11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW  List the criteria for selecting operating systems.

Slides:



Advertisements
Similar presentations
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Advertisements

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Module 8: Implementing Administrative Templates and Audit Policy.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Test Review. What is the main advantage to using shadow copies?
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
Hands-On Microsoft Windows Server 2008
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Module 14: Configuring Server Security Compliance
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Module 11: Remote Access Fundamentals
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Overview Managing a DHCP Database Monitoring DHCP
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Designing a Security Infrastructure Chapter Thirteen.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Basharat Institute of Higher Education
Module 9: Configuring Network Access
Working at a Small-to-Medium Business or ISP – Chapter 8
Configuring and Troubleshooting Routing and Remote Access
Unit 27: Network Operating Systems
PLANNING A SECURE BASELINE INSTALLATION
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

11 SECURING A NETWORK INFRASTRUCTURE Chapter 7

Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW  List the criteria for selecting operating systems for network servers and workstations.  List the default security settings for the Microsoft Windows Server 2003 and Microsoft Windows XP Professional operating systems.  Describe the problems inherent in keeping the software on a large network installation updated.  Use Microsoft Baseline Security Analyzer (MBSA).  List the criteria for selecting operating systems for network servers and workstations.  List the default security settings for the Microsoft Windows Server 2003 and Microsoft Windows XP Professional operating systems.  Describe the problems inherent in keeping the software on a large network installation updated.  Use Microsoft Baseline Security Analyzer (MBSA).

Chapter 7: SECURING A NETWORK INFRASTRUCTURE3 OVERVIEW (continued)  Use Microsoft Software Update Services (SUS).  Describe the security problems inherent in wireless networking.  List the mechanisms that Windows-based IEEE WLANs can use to authenticate clients and encrypt transmitted data.  Determine the security requirements of your remote access installation.  Control remote access with user account properties.  Create remote access policies.  Use Microsoft Software Update Services (SUS).  Describe the security problems inherent in wireless networking.  List the mechanisms that Windows-based IEEE WLANs can use to authenticate clients and encrypt transmitted data.  Determine the security requirements of your remote access installation.  Control remote access with user account properties.  Create remote access policies.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE4 SELECTING COMPUTERS AND OPERATING SYSTEMS  Purchase and use of computer systems should be governed by policies.  Policies should dictate which operating systems are used for different purposes.  Policies should dictate which hardware is purchased for different purposes.  Purchase and use of computer systems should be governed by policies.  Policies should dictate which operating systems are used for different purposes.  Policies should dictate which hardware is purchased for different purposes.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE5 UNDERSTANDING COMPUTER ROLES  Server Role  Desktop workstation role  Portable workstation role  Server Role  Desktop workstation role  Portable workstation role

Chapter 7: SECURING A NETWORK INFRASTRUCTURE6 UNDERSTANDING THE SERVER ROLE  Servers can perform a number of different roles.  Each role places different demands on the underlying hardware and operating system software.  Some roles require additional hardware: a server that is used for backups requires a connection to a tape drive or some other storage device.  Server systems often include fault-tolerant measures.  Servers can perform a number of different roles.  Each role places different demands on the underlying hardware and operating system software.  Some roles require additional hardware: a server that is used for backups requires a connection to a tape drive or some other storage device.  Server systems often include fault-tolerant measures.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE7 UNDERSTANDING THE DESKTOP WORKSTATION’S ROLE  Workstation hardware is generally less powerful than server hardware.  Workstation hardware typically does not include fault-tolerant measures.  Some applications, such as computer-aided design (CAD), video and sound editing, and geographic mapping, require very high-performance hardware.  Workstation hardware is generally less powerful than server hardware.  Workstation hardware typically does not include fault-tolerant measures.  Some applications, such as computer-aided design (CAD), video and sound editing, and geographic mapping, require very high-performance hardware.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE8 UNDERSTANDING THE PORTABLE WORKSTATION’S ROLE  Portable workstations can include laptops, notebooks, PDAs, and tablet PCs.  Portable workstations have different hardware and configuration requirements from desktop workstations.  Some users may have a desktop workstation and one or more portable workstations.  Portable workstations create additional security concerns since they can be moved both within and outside of the physical security perimeter.  Portable workstations can include laptops, notebooks, PDAs, and tablet PCs.  Portable workstations have different hardware and configuration requirements from desktop workstations.  Some users may have a desktop workstation and one or more portable workstations.  Portable workstations create additional security concerns since they can be moved both within and outside of the physical security perimeter.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE9 CREATING HARDWARE SPECIFICATIONS  Server hardware specifications  Desktop hardware specifications  Portable hardware specifications  Server hardware specifications  Desktop hardware specifications  Portable hardware specifications

Chapter 7: SECURING A NETWORK INFRASTRUCTURE10 SERVER HARDWARE SPECIFICATIONS  Create a hardware specification based on the applications that the server will host.  Use company information such as expected increases in personnel or customer activity when creating the specification.  Factor a reasonable growth margin into the specification.  Consider the ease of future upgrades to preserve investment.  Create a hardware specification based on the applications that the server will host.  Use company information such as expected increases in personnel or customer activity when creating the specification.  Factor a reasonable growth margin into the specification.  Consider the ease of future upgrades to preserve investment.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE11 DESKTOP HARDWARE SPECIFICATIONS  Specify a base hardware configuration that supports most users.  Create additional specifications as needed to accommodate special requirements.  Where possible, use a small number of standard configurations.  Standardized hardware provides many advantages in terms of support.  Specify a base hardware configuration that supports most users.  Create additional specifications as needed to accommodate special requirements.  Where possible, use a small number of standard configurations.  Standardized hardware provides many advantages in terms of support.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE12 PORTABLE HARDWARE SPECIFICATIONS  Different types of portable hardware have different hardware requirements.  Many portable computing devices use proprietary technologies.  As with desktop workstations, keep the number of standard configurations to a minimum.  Different types of portable hardware have different hardware requirements.  Many portable computing devices use proprietary technologies.  As with desktop workstations, keep the number of standard configurations to a minimum.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE13 SELECTING OPERATING SYSTEMS When selecting operating systems, you must consider the following:  Application compatibility The operating system you select must support the application software needed by the organization.  Support issues Familiarity with operating systems decreases training costs and improves technical support service.  Security features In highly secure environments, operating systems with advanced security features should be chosen.  Cost Operating system software represents a significant investment, and the availability of funds for software purchases must be considered. When selecting operating systems, you must consider the following:  Application compatibility The operating system you select must support the application software needed by the organization.  Support issues Familiarity with operating systems decreases training costs and improves technical support service.  Security features In highly secure environments, operating systems with advanced security features should be chosen.  Cost Operating system software represents a significant investment, and the availability of funds for software purchases must be considered.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE14 CHOOSING WORKSTATION OPERATING SYSTEMS

Chapter 7: SECURING A NETWORK INFRASTRUCTURE15 CHOOSING SERVER OPERATING SYSTEMS

Chapter 7: SECURING A NETWORK INFRASTRUCTURE16 IDENTIFYING CLIENT AND SERVER DEFAULT SECURITY SETTINGS  Operating systems install with a default set of security settings.  These settings should be evaluated to determine whether they satisfy security requirements.  Windows Server 2003 is designed to be more secure in a default installation than are previous versions of Windows.  Operating systems install with a default set of security settings.  These settings should be evaluated to determine whether they satisfy security requirements.  Windows Server 2003 is designed to be more secure in a default installation than are previous versions of Windows.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE17 EVALUATING SECURITY SETTINGS  File System permissions  Share permissions  Registry permissions  Active Directory permissions  Account Policy settings  Audit policies  File System permissions  Share permissions  Registry permissions  Active Directory permissions  Account Policy settings  Audit policies

Chapter 7: SECURING A NETWORK INFRASTRUCTURE18 FILE SYSTEM PERMISSIONS file or folder’s ownership, permissions, and file system attributes N N T T F F S S F F o o l l d d e e r r P P e e r r m m i i s s s s i i o o n n E E n n a a b b l l e e s s t t h h e e U U s s e e r r o o r r G G r r o o u u p p T T o o Full ControlChange file/folder permissions, take ownership of files/folders, and delete subfolders and files, plus perform the actions permitted by all of the other NTFS permissions. ModifyModify or delete a file/folder, plus perform all actions permitted by the Write permission and the Read & Execute permission. Read & ExecuteRun applications; browse through folders to reach other files and folders, even if the user does not have permission to access those files/folders; and perform all actions permitted by the Read permission and the List Folder Contents permission. List Folder ContentsSee the names of files and subfolders in a folder. ReadRead a file; see the files and subfolders in a folder; and view a (such as Read-only, Hidden, Archive, and System). WriteOverwrite a file, create new files and subfolders within a folder, change a file or folder’s attributes, and view the file or folder’s ownership and permissions.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE19 SHARE PERMISSIONS

Chapter 7: SECURING A NETWORK INFRASTRUCTURE20 REGISTRY PERMISSIONS

Chapter 7: SECURING A NETWORK INFRASTRUCTURE21 ACTIVE DIRECTORY PERMISSIONS  Active Directory has over 25 standard permissions and 67 special permissions.  The following default permission assignments are made to cover most requirements:  Enterprise Admins Receives the Full Control permission for the entire forest  Domain Admins and Administrators Receives a selection of permissions that enables him or her to perform Active Directory object maintenance tasks within their domain  Authenticated Users Receives the Read permission for the entire domain, plus a small selection of very specific Modify permissions  Active Directory has over 25 standard permissions and 67 special permissions.  The following default permission assignments are made to cover most requirements:  Enterprise Admins Receives the Full Control permission for the entire forest  Domain Admins and Administrators Receives a selection of permissions that enables him or her to perform Active Directory object maintenance tasks within their domain  Authenticated Users Receives the Read permission for the entire domain, plus a small selection of very specific Modify permissions

Chapter 7: SECURING A NETWORK INFRASTRUCTURE22 ACCOUNT POLICY SETTINGS

Chapter 7: SECURING A NETWORK INFRASTRUCTURE23 AUDIT POLICIES

Chapter 7: SECURING A NETWORK INFRASTRUCTURE24 PLANNING A SECURITY UPDATE INFRASTRUCTURE  Understanding software update practices  Using Windows Update  Updating a network  Understanding software update practices  Using Windows Update  Updating a network

Chapter 7: SECURING A NETWORK INFRASTRUCTURE25 UNDERSTANDING SOFTWARE UPDATE PRACTICES  Microsoft distributes software updates in two forms:  Service pack A collection of patches and updates that have been tested as a single unit  Hotfix A small patch designed to address a specific issue  Microsoft recommends that service packs are installed on all applicable systems. Hotfixes should only be applied to systems that are experiencing a specific problem.  Microsoft distributes software updates in two forms:  Service pack A collection of patches and updates that have been tested as a single unit  Hotfix A small patch designed to address a specific issue  Microsoft recommends that service packs are installed on all applicable systems. Hotfixes should only be applied to systems that are experiencing a specific problem.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE26 USING WINDOWS UPDATE

Chapter 7: SECURING A NETWORK INFRASTRUCTURE27 UPDATING A NETWORK  Updating PCs on a network presents many challenges to the administrator.  A network security update infrastructure is a series of policies that are designed to help the administrator manage software and security updates on the network.  The security update infrastructure should specify procedures for the identification, testing, and deployment of software updates.  Updating PCs on a network presents many challenges to the administrator.  A network security update infrastructure is a series of policies that are designed to help the administrator manage software and security updates on the network.  The security update infrastructure should specify procedures for the identification, testing, and deployment of software updates.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE28 USING MBSA

Chapter 7: SECURING A NETWORK INFRASTRUCTURE29 TESTING SECURITY UPDATES  All updates, including those related to security, should be tested before they are implemented.  If possible, use a test system with a configuration similar to that of the system on which the update will be applied.  If a test system is not available, updates should be deployed progressively, and systems with the updates should be closely monitored.  All updates, including those related to security, should be tested before they are implemented.  If possible, use a test system with a configuration similar to that of the system on which the update will be applied.  If a test system is not available, updates should be deployed progressively, and systems with the updates should be closely monitored.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE30 USING MICROSOFT SOFTWARE UPDATE SERVICES

Chapter 7: SECURING A NETWORK INFRASTRUCTURE31 SECURING A WIRELESS NETWORK  Wireless networks are becoming increasingly popular as related hardware becomes more affordable, and companies begin to realize the flexibility that wireless networks offer.  Wireless networks present more and different security challenges than their wired counterparts.  Wireless networks are becoming increasingly popular as related hardware becomes more affordable, and companies begin to realize the flexibility that wireless networks offer.  Wireless networks present more and different security challenges than their wired counterparts.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE32 UNDERSTANDING WIRELESS NETWORKING STANDARDS  Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).  Three standard have been defined:  b The current standard. Offers speeds up to 11 Mbps.  a In development. Uses different frequency ranges than b. Offers speeds up to 54 Mbps.  g Uses the same frequency ranges as b. Offers speeds up to 54 Mbps.  Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).  Three standard have been defined:  b The current standard. Offers speeds up to 11 Mbps.  a In development. Uses different frequency ranges than b. Offers speeds up to 54 Mbps.  g Uses the same frequency ranges as b. Offers speeds up to 54 Mbps.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE33 WIRELESS NETWORKING TOPOLOGIES

Chapter 7: SECURING A NETWORK INFRASTRUCTURE34 UNDERSTANDING WIRELESS NETWORK SECURITY  Wireless networking presents security risks that are not present when using traditional wired networks.  Logical security becomes of paramount concern, as physical security measures are not necessarily preventative.  Two main concerns when using wireless networks are unauthorized access and data interception.  Wireless networking presents security risks that are not present when using traditional wired networks.  Logical security becomes of paramount concern, as physical security measures are not necessarily preventative.  Two main concerns when using wireless networks are unauthorized access and data interception.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE35 CONTROLLING WIRELESS ACCESS USING GROUP POLICIES

Chapter 7: SECURING A NETWORK INFRASTRUCTURE36 AUTHENTICATING USERS  Open system authentication  Shared key authentication  IEEE 802.1x authentication  Open system authentication  Shared key authentication  IEEE 802.1x authentication

Chapter 7: SECURING A NETWORK INFRASTRUCTURE37 OPEN SYSTEM AUTHENTICATION  The default authentication method used by IEEE devices.  Despite the name, it offers no actual authentication.  A device configured to use Open System authentication will not refuse authentication to another device.  The default authentication method used by IEEE devices.  Despite the name, it offers no actual authentication.  A device configured to use Open System authentication will not refuse authentication to another device.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE38 SHARED KEY AUTHENTICATION  Devices authenticate each other using a secret key that both possess.  The key is shared before authentication using a secure channel.  All the computers in the same BSS must possess the same key.  Devices authenticate each other using a secret key that both possess.  The key is shared before authentication using a secure channel.  All the computers in the same BSS must possess the same key.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE39 IEEE 802.1X AUTHENTICATION  The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 LAN.  Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.  RADIUS typically uses one of the following two authentication protocols:  Extensible Authentication Protocol-Transport Level Security (EAP-TLS)  Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2)  The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 LAN.  Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.  RADIUS typically uses one of the following two authentication protocols:  Extensible Authentication Protocol-Transport Level Security (EAP-TLS)  Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2)

Chapter 7: SECURING A NETWORK INFRASTRUCTURE40 ENCRYPTING WIRELESS TRAFFIC  The IEEE standard uses an encryption mechanism called Wired Equivalent Privacy (WEP) to secure data while in transit.  WEP uses the RC4 cryptographic algorithm developed by RSA Security, Inc.  WEP allows the key length, as well as the frequency with which the systems generate new keys, to be configured.  The IEEE standard uses an encryption mechanism called Wired Equivalent Privacy (WEP) to secure data while in transit.  WEP uses the RC4 cryptographic algorithm developed by RSA Security, Inc.  WEP allows the key length, as well as the frequency with which the systems generate new keys, to be configured.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE41 SECURING REMOTE ACCESS  Determining security requirements  Controlling access using dial-in properties  Planning authentication  Using remote access policies  Determining security requirements  Controlling access using dial-in properties  Planning authentication  Using remote access policies

Chapter 7: SECURING A NETWORK INFRASTRUCTURE42 DETERMINING SECURITY REQUIREMENTS  Which users require remote access?  Do users require different levels of remote access?  Do users need access to the entire network?  What applications must users run?  Which users require remote access?  Do users require different levels of remote access?  Do users need access to the entire network?  What applications must users run?

Chapter 7: SECURING A NETWORK INFRASTRUCTURE43 CONTROLLING ACCESS USING DIAL-IN PROPERTIES

Chapter 7: SECURING A NETWORK INFRASTRUCTURE44 PLANNING AUTHENTICATION

Chapter 7: SECURING A NETWORK INFRASTRUCTURE45 USING RADIUS  Windows Server 2003 with IAS can be a RADIUS server or a RADIUS proxy.  When configured as a RADIUS server, the computer receiving the authentication request will process and authorize the connection request.  When configured as a RADIUS proxy, the authenti- cation request is forwarded to the configured RADIUS server.  Windows Server 2003 with IAS can be a RADIUS server or a RADIUS proxy.  When configured as a RADIUS server, the computer receiving the authentication request will process and authorize the connection request.  When configured as a RADIUS proxy, the authenti- cation request is forwarded to the configured RADIUS server.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE46 SELECTING AN AUTHENTICATION PROTOCOL

Chapter 7: SECURING A NETWORK INFRASTRUCTURE47 USING REMOTE ACCESS POLICIES  Sets of conditions that users must meet before RRAS authorizes them to access the server or the network  Can be configured to limit user access based on group memberships, day and time restrictions, and many other criteria  Can specify what authentication protocol, and what type of encryption clients must use  Policies can be created based on type of connection, such as dial-up, VPN, or wireless  Sets of conditions that users must meet before RRAS authorizes them to access the server or the network  Can be configured to limit user access based on group memberships, day and time restrictions, and many other criteria  Can specify what authentication protocol, and what type of encryption clients must use  Policies can be created based on type of connection, such as dial-up, VPN, or wireless

Chapter 7: SECURING A NETWORK INFRASTRUCTURE48 REMOTE ACCESS POLICY COMPONENTS  Conditions  Specific attributes that the policy uses to grant or deny authorization to a user. If more than one condition is defined, the user must meet all the conditions before the server can grant access.  Remote access permission  Defines whether the user is allowed to connect to the system through a remote access connection.  Remote access profile  A set of attributes applied to a client once it has been authenticated and authorized.  Conditions  Specific attributes that the policy uses to grant or deny authorization to a user. If more than one condition is defined, the user must meet all the conditions before the server can grant access.  Remote access permission  Defines whether the user is allowed to connect to the system through a remote access connection.  Remote access profile  A set of attributes applied to a client once it has been authenticated and authorized.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE49 CREATING REMOTE ACCESS POLICIES

Chapter 7: SECURING A NETWORK INFRASTRUCTURE50 CHAPTER SUMMARY  When selecting operating systems for servers, you can choose the platform best suited to the server’s role. When selecting workstation operating systems, standardization takes precedence over specialization.  When you install Windows Server 2003 or Windows XP Professional, the operating system Setup program configures a number of security settings with default values that you can either keep or modify.  Microsoft releases updates for its operating systems and applications. Major updates are called service packs. Individual updates are called hotfixes.  MBSA is a tool that scans computers on a network and examines them for security vulnerabilities.  When selecting operating systems for servers, you can choose the platform best suited to the server’s role. When selecting workstation operating systems, standardization takes precedence over specialization.  When you install Windows Server 2003 or Windows XP Professional, the operating system Setup program configures a number of security settings with default values that you can either keep or modify.  Microsoft releases updates for its operating systems and applications. Major updates are called service packs. Individual updates are called hotfixes.  MBSA is a tool that scans computers on a network and examines them for security vulnerabilities.

Chapter 7: SECURING A NETWORK INFRASTRUCTURE51 CHAPTER SUMMARY (continued)  SUS is a tool that streamlines the approval and implementation of software updates.  Most wireless LANs today are based on the standards published by the IEEE. WLANs present additional security risks over wired networks.  To secure a wireless network, you must authenticate the clients before they are granted network access, and encrypt all packets transmitted over the wireless link.  To determine the security requirements you need for your remote access server, determine which users need access and what type of access they need.  Remote access policies are sets of conditions that must be met by remote clients attempting to connect to the Routing and Remote Access server.  SUS is a tool that streamlines the approval and implementation of software updates.  Most wireless LANs today are based on the standards published by the IEEE. WLANs present additional security risks over wired networks.  To secure a wireless network, you must authenticate the clients before they are granted network access, and encrypt all packets transmitted over the wireless link.  To determine the security requirements you need for your remote access server, determine which users need access and what type of access they need.  Remote access policies are sets of conditions that must be met by remote clients attempting to connect to the Routing and Remote Access server.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.