Back-End Server Apply protocol security templates Exchange 2003 Front-End and OWA Server IIS Lockdown and URLScan integrated with IIS 6.0 Use application isolation mode <none>

12 Aspects of Exchange Server Security
Securing Access to Exchange Server Blocking unauthorized access Securing Communications Blocking and encrypting communications Blocking Spam Filtering incoming mail Relay restrictions: Don’t aid spammers! Blocking Insecure Messages Virus scanning Attachment blocking <none>

13 Configuring Authentication, Part 1
Secure Outlook client authentication Configure Exchange & Outlook 2003 to use RPC over HTTPS Configure SPA to encrypt authentication for Internet protocol clients <none> Remember: Secure authentication does not equal encryption of data

14 Configuring Authentication, Part 2
OWA supports several authentication methods: <none> Authentication Method Considerations Basic authentication Insecure, unless you require SLL Integrated authentication Limited client support, issues across firewalls Digest authentication Limited client support Forms-based authentication Ability to customize authentication Wide client support Available with Exchange Server 2003

15 Securing Communications
Configure RPC encryption Client side setting Enforcement with ISA Server FP1 Firewall blocking Mail server publishing with ISA Server Configure HTTPS for OWA Use S/MIME for message encryption Outlook 2003 Enhancements Kerberos authentication RPC over HTTPS <none>

16 Locate Client 2’s public key Message sent using S/MIME
Encrypting a Message Active Directory Domain Controller 2 Locate Client 2’s public key 6 Client 2’s private key is used to decrypt the shared key, and the shared key is used to decrypt the message <none> 4 Message sent using S/MIME 1 SMTP VS1 New message SMTP VS 2 5 Message arrives encrypted 3 Message encrypted with a shared key Client 2 Client 1

17 Demonstration 1 Securing Exchange Configuring Forms-Based Authentication Configuring RPC Encryption Using ISA Server to Publish Exchange <none>

18 Blocking Spam – Exchange 2000
Close open relays! Protect against address spoofing Prevent Exchange from resolving recipient names to GAL accounts Configure reverse DNS lookups <none>

19 Blocking Spam – Exchange 2003
Use additional features in Exchange Server 2003 Support for real-time block lists Global deny and accept lists Sender and inbound recipient filtering Improved anti-relaying protection Integration with Outlook 2003 and third-party junk mail filtering <none>

20 Demonstration 2 Configuring Exchange Spam Protection Anti-Relay Protection
<none>

21 Blocking Insecure Messages
Implement antivirus gateways Monitor incoming and outgoing messages Update signatures often Configure Outlook attachment security Web browser security determines whether attachments can be opened in OWA Implement ISA Server Message Screener can block incoming messages <none>

22 Using Permissions to Secure Exchange
Administration models Centralized Decentralized <none> Delegating permissions Creating administrative groups Using administrative roles Delegating administrative control

23 Enhancements in Exchange Server 2003
Many secure-by-default settings More restrictive permissions New mail transport features New Internet Connection Wizard Cross-forest authentication support <none>

24 Exchange System Policies
Defense in Depth Efficiency Continuity Performance Tuning Exchange System Policies Capacity Management Security Storage Management Hardware Upgrades Performance Monitoring Disaster Recovery Support Antivirus Event Monitoring Change Security Policies Firewall Issues Exchange System Policies AD Group Membership UPS Recovery Testing Availability Monitoring Availability Management Group Policies Backup <none>

25 Top Ten Things to Secure Exchange
Install the latest service pack 1 Install all applicable security patches 2 Run MBSA 3 <none> Check relay settings 4 Disable or secure well-known accounts 5 Use a layered antivirus approach 6 Use a firewall 7 Evaluate ISA Server 8 Secure OWA 9 Implement a backup strategy 10

26 Agenda Introduction Protecting Exchange Server Protecting SQL Server
Securing Small Business Server Providing Data Security <none>

27 Basic Security Configuration
Apply service packs and patches Use MBSA to detect missing SQL updates Disable unused services MSSQLSERVER (required) SQLSERVERAGENT MSSQLServerADHelper Microsoft Search Microsoft DTC <none>

28 Common Database Server Threats and Countermeasures
SQL Server Browser Web App Unauthorized External Access SQL Injection Password Cracking Network Eavesdropping Network Vulnerabilities Failure to block SQL ports Configuration Vulnerabilities Overprivileged service account Week permissions No certificate Web App Vulnerabilities Over-privileged accounts Weak input validation Internal Firewall Perimeter Firewall <none>

29 Database Server Security Categories
Network Operating System SQL Server Patches and Updates Shares Services Accounts Auditing and Logging Files and Directories Registry Protocols Ports SQL Server Security Database Objects Logins, Users, and Roles <none>

30 Network Security Restrict SQL to TCP/IP Harden the TCP/IP stack
Restrict ports <none>

31 Operating System Security
Configure the SQL Server service account with the lowest possible permissions Delete or disable unused accounts Secure authentication traffic <none>

32 Logins, Users, and Roles Use a strong system administrator (sa) password Remove the SQL guest user account Remove the BUILTIN\Administrators server login Do not grant permissions for the public role <none>

33 Files, Directories, and Shares
Verify permissions on SQL Server installation directories Verify that Everyone group does not have permissions to SQL Server files Secure setup log files Secure or remove tools, utilities, and SDKs Remove unnecessary shares Restrict access to required shares Secure registry keys with ACLs <none>

34 SQL Security Set authentication to Windows only
If you must use SQL Server authentication, ensure that authentication traffic is encrypted <none>

35 SQL Auditing Log all failed Windows login attempts
Log successful and failed actions across the file system Enable SQL Server login auditing Enable SQL Server general auditing <none>

36 Securing Database Objects
Remove the sample databases Secure stored procedures Secure extended stored procedures Restrict cmdExec access to the sysadmin role <none>

37 Using Views and Stored Procedures
SQL queries may contain confidential information Use stored procedures whenever possible Use views instead of direct table access Implement security best practices for Web-based applications <none>

38 Securing Web Applications
Validate all data input Secure authentication and authorization Secure sensitive data Use least-privileged process and service accounts Configure auditing and logging Use structured exception handling <none>

39 Top Ten Things to Protect SQL Server
Install the most recent service pack 1 Run MBSA 2 <none> Configure Windows authentication 3 Isolate the server and back it up 4 Check the sa password 5 Limit privileges of SQL services 6 Block ports at your firewall 7 Use NTFS 8 Remove setup files and sample databases 9 10 Audit connections

40 Agenda Introduction Protecting Exchange Server Protecting SQL Server
Securing Small Business Server Providing Data Security <none>

41 Recognizing Threats Small Business Server plays many server roles
External threats Small Business Server is often connected to the Internet Internal threats All components of Small Business Server must be secured Many settings secured by default <none>

42 Protecting Against External Threats
Configure password policies to require complex passwords Configure secure remote access Remote Web Workplace Remote Access Rename the Administrator account Implement Exchange and IIS security best practices Use a firewall <none>

43 Using a Firewall Included firewall features:
<none> Internet Firewall LAN Included firewall features: ISA Server 2000 in SBS 2000 and SBS 2003, Premium Edition Basic firewall functionality in SBS 2003, Standard Edition Consider a separate firewall SBS 2003 can communicate with an external firewall by using UPnP ISA Server can provide application-layer protection

44 Protecting Against Internal Threats
Implement an antivirus solution Implement a backup plan Run MBSA Control access permissions Educate users Do not use the server as a workstation Physically secure the server Limit user disk space Update the software <none>

45 Agenda Introduction Protecting Exchange Server Protecting SQL Server
Securing Small Business Server Providing Data Security <none>

46 Role and Limitations of File Permissions
Prevent unauthorized access Limit administrators Do not protect against intruders with physical access Encryption provides additional security <none>

47 Role and Limitations of EFS
Benefit of EFS encryption Ensures privacy of information Uses robust public key technology Danger of encryption All access to data is lost if the private key is lost Private keys on client computers Keys are encrypted with derivative of user’s password Private keys are only as secure as the password Private keys are lost when user profile is lost <none>

48 Encrypted on-disk data storage
EFS Architecture Win32 APIs NTFS I/O Manager EFS.sys Applications Encrypted on-disk data storage User mode Kernel mode Crypto API EFS Service <none>

49 EFS Differences Between Windows Versions
Windows 2000 and newer Windows versions support EFS on NTFS partitions Windows XP and Windows Server 2003 include new features: Additional users can be authorized Offline files can be encrypted The triple-DES (3DES) encryption algorithm can replace DESX A password reset disk can be used EFS preserves encryption over WebDAV Data recovery agents are recommended Usability is enhanced <none>

50 Implementing EFS: How to Do It Right
Use Group Policy to disable EFS until ready for central implementation Plan and design policies Designate recovery agents Assign certificates Implement via Group Policy <none>

51 Demonstration 3 Configuring EFS Configuring Data Recovery Agents Encrypting Files Decrypting Files Viewing EFS info <none>

52 Session Summary Protecting Applications and Data
Protecting Exchange Server Protecting SQL Server  Securing Small Business Server Providing Data Security <none>

53 Next Steps Stay informed about security
Sign up for security bulletins: Get the latest Microsoft security guidance: Get additional security training Find online and in-person training seminars: Find a local CTEC for hands-on training: <none>

54 For More Information Microsoft Security Site (all audiences)
TechNet Security Site (IT professionals) MSDN Security Site (developers) <none>

55 <none> Questions and Answers

56 <none>

Download ppt "<none>."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Implementing Application and Data Security Fred Baumhardt Senior Consultant – Security and Architecture Microsoft Consulting Services - UK.

Implementing Application and Data Security Fred Baumhardt Senior Consultant – Security and Architecture Microsoft Consulting Services - UK.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
© 2003 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied,

© 2003 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied,
Implementing Application and Data Security Presenter Name Job Title Company.

Implementing Application and Data Security Presenter Name Job Title Company.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
Secure SQL Server configuration Pat Larkin Ward Solutions

Secure SQL Server configuration Pat Larkin Ward Solutions
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Similar presentations

Ads by Google