FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.

Slides:



Advertisements
Similar presentations
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Advertisements

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Content Overview Update Process Additional Tools.
Module 5: Creating and Configuring Group Policy
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
How PNNL Manages Windows Desktops 1 Will Jorgensen.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
OIT's Unity Labs Active Directory Windows Environment.
Module 8: Implementing Administrative Templates and Audit Policy.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
SharePoint Portal Server 2003 JAMES WEIMHOLT WEIDER HAO JUAN TURCIOS BILL HUERTA BRANDON BROWN JAMES WEIMHOLT INTRODUCTION OVERVIEW IMPLEMENTATION CASE.
Module 16: Software Maintenance Using Windows Server Update Services.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Managing CERN Desktops with Systems Management Server (SMS 2003) Michel Christaller Internet Services Group Department of Information Technology CERN May.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.
Linux Security Baseline Implementation Efforts at the INL Jason Miller NLIT 2009.
Module 4: Add Client Computers and Devices to the Network.
Introducing… …taking desktop computing to the cloud making business effortless!
Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
MIS3300_Team8 Service Aron Allen Angela Chong Cameron Sutherland Edment Thai Nakyung Kim.
The Microsoft Baseline Security Analyzer A practical look….
Media Sanitization at the Idaho National Laboratory Jonathan Bates NLIT 2009.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
PC MANAGER MEETING January 23, Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 Evolution and Revolution: Windows 7 and Desktop Virtualization How to Accelerate Migration to Windows 7 Miguel Sian, Sr. Enterprise Solutions Consultant.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
GROUP MEMBERS: Asjad Bin Aqdas Javaria Khan Mishal Arshad Nauman Ansari Bushra Waheed Presented to: Ma’am Ayisha Qureshi.
1 Microsoft Project Solution Offerings and the next chapter of EPM September 17th, 2003 Brendan Giles, PMP Systemgroup Management Services.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Lecture 29 Information Security
Module 10: Implementing Administrative Templates and Audit Policy.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Module 7: Designing Security for Accounts and Services.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Application Migration Fritz Ohman Alphageek
1 Evolution and Revolution: Windows 7 and Desktop Virtualization Changing the Desktop Support Landscape Denise Harrison, CIO and Vice President.
FDCC Shelly Bird Architect Microsoft Public Sector Services.
Federal Desktop Core Configuration FDCC NLIT 2008 May 2008 Stan Hall Cyber Technology Development Technical Project Manager Sandia is a multiprogram laboratory.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Customer Guide to Limited-Time Offer
Supporting Windows 8.1 Krystle Portocarrero | Training Experts Inc.
Installing & Configuring Windows 10
HARDENING CLIENT COMPUTERS
Leverage What’s Out There
COMPTIA CAS-003 Dumps VCE
Networks Software.
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
PLANNING A SECURE BASELINE INSTALLATION
Types of Software Mrs. S. Palmer Office Administration.
Preparing for the Windows 8.1 MCSA
Presentation transcript:

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009

Overview What is FDCC and where did it come from? Review process for the FDCC policy settings Specific implementation steps Dealing with some of the “Gotchas” Ongoing work Other information resources

INL’s IT By The Numbers 12,000 IT Devices owned by INL 9,000 Devices on the Network 5,500 Desktop & Laptop Computers OS’s (~85% Windows, 9% Mac’s, 6% Linux) Dell Shop (95% Windows Based Computers are Dells) Office Desktops – Dell Optiplex Laptops – Dell Latitudes Engineering Workstations – Dell Precisions

What Is FDCC And Where Did It Come From? FDCC: Federal Desktop Core Configuration Office of Management and Budget (OMB) March, 2007 Windows XP FDCC was based on Air Force customizations to the settings of NIST checklist – Used the “Specialized Security Limited Functionality” settings (SSLF) Windows Vista and IE 7 FDCC was based on DoD customizations of the Microsoft Security Guides Recommendations have been developed for Windows Vista, Windows XP and Internet Explorer

NIST Provided Resources For FDCC Ready made Group Policy Objects Microsoft Virtual PC “VHDs” for testing Security Templates for Microsoft Security Configuration and Analysis Tool Security Content Automation Protocol (SCAP) definition and content NIST Windows Security Baseline Database Set_FDCC_LGPO.exe (Microsoft –

INL Review Process Compared currently implemented Minimum Security Configurations to FDCC Categorized FDCC “Gap” settings by impact and risk Evaluated required enterprise changes for “medium” and “high” impact settings – Example: “Digitally sign communications (always)” Focused on “high” risk and “low” impact settings Spreadsheet developed to help evaluate these factors

Sample Evaluation Spreadsheet

Implementation Specifics Settings were deployed using domain Group Policies Initial FDCC Group Policy was equivalent to existing security settings Incorporated settings with “low” impact first Testing and phased rollouts of “medium” impact settings Continually working on making necessary changes to accommodate “high” impact and “high” risk settings Implemented by small team over a 3 month period

Dealing With Some Of The “Gotchas” Least User Privileges / Access (LUA) – INL had implemented LUA principles previous to FDCC – BeyondTrust Privilege Manager Upgraded to latest version Renewed focus on generating new rules Exceptions and Deviations – Example: Need for Local Printer Shares – Group Policy application by groups in addition to OU Internally developed program to control Group Policy application

Active Directory Interface

History Log

Ongoing Work Continue to evaluate / test / implement “Gap” settings Incorporation of SCAP scanning tools into existing vulnerability scans Refine and enhance process for exceptions and variances Revisit previous exceptions and develop appropriate single variance policies Reduce / Eliminate the number of “exempted” systems Extend the FDCC strategy to Non-Windows systems and Servers

Questions Contact Info Justin Hansen (208)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.