Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features."— Presentation transcript:

1 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features

2 Guide to MCSE 70-290, Enhanced 2 Objectives Identify the various elements and techniques that can be used to secure a Windows Server 2003 system Use Security Configuration and Analysis tools to configure and review security settings Audit access to resources and review Security log settings

3 Guide to MCSE 70-290, Enhanced 3 Securing Your Windows 2003 System Five broad categories of security-related features: Authentication Access control Encryption Security policies Service packs and hot fixes

4 Guide to MCSE 70-290, Enhanced 4 Authentication Most basic level is requiring a user id and password to log on to some system In a domain environment, authentication is centralized on the network while in a workgroup environment, authentication is local In a domain environment, a single authentication can provide access to multiple domains and forests Additional authentication methods can apply to other services (e.g., IIS)

5 Guide to MCSE 70-290, Enhanced 5 Access Control Access control is used to secure resources such as files, folders, and printers Common types of access control are NTSF and shared folder permissions, printer permissions, Active Directory object permissions The “principle of least privilege” implies that users should only have the access that they really need

6 Guide to MCSE 70-290, Enhanced 6 Encryption Confidential files can be encrypted using the Encrypting File System (EFS) for local files stored on NTFS volumes EFS uses a combination of public and private keys The IPSec protocol can encrypt the contents of packets sent across a TCP/IP network There are two IPSec modes: transport and tunnel IPSec is used to make it difficult for hackers to intercept sensitive network data

7 Guide to MCSE 70-290, Enhanced 7 Security Policies Security policy settings can be configured from the Local Security Policy and Group Policy Object Editor MMC snap-ins Security policies control a range of security settings Windows Server 2003 includes tools that analyze policy settings compared to pre-configured security templates Security Configuration and Analysis MMC snap-in Command-line SECEDIT utility

8 Guide to MCSE 70-290, Enhanced 8 Service Packs and Hot Fixes Many critical updates and patches are related to security issues Hot fixes address a specific identified issue A service pack is a cumulative collection of hot fixes and updates Service packs and hot fixes can be downloaded and installed from Microsoft Software Update Services can assist in automating and managing the distribution of updates

9 Guide to MCSE 70-290, Enhanced 9 Using Security Configuration Manager Tools Windows Server 2003 provides tools specifically designed to help configure and manage security settings (Security Configuration Manager tools) These tools plus Group Policies can be used to set up a Security Policy template which is administered centrally

10 Guide to MCSE 70-290, Enhanced 10 Using Security Configuration Manager Tools (continued) The Security Configuration and Analysis tool will compare a security template to existing settings The Security Configuration Manager tools include these components: Security templates Security settings in Group Policy objects Security Configuration and Analysis tool SECEDIT command-line tool

11 Guide to MCSE 70-290, Enhanced 11 Security Templates Templates help ensure consistency and ease maintenance across multiple machines Templates are text-based files Should not be edited or changed using a text-based editor There are a number of pre-defined templates for various settings

12 Guide to MCSE 70-290, Enhanced 12 Security Templates (continued)

13 Guide to MCSE 70-290, Enhanced 13 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run  type mmc  OK  File  Add/Remove Snap-in  Add Locate and view the available templates as directed Browse through the available templates and the specific policies associated with them

14 Guide to MCSE 70-290, Enhanced 14 Analyzing the Pre-configured Security Templates Network computers can be categorized as: Workstations Servers Domain controllers Pre-configured templates are applicable to a specific category of computer Only Windows Server 2003, Windows XP, and Windows 2000 can use security templates

15 Guide to MCSE 70-290, Enhanced 15 The Default Template The Setup Security.inf template contains default security settings applied when Windows Server 2003 is installed Contents depend upon the original configuration of computer (fresh install, upgrade, etc.) Allows an administrator to return to original settings easily Should not be applied using Group Policy

16 Guide to MCSE 70-290, Enhanced 16 Incremental Templates Modify security configurations incrementally Can only be applied on top of default security settings because they do not specify baseline configurations Templates include: compatws.inf, securews.inf, securedc.inf, hisecws.inf, hisecdc.inf, iesacls.inf, dc security.inf, rootsec.inf Custom templates can also be created

17 Guide to MCSE 70-290, Enhanced 17 Applying Security Templates Security templates can be applied to local machine or a domain For local machine Open Local Security Setting MMC snap-in and import a policy For domain Use Group Policy Objects Security settings from GPOs override local settings

18 Guide to MCSE 70-290, Enhanced 18 Applying Security Templates (continued)

19 Guide to MCSE 70-290, Enhanced 19 Activity 14-2: Creating a Security Template Objective: to explore the creation of a custom security template Open a New Template from the MMC Security Templates snap-in as directed Configure settings for the new template as specified Save the template View the template file

20 Guide to MCSE 70-290, Enhanced 20 Activity 14-3: Applying Security Template Settings to Group Policy Objects Objective: to use Group Policy to deploy security template settings Start  Administrative Tools  Active Directory Users and Computers Open the Default Domain Policy from the Properties of the domain Import the previously created template as directed Verify settings

21 Guide to MCSE 70-290, Enhanced 21 Security Configuration and Analysis The Security Configuration and Analysis snap-in permits the comparison of current system settings to those configured in templates The comparison identifies changes and potential weaknesses Multiple templates can be compared at once Multiple templates can be combined and saved Changes can be made directly within the snap-in by selecting the desired configuration

22 Guide to MCSE 70-290, Enhanced 22 Security Configuration and Analysis (continued)

23 Guide to MCSE 70-290, Enhanced 23 Activity 14-2: Creating a Security Template (continued)

24 Guide to MCSE 70-290, Enhanced 24 Activity 14-4: Analyzing Security Settings Using Security Configuration and Analysis Objective: To use the Security Configuration and Analysis snap-in to compare current configuration with security template settings Open the Security Configuration and Analysis snap-in as directed and open a new database Import the hisecdc.inf template for comparison Perform the analysis Review and compare the settings as directed

25 Guide to MCSE 70-290, Enhanced 25 Activity 14-4 (continued)

26 Guide to MCSE 70-290, Enhanced 26 SECEDIT Command-Line Tool SECEDIT is a command-line tool used to create and apply security templates and analyze settings Can be used where Group Policy cannot be applied Six main switches Analyze Configure Export Import Validate GenerateRollback

27 Guide to MCSE 70-290, Enhanced 27 Auditing Access to Resources and Analyzing Security Logs Auditing is used to track events on a network An audit policy defines which events should be recorded and whether successes and/or failures should be recorded Audited events are written into a security log which can be viewed with Event Viewer

28 Guide to MCSE 70-290, Enhanced 28 Activity 14-5: Exploring Default Auditing Settings Objective: to explore the auditing settings of the default domain controller GPO Open the Properties of the Domain Controllers OU in Active Directory Users and Computers Edit the Default Domain Controllers Policy on the Group Policy tab as directed Open the Audit Policy node and browse through the various policy settings

29 Guide to MCSE 70-290, Enhanced 29 Activity 14-5 (continued)

30 Guide to MCSE 70-290, Enhanced 30 Activity 14-5 (continued)

31 Guide to MCSE 70-290, Enhanced 31 Configuring Auditing The role of a computer on the network influences how an audit policy is configured For member servers or workstations Audit policies are implemented using GPOs assigned to the domain or OUs For domain controllers Audit policies are implemented via the Default Domain Controllers Policy applied to Domain Controllers OU For standalone workstations and servers Audit policies defined using Local Security Policy tool

32 Guide to MCSE 70-290, Enhanced 32 Requirements and Configuring an Audit Policy Requirements You must have proper permissions (Administrators Group or Manage auditing and security log user right) Auditing files and folders can only be done on NTFS volumes Configuring an audit policy Configure auditing on events to be monitored and if logging occurs on success and/or failure Configure auditing on specific resource objects such as files, folders, printers, and Active Directory objects

33 Guide to MCSE 70-290, Enhanced 33 Configuring an Audit Policy (continued)

34 Guide to MCSE 70-290, Enhanced 34 Activity 14-6: Configuring and Testing New Audit Policy Settings Objective: to become familiar with changing and testing the configuration of audit policy settings Open the Default Domain Controllers Policy GPO auditing settings Reconfigure the settings as directed Manually refresh the Group Policy settings Test the new settings and view results using Event Viewer

35 Guide to MCSE 70-290, Enhanced 35 Auditing Object Access When files and folders reside on an NTFS volume, you can monitor attempted and successful accesses of these objects Caution -- this can result in a large number of events being logged Object auditing is configured through the Advanced Security Settings on the resource Auditing is also possible for Active Directory objects

36 Guide to MCSE 70-290, Enhanced 36 Auditing Object Access (continued)

37 Guide to MCSE 70-290, Enhanced 37 Activity 14-7: Configuring Auditing on an NTFS Folder Objective: to log failed and successful accesses to an NTFS folder Create and configure NTFS permissions for a new folder Configure auditing settings for the folder Test the auditing settings and permissions by attempting to access and delete the folder Use Event Viewer to verify correct auditing

38 Guide to MCSE 70-290, Enhanced 38 Activity 14-7 (continued)

39 Guide to MCSE 70-290, Enhanced 39 Best Practices Plan carefully before implementing an audit policy General guidelines: Only audit events that provide truly useful information Review entries in the security log regularly Audit sensitive and confidential information Audit the Everyone group – it includes unauthenticated users Audit the assignment of user rights Audit the Administrators group

40 Guide to MCSE 70-290, Enhanced 40 Analyzing Security Logs For each event defined in an audit policy, an entry is written in the Security log if that event occurs Use Event Viewer to examine the Security log The log provides a summary of the date and time of each event, and the user performing the action More details by double-clicking the entry Event Viewer provides find and filter options to assist in managing the Security log

41 Guide to MCSE 70-290, Enhanced 41 Analyzing Security Logs (continued)

42 Guide to MCSE 70-290, Enhanced 42 Analyzing Security Logs (continued)

43 Guide to MCSE 70-290, Enhanced 43 Activity 14-8: Configuring Event Viewer Log Properties Objective: to use the find and filter features in Event Viewer to manage log files Open Event Viewer and view local Security log Use the Find feature to locate specific types of events as directed Next, use the Filter feature to manage the log, displaying only events meeting specified criteria Redisplay all records in the log as directed

44 Guide to MCSE 70-290, Enhanced 44 Configuring Event Viewer There are a number of configurable settings that determine the size, number of entries, and overwrite policy in a security log Default initial security log size is 16 MB in Windows Server 2003 (up from 512 KB in 2000) Settings are configured from the Properties of the Security log in Event Viewer

45 Guide to MCSE 70-290, Enhanced 45 Configuring Event Viewer (continued)

46 Guide to MCSE 70-290, Enhanced 46 Activity 14-9: Editing Security Log Settings and Saving Events Objective: to configure properties of the Security log and save event entries for archiving purposes Open the Properties of the Security log through Event Viewer Reconfigure the Security log size and overwrite properties as directed Save and clear the Security log as noted Open the saved log to verify

47 Guide to MCSE 70-290, Enhanced 47 Summary Windows Server 2003 offers security-related features in five categories: authentication, access control, encryption, security policies, and service packs and hot fixes Windows Server 2003 offers a package of Security Configuration Manager tools: Security templates, security settings in GPOs, Security Configuration and Analysis tool, SECEDIT command- line tool

48 Guide to MCSE 70-290, Enhanced 48 Summary (continued) Auditing is used to log specific events within a Windows Server 2003 configuration An audit policy defines the events to be monitored Specific resources and objects can be configured for auditing access attempts A Security log contains record of audited events Event Viewer is used to display and manage Security logs

Download ppt "70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory

Administering Active Directory

Similar presentations

Ads by Google