Presentation is loading. Please wait.

Presentation is loading. Please wait.

5 Windows-Security Provisions 5 User memory –User programs and applications LSA Local Security Authority –Security validation Win32 Subsystem –Access to.

Published byTodd Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "5 Windows-Security Provisions 5 User memory –User programs and applications LSA Local Security Authority –Security validation Win32 Subsystem –Access to."— Presentation transcript:

1 5 Windows-Security Provisions 5 User memory –User programs and applications LSA Local Security Authority –Security validation Win32 Subsystem –Access to hardware Kernel mode memory –Windows kernel (OS) –Device drivers User mode memory Kernel mode memory Hardware LSA Win32 Subsystem Device drivers

2 Windows Security Features Internet Connection FirewallICF –Personal Firewall. Secures a single system. Loggs Session Initiation Protocol SIP –Provides a secure pathway for real time applications. Blank password restrictions Software restriction policies –Software can be isolated using GPO Users and Groups as in W2K Access Control List as in W2K ACL Auditing for all objects SACL User rights –Permission to perform an action. Group Policy Object GPO –Are used to control security features –There are templates –GPMC (Group Policy Management Console from MS) –Gpupdate /?

3 Security Features Cont. New technology File System as in W2K NTFS Encrypting File SystemEFS Kerberos authentication Virtual Private NetworkVPN –PPTP, L2TP, IPSec Public Key Infrastructure and Certificate servicePKI & CA Delegation per OU-basis External Authentication C2-security Active Directory AD CryptoAPI Microsoft Internet Security and Acceleration ServerISA-server –Firewall –Cache

4 Securing applications IIS ‘problem’ Web-server (‘Stand-alone’) –HTML –Server-side processing –Scripting Languages –Database connectivity –Other dynamic contents FTP-server (‘Stand-alone’) –Clear text password

5 Securing applications: Web Use Patches and fixes Remove the default site Remove all the extension mappings that you don’t need. Change the ODBC settings in registry HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\engines\SandboxMode to a value of 3 (Default is 2) Move the wwwroot directory to another drive then OS

6 Securing applications: FTP Work as you do with the Web security Mail Use Cryptography if it’s possibly (SSL, VPN, IPSec, …) Use SPAM-filter DNS Use External & Internal DNS if possible. Lookout for Record poisoning. –Dynamic updates –Cache poisoning Lookout for Zone transfers. Limit Zone transfer and DNS updates.

7 Securing Web & E-mail Using SSL & TSL SSL (Secure Sockets Layer) –CPU-intensive (2-100 times slower) –Only TCP TSL (Transport Layer Security) –Makes a tunnel for communication HTTPS (port 443) –MS IIS (Web-server) with SSL Windows SMTP service with SSL

8 Certificate Service Windows Two types: 1.Enterprise (require AD) Computers in the AD will trust the root CA 2.Stand-alone (basic type) Does not support logon certificates. Certificate requests are set to pending and admin has to issue the certificate. For use in a Stand-alone server.

9 Certificate Service Windows 1.Install Certificate service. 2.Configurate CA (Certificate Authority). 3.Set up the policy (CRL and so on). 4.Create Certificate templates. 5.Enable Certificate templates. 6.Certificate enrollment.

10 IPSec IPSec ’works’ on layer 3. => under TCP, UDP, ICMP,… => Transparent for applications! => Will protect every application as: Remote login, Client/server, email, FTP, Web and so on. There is special hardware from Intel, 3com, Cisco, and other, just to unload the IPSec processing from the CPU.

11 IPSec Two protocols: –AH Authentication Header –ESPEncapsulated Security Payload Two modes: –Transport mode –Tunnel mode IKE – Protocol for connecting Creates SA Security Association (Key, Used protocol, Destination IP…) If you want duplex you need two SA’s SPI – Holds used SA (SPI=32bit value in every IP-header) Anti-replay service 0-(32bitar-1) window=64

12 Intrusion Detecting System IDS Tar vid där FW slutar på “insidan” och övervakar trafiken innanför. I samma dator som känsliga data Nätverksbaserat – Ett antal agenter som samlar data till en central som analyserar. Två Principer: 1.Anomali-detektion. 2.Missbruks-detektion. (IDS kan fungera enligt båda men vanligast bara som en av principerna) IPIP http://www.snort.org/

13 Intrusion Detecting System IDS 1.Noggrann statistik över “normalt” beteende. Larm om något ovanligt inträffar. Sällan använda anrop. Extremt mycket trafik. -Risk för falsklarm +Angreppsmetod behöver inte var känd. 2.Larmar på kända typer av attacker -Stor ‘databas’ krävs, måste uppdateras ofta. +Falsklarm ovanligt.

14 Time W2K*, W2K, XP uses Windows Time Service, the time comes from the AD- server and the KDC (Kerberos Key Distribution Center) there. (KDC also includes Authentication Server and Ticket Granting Server) Kerberos uses SNTP (Simple Network Time Protocol) for synchronization.

15 Stratum1 Stratum Stratum2 Vanlig server ~100 Justera den egna klockan Beräkna driften av den egna klockan net time /setsntp: serverlist ”ntp1.sp.se ntp1.sth.netnod.se” net time /querysntp http://www.sp.se/metrology/timefreq/eng/tandf.htm

16 The end !

17 *VPN Virtual Private Network L2TP, PPTP

18 *Microsoft ISA (Internet Security and Acceleration Server) Firewall/Cache

19 Mer Vulnerability (Sårbarheter,säkerhetshål/Svagheter)?

Download ppt "5 Windows-Security Provisions 5 User memory –User programs and applications LSA Local Security Authority –Security validation Win32 Subsystem –Access to."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Network Security.

Network Security.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.

Similar presentations

Ads by Google