Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 6: Designing Security for Network Hosts

Published byClement Riley Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 6: Designing Security for Network Hosts"— Presentation transcript:

1 Module 6: Designing Security for Network Hosts

2 Overview Creating a Security Plan for Network Hosts
Creating a Design for the Security of Network Hosts

3 Lesson 1: Creating a Security Plan for Network Hosts
MSF and Security of Network Hosts Defense in Depth and Security of Network Hosts Types of Security Settings for Network Host Security STRIDE Threat Model and Security of Network Hosts Practice: Identifying Security Threats to Network Hosts

4 MSF and Security of Network Hosts
The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Classify your environment: Legacy Client Enterprise Client Specialized Security Limited Functionality 3 4 5 Plan Envision

5 Defense in Depth and Security of Network Hosts
Policies, Procedures, and Awareness Physical Security Perimeter Internal Network Host Application Data

6 Types of Security Settings for Network Host Security
The Security Guides for Windows XP and Windows Vista include sample security templates based on classification Client Hardening The “Windows Server 2003 Security Guide” includes sample security templates based on distinct server roles Server Hardening Proactive management of security updates is a requirement for keeping your technology environment secure and reliable Patch Management Control the download and installation of antivirus updates on your computers Antivirus Distributed firewalls are installed on each individual system, but they must use a centralized access policy Distributed Firewall

7 STRIDE Threat Model and Security of Network Hosts
Administrative password is exposed during installation Spoofing Baseline security is not deployed uniformly Tampering Security configuration is not updated when a computer’s role changes Repudiation Sensitive data remains on hard disks and other storage media when the computer is decommissioned Information disclosure Virus infects a computer before virus protection software is installed Denial of service Computer is not secured properly for its role Elevation of privilege

8 Practice: Identifying Security Threats to Network Hosts
Test for spoofing threats Test for tampering and repudiation threats Test for information disclosure threats

9 Lesson 2: Creating a Design for the Security of Network Hosts
Life Cycle of a Network Host Methods for Securing Initial Host Installation Process for Creating a Secure Baseline Security for Specific Computer Roles Methods for Applying Security Updates Host-Based Firewalls Methods for Assessing the Security of Network Hosts Secure Decommissioning of Network Hosts Practice: Applying Security to a Network Host

10 Life Cycle of a Network Host
Life-cycle Phase Security consideration Initial installation Viruses and configuration errors can compromise the security of a computer Baseline configuration After initial installation, configure the baseline configuration settings that you require Role-specific security Apply additional configuration beyond the baseline configuration for roles that require specific security Application of security updates To maintain the baseline security configuration, install the service packs and security updates Decommissioning Dispose of computers in a way that makes it impossible for attackers to obtain information

11 Methods for Securing Initial Host Installation
Details Isolated networks Protects computers from attackers before security measures are applied Updated media Ensures that all security updates and service packs are installed during initial configuration Custom scripts Ensures that only required services are installed for the computers’ role Enables the configuration of secure default settings Hard disk imaging Uses a copy of a secure installation, including applications and security measures Remote Installation Services Centrally manages the installation of custom scripts and hard disk images

12 Process for Creating a Secure Baseline
To create a secure baseline for computers: Create a baseline security policy for computers Create custom security templates Test the custom security templates Deploy the custom security templates 1 2 3 4

13 Security for Specific Computer Roles
When applying security for specific computer roles: Predict unique threats to a computer based on its role Consider the value of data on the computer Use the baseline procedure to create a unique security template for each computer role Domain Controller File Server Web Server

14 Methods for Applying Security Updates
Methods include: Microsoft Update Windows Server Update Services Systems Management Server Domain Controller File Server Web Server

15 Host-Based Firewalls

16 Methods for Assessing the Security of Network Hosts
Methods include: The Microsoft Security Assessment Tool Microsoft Baseline Security Analyzer Security Configuration Wizard Third-party software that tests for vulnerabilities Vulnerability or penetration testing Domain Controller File Server Web Server

17 Secure Decommissioning of Network Hosts
Destroy the data that computers store to ensure that attackers cannot retrieve confidential information Remove media from storage devices before disposal Consider physically destroying the media after you erase or format the data on the media Dispose of printed confidential information in a secure manner, for example, by shredding

18 Practice: Applying Security to a Network Host
Apply security by using SCW

19 Lab: Designing Security for Network Hosts
Exercise 1 Identifying Vulnerabilities When Applying Security Updates Exercise 2 Identifying Vulnerabilities When Decommissioning Computers

Download ppt "Module 6: Designing Security for Network Hosts"

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.

Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
Essentials of Security Steve Lamb Technical Security Advisor

Essentials of Security Steve Lamb Technical Security Advisor
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.

IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Similar presentations

Ads by Google