OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services.

Slides:

Advertisements

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Advertisements

OUHSC Information Security Update IT, Information Security Services Randy Moore Nathan Gibson Greg Bostic IT, Information Security Services Randy Moore.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Managing User Settings with Group Policy

Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Administering Active Directory

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Performing Software Installation with Group Policy

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Using Windows Firewall and Windows Defender

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating and Understanding Group Policy Modeling and Group Policy.

Module 6: Designing Active Directory Security in Windows Server 2008.

Part I.  NOS  Directory Data Store(directory service, database)  Located on Domain Controllers (DCs), globally distributed, replicated (no longer PDCs/BDCs)

Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.

Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

Managing User Desktops with Group Policy

More GPO’s & GPP Chapter 7. Agenda Group Policies (the day after) Group Policy Preferences.

Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.

Module 6: Configuring User Environments Using Group Policy.

Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.

1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.

GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.

Configuring the User and Computer Environment Using Group Policy Lesson 8.

Module 5: Implementing Group Policy

Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.

Security Planning and Administrative Delegation Lesson 6.

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.

Module 10: Implementing Administrative Templates and Audit Policy.

6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.

Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.

1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.

11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.

10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Designing Group Policy Planning Deployment of Group Policy Troubleshooting Group Policy.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

Administering Windows Server 2012 Question Answer.

Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.

Configuring the User and Computer Environment Using Group Policy Lesson 8.

Assignment # 8.

Exam In The First Attempt?

Configuring Windows Firewall with Advanced Security

O365 & AZURE ADDS Mladen Baranek, Miadria

ACTIVE DIRECTORY ADMINISTRATION

Active Directory Administration

Microsoft Braindumps Questions Answers

MrCerts Practice Test

To Join the Teleconference

OUHSC Information Security Update

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

PLANNING A SECURE BASELINE INSTALLATION

Module 8: Implementing Group Policy

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic

Security Project Update (the three Ps) Policy baseline completed –See Perimeter firewall management project complete –All externally accessible servers registered in db –Firewall rules updated with db –Servers scanned and vulnerabilities mitigated – Private IPs for hosts on new network Policy baseline completed –See Perimeter firewall management project complete –All externally accessible servers registered in db –Firewall rules updated with db –Servers scanned and vulnerabilities mitigated – Private IPs for hosts on new network

Security Personnel Update Kenneth Reed: moved to Engineering Nathan Gibson: moving on risk assessments Mike Waller is moving on to Charlotte Greg Bostic is moving into security Kenneth Reed: moved to Engineering Nathan Gibson: moving on risk assessments Mike Waller is moving on to Charlotte Greg Bostic is moving into security

New Projects Payment Card Industry Data Security Standard Risk Assessments Security policy implementation Active Directory Baseline Security Configuration Payment Card Industry Data Security Standard Risk Assessments Security policy implementation Active Directory Baseline Security Configuration

OUHSC Group Policy Objects

Purpose Compliance Security Ease administrative overhead High level Polices Only Tier 1s can still apply organizational preferred settings User “buy-in” Compliance Security Ease administrative overhead High level Polices Only Tier 1s can still apply organizational preferred settings User “buy-in”

Time Line 4 Week Implementation Life Cycle –Week 1: IT will create and test the AD GP settings. –Week 2-4: Tier 1s will apply and test each GP to their respective AD Organizational Unit (OU) and present feedback to IT. For settings that present a change for their end-users Tier 1’s should communicate those changes in advance to their user community. IT will assist in developing appropriate communications. –Week 5: IT will evaluate any feedback given and make necessary modification before applying the settings at the campus wide level. 4 Week Implementation Life Cycle –Week 1: IT will create and test the AD GP settings. –Week 2-4: Tier 1s will apply and test each GP to their respective AD Organizational Unit (OU) and present feedback to IT. For settings that present a change for their end-users Tier 1’s should communicate those changes in advance to their user community. IT will assist in developing appropriate communications. –Week 5: IT will evaluate any feedback given and make necessary modification before applying the settings at the campus wide level.

Time Line(cont) 20 Settings –Will be separate into 4 separate groups containing at most 3 sets of related settings to limit impact. Example: 20 Settings –Will be separate into 4 separate groups containing at most 3 sets of related settings to limit impact. Example:

Time Line (cont) Group 1: Setting 1: - –Network access: Allow anonymous SID/Name translation – Disabled –Network access: Do not allow anonymous enumeration of SAM accounts – Enabled –Network access: Do not allow anonymous enumeration of SAM accounts and shares –Enabled –Network access: Let Everyone permissions apply to anonymous users –Disabled Setting 2 : –Add workstations to domain (Added Groups: OUHSC\Domain Admins, OUHSC\Computer- Account-Creators) Setting 3: –Turn on the auto-complete feature for user names and passwords on forms – DISABLED Group 1: Setting 1: - –Network access: Allow anonymous SID/Name translation – Disabled –Network access: Do not allow anonymous enumeration of SAM accounts – Enabled –Network access: Do not allow anonymous enumeration of SAM accounts and shares –Enabled –Network access: Let Everyone permissions apply to anonymous users –Disabled Setting 2 : –Add workstations to domain (Added Groups: OUHSC\Domain Admins, OUHSC\Computer- Account-Creators) Setting 3: –Turn on the auto-complete feature for user names and passwords on forms – DISABLED

IT Responsibilities Create GPOs and configure settings Assist Tier 1s in communicating GPO results to users Receive feedback from Tier 1s and assist in resolving problems Apply GPO settings at the Domain level after testing phase Create GPOs and configure settings Assist Tier 1s in communicating GPO results to users Receive feedback from Tier 1s and assist in resolving problems Apply GPO settings at the Domain level after testing phase

Tier 1 Responsibilities Advise Users Apply GPOs to Active Directory Organization Units Give feedback to IT-OPS and IT-ISS Advise Users Apply GPOs to Active Directory Organization Units Give feedback to IT-OPS and IT-ISS

GPO Review Group Policy Objects: 1.Allows you to configure baseline settings to ensure all resources have them same settings 2.Ease the administrative overhead in applying and modifying end user device and servers. 3.“One-Stop-Shop” for demonstrating policy compliance Group Policy Objects: 1.Allows you to configure baseline settings to ensure all resources have them same settings 2.Ease the administrative overhead in applying and modifying end user device and servers. 3.“One-Stop-Shop” for demonstrating policy compliance

GPO Review (cont) Applying Group Policy Objects 1.Use MS built in Group Policy Management Console (gpmc.msc) 1.Start > Run > gpmc.msc Applying Group Policy Objects 1.Use MS built in Group Policy Management Console (gpmc.msc) 1.Start > Run > gpmc.msc

GPO Review (cont) Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU. Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU.

GPO Review (cont) Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU 3. To apply the GPOs you right click on your OU and choose “Link an existing GPO” Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU 3. To apply the GPOs you right click on your OU and choose “Link an existing GPO”

GPO Review (cont) Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU 3. To apply the GPOs you right click on your OU and choose “Link an existing GPO” 4. All GPOs that are in this project will have a common naming convention Applying Group Policy Objects 1. Use MS built in Group Policy Management Console (gpmc.msc) a. Start > Run > gpmc.msc 2. Apply GPOs to your Workstations OU 3. To apply the GPOs you right click on your OU and choose “Link an existing GPO” 4. All GPOs that are in this project will have a common naming convention

GPO Review (cont) Applying Group Policy Objects 4. All GPOs that are in this project will have a common naming convention 5. Choose the GPO you would like to link and repeat the steps 2- 5 for each GPO you would like to apply there after. Applying Group Policy Objects 4. All GPOs that are in this project will have a common naming convention 5. Choose the GPO you would like to link and repeat the steps 2- 5 for each GPO you would like to apply there after.

House Cleaning Help Clean up Computers OU Standardize GPO naming scheme –HSC-Dept-XXXX –Delete Old GPOs –Combine GPOs If possible –Remove GPOs with settings applies at higher lever Clean up Computers OU Standardize GPO naming scheme –HSC-Dept-XXXX –Delete Old GPOs –Combine GPOs If possible –Remove GPOs with settings applies at higher lever

House Cleaning Help (cont)

Let’s Talk Questions & Concerns ???