4.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Chapter 13 Securing Windows Server 2008
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Internet Protocol Security (IPSec)
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Configuring Active Directory Certificate Services Lesson 13.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Securing Windows Servers Using Group Policy Objects
Windows Server 2008 Chapter 10 Last Update
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 6: Windows XP Security and Access Controls.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Hands-On Microsoft Windows Server 2008
6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Chapter 13 – Network Security
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Designing Active Directory for Security
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Module 9: Fundamentals of Securing Network Communication.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Module 7: Implementing Security Using Group Policy.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
NetTech Solutions Security and Security Permissions Lesson Nine.
Creating and Managing Digital Certificates Chapter Eleven.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Configuring Windows Firewall with Advanced Security
Module 8: Securing Network Traffic by Using IPSec and Certificates
Goals Introduce the Windows Server 2003 family of operating systems
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Public Key Infrastructure  Enables users of unsecured networks to securely exchange data  Supports and enhances authentication and encryption  Key security concepts  Public key cryptography  Certificates  Certification Authorities (CAs)  Encrypting File System (EFS)  Internet Protocol Security (IPSec) Introducing Public Key Infrastructure (Skill 1)

4.2 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Public key cryptography  Uses a key pair called a public key and a private key  The keys are mathematically related so that messages encrypted with the public key can be decrypted with the corresponding private key  The public key is widely disseminated  The private key is issued only to an authorized user and must be kept secure  A certificate is a digitally signed document that functions as a component of PKI  Certification Authority (CA) signs the certificate confirming that the private key linked to the public key in the certificate is owned by the subject named in the certificate  EFS (Encrypting File System) uses certificate/key pairs to encrypt files on NTFS volumes and partitions Introducing Public Key Infrastructure (2) (Skill 1)

4.3 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-1 Public key cryptography (Skill 1)

4.4 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-2 Digital signatures (Skill 1)

4.5 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-3 IPSec (Skill 1)

4.6 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-4 The data encryption process (Skill 2)

4.7 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 IP Security (IPSec) policies  Use both asymmetric and symmetric encryption to secure data transmitted across a network  Use two main security mechanisms  Authentication Header (AH) is used for authentication and data integrity purposes; does not provide encryption  Encapsulating Security Payload (ESP) is used to transmit encrypted data IPSec  Can be used on an intranet and to secure Internet communications  Performs three main functions  Authentication  Packet filtering  Tunneling (encapsulation) Working with IPSec (Skill 3)

4.8 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-7 The IP Security Policies on Local Computer node in the Group Policy snap-in (Skill 3)

4.9 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-8 The IP Security Policies snap-in (Skill 3) The IP Security Policies snap-in configured to manage the Active Directory domain of which the computer is a member

4.10 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-9 The predefined IPSec policies (Skill 3) Clients will be requested to provide security using authentication mechanisms, but communication with unsecured clients will not be denied The client does not request a secure session, but it will provide one if asked Unsecured communications with untrusted computers will be blocked

4.11 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  IPSec can only be configured by administrators  IPSec policies can apply to the local computer or can be configured for a site, OU, or domain  Preconfigured policy templates  Client (Respond Only): Client does not request a secure session, but will provide one if asked  Server (Request Security): Always attempts to provide secure communication by requesting security using Kerberos trust from other computers  Secure Server (Require Security): Ensures that all communication is encrypted, which may minimize the number of client computers with which you can communicate over a network, because all communications must be secured Working with IPSec (2) (Skill 3)

4.12 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure Editing an existing IP security rule (Skill 3) Click to open the Edit Rule Properties dialog box and edit the IP security rule

4.13 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  IPSec operates in either tunnel mode or transport mode  Tunnel mode  Used to create a secure IPSec tunnel through which data can travel from one end to the other  The message, message header, and routing information are all encrypted  Transport mode  The default mode  Only the data itself is encrypted  Not as secure as tunnel mode  You configure rules for IPSec policies to regulate how they will be applied and under what circumstances. Examples:  Tunnel Setting  Authentication Methods: Kerberos (default), certificates from a trusted CA, or pre-shared key  Connection Type  IP Filter List is used to designate to what type of traffic the rule applies  Filter Action is security method that is applied when the traffic matches on of the three main policies Working with IPSec (3) (Skill 3)

4.14 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure Primary components of Kerberos (Skill 5)

4.15 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Account policies are used to set the user account properties that control the logon process  Account Lockout policies  Prevent users from trying to guess passwords  Configuration settings  Account lockout threshold  Account lockout duration  Reset account lockout counter after  Password policies  Specify how users manage their passwords  Options include requiring passwords to follow complexity rules or defining when a password needs to be changed Implementing Account Policy (Skill 6)

4.16 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Kerberos policies  Applicable to domain user accounts or computer accounts  Policy settings  Enforce user logon restrictions  Maximum lifetime for service ticket  Maximum lifetime for user ticket  Maximum lifetime for user ticket renewal  Maximum tolerance for computer clock synchronization Implementing Account Policy (2) (Skill 6)

4.17 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Kerberos policies (Skill 6)

4.18 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Account lockout threshold Properties dialog box (Skill 6) Set the number of unsuccessful logon attempts that will be allowed

4.19 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Suggested Value Changes dialog box (Skill 6)

4.20 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Enforce password history Properties dialog box Figure The Minimum password length Properties dialog box (Skill 6)

4.21 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Maximum lifetime for service ticket Properties dialog box (Skill 6)

4.22 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Security Options  Used to set over 65 types of security policy settings for a computer, OU, domain, or site  Are divided into 14 categories depending on their function Implementing Security Options (Skill 8)  Accounts  Audit  Devices  Domain controller  Domain member  Interactive logon  Microsoft network client  Network access  Network security  Recovery Console  Shutdown  System cryptography  System objects  System settings

4.23 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure Security Options (Skill 8)

4.24 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Accounts: Rename guest account Properties dialog box (Skill 8)

4.25 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Interactive logon: Do not display last user name Properties dialog box (Skill 8)

4.26 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Shutdown: Allow system to be shut down without having to log on Properties dialog box (Skill 8)

4.27 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  User rights assignments are configured to designate the tasks a user or group is allowed to perform either on an individual system or on a domain  User rights are divided into two categories  Logon rights are assigned to designate who can log on to a computer and how they can log on  Privileges permit users to interact with the operating system and with system-wide resources Configuring User Rights Assignments (Skill 9)

4.28 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure User Rights Assignment (Skill 9)

4.29 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Administrative Template policy settings customize the settings used by the clients that access a Windows Server 2003 network  Advantages of using Administrative Template policy settings  To improve security  To supply a consistent working environment for all clients Configuring Client Security (Skill 10)

4.30 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The User Configuration\Administrative Templates node (Skill 10)

4.31 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Security templates can include password and account lockout policies, local security policies, user rights assignments, Registry key security, group memberships, and permissions for the local file system  On a domain-based network, you can apply a security template to a Group Policy object so that all of the settings are put into operation on a site, domain or OU  All security attributes, except IPSec and Public Key policies, can be stored in a security template Working with Security Tools and Templates (Skill 11)

4.32 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The Add Standalone Snap-in dialog box (Skill 11)

4.33 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The default security templates in the Security Templates snap-in (Skill 11)

4.34 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure Analyzed Password Policy (Skill 11) Policies with a green check mark meet the requirements for a secure server; policies with a red X do not

4.35 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Secedit tool  Performs most of the same functions as the Security Template and Security Configuration and Analysis snap-ins  It is particularly useful on a domain-based system to perform analyses on a large number of computers at the same time  Security templates can be applied only to Windows 2000, XP Professional, and Windows Server 2003 computers as some of the security settings are not compatible with earlier versions of the operating system, particularly those related to encryption Working with Security Tools and Templates (3) (Skill 11)

4.36 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure The configured Security Options policies (Skill 11)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.