Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.

Published byAdelia Fowler Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning."— Presentation transcript:

1 Module 7 Planning Server and Network Security

2 Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning Protection Against Viruses and Malware Managing Remote Access Planning for (NAP)

3 Lesson 1: Overview of Defense-in-Depth What Is Defense-in-Depth? How to Use Defense-in-Depth to Identify Risks How to Use Defense-in-Depth to Mitigate Risks Discussion: Security Implementation

4 What Is Defense-in-Depth? LayerDescription DataIncludes files and databases Application Includes client applications and server applications Host Contains individual computers, including the operating system Internal networkContains LAN, WAN, and wireless Perimeter Ensures connectivity to the Internet and to business partners Physical security Prevents unauthorized personnel from accessing the network assets Policies, procedures, and awareness Creates awareness among users and staff accessing resources with computers in a network

5 How to Use Defense-in-Depth to Identify Risks LayerExamples of Risks DataUnauthorized viewing or changing of data ApplicationLoss of application functionality HostOperating system weakness Internal network Packet sniffing and unauthorized use of wireless networks PerimeterAttacks from anonymous Internet users Physical security A user with direct physical access to a computer modifying it or accessing data Polices, procedures, and awareness Users and IT staff not following policies due to lack of understanding

6 How to Use Defense-in-Depth to Mitigate Risks LayerMitigation Examples Data Access Control List (ACL) encryption, Encrypting File System (EFS), and Digital Rights Management (DRM) Application Application hardening and antivirus software Host Operating system hardening, authentication, update management, and Network Access Protection (NAP) Internal network Network segmentation, Internet Protocol security (IPsec), and intrusion detection PerimeterFirewalls and VPNs Physical securityLocks and tracking devices Polices, procedures, and awareness User education

7 Discussion: Security Implementation What security measures do you use in your organization?

8 Lesson 2: Planning for Windows Firewall with Advanced Security Considerations for Types of Rules Considerations for Rule Configuration Options Considerations for Connection Security Rules What Is Server and Domain Isolation? Considerations for Applying Rules Demonstration: Windows Firewall Rules Configuration Options

9 Considerations for Types of Rules Considerations Block all inbound connections by default Create inbound rules to allow access to local applications Use outbound rules to prevent communication with specific software To increase security, prevent outbound connections by default Use connection security rules to secure communication between computers

10 Considerations for Rule Configuration Options Considerations Simplify configuration by using program-based rules Use port-based rules when you cannot create program-based rules Select the proper profile for rules Train roaming users to select the correct profile for a new network Use the scope option to limit rules to specific IP addresses Use the interface types option to apply rules only to wireless networks or remote access connections

11 Considerations for Connection Security Rules Considerations Compatible connection security rules must exist on both hosts Connection security rules apply to all network traffic between hosts Connection security rules enable firewall rules based on user or computer Kerberos authentication is required for user or computer-based rules Do not use connection security rules and IPsec policies at the same time Test thoroughly before implementation Use IPsec only where required as part of your security plan

12 What Is Server and Domain Isolation? Systems that use IPsec to segment and isolate parts of the network Domain isolation: Restricts communication to computers that are members of the domain Server isolation: Restricts communication to computers that are part of the same workgroup

13 Considerations for Applying Rules Considerations Some applications automatically create firewall rules Back up firewall configuration before making changes Use Windows Firewall with Advanced Security to make changes only for a small number of computers Use Group Policy to deploy rules to a large number of computers Use netsh and Windows PowerShell™ to manage firewall rules with scripts

14 Demonstration: Windows Firewall Rules Configuration Options In this demonstration, you will see how to: Create and configure Windows Firewall rules

15 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

16 Lesson 3: Planning Protection Against Viruses and Malware How Viruses and Malware Enter the Network Considerations for Using Windows Defender Considerations for Antivirus Protection Security Features of Internet Explorer ® 8 What Is User Account Control (UAC)? Using the Security Configuration Wizard (SCW)

17 How Viruses and Malware Enter the Network Methods E-mail attachments Program installation Web pages Portable computers Portable storage

18 Considerations for Using Windows Defender Considerations Enable real-time protection Ensure that updates are being applied Use scheduled and manual scans to remove malware missed by real-time protection Use definition-based actions for each alert level Join Spynet with a basic membership Use Software Explorer to control startup programs

19 Considerations for Antivirus Protection Considerations Select antivirus software that can be centrally managed Update antivirus definitions at least once per day Carefully test heuristic-based scanning Use quarantine instead of removal for infected files

20 Security Features of Internet Explorer 8 Features Enhanced Security Configuration (ESC) Improved security for ActiveX controls XSS Filter to block cross-site scripting SmartScreen filter for phishing and malware Protected Mode

21 What Is User Account Control (UAC)? UAC provides an easy way to elevate credentials only when required Admin Approval Mode requires administrators to allow applications with administrative permissions. Admin Approval Mode does not apply to built-in Administrator accounts. UAC can be configured by Local Security Policy or Group Policy.

22 Using the Security Configuration Wizard (SCW) Considerations Register templates for all installed applications Create a standard policy for specific server types Apply common settings by using Group Policy Disable unknown services only if computers are configured identically Roll back a security policy if there are unexpected results Test new policies before applying them to multiple computers

23 Lesson 4: Planning Remote Access Considerations for (VPN) Protocols Considerations for Network Policies Considerations for Network Policy Server (NPS)

24 Considerations for VPN Protocols VPN Protocols Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP)/IPsec Secure Socket Tunneling Protocol (SSTP) Recommendations Use PPTP for best compatibility with operating systems Use L2TP/IPsec to increase security Use SSTP to increase security and provide best compatibility with firewalls and proxy servers

25 Considerations for Network Policies Considerations Each Routing and Remote Access Server (RRAS) server has an independent set of network policies Use different polices on each RRAS server to meet the needs of different groups The default network policies prevent access Simplify management by using groups to control access Only the first matched network policy applies Increase security by implementing additional conditions Identify the authentication methods that meet your needs Use constraints to control a remote access connection Apply IP filters to control which internal resources can be accessed

26 Considerations for Network Policy Server (NPS) To centralize authentication, use RADIUS server functionality To centralize logging, use RADIUS server functionality Use connection request policies to control RADIUS proxy functionality To forward requests to independently managed RADIUS servers, use the RADIUS proxy functionality RADIUS can be used to authenticate non-RRAS applications

27 Lesson 5: Planning for NAP What Is NAP? Status Monitored by Windows System Health Validator (SHV) Considerations for Designing (DHCP) Enforcement Considerations for Designing VPN Enforcement Considerations for Designing 802.1X Enforcement Considerations for Designing IPsec Enforcement

28 What Is NAP? Enforces client health before allowing access to the network Can allow access to remediation servers Has various enforcement mechanisms Controls network access for noncompliant computers Does not block intruders or malicious users

29 Status Monitored by Windows System Health Validator (SHV)

30 Considerations for Designing DHCP Enforcement Noncompliant computers are: Given 0.0.0.0 as a default gateway Given 255.255.255.255 as a subnet mask Given static host routes to remediation servers Some considerations for DHCP enforcement: Must use Windows Server 2008 DHCP server IPv6 is not supported for NAP and Windows Server 2008 DHCP server Health status is sent as part of the lease request Can be circumvented by using a static IP address

31 Considerations for Designing VPN Enforcement Noncompliant computers are: Limited by IP packet filters Considerations for VPN enforcement: Must use NAP-integrated RRAS Health status is sent as part of the authentication process Best suited for remote connections where a VPN is already used

32 Considerations for Designing 802.1X Enforcement Noncompliant computers are: Limited by packet filters enforced by the switch Limited by a virtual local area network (VLAN) enforced by the switch Considerations for 802.1X Enforcement: More secure than DHCP enforcement Switches must support 802.1X Health status is sent as part of the authentication process

33 Considerations for Designing IPsec Enforcement Noncompliant computers are: Limited by IPsec polices Considerations for IPsec Enforcement: Offers the highest level of security Can provide encryption of data Requires no additional hardware Can be used for both IPv4 or IPv6 Requires a Certification Authority (CA) and Health Registration Authority (HRA)

34 Lab: Planning Server and Network Security Exercise 1: Creating a Plan for Server and Network Security Exercise 2: Implementing Windows Firewall Rules Exercise 3: Implementing a VPN Server Exercise 4: Implementing NAP with DHCP Enforcement Estimated time: 60 minutes Logon information Virtual machine 6430B-SEA-DC1 6430B-SEA-CL1 User name Adatum\Administrator Password Pa$$w0rd

35 Lab Scenario Adatum has two security-related tasks that need to be planned out. A new Web-based application is being implemented for the finance department and requires a security plan. Also, as part of a security review, a plan needs to be developed for preventing malware on the A. Datum network. You have been tasked with creating a plan for the new finance application and creating a plan for preventing malware on the network. Your IT manager has provided you with a list of requirements that must be met by your plan.

36 Module Review and Takeaways Review Questions

Download ppt "Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning."

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Clinic Security and Policy Enforcement in Windows Server 2008.

Clinic Security and Policy Enforcement in Windows Server 2008.

Similar presentations

Ads by Google