Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager.

Similar presentations


Presentation on theme: "Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager."— Presentation transcript:

1 Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager

2 Why are you here? We need a proactive way to take the guess work out of which operating system components (ports, services etc) are required for my applications to function. Having this knowledge by default means that we can turn off everything else. SCW’s knowledge base defines the requirements of each application, and you can extend the knowledge base to include bespoke 3 rd party applications.

3 Agenda What is Security? Overview of SCW Tool summary Server roles Operational coverage/scope Policy authoring and deployment Extending SCW

4 The Security Management Problem Security management is about spending good money to have nothing happen If nothing happens, your doing you’re a good job!!

5 The Security Management Problem Your network is not secure! At best, it’s protected Protected networks are well-designed, well managed networks with smart users!

6 Overview

7 So what is SCW? Security policy authoring tool Focused on attack surface reduction Disables functionality not required for a given role Disables unnecessary services Blocks unused ports Restricts or secures ports that are left open Reduces protocol exposure for LDAP, NTLM, and SMB Configures audit settings Prohibits unnecessary web extensions Ships in Windows Server 2003 SP1 as an optional component

8 Security Policy Management Authoring Define new system role Takes great skill Risky 5% can perform Tailoring Customizing existing role Moderately complex Less risky 15% can perform Applying Should be risk free 80% can perform

9 So What is so special about a server? Servers have can have many roles

10 SCW Server Roles Certificate Server Cluster Server Domain Controller DFS Server DHCP Server DNS Server File Server Print Server Web Server WINS Server Terminal Server … Biztalk Server Commerce Server Exchange Server ISA Server MOM Identity Management Server SharePoint Portal Server SMS SQL Server …

11 Print Server Base Role SCW Targeting Configuration Guidance

12 Words to the wise Follow the guides, then run SCW SCW is not designed to work on clients as they do not as a norm perform a role, they are mainly general purpose boxes SCW is designed for servers only, however you can apply SCW policies to clients, there are a couple of ways of doing this, however it may boot, or it may not boot You can apply it to a windows 2000 system, but DO NOT do it.

13 SCW Operational Coverage Secure configuration Compliance analysis Is this machine in compliance with its policy? What are the differences between the defined policy and current system? Rollback Remote Usability Configure, analyze, rollback, or build policy based on a remote server Extendable Extend the knowledge base (“Define your own roles”) Enterprise policy deployment Active Directory Integration for Group Policy-based deployments Command line tool (scwcmd.exe) For configuration, analysis and reporting

14 SCW Benefits over SCE Covers more areas Much less risk of destroying system Policy will be better optimized Better rollback support Much improved testing of knowledge base Much less skill required Extendable

15 Deployment Architecture

16 SCW Architecture

17 How does SCW deal with Roles and Tasks Policies consist of roles and tasks Server Roles Services, ports, settings, features, etc… Tasks Client roles Services, ports, settings, features, etc…

18 Think About it Sometimes it helps to slow down, And analyze the problem that you are trying to solve!!!

19 Lets do the Demo

20 Where are all the files? C:\windows\security\msscw

21 Extending the database

22 Steps To Build Extensions Steal an existing extension Modify to suit your needs Replace role, task, service, and port definitions Edit the localized version Combine both into a single template Validate against the XSD from the “Extending the Security Configuration Wizard” white paper Run scwcmd register /kbname: /kbfile: Run scwcmd register /kbname: /kbfile:

23 Example Extension <Version OSVersionMajorInfo="5" OSVersionMinorInfo="2“ ServicePackMajor="1" ServicePackMinor="0" ProductType="Server"/>...

24 Example Extension......

25 SCW Support Currently supported on Windows Server 2003 SP1, R2 and LH peer- to-peer only SCW public newsgroup Microsoft.public.security.scw Public Resources http://go.microsoft.com/fwlink/?linkid=42434http://go.microsoft.com/fwlink/?linkid=42434 (public homepage) http://go.microsoft.com/fwlink/?linkid=42434 Requesting redirect: http://www.microsoft.com/scw http://www.microsoft.com/scw SCW beta newsgroup at: News server: betanews.microsoft.com Newsgroup: microsoft.beta.srv2003sp1.scw SCW Quick Start Guide

26 Thanks for attending this TechNet Event FREE fortnightly technical newsletter: “The TechNet Flash” FREE regular technical events hosted across the UK FREE weekly UK & US led technical webcasts FREE comprehensive technical web site FREE quarterly technical magazine Monthly CD / DVD subscription with the latest technical tools & resources and full- version evaluation and beta software. What do you get from TechNet? In case you weren’t aware, we offer all of the below and aim to be the central point of information and the community resource for IT professionals in the UK: To find out more about TechNet and what information and resources are available to you, please visit www.microsoft.com/uk/technet or speak to a Microsoft representative during the breakswww.microsoft.com/uk/technet

27 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.


Download ppt "Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager."

Similar presentations


Ads by Google