Presentation is loading. Please wait.

Presentation is loading. Please wait.

HARDENING CLIENT COMPUTERS

Published byLenard Malone Modified over 6 years ago

Similar presentations

Presentation on theme: "HARDENING CLIENT COMPUTERS"— Presentation transcript:

1 HARDENING CLIENT COMPUTERS
Chapter 8 HARDENING CLIENT COMPUTERS

2 OPERATING SYSTEM SECURITY FEATURES
Chapter 8: Hardening Client Computers OPERATING SYSTEM SECURITY FEATURES Microsoft Windows 98/Windows Me Windows NT 4.0 Windows 2000 Professional Windows XP with Service Pack 2

3 DESIGNING CLIENT SECURITY TEMPLATES
Chapter 8: Hardening Client Computers DESIGNING CLIENT SECURITY TEMPLATES Create a custom security template for each client role: Desktop Laptop Kiosk Base custom templates on default workstation templates Never modify default security templates

4 DESIGNING A CLIENT COMPUTER OU MODEL
Chapter 8: Hardening Client Computers DESIGNING A CLIENT COMPUTER OU MODEL Create OUs for different operating system versions Avoid using Windows Management Instrumentation (WMI) filtering Create OUs for different computer roles Create OUs for organizations with special security requirements Use security groups to apply GPOs to cross-sections of client computers

5 CLIENT COMPUTER OU MODEL SAMPLE 1
Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 1

6 CLIENT COMPUTER OU MODEL SAMPLE 2
Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 2

7 CLIENT COMPUTER OU MODEL SAMPLE 3
Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 3

8 THIRD-PARTY SECURITY SOFTWARE
Chapter 8: Hardening Client Computers THIRD-PARTY SECURITY SOFTWARE Antivirus protection Antispyware protection Network backups Host-based firewalls for earlier versions of Windows

9 DESIGNING SOFTWARE RESTRICTION POLICIES
Chapter 8: Hardening Client Computers DESIGNING SOFTWARE RESTRICTION POLICIES Hash rules Certificate rules Path rules Internet zone rules

10 RESTRICTING THE DESKTOP ENVIRONMENT
Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT Windows components The Start menu The desktop The Control Panel

11 RESTRICTING THE DESKTOP ENVIRONMENT (CONT.)
Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT (CONT.) Shared folders The network System settings Printers

12 RESTRICTING THE START MENU: BEFORE
Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: BEFORE

13 RESTRICTING THE START MENU: AFTER
Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: AFTER

14 PROTECTING DESKTOP COMPUTERS
Chapter 8: Hardening Client Computers PROTECTING DESKTOP COMPUTERS Grant users only local User privileges or less Remove unnecessary items from the desktop and the Start menu Leverage the Hisecws.inf security template Use Group Policy settings to rename default accounts

15 PROTECTING MOBILE COMPUTERS
Chapter 8: Hardening Client Computers PROTECTING MOBILE COMPUTERS At greater risk than desktop computers, mobile computers might be: Stolen Damaged Used for personal use Mobile computers require greater flexibility than desktop computers: Connect to home networks and wireless hotspots Users might need to install printer drivers Mobile computers use EFS to protect confidential files

16 Chapter 8: Hardening Client Computers
PROTECTING KIOSKS Very likely to be abused Should be extremely restricted Should not be connected to the internal network

17 Chapter 8: Hardening Client Computers
THE .NET FRAMEWORK Next-generation application environment: Required for many new applications Dramatically more secure Included with Windows Server 2003 Free download for earlier operating systems

18 Chapter 8: Hardening Client Computers
CAS OVERVIEW Role-based security restricts what users can do CAS restricts what applications can do Grants access to the file system, registry, printers, the network, and other resources based on permissions assigned to an application Enables you to run potentially malicious applications safely Works only with .NET Framework applications

19 Chapter 8: Hardening Client Computers
CAS AT WORK

20 Chapter 8: Hardening Client Computers
CAS ELEMENTS Evidence Permission Permission set Code groups

21 CAS AND OPERATING SYSTEM SECURITY
Chapter 8: Hardening Client Computers CAS AND OPERATING SYSTEM SECURITY

22 GUIDELINES FOR USING CAS
Chapter 8: Hardening Client Computers GUIDELINES FOR USING CAS Use the principle of least privilege Test applications thoroughly after restricting CAS Push developers to use the .NET Framework Encourage software vendors to migrate to the .NET Framework

23 Chapter 8: Hardening Client Computers
SUMMARY Earlier versions of Windows lack important security features Use security templates and GPOs to implement client security Create different configuration settings for client roles, operating systems, and security requirements Use .NET Framework and CAS to reduce the risks of malicious or vulnerable software

Download ppt "HARDENING CLIENT COMPUTERS"

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

Similar presentations

Ads by Google