1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Slides:



Advertisements
Similar presentations
Rodney Buike IT Pro Advisor, Microsoft Canada
Advertisements

WSUS Presented by: Nada Abdullah Ahmed.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.
Lesson 19: Configuring Windows Firewall
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Module 16: Software Maintenance Using Windows Server Update Services.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Windows Server 2008 Chapter 10 Last Update
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Tutorial 11 Installing, Updating, and Configuring Software
Using Windows Firewall and Windows Defender
Module 4: Add Client Computers and Devices to the Network.
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
Module 13: Maintaining Software by Using Windows Server Update Services.
1 Objectives Audit Policies Update and maintain your clients using Windows Server Update Service Microsoft Baseline Security Analyzer Windows Firewalls.
Module 14: Configuring Server Security Compliance
Windows 7 Firewall.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
By Jonathan….and Darion……….. Reliability Windows File Protection protects core system files from being overwritten by application installs. Driver certification.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Module 5: Designing Security for Internal Networks.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Lesson 11: Configuring and Maintaining Network Security
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Protecting the Computer Lesson 10.
May 25 – June 15, Technical Overview Bruce Cowper IT Pro Advisor Microsoft Canada Damir Bersinic IT Pro Advisor Microsoft.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Module 8 Implementing Security Using Group Policy.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Security Data Transmission and Authentication Lesson 9.
ITMT 1371 – Window 7 Configuration 1 ITMT Windows 7 Configuration Chapter 8 – Managing and Monitoring Windows 7 Performance.
Maintaining and Updating Windows Server 2008 Lesson 8.
Windows Vista Configuration MCTS : Network Security.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.
Virtual Private Network Access for Remote Networks
Configuring Windows Firewall with Advanced Security
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
Designing IIS Security (IIS – Internet Information Service)
Module 1: Overview of Systems Management Server 2003
Presentation transcript:

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline Security Analyzer

Security Configuration Wizard Security Configuration Wizard (SCW) –Wizard for hardening your network servers –Available in Administrative Tools Security policies can be created for: –Role-based service configuration –Network security –Registry settings –Audit policy 2

Windows Firewall Allows users to turn the firewall off or on By default, Windows Firewall is turned on and allows exceptions for programs and ports Allows you to create exceptions for inbound traffic Exception –Instruction to open a port briefly, allow a program or service to pass information, and then close the port 3

4

5

Windows Firewall with Advanced Security Used to manage Windows Firewall based on port, services, applications, and protocols 6

Windows Firewall with Advanced Security Available Nodes: –Inbound rules –Outbound rules –Connection security rules (IPSec configuration) –Monitoring Available network profiles –Public (E.g. WiFi hot spots, non-company networks) Most hardened –Private (internal network behind of firewall) Less hardened –Domain Deploying Windows Firewall Settings via Group Policy – WFAS allows you to import or export firewall policies 7

BitLocker Provides hard drive–based encryption of servers and Windows Vista computers Encrypts entire Windows system volume of a computer running Windows Server 2008 Designed to enhance protection against data theft or exposure on computers that are lost or stolen 8

BitLocker Authentication Modes Four authentication modes used by BitLocker –BitLocker with a TPM Not prevent boot –BitLocker with Universal Serial Bus (USB) flash drive in place of TPM Protect boot. Key on a flash drive –BitLocker with a TPM and a personal identification number (PIN) Protect boot with PIN. Multifactor authentication –BitLocker with a TPM and a USB flash drive Protect boot and Multifactor authentication 9

Installing BitLocker Hard drive that supports BitLocker needs to be configured before installing BitLocker –Download BitLocker Drive Preparation Tool from –BitLocker requires at least 1.5 GB of unallocated or available drive space System volume is responsible for maintaining the unencrypted boot information Boot volume will contain the OS files and be encrypted by BitLocker Turn on BitLocker from Control Panel  BitLocker Drive Encryption Group Policy to allow turn on Bitlocker without TPM –Computer Configuration\Administrative Template\ 10

Installing BitLocker (Continue) Control Panel  BitLocker Drive Encryption 11 Group Policy to turn on BitLocker without TPM –Computer Configuration  Administrative Templates  Windows Components  BitLocker Drive Encryption

Updating Windows Server 2008 Windows Update (in Control Panel) –Suite of tools and services for applying updates to systems –Responsible for download and install updates from Microsoft –Requires access to the Internet 12

Windows Server Update Services Benefits: –Centralizes the updating tasks for client and server –Minimizes effects on the WAN connection –Improves network security and reliability –Improves installation of relevant updates –Targets updates to specific computers and groups Basic requirements before installing WSUS 3.0 SP1 –Microsoft Internet Information Services (IIS) 7.0 –Microsoft Report Viewer Redistributable 2005 –Minimum of 6 GB of free space for storing downloaded updates –WSUS requires a database to keep records of updates Internal DB or SQL Sever 2005 SP1 or later Windows authentication (SQL authentication is not supported) 13

Working with WSUS –WSUS Administrative console allows you to: Generate reports  Daily/Weekly reports via & when updates are synchronized. Manage updates Monitor the computer through the console –WSUSutil.exe: a command-line tool managing WSUS 14

15

Windows Server Update Services Configuring clients –To use the WSUS server for updates –Clients must be Windows 2000 SP3 or later –By default, client checks for update every 17 – 22 hrs. Approving and deploying updates –Using the Update Services console, you can control Which updates are applied Which computers receive the updates When the updates are distributed 16

Microsoft Baseline Security Analyzer 2.1 A tool to analyze your current security posture MBSA scans for missing security updates for the following products –Windows 2000 SP4 and later –Microsoft Office XP and later –Microsoft Exchange Server 2000 and later –Microsoft SQL Server 2000 SP4 and later MBSA –Free download from Microsoft –Can be used on a local computer or to connect to one or more remote computers on your network Options for running MBSA on remote computers –Domain name and IP address range 17

Microsoft Baseline Security Analyzer (Continue) When MBSA scans a computer, it creates a report that is organized into the following areas –Security Assessment –Security Update Scan Results –Windows Scan Results –Internet Information Services (IIS) Scan Results –SQL Server Scan Results –Desktop Application Scan Results Scanning a computer with MBSA –You can perform MBSA scans using: The GUI-based tool The mbsacli.exe command- line tool –Requires Internet connectivity –Can scan computer, remote computer, or groups of remote computers. 18