70-293: MCSE Manual for Arranging a Microsoft Windows Server 2003 System Section 13: Arranging Server and System Securit.


79 views
Uploaded on:
Category: Art / Culture
Description
Characterize the default security settings utilized by Windows Server 2003 ... Who has a key to the server room? Keeps clients and programmers from physically getting to ...
Transcripts
Slide 1

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network Chapter 13: Planning Server and Network Security

Slide 2

Objectives Describe three sorts of security Plan security designs for server parts Plan system convention security Plan remote system security Define the default security settings utilized by Windows Server 2003 Plan a protected pattern for customer PCs and servers Create an arrangement for programming upgrades Ensure secure managerial access 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 3

Types of Security Three usually utilized classes are: Physical security Network security Data security 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 4

Physical Security Physical security is controlling physical access to the processing gadgets on your system Who has a key to the server room? Keeps clients and programmers from physically getting to network assets that they have no true blue need to touch After physical security is set up, programming based security is more successful 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 5

Network Security Network security alludes to getting to arrange based assets through a PC system Tools accessible for upholding system security are: Authentication, IPSec and Firewalls Authentication confirms the character of clients before giving them access to assets IPSec encodes information bundles in travel on the system Firewalls control information development in light of IP addresses and port numbers For improved security, most associations utilize a neutral territory (DMZ) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 6

Network Security (proceeded with) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 7

Network Security (proceeded with) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 8

Data Security Data security: instruments to guarantee just approved clients access touchy information Tools for upholding information security include: NTFS consents: used to control access to documents and envelopes put away on system servers Share authorizations: used to control access to a specific system offer Auditing: permits you to track which clients have performed, or endeavored to play out, specific activities EFS: scrambles records that are put away on NTFS allotments 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 9

Encrypting File System EFS (scrambling document framework) scrambles documents that are put away on NTFS segments When documents are put away encoded, just the client who scrambled them, other assigned clients, or an assigned recuperation operator can decode and read them Certificates utilized by EFS can be made consequently, through an interior CA or an outsider CA 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 10

Activity 13-1: Using EFS to Protect Files The reason for this action is to utilize EFS to ensure records 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 11

Planning Security Configuration for Server Roles General principles for server security are: Disable superfluous administrations Limit access to the base required for clients to play out their occupations Use separate manager represents diverse staff Allow parcels to fundamental TCP and UDP ports just 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 12

Securing Domain Controllers Some approaches to secure space controllers are: Place space controller behind firewall If VPN is being utilized, place the VPN in a DMZ Use RADIUS NetBIOS ports ought to be hindered by a firewall NetBIOS can be impaired on the system association that is associated with the Internet 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 13

Securing Web Servers Some approaches to secure web servers are: Web servers ought to be in a DMZ Web destinations that validate clients or gather delicate data ought to keep running on TCP port 443 utilizing SSL introduce the working framework, IIS, and the Web website information on independent hard drive segments expel any show scripts that introduced as a matter of course on the Web server handicap the capacity to run scripts by incapacitating ASP handling and the preparing of all other script sorts 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 14

Activity 13-2: Disabling Script Processing in IIS The motivation behind this action is to debilitate handling of scripts in IIS 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 15

Securing Database Servers When securing database servers: If worried with ensuring the information while it is in travel on the system between the customer and the server, use IPSec If database is utilized as a component of a Web-based application, it is entirely regular to put the Web server in the DMZ and the SQL server on the inner, private system A database that holds delicate data ought to never be on the same server as the Web webpage If the database keeps running on a different server, then the programmer should at present discover the database 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 16

Securing Mail Servers The main insurance you can give a mail server is a firewall Mail servers that speak with the Internet ought to be put in the DMZ The most ideal path for customers to get to email is from a server on the inward system Configure a second email server on the inside system that advances all mail to the mail server in the DMZ 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 17

Securing Mail Servers (proceeded with) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 18

Planning Network Protocol Security A VPN association can be utilized to secure IPX, AppleTalk, and TCP/IP system activity If TCP/IP is utilized, activity can likewise be secured with IPSec or with SSL 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 19

Using VPNs to Secure Network Traffic A VPN is utilized to secure system activity for remote clients All system movement between the customer PC and the VPN server is encoded A VPN can guarantee that client access to classified organization data is not checked by an ISP or programmers VPNs can likewise be utilized inside on the system to secure system movement to specific regions of the system 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 20

Using IPSec to Secure Network Traffic IPSec is perfect for securing system movement since: It is extremely adaptable to design since tenets can be designed to ensure just certain activity notwithstanding performing encryption, IPSec verifies both PCs in the discussion to avert shams Applications don\'t need to know about IPSec to utilize it - any IP-based application can utilize it The real disadvantage to IPSec is that it doesn\'t travel through NAT exceptionally well 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 21

Securing Web-based Applications Key focuses concerning SSL (Secure Sockets Layer): It is frequently used to secure Web-based applications Requires that a declaration be introduced on the server to which it is being associated It is an all around perceived, standard convention It is not stage particular at all 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 22

Planning Wireless Network Security Concepts in regards to remote security include: Wired Equivalent Protocol Authorized MAC addresses Using VPNs to secure remote access 802.1X Microsoft-particular systems for arranging remote systems 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 23

Wired Equivalent Protocol Wired Equivalent Privacy (WEP) is a convention incorporated with the 802.11 norms for remote availability WEP oversees how information can be encoded while in travel on the remote system WEP is genuinely imperfect when managing persuaded programmers WiFi Protected Access (WPA), is supplanting WEP and fixes the vast majority of its defects WPA will be a standard in all recently affirmed remote hardware as of January 2004 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 24

Authorized MAC Addresses If you attempt to speak with the AP utilizing a remote card with a MAC address that is not on the rundown, the AP overlooks you This counteracts access to assets on your system, however is exceptionally clumsy to actualize Each AP must be arranged with the MAC location of every remote system card Packet sniffers can see MAC addresses and adventure them 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 25

Using VPNs to Secure Wireless Access One simple approach to secure a remote system is to require VPN confirmation before permitting access to the primary system All bundles that can be seen by programmers with remote associations are scrambled by the VPN 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 26

The 802.1X Protocol The convention 802.1X is a verification convention characterized by the IEEE to verify remote clients 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 27

The 802.1X Protocol (proceeded with) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 28

Configuring Wireless Networks Many remote setup settings are overseen by the OS, and can be overseen utilizing Group Policy As a part of a gathering strategy, you can characterize Wireless Network (802.11) strategies where you can design: The kind of remote systems to get to Whether Windows ought to be utilized to design the remote systems for a customer Whether to interface with non favored systems 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network

Slide 29

Activity 13-3: Creating a Policy for Wireless Work

Recommended
View more...