Module 7: Designing Security for Accounts and Services.

Slides:



Advertisements
Similar presentations
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Appendix B: Designing Policies for Managing Networks.
Module 4: Implementing User, Group, and Computer Accounts
Information Security Policies and Standards
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
Module 8: Implementing Administrative Templates and Audit Policy.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Microsoft ® Official Course Module 9 Configuring Applications.
Securing Windows Servers Using Group Policy Objects
Storage Security and Management: Security Framework
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Designing Active Directory for Security
Managing User and Service Accounts
Configuring Encryption and Advanced Auditing
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Securing AD DS Module A 3: Securing AD DS
Module 7: Fundamentals of Administering Windows Server 2008.
Security Planning and Administrative Delegation Lesson 6.
Microsoft ® Virtual Academy Module 3 Understanding Security Policies Christopher Chapman | Content PM, Microsoft Thomas Willingham | Content Developer,
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Appendix C: Designing an Operations Framework to Manage Security.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Hands-On Threat Modeling with Trike v1. Generating Threats.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Module 11: Designing Security for Network Perimeters.
Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.
TCOM Information Assurance Management System Hacking.
Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Security and Security Permissions Lesson Nine.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Module 2: Designing Network Security
Module 10: Implementing Administrative Templates and Audit Policy.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
Chapter 1: Security Governance Through Principles and Policies
Module 3 l Objectives –Identify the security risks associated with specific NT Services –Understand the risk introduced by specific protocols –Identify.
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Security Principles.
Understanding Security Policies Lesson 3. Objectives.
Module 5: Designing Physical Security for Network Resources
Understanding Security Policies
Nassau Community College
Managing User and Service Accounts
Chapter One: Mastering the Basics of Security
Evaluating Existing Systems
Evaluating Existing Systems
Module 1: Introduction to Designing Security
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Windows Active Directory Environment
Understanding Security Policies
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Module 7: Designing Security for Accounts and Services

Overview Creating a Security Plan for Accounts Creating a Security Plan for Services Creating a Design for Security of Accounts and Services

Lesson 1: Creating a Security Plan for Accounts MSF and Security of Accounts STRIDE Threat Model and Security of Accounts Activity: Identifying Threats to Accounts

MSF and Security of Accounts The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Identify the level of trust for accounts: External users Internal users Administrators Decide which locations your plan will help to protect Identify the level of trust for accounts: External users Internal users Administrators Plan Envision

STRIDE Threat Model and Security of Accounts Sharing or writing down of passwords by users Spoofing Weak passwords Tampering Passwords are stored on computers Repudiation Use of an administrator account for non-administrative tasks Information disclosure Services that do not run as the system account Denial of service Users who have local administrator privileges Elevation of privilege

Activity: Identifying Threats to Accounts In this practice you will: Read the scenario Answer the questions Discuss with the class Read the scenario Answer the questions Discuss with the class

Lesson 2: Creating a Security Plan for Services MSF and Security of Services Considerations When Securing Services STRIDE Threat Model and Security of Services Practice: Identifying Threats to Services

MSF and Security of Services The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that you use: The Local Service account The Network Service account Decide which locations your plan will help to protect Ensure that you use: The Local Service account The Network Service account Plan Envision

Follow the three core principles: Considerations When Securing Services Know your system Use the principle of least privilege Use the principle of least service Know your system Use the principle of least privilege Use the principle of least service

STRIDE Threat Model and Security of Services Security exposure occurs whenever you configure a service to log on as a user Spoofing The potential for exploitation increases with each poorly secured server Tampering If an attacker steals the user name and password used by a service, they can gain access to other servers Repudiation The larger the scope of privilege, the greater the number of resources at risk Information disclosure The scope of the vulnerability to the network is all the computers residing in the domain Denial of service Domain administrator credentials create transitive opportunities for escalation across the domain Elevation of privilege

Practice: Identifying Threats to Services Create a list of services currently running on Windows Server 2003 View a list of default services on Windows Server 2003

Lesson 3: Creating a Design for Security of Accounts and Services Securing Accounts Securing Services Considerations for Password Policies

Securing Accounts To secure accounts: Define levels of trust Develop processes for creating and deleting accounts Develop processes for rights/permissions for accounts Develop processes for enforcing and monitoring Develop processes for using administrative accounts Define levels of trust Develop processes for creating and deleting accounts Develop processes for rights/permissions for accounts Develop processes for enforcing and monitoring Develop processes for using administrative accounts

To secure services: Audit all servers to determine essential services Determine which services must run Eliminate all domain admin accounts for services Use a least privilege hierarchy for service deployment Manage service account password changes Enforce strong passwords Audit all servers to determine essential services Determine which services must run Eliminate all domain admin accounts for services Use a least privilege hierarchy for service deployment Manage service account password changes Enforce strong passwords Securing Services

Configure the following password policy settings: Considerations for Password Policies Maximum password age Enforce password history Minimum password age Minimum password length Passwords must meet complexity requirements Account lockout Maximum password age Enforce password history Minimum password age Minimum password length Passwords must meet complexity requirements Account lockout

Lab: Designing Security for Accounts and Services Exercise 1 Identifying Potential Account Vulnerabilities Exercise 2 Implementing Countermeasures

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.