Download presentation
Presentation is loading. Please wait.
1
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Preparing for the Windows 8.1 MCSA Module 6: Securing Windows 8.1 Devices
2
Course Outline Module 1: Overview of Preparing for Windows 8.1 MCSA
Module 2: Installing & Upgrading to Windows 8.1 Module 3: Configuring & Managing Windows 8.1 Module 4: Implementing an Application Strategy for Windows 8.1 Module 5: Managing Devices & Resource Access Module 6: Securing Windows 8.1 Devices
3
Module Overview Configuring Windows Firewall 20689C
1: Windows 8.1 in an Enterprise Environment Module Overview Configuring Windows Firewall
4
Authentication and Authorization in Windows 8.1
6: Securing Windows 8.1 Devices Authentication and Authorization in Windows 8.1 Integrating Virtual Smart Cards into the Authentication Process Demonstration: Configuring a Picture Password or PIN for Authentication
5
What Are Authentication and Authorization?
6: Securing Windows 8.1 Devices What Are Authentication and Authorization? Are you on the list? Authorization: Determining whether someone has the permission to access a resource Who are you? Authentication: Verifying the identity of someone User Resource What does the list say you can do? Access: Determining what actions someone can perform on the resource based on the permission levels
6
The Process of Authentication and Authorization
6: Securing Windows 8.1 Devices The Process of Authentication and Authorization Windows authentication method Description Kerberos protocol* Used by Windows 8.1 clients and servers that are running Windows Server 2000 or newer NTLM Used for backward compatibility with computers that are running pre–Windows operating systems and some applications Certificate mapping Certificates are used as authentication credentials *Recommended authentication protocol for Windows 8.1 clients
7
The Process of Authentication and Authorization (cont.)
6: Securing Windows 8.1 Devices The Process of Authentication and Authorization (cont.) Kerberos offers Windows 8.1 clients the following advantages over other protocols: Ubiquity – widely used, supported, and trusted Password protection – remains secret, never transmitted Mutual authentication – requires client/server handshake Ticket lifespan – tickets time stamped and expire Standards based – based on open Internet standards
8
Using Biometrics for Authentication
6: Securing Windows 8.1 Devices Using Biometrics for Authentication
9
Using Biometrics for Authentication
6: Securing Windows 8.1 Devices Using Biometrics for Authentication Biometric functionality in Windows 8.1 Captures biometric scans Helps securely store biometric information Biometrics can be mapped to IDs Extensible via WBF API Biometric management in Windows 8.1 Fingerprint management application Device Manager GPOs Credential Provider support
10
Using Biometrics for Authentication (cont.)
6: Securing Windows 8.1 Devices Using Biometrics for Authentication (cont.) Picture passwords in Windows 8.1 New and easier way to sign in for touch devices Multiple gestures options add complexity Lockout after five incorrect attempts Disabled in remote and network scenarios PIN passwords in Windows 8.1 Familiar concept Fast and fluid, yet personal 10,000 unique combinations
11
Integrating Virtual Smart Cards into the Authentication Process
6: Securing Windows 8.1 Devices Integrating Virtual Smart Cards into the Authentication Process The Virtual Smart Card functionality in Windows 8.1 Requires TPM 1.2 or higher Protected by certificates Multifactor authentication Requires PIN to unlock tpmvscmgr.exe management tool
12
Configuring a Picture Password or PIN for Authentication
Demo Configuring a Picture Password or PIN for Authentication
13
Configuring User Account Control (UAC)
6: Securing Windows 8.1 Devices Configuring User Account Control (UAC) Guidelines for Implementing UAC Demonstration: Configuring UAC with GPOs
14
20689C 6: Securing Windows 8.1 Devices What Is UAC? UAC is a security feature that simplifies the ability of users to run as standard users and perform all necessary daily tasks When a user signs in as a standard user, the experience is much more secure and reliable than it is when they sign in with an administrative account UAC prompts a user for an administrative user’s credentials if a task requires administrative permissions Windows 8.1 increases user control of the prompting experience
15
20689C 6: Securing Windows 8.1 Devices What Is UAC? (cont.)
16
20689C 6: Securing Windows 8.1 Devices How UAC Works In Windows 8.1, what happens when a user performs a task that requires administrative privileges? Standard users UAC prompts the user for the credentials of a user with administrative privileges Administrative users UAC prompts the user for permission to complete the task
17
Configuring UAC Notification Settings
6: Securing Windows 8.1 Devices Configuring UAC Notification Settings UAC elevation prompt settings include the following: Never notify me Notify me only when apps try to make changes to my computer (do not dim my desktop) Notify me only when apps try to make changes to my computer (default) Always notify me
18
Configuring UAC Notification Settings (cont.)
6: Securing Windows 8.1 Devices Configuring UAC Notification Settings (cont.)
19
Guidelines for Implementing UAC
6: Securing Windows 8.1 Devices Guidelines for Implementing UAC Windows 8.1 UAC guidelines: Maintain default (recommended) UAC setting Users should not disable UAC Educate users and administrators Use UAC for all users and in all environments
20
Configuring UAC with GPOs
Demo Configuring UAC with GPOs
21
Configuring Windows Firewall
6: Securing Windows 8.1 Devices Configuring Windows Firewall Guidelines for Implementing Windows Firewall Demonstration: Configuring Inbound and Outbound Rules by Using GPOs
22
Understanding Network Sharing Profiles
20689C 6: Securing Windows 8.1 Devices Understanding Network Sharing Profiles Windows 8.1 uses network location awareness to uniquely identify connected networks Networks can be classified as one of three network sharing profile types: Domain network Private network Public network
23
Configuring Basic Firewall Settings
6: Securing Windows 8.1 Devices Configuring Basic Firewall Settings In Control Panel, you can perform several basic Windows Firewall configuration tasks: Configure network sharing profiles Turn Windows Firewall on or off Add, change, or remove allowed programs Configure Windows Firewall notifications
24
Windows Firewall with Advanced Security Settings
6: Securing Windows 8.1 Devices Windows Firewall with Advanced Security Settings With Windows Firewall with Advanced Security, you can configure advanced firewall settings
25
Managing Windows Firewall with Advanced Security by Using GPOs
6: Securing Windows 8.1 Devices Managing Windows Firewall with Advanced Security by Using GPOs
26
20689C Managing Windows Firewall with Advanced Security by Using Windows PowerShell 6: Securing Windows 8.1 Devices
27
Configuring Inbound and Outbound Rules by Using GPOs
Demo Configuring Inbound and Outbound Rules by Using GPOs
28
Microsoft Official Courses (MOC)
Configuring Windows 8.1 (20687) Supporting Windows 8.1 (20688) Upgrading Your Skills to MCSA Windows 8.1 (20689) Microsoft Learning:
29
TechNet Virtual Labs Deep technical content and free product evaluations Hands-on deep technical labs Free, online, technical courses At the TechNet Evaluation Center you can download free, trial versions of Microsoft software, with no feature limits. Dozens of trials are available – all at no cost. Try Windows Server 2012 for up to 180 days. Download the Windows 8 Enterprise 90-day evaluation. Or try Windows Azure at no-cost for up to 90 days. Microsoft Hands On Labs offer virtual environments that will take you through guided, technically deep product learning experience. Learn at your own pace in labs that you can complete in 90 minutes or less. There is no complex setup or installation is required to use TechNet Virtual Labs. Microsoft Virtual Academy provides free online training on the IT scenarios that are important to your company and your career. Learn at your own pace and boost your IT skills with over 100 courses across more than 15 Microsoft technologies including Windows Server, Windows 8, Windows Azure, Office 365, virtualization, Windows Phone, and more. Download Microsoft software trials today. Find Hand On Labs. Take a free online course. Technet.microsoft.com/evalcenter Technet.microsoft.com/virtuallabs microsoftvirtualacademy.com
Similar presentations
