Presentation is loading. Please wait.

Presentation is loading. Please wait.

Clinic Security and Policy Enforcement in Windows Server 2008.

Published byHugh Scot Hall Modified over 8 years ago

Similar presentations

Presentation on theme: "Clinic Security and Policy Enforcement in Windows Server 2008."— Presentation transcript:

1 Clinic Security and Policy Enforcement in Windows Server 2008

2 Introduction Name Company affiliation Title/function Job responsibility Windows Server 2003, XP and Vista experience Security Experience Expectations

3 Facilities Class hours Building hours Parking Restrooms Meals Phones Messages Smoking Recycling

4 About This Clinic Description Clinic Objectives Audience Prerequisites

5 Clinic Outline Security Enhancements in Windows Server 2008 Network Access Protection

6 Technology framework to help maximize the value of your IT investments Structured way to drive cost reduction, security & efficiency gains and boost agility Based on industry analyst and academic work Provides guidance and best practices for step-by-step implementation Infrastructure Optimization

7 Security Enhancements in Windows Server 2008

8 Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

9 Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

10 Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

11 Overview Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security (WFAS) Internet Protocol Security (IPSec) Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI

12 Technical Background Windows Firewall with Advanced Security Internet Security Protocol (IPSec) Active Directory Domain Services Auditing Read-Only Domain Controller (RODC) Enterprise PKI BitLocker Drive Encryption

13 Windows Firewall with Advanced Security

14 Demonstration: Windows Firewall with Advanced Security Creating Inbound and Outbound Rules Creating a Firewall Rule Limiting a Service

15 IPSec Integrated with WFAS IPSec Improvements Simplified IPSec Policy Configuration Client-to-DC IPSec Protection Improved Load Balancing and Clustering Server Support Improved IPSec Authentication Integration with NAP Multiple Authentication Methods New Cryptographic Support Integrated IPv4 and IPv6 Support Extended Events and Performance Monitor Counters Network Diagnostics Framework Support Integrated with WFAS IPSec Improvements Simplified IPSec Policy Configuration Client-to-DC IPSec Protection Improved Load Balancing and Clustering Server Support Improved IPSec Authentication Integration with NAP Multiple Authentication Methods New Cryptographic Support Integrated IPv4 and IPv6 Support Extended Events and Performance Monitor Counters Network Diagnostics Framework Support

16 Demonstration: Creating IPSec Policies Creating an IPSec Rule Specifying different Authentication Methods Activate and Deactivate Rules

17 AD Domain Services Auditing What changes have been made to AD DS auditing?

18 Read-Only Domain Controller (RODC) New Functionality AD Database Unidirectional Replication Credential Caching Password Replication Policy Administrator Role Separation Read-Only DNS New Functionality AD Database Unidirectional Replication Credential Caching Password Replication Policy Administrator Role Separation Read-Only DNS Requirements/Special Considerations RODC

19 BitLocker Drive Encryption (BDE) Data Protection Drive Encryption Integrity Checking Data Protection Drive Encryption Integrity Checking BDE Hardware and Software Requirements

20 Enterprise PKI Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation

21 Enterprise PKI Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation Easier management through PKIView Certificate Web Enrollment Network Device Enrollment Service Managing Certificate with Group Policy Certificate Deployment Changes Online Certificate Status Protocol (OCSP) Support Cryptographic Next Generation

22 Implementation/Usage Scenarios Enforce Security Policy Improve Domain Security Improve System Security Improve Network Communications Security

23 Recommendations Implement Network Access Protection Use Windows Firewall and Advanced Security to implement IPSec Deploy Read-Only Domain Controllers, where appropriate Implement BitLocker Drive Encryption Carefully test and plan all security policies Take advantage of PKI improvements

24 Summary Windows Server 2008 includes a variety of new security initiatives and features: Network Access Protection Windows Firewall and Advanced Security (WFAS) enhancements IPSec improvements Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controllers (RODCs) BitLocker Drive Encryption Removeable Device Installation Control Improvements to Enterprise PKI capabilities Windows Server 2008 includes a variety of new security initiatives and features: Network Access Protection Windows Firewall and Advanced Security (WFAS) enhancements IPSec improvements Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controllers (RODCs) BitLocker Drive Encryption Removeable Device Installation Control Improvements to Enterprise PKI capabilities

25 Questions and Answers

26 Network Access Protection in Windows Server 2008

27 Overview Network Access Protection Network Access Quarantine Control Internal, VPN and Remote Access Client Only VPN and Remote Access Clients IPSec, 802.1X, DHCP and VPNDHCP and VPN NAP NPS and Client included in Windows Server 2008 ; NAP client included in Vista Installed from Windows Server 2003 Resource Kit

28 Technical Background NAP Platform Architecture NAP Enforcement Methods NAP Infrastructure NAP Client Architecture NAP Server Architecture Component Communication

29 NAP Infrastructure Health Policy Validation Health Policy Compliance Automatic Remediation Limited Access

30 NAP Platform Architecture

31 NAP Enforcement Client 802.1X VPN IPSec DHCP NPS RADIUS

32 Demonstration: Network Access Protection Create a NAP Policy Using the MMC to Create NAP Configuration settings Create a new RADIUS Client Create a new System Health Validator for Windows Vista and Windows XP SP2

33 How NAP Works IPSec Enforcement IEEE 802.1X Logical Networks Remote Access VPNs DHCP

34 IPSec Enforcement in Logical Networks

35 Communication Initiation Process with IPSec Enforcement

36 NAP Client Health Certificate Process

37 IPSec Enforcement in NAP

38 802.1x Authenticated Connections

39 NAP Authentication Process Background Network Access Protection Settings Authorization Policies Authentication Process

40 Implementation/Usage Scenarios Ensuring the Health of Corporate Desktops Checking the Health and Status of Roaming Laptops Determining the Health of Visiting Laptops Verify the Compliance of Home Computers

41 Recommendations Carefully test and verify all IPSec Policies Use Quality of Service to improve bandwidth When using IPSec – employ ESP with encryption Plan to Prioritize traffic on the network Apply Network Access Protection to secure client computers Consider Using Domain Isolation

42 Summary Network Access Protection: Secures Remote Computers before accessing the Network Has Client and Server Components Can Use One or More of Several methods for Enforcement IPSec 802.1X VPN DHCP Provides Support for Third Party Software Network Access Protection: Secures Remote Computers before accessing the Network Has Client and Server Components Can Use One or More of Several methods for Enforcement IPSec 802.1X VPN DHCP Provides Support for Third Party Software

43 Questions and Answers

44 Lab: Network Access Protection In this lab, you will: Network Communications using WFAS Enforcing network communication policy using Policy-based QoS Network Access Protection with Windows Server 2008

45 What Next? Windows Server 2008 Beta: https://connect.microsoft.com https://connect.microsoft.com Home Page: http://www.microsoft.com/windowsserver/longhorn/default.mspx http://www.microsoft.com/windowsserver/longhorn/default.mspx Webcasts: http://www.microsoft.com/windowsserver/longhorn/webcasts.mspx http://www.microsoft.com/windowsserver/longhorn/webcasts.mspx Forums: http://forums.microsoft.com/TechNet/default.aspx?ForumGroupID=161&SiteID=17 http://forums.microsoft.com/TechNet/default.aspx?ForumGroupID=161&SiteID=17 Network Access Protection Home Page : http://www.microsoft.com/nap : http://www.microsoft.com/nap Introduction to Network Access Protection : http://go.microsoft.com/fwlink/?LinkId=49884 http://go.microsoft.com/fwlink/?LinkId=49884 Network Access Protection Platform Architecture : http://go.microsoft.com/fwlink/?LinkId=49885 http://go.microsoft.com/fwlink/?LinkId=49885 Network Access Protection Frequently Asked Questions : http://go.microsoft.com/fwlink/?LinkId=49886 http://go.microsoft.com/fwlink/?LinkId=49886 IPSec : http://www.microsoft.com/ipsec http://www.microsoft.com/ipsec Server and Domain Isolation : http://www.microsoft.com/technet/network/sdiso/default.mspx http://www.microsoft.com/technet/network/sdiso/default.mspx

Download ppt "Clinic Security and Policy Enforcement in Windows Server 2008."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Agenda Introduction Network Access Protection platform architecture

Agenda Introduction Network Access Protection platform architecture
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Similar presentations

Ads by Google