Presentation is loading. Please wait.

Presentation is loading. Please wait.

4.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Similar presentations


Presentation on theme: "4.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security."— Presentation transcript:

1 4.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Public Key Infrastructure  Enables users of unsecured networks to securely exchange data  Supports and enhances authentication and encryption  Key security concepts  Public key cryptography  Certificates  Certification Authorities (CAs)  Encrypting File System (EFS)  Internet Protocol Security (IPSec) Introducing Public Key Infrastructure (Skill 1)

2 4.2 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Public key cryptography  Uses a key pair called a public key and a private key  The keys are mathematically related so that messages encrypted with the public key can be decrypted with the corresponding private key  The public key is widely disseminated  The private key is issued only to an authorized user and must be kept secure  A certificate is a digitally signed document that functions as a component of PKI  Certification Authority (CA) signs the certificate confirming that the private key linked to the public key in the certificate is owned by the subject named in the certificate  EFS (Encrypting File System) uses certificate/key pairs to encrypt files on NTFS volumes and partitions Introducing Public Key Infrastructure (2) (Skill 1)

3 4.3 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-1 Public key cryptography (Skill 1)

4 4.4 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-2 Digital signatures (Skill 1)

5 4.5 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-3 IPSec (Skill 1)

6 4.6 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-4 The data encryption process (Skill 2)

7 4.7 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 IP Security (IPSec) policies  Use both asymmetric and symmetric encryption to secure data transmitted across a network  Use two main security mechanisms  Authentication Header (AH) is used for authentication and data integrity purposes; does not provide encryption  Encapsulating Security Payload (ESP) is used to transmit encrypted data IPSec  Can be used on an intranet and to secure Internet communications  Performs three main functions  Authentication  Packet filtering  Tunneling (encapsulation) Working with IPSec (Skill 3)

8 4.8 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-7 The IP Security Policies on Local Computer node in the Group Policy snap-in (Skill 3)

9 4.9 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-8 The IP Security Policies snap-in (Skill 3) The IP Security Policies snap-in configured to manage the Active Directory domain of which the computer is a member

10 4.10 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-9 The predefined IPSec policies (Skill 3) Clients will be requested to provide security using authentication mechanisms, but communication with unsecured clients will not be denied The client does not request a secure session, but it will provide one if asked Unsecured communications with untrusted computers will be blocked

11 4.11 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  IPSec can only be configured by administrators  IPSec policies can apply to the local computer or can be configured for a site, OU, or domain  Preconfigured policy templates  Client (Respond Only): Client does not request a secure session, but will provide one if asked  Server (Request Security): Always attempts to provide secure communication by requesting security using Kerberos trust from other computers  Secure Server (Require Security): Ensures that all communication is encrypted, which may minimize the number of client computers with which you can communicate over a network, because all communications must be secured Working with IPSec (2) (Skill 3)

12 4.12 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-10 Editing an existing IP security rule (Skill 3) Click to open the Edit Rule Properties dialog box and edit the IP security rule

13 4.13 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  IPSec operates in either tunnel mode or transport mode  Tunnel mode  Used to create a secure IPSec tunnel through which data can travel from one end to the other  The message, message header, and routing information are all encrypted  Transport mode  The default mode  Only the data itself is encrypted  Not as secure as tunnel mode  You configure rules for IPSec policies to regulate how they will be applied and under what circumstances. Examples:  Tunnel Setting  Authentication Methods: Kerberos (default), certificates from a trusted CA, or pre-shared key  Connection Type  IP Filter List is used to designate to what type of traffic the rule applies  Filter Action is security method that is applied when the traffic matches on of the three main policies Working with IPSec (3) (Skill 3)

14 4.14 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-17 Primary components of Kerberos (Skill 5)

15 4.15 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Account policies are used to set the user account properties that control the logon process  Account Lockout policies  Prevent users from trying to guess passwords  Configuration settings  Account lockout threshold  Account lockout duration  Reset account lockout counter after  Password policies  Specify how users manage their passwords  Options include requiring passwords to follow complexity rules or defining when a password needs to be changed Implementing Account Policy (Skill 6)

16 4.16 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Kerberos policies  Applicable to domain user accounts or computer accounts  Policy settings  Enforce user logon restrictions  Maximum lifetime for service ticket  Maximum lifetime for user ticket  Maximum lifetime for user ticket renewal  Maximum tolerance for computer clock synchronization Implementing Account Policy (2) (Skill 6)

17 4.17 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-19 The Kerberos policies (Skill 6)

18 4.18 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-20 The Account lockout threshold Properties dialog box (Skill 6) Set the number of unsuccessful logon attempts that will be allowed

19 4.19 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-21 The Suggested Value Changes dialog box (Skill 6)

20 4.20 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-22 The Enforce password history Properties dialog box Figure 12-23 The Minimum password length Properties dialog box (Skill 6)

21 4.21 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-24 The Maximum lifetime for service ticket Properties dialog box (Skill 6)

22 4.22 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Security Options  Used to set over 65 types of security policy settings for a computer, OU, domain, or site  Are divided into 14 categories depending on their function Implementing Security Options (Skill 8)  Accounts  Audit  Devices  Domain controller  Domain member  Interactive logon  Microsoft network client  Network access  Network security  Recovery Console  Shutdown  System cryptography  System objects  System settings

23 4.23 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-39 Security Options (Skill 8)

24 4.24 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-40 The Accounts: Rename guest account Properties dialog box (Skill 8)

25 4.25 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-41 The Interactive logon: Do not display last user name Properties dialog box (Skill 8)

26 4.26 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-42 The Shutdown: Allow system to be shut down without having to log on Properties dialog box (Skill 8)

27 4.27 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  User rights assignments are configured to designate the tasks a user or group is allowed to perform either on an individual system or on a domain  User rights are divided into two categories  Logon rights are assigned to designate who can log on to a computer and how they can log on  Privileges permit users to interact with the operating system and with system-wide resources Configuring User Rights Assignments (Skill 9)

28 4.28 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-43 User Rights Assignment (Skill 9)

29 4.29 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Administrative Template policy settings customize the settings used by the clients that access a Windows Server 2003 network  Advantages of using Administrative Template policy settings  To improve security  To supply a consistent working environment for all clients Configuring Client Security (Skill 10)

30 4.30 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-46 The User Configuration\Administrative Templates node (Skill 10)

31 4.31 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Security templates can include password and account lockout policies, local security policies, user rights assignments, Registry key security, group memberships, and permissions for the local file system  On a domain-based network, you can apply a security template to a Group Policy object so that all of the settings are put into operation on a site, domain or OU  All security attributes, except IPSec and Public Key policies, can be stored in a security template Working with Security Tools and Templates (Skill 11)

32 4.32 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-51 The Add Standalone Snap-in dialog box (Skill 11)

33 4.33 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-52 The default security templates in the Security Templates snap-in (Skill 11)

34 4.34 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-53 Analyzed Password Policy (Skill 11) Policies with a green check mark meet the requirements for a secure server; policies with a red X do not

35 4.35 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003  Secedit tool  Performs most of the same functions as the Security Template and Security Configuration and Analysis snap-ins  It is particularly useful on a domain-based system to perform analyses on a large number of computers at the same time  Security templates can be applied only to Windows 2000, XP Professional, and Windows Server 2003 computers as some of the security settings are not compatible with earlier versions of the operating system, particularly those related to encryption Working with Security Tools and Templates (3) (Skill 11)

36 4.36 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security in Windows Server 2003 Figure 12-56 The configured Security Options policies (Skill 11)


Download ppt "4.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security."

Similar presentations


Ads by Google