PLANNING A SECURE BASELINE INSTALLATION

Slides:

Advertisements

Similar presentations

Database Administration and Security Transparencies 1.

Advertisements

DESIGNING A PUBLIC KEY INFRASTRUCTURE

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Configuring File Services Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Configuring a File ServerConfigure a file server4.1 Using.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Deploying and Managing Windows Server 2012

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Securing Microsoft® Exchange Server 2010

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Chapter 9: Novell NetWare

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter 13 – Network Security

Designing Active Directory for Security

Module 14: Configuring Server Security Compliance

Securing AD DS Module A 3: Securing AD DS

Module 7: Fundamentals of Administering Windows Server 2008.

Module 1: Installing and Configuring Servers. Module Overview Installing Windows Server 2008 Managing Server Roles and Features Overview of the Server.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Chapter 2 Securing Network Server and User Workstations.

Unit 22 People in Computing

11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

NetTech Solutions Security and Security Permissions Lesson Nine.

Module 10: Implementing Administrative Templates and Audit Policy.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

Introduction TO Network Administration

Privilege Management Chapter 22.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Module 7: Designing Security for Accounts and Services.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Basharat Institute of Higher Education

Chapter Objectives In this chapter, you will learn:

Chapter 6: Securing the Cloud

Configuring File Services

Create setup scripts simply and easily.

Data and database administration

Configuring Windows Firewall with Advanced Security

Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.

Unit 27: Network Operating Systems

IS4680 Security Auditing for Compliance

Lesson 16-Windows NT Security Issues

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

DEPLOYING SECURITY CONFIGURATION

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

PLANNING A SECURE BASELINE INSTALLATION CHAPTER 8

SELECTING COMPUTERS & OPERATING SYSTEM Selecting appropriate operating system is essential for your network. You should first start preparing a list of hardware requirements for each role your computers have to fill based on the hardware product supported by your OS. You should also have policies regarding how long the organization is expected to use the computers & how frequent the OS & application will be upgraded.

Understanding computer roles Computers have different capabilities & are used for a variety of tasks. Its crucial to understand what tasks the computers will perform & what components they need before you start selecting computers for your network.

Understanding the servers role Servers typically have faster processors, more memory & more disk space than workstations. The application it runs, defines the servers role. Most common server roles are as follows; Backup server Database server Domain controller Email server File & print server Web server

Understanding desktop workstation’s role Desktop workstations can have a wide range of functionality from simple system designed for 1 or 2 applications to high powered computers performing complex graphic, video and Computer Aided Design function. The basic function of a desktop on a network is to access server applications or files stored on servers so that the user can work with the data.

Creating hardware specifications Creating hardware specifications before evaluating computers for your network enables you to decide which components a computer needs to fulfill a particular role. Administering a large fleet of computers is the easiest when you define your computer’s role & standardize the hardware & software needed.

Server hardware specification You must consider the requirements & the capabilities of the applications that the server will run when you create the hardware specification. Computers marketed as servers have: more robust power supplies integrated components Sufficient amount of RAM & processor speed Supports multiple processors Requirements for fault tolerance

Desktop hardware specification Objective in creating desktop hardware specification is to design system suitable for a wide variety of tasks. Ideal situation = single computer design suitable for all users on your network Order large number of identical computer & get good deals Technician would have to familiarize with only one hardware configuration. For high security, users can use smart cards to authenticate themselves when they log on.

Selecting operating system Selecting OS for your network computers must be coordinated with developing your hardware specifications. Several other important factors; Application comparability – capable of running the applications you need. Support issues – cost involved in retraining technical personal if you change to different OS Security features – must have the security features your organizations requires. Cost – cost is always a factor when selecting an OS.

High-level security planning A security framework is a logical structured process by which your organization performs tasks like the following; Estimating security risks Specifying security requirements Selecting security features Implementing security policies Designing security deployments Specifying security management policies.

Creating a security design team To determine which people in your organization are going to be responsible for designing, implementing & maintaining the security policies. Organizations will assemble a team or committee responsible for security design. A well balanced team consists of people who can answer ; What are the organizations most valuable resources? What are the potential threats? What resources are most at risk? What security features are available? Etc etc

Mapping our a security life cycle Creating a security framework is not a one time project, but an ongoing concern. A security life cycle consists of basic phases; Designing a security infrastructure Implementing security features Ongoing security management.

Designing security infrastructure Security issues can have a major effect on many elements of your network design. The design phase begins with identifying the resources that need protection & evaluating the threats to those resources. Additional security products such as firewalls, smart card readers / biometric devices.

Designing security infrastructure Typical security plans includes implementations of the following principles; Access control – granting specific levels of access based on users identity Auditing – administrator monitors system & network activities over extended period. Authentication – verification of users identity before providing access to secured resources Encryption – protection of data thru cryptographic application Firewalls – system designed to prevent unauthorized access to private network from outside.

Implementing security features Implementation plan consists of a procedure & timetable for the process of evaluating, purchasing, installing & configuring security hardware & software products. Some softwares contain mechanism that enable users to enforce your policies.

Ongoing security managements As for technical staffs, security management means regular checking of audit logs & other resources as well as monitoring individual systems & network traffic for signs of intrusion. Administrators must also update the security software products as needed

Evaluating security settings File system permissions Basic security tools that enables you to specify which users & groups are given access to a specific folder/drive & what degree of access they have. Share permissions Consists of an access control mechanism that enables you to specify which users & groups are permitted to access a shared resource over network & the level of access they should have

Evaluating security settings Registry permissions Installing applications & configuring OS setting modifies registry elements. Specifies who has the permission to access the registry & to what extend he can access & modify it. Use registry editor

Evaluating security settings Account policy setting Enforce password history Maximum & minimum password age Maximum & minimum password length Password meet complexity requirements Account lockout threshold.

Evaluating security settings Audit policies Specifying the activities that the system should record in a log. Audit account logon events Audit account management Audit directory service access Audit logon events Audit policy change Audit system events.