Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:"— Presentation transcript:

1 Microsoft Security Resources

2 URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here: http://www.cs.cmu.edu/~help/security/pc_talk.html

3 Active Directory / Group Policy Windows 2000, XP clients only Windows 2000, XP clients only Automate client security settings Automate client security settings Policies at the Site, Domain, OU, local level Policies at the Site, Domain, OU, local level Delegation of Organizational units Delegation of Organizational units

4 Local Policy Settings Most of the same functions as Active Directory based policy, but applied on a per machine basis. Most of the same functions as Active Directory based policy, but applied on a per machine basis. IPSec based TCP/IP filtering for common types of network traffic (Netbios, HTTP, etc.) IPSec based TCP/IP filtering for common types of network traffic (Netbios, HTTP, etc.) IPSEC Policies can be downloaded from: http://www.cs.cmu.edu/~help/security/pc/windows_security.html IPSEC Policies can be downloaded from: http://www.cs.cmu.edu/~help/security/pc/windows_security.html http://www.cs.cmu.edu/~help/security/pc/windows_security.html

5 Software Update Services Local version of Windows Update Local version of Windows Update Ability to block patches Ability to block patches Patches download from a local server Patches download from a local server Client must initiate installation Client must initiate installation Settings applied via a Domain Group Policy Settings applied via a Domain Group Policy Evaluating Shavlik HFnetChkPro for automated patch management for infrastructure servers Evaluating Shavlik HFnetChkPro for automated patch management for infrastructure servers

6 IIS Security IIS Lockdown Wizard – removes legacy components and tightens folder security on the IIS directory structure. IIS Lockdown Wizard – removes legacy components and tightens folder security on the IIS directory structure. URLScan - ISAPI filter which reads incoming http requests and filters requests which do not meet the proper criteria. URLScan - ISAPI filter which reads incoming http requests and filters requests which do not meet the proper criteria. Configurable via.INI file Configurable via.INI file

7 SQL Security Reset the “SA” password Reset the “SA” password Apply Service packs and critical security hotfixes Apply Service packs and critical security hotfixes Proper validation of form fields that access SQL databases. Proper validation of form fields that access SQL databases.

8 Terminal Services Security Port 3389 is blocked Port 3389 is blocked Requires Cisco VPN client to access a workstation/server running Terminal Services Requires Cisco VPN client to access a workstation/server running Terminal Services

9 Microsoft Baseline Security Analyzer Checks for security misconfiguration and missing security patches. Checks for security misconfiguration and missing security patches. Developed by Shavlik technologies (HFnetchk). Developed by Shavlik technologies (HFnetchk). Output from the tool should be kept in a secure area or external media. Output from the tool should be kept in a secure area or external media.

10 Anti-Virus Software All PC’s should have Symantec’s Anti-virus corporate edition installed. All PC’s should have Symantec’s Anti-virus corporate edition installed. Machines installed by SCS facilities have the following settings pre-applied (via GRC.DAT): Machines installed by SCS facilities have the following settings pre-applied (via GRC.DAT): Weekly scan Weekly scan Nightly Live Update Nightly Live Update Application requires a password to remove Application requires a password to remove Real-time scan settings are locked Real-time scan settings are locked

11 Help! I’ve been hacked … Clauss will usually provide port information (where a malicious process is listening) Clauss will usually provide port information (where a malicious process is listening) Process to port mapping. Use “netstat –aon” (XP only). Process to port mapping. Use “netstat –aon” (XP only). Fport (available from Foundstone) Fport (available from Foundstone) TCPview(available from Sysinternals.com) TCPview(available from Sysinternals.com) Kill the malicious process(es). Patch the machine, reset passwords, remove artifacts. Kill the malicious process(es). Patch the machine, reset passwords, remove artifacts.

12 Help! Iv’e been hacked (cont.) In a lot of cases, it is easier to just wipe and reinstall the machine, rather than doing a detailed analysis. In a lot of cases, it is easier to just wipe and reinstall the machine, rather than doing a detailed analysis. Domain and Unix passwords should still be reset, since keystroke loggers are fairly common. Domain and Unix passwords should still be reset, since keystroke loggers are fairly common. Detailed help on cleaning hacked machines: Detailed help on cleaning hacked machines: http://www.cs.cmu.edu/~help/security/pc/break_ins.html

Download ppt "Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:"

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Securing Exchange, IIS, and SQL Infrastructures

Securing Exchange, IIS, and SQL Infrastructures
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.

How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.

Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.

Similar presentations

Ads by Google