Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to Operating System Security Chapter 4 Account-based Security.

Published byClifton Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "Guide to Operating System Security Chapter 4 Account-based Security."— Presentation transcript:

1 Guide to Operating System Security Chapter 4 Account-based Security

2 2 Guide to Operating System Security Objectives Discuss how to develop account naming and security policies Explain and configure user accounts Discuss and configure account policies and logon security techniques Discuss and implement global access privileges Use group policies and security templates in Windows 2000 Server and Windows Server 2003

3 3 Guide to Operating System Security Account Naming Provides orderly access to server and network resources Enables administrators to monitor security:  Which users are accessing the server  What resources they are using Establish conventions for account names  User’s actual name  User’s function

4 4 Guide to Operating System Security Security Policies Apply to all accounts or to all accounts in a particular directory service container Affected elements:  Password security Expiration period Minimum length Password recollection  Account lockout  Authentication method

5 5 Guide to Operating System Security Creating User Accounts in Windows 2000 Professional Typically installed with:  Administrator account  Guest account To create and manage user accounts:  Start – Settings – Control Panel – Users and Passwords, or  Right-click My Computer – Manage – Local Users and Groups – Users

6 6 Guide to Operating System Security Creating User Accounts in Windows XP Professional Installed with:  Account that usually consists of user’s name  Administrator account  Guest account  HelpAssistant account for remote desktop help  Support accounts for Microsoft and computer manufacturer To create and manage user accounts:  Start – Control Panel – User Accounts, or  Right-click My Computer – Manage – Local Users and Groups – Users

7 7 Guide to Operating System Security Managing User Accounts in Windows XP Professional

8 8 Guide to Operating System Security Creating User Accounts in Windows 2000 Server/Server 2003 Installed with:  Administrator account  Guest account  Other accounts, depending on services installed on server Create new accounts by entering account information and password controls  Local user account on a server that is not part of a domain  Account in the Active Directory

9 9 Guide to Operating System Security Managing User Accounts in Windows 2000 Server

10 10 Guide to Operating System Security Creating a New User Complete name, user logon name, password, and password confirmation information  User must change password at next logon  User cannot change password  Password never expires  Account is disabled Further configure associated properties

11 11 Guide to Operating System Security Account Properties in Windows Server 2003 General tab Address tab Account tab Profile tab Telephones tab Organization tab Member Of Dial-in Environment Sessions Remote Control Terminal Services Profile COM+ tab

12 12 Guide to Operating System Security Account Properties in Windows Server 2003

13 13 Guide to Operating System Security Account Tab

14 14 Guide to Operating System Security Creating User Accounts in Red Hat Linux 9.x Each user account is associated with a user identification number (UID) Assign users with common access needs to a group via a group identification number (GID)

15 15 Guide to Operating System Security Contents of Linux Password File (/etc/passwd) Username Encrypted password or reference to shadow file UID and GID Information about the user Location of user’s home directory Command that is executed as user logs on

16 16 Guide to Operating System Security Linux Shadow File (/etc/shadow) Available only to system administrator Contains password restriction information  Minimum/maximum number of days between password changes  When password was last changed  When password will expire  Amount of time account can be inactive before access is prohibited

17 17 Guide to Operating System Security Creating User Accounts and Groups in Linux Use command-line commands  Create new user with useradd  Modify parameters with usermod  Delete accounts with userdel Use Red Hat User Manger from GNOME desktop

18 18 Guide to Operating System Security Creating Accounts with the Command Line

19 19 Guide to Operating System Security Creating Accounts with Red Hat User Manager

20 20 Guide to Operating System Security Creating User Accounts in NetWare 6.x Use ConsoleOne tool

21 21 Guide to Operating System Security Creating User Accounts in Mac OS X (Continued) Choose Accounts icon in System Preferences window  Name of account holder  Short name for logging on  Password  Password hint

22 22 Guide to Operating System Security Creating User Accounts in Mac OS X (Continued) Tools that enable server management (Mac OS X Server)  Server Admin  Macintosh Manager

23 23 Guide to Operating System Security Accounts Option in Mac OS X

24 24 Guide to Operating System Security Mac OS X Logon Options Automatically log on to specific account when computer is booted Log on by viewing a name and password box, or by seeing a list of user accounts Hide Restart and Shut Down buttons Show password hint after three unsuccessful logon attempts

25 25 Guide to Operating System Security Mac OS X Server Tools  Server Admin  MacIntosh Manager

26 26 Guide to Operating System Security Setting Account Policies and Configuring Logon Security Place restrictions on passwords Automatically lock out accounts after a specified number of unsuccessful logon attempts

27 27 Guide to Operating System Security Guidelines for Building Strong Passwords Do useDo not use 7+ characters Combination of upper- and lowercase letters, numbers, and characters Symbol character(s) Coded phrase to help you remember Words in the dictionary or proper names Sports terms or names of sports teams Your account name Consecutive characters Common slang terms

28 28 Guide to Operating System Security Using Account Policies in Windows Server 2000/Server 2003 Set up as part of group policy that applies to all accounts in an Active Directory container Can also be configured for a local computer Account policy options affect:  Password security  Account lockout

29 29 Guide to Operating System Security Password Security Options in Windows Server 2000/Server 2003 Enforce password history Maximum password age Minimum password age Minimum password length Password(s) must meet complexity requirements Store password using reversible encryption

30 30 Guide to Operating System Security Account Lockout Options in Windows Server 2000/Server 2003 Account lockout duration Account lockout threshold Reset account lockout container after

31 31 Guide to Operating System Security Account Security Options in Red Hat Linux 9.x No formal account security policies Enables configuration of security options associated with individual accounts (using Red Hat User Manager) Stores security information in shadow file (/etc/shadow) as properties associated with accounts

32 32 Guide to Operating System Security Account Password Configuration Options in Red Hat Linux Setting an account to expire on a particular date Locking a user account Expiration of account passwords so that users have to reset them

33 33 Guide to Operating System Security Red Hat Linux Account Password Configuration 9.x

34 34 Guide to Operating System Security Using Account Templates in NetWare 6.x Configure through user templates before accounts are created Use ConsoleOne utility to create user templates

35 35 Guide to Operating System Security Establishing Account Properties with User Template (NetWare 6.x) (Continued) Home directory location and access rights to that directory Requirement for a password Minimum password length Requirement that password be changed within specified interval of time Grace period that limits number of times user can log in after password has expired

36 36 Guide to Operating System Security Establishing Account Properties with User Template (NetWare 6.x) Requirement that a new password be used each time the old one is changed Time restrictions Intruder detection capabilities Limit on number of simultaneous connections Workstation logon restrictions

37 37 Guide to Operating System Security Intruder Detection in NetWare 6.x

38 38 Guide to Operating System Security Using Global Access Privileges Windows 2000 Server/Server 2003  User rights govern user and administrative functions NetWare 6.x  Uses access rights, applied in a different way, for more fine-tuned access functions  Role-based security establishes administrative roles for managing a server

39 39 Guide to Operating System Security Windows Server 2000/ Server 2003 User Rights (Continued) Enable account or group to perform predefined tasks  Basic rights: access a server  Advanced: create accounts and manage server functions Can be assigned to user accounts or to groups  Groups are more efficient (inherited rights)

40 40 Guide to Operating System Security Windows Server 2000/ Server 2003 User Rights (Continued) Give server administrative security controls over who can access server and Active Directory resources Two categories  Privileges Manage server or Active Directory functions  Logon rights Access accounts, computers, and services

41 41 Guide to Operating System Security Windows Server 2000/ Server 2003 Privileges (Continued)

42 42 Guide to Operating System Security Windows Server 2000/ Server 2003 Privileges (Continued)

43 43 Guide to Operating System Security Windows Server 2000/ Server 2003 Privileges (Continued)

44 44 Guide to Operating System Security Windows Server 2000/ Server 2003 Logon Rights

45 45 Guide to Operating System Security Role-based Security in NetWare 6.x Allocated according to administrative roles (managing tasks or network services)  DHCP Management  DNS Management  eDirectory  iPrint Management  License Management

46 46 Guide to Operating System Security Using Group Policies in Windows Server 2000/Server 2003 Enables standardization by setting policies in Active Directory or on local computer (eg, account policies, user rights, IPSec policies) Evolved from Windows NT Server 4.0 concept of system policy  Use Poledit.exe to configure basic user account and computer parameters (domain-wide or specific)

47 47 Guide to Operating System Security Differences Between System Policy and Group Policy System policyGroup policy Largest range is the domainCan cover multiple domains in one site Fewer objects to configureMore objects to configure Focus on clients’ desktop environment as controlled by Registry settings Set for more environments Less secureMore secure Can live on after no longer needed Dynamically updated and configured to represent most current needs

48 48 Guide to Operating System Security Defining Characteristics of Group Policy Can be set for a site, domain, OU, or local computer Stored in group policy objects Local and nonlocal GPOs

49 49 Guide to Operating System Security Configuring Client Security Using Policies Advantages to customizing settings used by clients  Improved security  Consistent working environment Customize settings by configuring policies on Windows 2000/2003 servers that clients access  When client logs on, policies are applied

50 50 Guide to Operating System Security Manually Configuring Policies for Clients Use either:  Group Policy Snap-in (Windows 2000 Server)  Group Policy Object Editor Snap-in (Windows Server 2003) Use Administrative Templates object under User Configuration in a group policy object to customize desktop settings for client computers

51 51 Guide to Operating System Security Manually Configuring Policies for Clients

52 52 Guide to Operating System Security Configuring Administrative Templates

53 53 Guide to Operating System Security Automated Configuration of Administrative Templates

54 54 Guide to Operating System Security Configuring Administrative Templates

55 55 Guide to Operating System Security Configuring Additional Security Options Fine-tune security on a server by configuring security options within local policies in a GPO Enables you to configure group policy security for special needs

56 56 Guide to Operating System Security Configuring Additional Security Options

57 57 Guide to Operating System Security Group Policy Security Options

58 58 Guide to Operating System Security Configuring Additional Security Options

59 59 Guide to Operating System Security Summary Considerations when creating formal policies about account naming and security How to set up accounts in different operating systems How to configure those accounts to implement an organization’s policies User rights and role-based security How to work with group policies and security templates

Download ppt "Guide to Operating System Security Chapter 4 Account-based Security."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Chapter 13 Securing Windows Server 2008

Chapter 13 Securing Windows Server 2008
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.

Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
5.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

5.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Resource Sharing Over a Network

Resource Sharing Over a Network
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Similar presentations

Ads by Google