Download presentation
Presentation is loading. Please wait.
1
Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services
2
Agenda Group Policies Network Policy and Access Services
3
Group Policies Using Group Policies to harden Windows 7 The following will outline several methods to secure a network environment using Group Policies Microsoft doc defining settings to harden Windows 7 http://www.microsoft.com/en-us/download/details.aspx?id=24373
4
Group Policies Computer Configuration(CC) Privacy settings Interactive logon: Do not display last user name CC Security Settings Shutdown: Allow system to be shut down without having to log on Network security: Do not store LAN Manager hash value on next password change This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
5
Group Policies Network access: Do not allow storage of credentials or.NET Passports for network authentication This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication. If you enable this setting, Credential Manager does not store passwords and credentials on the computer. Removable Disks: Deny write access Internet Explorer Disable context menu Ensures that users cannot access other features that have been disabled Disable customizing buttons Disable Internet Options tabs
6
Group Policies Control Panel Access Prevent access Windows Explorer Do not move deleted files to the Recycle Bin Hide these specified drives in My Computer Start menu and taskbar Hide the notification area Lock the Taskbar System Prevent access to registry editing tools Prevent access to the command prompt
7
Group Policies Controlling applications Application Control Policies Software Restriction Policies
8
Group Policies Applocker requirements Works on Windows 7 and newer Only available on 7 Enterprise and Ultimate…not Pro Application Identity service must be running. Add default rules to prevent stepping on “required” services
9
Group Policies Applocker Add default rules Create new rule
10
Group Policies Software Restriction Polices Similar to Applocker, works on XP and later
11
GPO Questions
12
Network Policy and Access Services Routing and Remote Access Service(RRAS)-pronounced “R-Razz” Formerly Remote Access Service in NT 4.0 Bundled to compete with Novell's NetWare Connect Now included as a role in Network Policy and Access Services
13
Network Policy and Access Services First we must know some routing information TCP adds more to IP to allow they concepts of connection Handshaking—3 way handshake. SYN, SYN/ACK, SYN Sequencing—ensures that no two bytes are repeated or sent out of sequence Flow control—keeps traffic flowing w/out having to wait and take up too much memory. Error indication—an application that closes unexpectedly can be signaled to its communicating partner with a reset Ports—each IP address has 131,070 ports. Similar to extensions for a phone number Socket Port (both local and foreign) IP Address (both local and foreign) Protocol (TCP/UDP)
14
Network Policy and Access Services Routing un-routable addresses? NAPT—Network address/port translator. One external IP address for several internal private IP addresses. This router would look beyond the IP layer into the TCP/UDP layer and use the IP address and port to map connections. This is also referred to as Port Address Translation (PAT)
15
Network Policy and Access Services Viewing and troubleshooting our routing tables Route print
16
Network Policy and Access Services Viewing and troubleshooting our routing tables Commands add using route and netsh route add 192.168.0.0 mask 255.255.0.0 10.0.0.1 metric 100 route add 192.168.0.0/16 10.0.0.1 metric 100 (same as above) Netsh interface ipv4 add route 192.168.0.0/16 “Local Area Connection” 10.0.0.1 Route del 192.168.0.0 Netsh interface ipv4 delete route 129.0.0.0/8 “Local Area Connection”
17
Network Policy and Access Services Two functions: Accepting Inbound calls Universal Gateway to your network Same functionality as if they were attached to the LAN, although slower. Connecting one private network to another. Placing Outbound calls (DUN) Dial Up Networking Internet Connectivity Internet Gateway utilizing NAT (Network Address Translation) Poor-mans proxy server
18
Network Policy and Access Services Accepting VPN (virtual private network) from remote clients Running a secure private network over an insecure public network (internet). All clients need is an internet connection and a valid IP address and then establishing a VPN session to the RAS server. Session is secure and encrytped.
19
Network Policy and Access Services Added as a Role in 2008 R2
20
Network Policy and Access Services Add supporting role features
21
Network Policy and Access Services After installed, you must Enable Routing and Remote Access Read carefully all options based on need
22
Network Policy and Access Services Determine how the remote uses will be assigned IP addresses for internal network.
23
Network Policy and Access Services
24
Configure client connection by adding a new connection in Network and Sharing Center
25
Network Policy and Access Services Select connection option and complete wizard on workstation
26
Things to consider How will it be utilized? What will be running on your DUN or VPN? File-based apps versus client-server apps Microsoft Access versus Microsoft SQL Server Access requests continuously query the drive after each record search. SQL a query is sent to the server from a client application and the query is run at the server and results are then transmitted back to the client. What connection will be required? RRAS supports: X.25: old “cloud” technology that typically tops out at 56-64k, although reliable Frame-Relay: same as x.25 but faster, single connection to cloud. Modems ISDN Point to point…
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.