Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Published byThomasine Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain."— Presentation transcript:

1 11 SECURITY TEMPLATES AND PLANNING Chapter 7

2 Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain when it is appropriate to use default security templates  Describe how to modify security templates  Detail how to use Group Policy to deploy security templates  Understand the uses of security templates  Explain when it is appropriate to use default security templates  Describe how to modify security templates  Detail how to use Group Policy to deploy security templates

3 Chapter 7: SECURITY TEMPLATES AND PLANNING3 OVERVIEW (CONTINUED)  Specify how the Security Configuration And Analysis tool can be used to improve security practices  Understand the factors that influence the planning of a security framework  Explain how to create a testing environment  Describe the benefits of a pilot deployment plan  Specify how the Security Configuration And Analysis tool can be used to improve security practices  Understand the factors that influence the planning of a security framework  Explain how to create a testing environment  Describe the benefits of a pilot deployment plan

4 Chapter 7: SECURITY TEMPLATES AND PLANNING4 MANAGING THE SECURITY CONFIGURATION BY USING SECURITY TEMPLATES  Security templates consist of policies and settings that allow you to make configurations consistent across servers.  Security templates can be deployed by using a number of methods, including Group Policy.  Security templates can be applied to standalone computers by applying them to the local policy.  Security templates consist of policies and settings that allow you to make configurations consistent across servers.  Security templates can be deployed by using a number of methods, including Group Policy.  Security templates can be applied to standalone computers by applying them to the local policy.

5 Chapter 7: SECURITY TEMPLATES AND PLANNING5 UNDERSTANDING SECURITY TEMPLATES  Security templates are a list of policies and settings you can use to control a computer’s security configuration by importing them into local or group policies.  They can be used to configure a range of settings including account policies, Event Log policies, System Services policies, registry permissions, and File System permissions.  They can be edited directly using a text editor.  Security templates are a list of policies and settings you can use to control a computer’s security configuration by importing them into local or group policies.  They can be used to configure a range of settings including account policies, Event Log policies, System Services policies, registry permissions, and File System permissions.  They can be edited directly using a text editor.

6 Chapter 7: SECURITY TEMPLATES AND PLANNING6 USING THE SECURITY TEMPLATES SNAP-IN

7 Chapter 7: SECURITY TEMPLATES AND PLANNING7 DEFAULT SECURITY TEMPLATES  Nine security templates are supplied by default.  These templates can be edited as necessary.  New templates can be created as needed by copying existing templates.  Nine security templates are supplied by default.  These templates can be edited as necessary.  New templates can be created as needed by copying existing templates.

8 Chapter 7: SECURITY TEMPLATES AND PLANNING8 MODIFYING SECURITY TEMPLATES  Security templates can be modified, copied, and saved to create custom baseline security configurations.  Security templates can also be edited with a text editor such as Microsoft Notepad, though a full understanding of the file syntax is required.  Security templates can be modified, copied, and saved to create custom baseline security configurations.  Security templates can also be edited with a text editor such as Microsoft Notepad, though a full understanding of the file syntax is required.

9 Chapter 7: SECURITY TEMPLATES AND PLANNING9 DEPLOYING SECURITY TEMPLATES USING GROUP POLICY OBJECTS Security templates can be imported into GPOs for:  Domains  Sites  Organizational units (OUs) Security templates can be imported into GPOs for:  Domains  Sites  Organizational units (OUs)

10 Chapter 7: SECURITY TEMPLATES AND PLANNING10 GROUP POLICY DEPLOYMENT CAUTIONS  Configuration parameters imported into the GPO for a specific container are inherited by all the objects in that container, including other containers.  Complex templates with many configuration settings can create a large amount of network traffic when they are refreshed.  Configuration parameters imported into the GPO for a specific container are inherited by all the objects in that container, including other containers.  Complex templates with many configuration settings can create a large amount of network traffic when they are refreshed.

11 Chapter 7: SECURITY TEMPLATES AND PLANNING11 IMPORTING SECURITY TEMPLATES INTO GROUP POLICY OBJECTS

12 Chapter 7: SECURITY TEMPLATES AND PLANNING12 THE SECURITY CONFIGURATION AND ANALYSIS TOOL

13 Chapter 7: SECURITY TEMPLATES AND PLANNING13 ANALYZING A SYSTEM

14 Chapter 7: SECURITY TEMPLATES AND PLANNING14 CHANGING SECURITY SETTINGS  Once analysis is complete, you can make changes in the following ways:  Apply the database settings to the computer.  Modify the database settings.  Create a new template.  Modify the computer’s settings manually.  Once analysis is complete, you can make changes in the following ways:  Apply the database settings to the computer.  Modify the database settings.  Create a new template.  Modify the computer’s settings manually.

15 Chapter 7: SECURITY TEMPLATES AND PLANNING15 SECEDIT  Command prompt utility that can perform the same functions as the Security Configuration And Analysis snap-in  Allows security configurations to be edited and updated through a script or batch file  Allows you to apply only part of a security template to a computer  Command prompt utility that can perform the same functions as the Security Configuration And Analysis snap-in  Allows security configurations to be edited and updated through a script or batch file  Allows you to apply only part of a security template to a computer

16 Chapter 7: SECURITY TEMPLATES AND PLANNING16 PLANNING A SECURITY FRAMEWORK  A security framework is a logical, structured process by which your organization performs tasks such as the following:  Estimating security risks  Specifying security requirements  Selecting security features  Implementing security policies  Designing security deployments  Specifying security management policies  A security framework is a logical, structured process by which your organization performs tasks such as the following:  Estimating security risks  Specifying security requirements  Selecting security features  Implementing security policies  Designing security deployments  Specifying security management policies

17 Chapter 7: SECURITY TEMPLATES AND PLANNING17 CREATING A SECURITY DESIGN TEAM  The information technology (IT) function in an organization rarely has complete control over the IT security implementation.  A security design team should include people from all areas of an organization—executives, middle management, and employees.  In many cases, non-IT personnel will have a greater understanding of the risks posed to IT implementations, even though IT personnel will know how these risks can be mitigated.  The information technology (IT) function in an organization rarely has complete control over the IT security implementation.  A security design team should include people from all areas of an organization—executives, middle management, and employees.  In many cases, non-IT personnel will have a greater understanding of the risks posed to IT implementations, even though IT personnel will know how these risks can be mitigated.

18 Chapter 7: SECURITY TEMPLATES AND PLANNING18 MAPPING OUT A SECURITY LIFE CYCLE  A security life cycle typically consists of four basic phases:  Designing a security infrastructure  Implementing security features  Enforcing security policies  Providing ongoing security management  A security life cycle typically consists of four basic phases:  Designing a security infrastructure  Implementing security features  Enforcing security policies  Providing ongoing security management

19 Chapter 7: SECURITY TEMPLATES AND PLANNING19 CREATING A TESTING AND DEPLOYMENT PLAN  Before implementing security policies on your production network you must do the following:  Ensure the settings you choose do not interfere with the operation of your computer.  Verify that settings you configure will function properly.  Confirm that settings satisfy your organization’s security requirements.  Before implementing security policies on your production network you must do the following:  Ensure the settings you choose do not interfere with the operation of your computer.  Verify that settings you configure will function properly.  Confirm that settings satisfy your organization’s security requirements.

20 Chapter 7: SECURITY TEMPLATES AND PLANNING20 CREATING A TESTING ENVIRONMENT  The testing process consists of the following five basic steps:  Creating a test plan  Creating test cases  Building a lab  Conducting the tests  Evaluating the results  The testing process consists of the following five basic steps:  Creating a test plan  Creating test cases  Building a lab  Conducting the tests  Evaluating the results

21 Chapter 7: SECURITY TEMPLATES AND PLANNING21 CREATING A TEST PLAN  The test plan specifies what you want to accomplish and how the testing process will proceed.  To achieve your testing objectives, your plan should specify elements such as the structure of the lab and the tools and testing procedures that will be used.  The test plan specifies what you want to accomplish and how the testing process will proceed.  To achieve your testing objectives, your plan should specify elements such as the structure of the lab and the tools and testing procedures that will be used.

22 Chapter 7: SECURITY TEMPLATES AND PLANNING22 CREATING TEST CASES  A test case is a procedure that fully tests a particular feature or setting.  Creating detailed and complete test cases is critical because it provides a basis for comparative testing.  Once a test case is created, it can be altered to accommodate what-if scenarios.  A test case is a procedure that fully tests a particular feature or setting.  Creating detailed and complete test cases is critical because it provides a basis for comparative testing.  Once a test case is created, it can be altered to accommodate what-if scenarios.

23 Chapter 7: SECURITY TEMPLATES AND PLANNING23 BUILDING A LAB  The testing lab should be representative of the hardware and software configurations used in the organization.  The testing lab should be physically isolated from the live network.  Equipment in the lab should be subjected to some kind of change control procedure.  The testing lab should be representative of the hardware and software configurations used in the organization.  The testing lab should be physically isolated from the live network.  Equipment in the lab should be subjected to some kind of change control procedure.

24 Chapter 7: SECURITY TEMPLATES AND PLANNING24 CONDUCTING THE TESTS  When testing security configurations, your two main objectives are as follows:  Determine whether the parameter settings you have chosen provide the security you need.  Determine whether the settings interfere with normal operation of the network.  When testing security configurations, your two main objectives are as follows:  Determine whether the parameter settings you have chosen provide the security you need.  Determine whether the settings interfere with normal operation of the network.

25 Chapter 7: SECURITY TEMPLATES AND PLANNING25 EVALUATING THE RESULTS  The test plan should define who evaluates the test results and how that evaluation will be completed.  All results, both successful and unsuccessful, should be fully documented.  The test plan should define who evaluates the test results and how that evaluation will be completed.  All results, both successful and unsuccessful, should be fully documented.

26 Chapter 7: SECURITY TEMPLATES AND PLANNING26 CREATING A PILOT DEPLOYMENT  A limited, or pilot, deployment allows you to do the following:  Monitor the performance of the network more closely and react quickly to any problems that arise  Refine the deployment process you will use on the entire network  Train the help desk and other support personnel who will troubleshoot problems when the configuration goes live  A limited, or pilot, deployment allows you to do the following:  Monitor the performance of the network more closely and react quickly to any problems that arise  Refine the deployment process you will use on the entire network  Train the help desk and other support personnel who will troubleshoot problems when the configuration goes live

27 Chapter 7: SECURITY TEMPLATES AND PLANNING27 CREATING A PILOT DEPLOYMENT PLAN  Select users for a pilot deployment  Train users and support staff  Provide technical support  Create a rollback procedure  Select users for a pilot deployment  Train users and support staff  Provide technical support  Create a rollback procedure

28 Chapter 7: SECURITY TEMPLATES AND PLANNING28 SUMMARY  Windows Server 2003 provides administrators the ability to configure server security settings using Group Policy and security templates.  Security templates are.inf files that configure security settings.  GPOs can also be used to deploy configurations defined by security templates.  Windows Server 2003 includes a number of predefined templates that enable you to restore the default security parameters created by the Windows installation.  Using the Security Configuration And Analysis snap-in and a security template, you can analyze a computer to determine whether settings match the template.  Windows Server 2003 provides administrators the ability to configure server security settings using Group Policy and security templates.  Security templates are.inf files that configure security settings.  GPOs can also be used to deploy configurations defined by security templates.  Windows Server 2003 includes a number of predefined templates that enable you to restore the default security parameters created by the Windows installation.  Using the Security Configuration And Analysis snap-in and a security template, you can analyze a computer to determine whether settings match the template.

29 Chapter 7: SECURITY TEMPLATES AND PLANNING29 SUMMARY (CONTINUED)  Secedit enables you to apply all or part of a template to a computer from the command line.  Security is a concern throughout the entire process of network design and implementation.  Security mechanisms can include authentication, access control, encryption, firewalls, and auditing.  Secedit enables you to apply all or part of a template to a computer from the command line.  Security is a concern throughout the entire process of network design and implementation.  Security mechanisms can include authentication, access control, encryption, firewalls, and auditing.

30 Chapter 7: SECURITY TEMPLATES AND PLANNING30 SUMMARY (CONTINUED)  After the design and implementation of the security strategy are completed, the team is still responsible for the ongoing management of the security mechanisms.  Testing is an essential part of any security configuration deployment.  A testing lab is a network that is isolated from the organization’s production network and is used to test specific network elements.  A pilot deployment is the implementation of lab- tested technologies or configuration parameters on a live production network on a limited basis.  After the design and implementation of the security strategy are completed, the team is still responsible for the ongoing management of the security mechanisms.  Testing is an essential part of any security configuration deployment.  A testing lab is a network that is isolated from the organization’s production network and is used to test specific network elements.  A pilot deployment is the implementation of lab- tested technologies or configuration parameters on a live production network on a limited basis.

Download ppt "11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain."

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

Similar presentations

Ads by Google