Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager.

Published byAdam Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager."— Presentation transcript:

1 Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager

2 Why are you here? We need a proactive way to take the guess work out of which operating system components (ports, services etc) are required for my applications to function. Having this knowledge by default means that we can turn off everything else. SCW’s knowledge base defines the requirements of each application, and you can extend the knowledge base to include bespoke 3 rd party applications.

3 Agenda What is Security? Overview of SCW Tool summary Server roles Operational coverage/scope Policy authoring and deployment Extending SCW

4 The Security Management Problem Security management is about spending good money to have nothing happen If nothing happens, your doing you’re a good job!!

5 The Security Management Problem Your network is not secure! At best, it’s protected Protected networks are well-designed, well managed networks with smart users!

6 Overview

7 So what is SCW? Security policy authoring tool Focused on attack surface reduction Disables functionality not required for a given role Disables unnecessary services Blocks unused ports Restricts or secures ports that are left open Reduces protocol exposure for LDAP, NTLM, and SMB Configures audit settings Prohibits unnecessary web extensions Ships in Windows Server 2003 SP1 as an optional component

8 Security Policy Management Authoring Define new system role Takes great skill Risky 5% can perform Tailoring Customizing existing role Moderately complex Less risky 15% can perform Applying Should be risk free 80% can perform

9 So What is so special about a server? Servers have can have many roles

10 SCW Server Roles Certificate Server Cluster Server Domain Controller DFS Server DHCP Server DNS Server File Server Print Server Web Server WINS Server Terminal Server … Biztalk Server Commerce Server Exchange Server ISA Server MOM Identity Management Server SharePoint Portal Server SMS SQL Server …

11 Print Server Base Role SCW Targeting Configuration Guidance

12 Words to the wise Follow the guides, then run SCW SCW is not designed to work on clients as they do not as a norm perform a role, they are mainly general purpose boxes SCW is designed for servers only, however you can apply SCW policies to clients, there are a couple of ways of doing this, however it may boot, or it may not boot You can apply it to a windows 2000 system, but DO NOT do it.

13 SCW Operational Coverage Secure configuration Compliance analysis Is this machine in compliance with its policy? What are the differences between the defined policy and current system? Rollback Remote Usability Configure, analyze, rollback, or build policy based on a remote server Extendable Extend the knowledge base (“Define your own roles”) Enterprise policy deployment Active Directory Integration for Group Policy-based deployments Command line tool (scwcmd.exe) For configuration, analysis and reporting

14 SCW Benefits over SCE Covers more areas Much less risk of destroying system Policy will be better optimized Better rollback support Much improved testing of knowledge base Much less skill required Extendable

15 Deployment Architecture

16 SCW Architecture

17 How does SCW deal with Roles and Tasks Policies consist of roles and tasks Server Roles Services, ports, settings, features, etc… Tasks Client roles Services, ports, settings, features, etc…

18 Think About it Sometimes it helps to slow down, And analyze the problem that you are trying to solve!!!

19 Lets do the Demo

20 Where are all the files? C:\windows\security\msscw

21 Extending the database

22 Steps To Build Extensions Steal an existing extension Modify to suit your needs Replace role, task, service, and port definitions Edit the localized version Combine both into a single template Validate against the XSD from the “Extending the Security Configuration Wizard” white paper Run scwcmd register /kbname: /kbfile: Run scwcmd register /kbname: /kbfile:

23 Example Extension <Version OSVersionMajorInfo="5" OSVersionMinorInfo="2“ ServicePackMajor="1" ServicePackMinor="0" ProductType="Server"/>...

24 Example Extension......

25 SCW Support Currently supported on Windows Server 2003 SP1, R2 and LH peer- to-peer only SCW public newsgroup Microsoft.public.security.scw Public Resources http://go.microsoft.com/fwlink/?linkid=42434http://go.microsoft.com/fwlink/?linkid=42434 (public homepage) http://go.microsoft.com/fwlink/?linkid=42434 Requesting redirect: http://www.microsoft.com/scw http://www.microsoft.com/scw SCW beta newsgroup at: News server: betanews.microsoft.com Newsgroup: microsoft.beta.srv2003sp1.scw SCW Quick Start Guide

26 Thanks for attending this TechNet Event FREE fortnightly technical newsletter: “The TechNet Flash” FREE regular technical events hosted across the UK FREE weekly UK & US led technical webcasts FREE comprehensive technical web site FREE quarterly technical magazine Monthly CD / DVD subscription with the latest technical tools & resources and full- version evaluation and beta software. What do you get from TechNet? In case you weren’t aware, we offer all of the below and aim to be the central point of information and the community resource for IT professionals in the UK: To find out more about TechNet and what information and resources are available to you, please visit www.microsoft.com/uk/technet or speak to a Microsoft representative during the breakswww.microsoft.com/uk/technet

27 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager."

Similar presentations

Accelerating Content Management Server solutions with MCMS.RAPID Mark Harrison – Microsoft Tony Sloggett.

Accelerating Content Management Server solutions with MCMS.RAPID Mark Harrison – Microsoft Tony Sloggett.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.
Tech·Ed North America /19/2017 7:21 AM

Tech·Ed North America /19/2017 7:21 AM
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks www.sambrooks.com.

OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks
TNT1-101. Microsoft Exchange Server 2003 Disaster Recovery Michael J. Murphy TechNet Presenter

TNT Microsoft Exchange Server 2003 Disaster Recovery Michael J. Murphy TechNet Presenter
Guidance and resources for migrating from Windows Server 2008 Windows Server 2012 R2 Migration and Upgrade Guide.

Guidance and resources for migrating from Windows Server 2008 Windows Server 2012 R2 Migration and Upgrade Guide.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.

Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Similar presentations

Ads by Google