70-298: MCSE Manual for Planning Security for a Microsoft Windows Server 2003 System.


105 views
Uploaded on:
Category: News / Events
Description
70-298: MCSE Manual for Planning Security for a Microsoft Windows Server 2003 System Section 4: Securing the System Administration Process Exam Destinations 2.3 Configuration security for system administration 2.3.1 Deal with the danger of overseeing systems
Transcripts
Slide 1

70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network Chapter 4: Securing the Network Management Process

Slide 2

Exam Objectives 2.3 Design security for system administration 2.3.1 Manage the danger of overseeing systems 2.3.2 Design the organization of servers by utilizing basic organization apparatuses 2.3.3 Design security for Emergency Management Services 2.4 Design a security overhaul foundation 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 3

Exam Objectives (proceeded with) 2.4.1 Design a Software Update Services (SUS) framework 2.4.2 Design Group Policy to convey programming upgrades 2.4.3 Design a technique for recognizing PCs that are not at the ebb and flow patch level 2.2.2 Design woodland and area trust models 2.2.3 Design security that meets interoperability necessities 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 4

Introduction Network administration process: Vulnerable to assault Use specialized and approach measures to secure Create a patch administration method Design trust connections for vast scale systems Use the space and backwoods trust model in Windows Server 2003 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 5

Securing the Network Management Process Physical system: Restrict access to the system border Create a document and-organizer authorization structure Secure client records Tools and utilities used to regulate system have potential for abuse: Set security rules and arrangements Implement part based organization 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 6

Managing the Risks of Network Administration Don’t concede all chairmen the same level of managerial rights Network heads are helpless against social building assaults 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 7

Security Policies for Administrators and IT Personnel Network administration strategy: Specify approaches to deal with the endeavor system in a safe way Includes: Detailed clarification of instruments for overseeing system List of clients or client bunches who can oversee system Appropriate strategies for overseeing system assets 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 8

Security Policies for Administrators and IT Personnel (proceeded with) Security approach: Ensure that executives oversee system assets safely Ensure that executives are ensured against aggressors when they utilize their authoritative benefits Technical security: Use GPO to restrain regulatory access 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 9

Delegating Authority Securely Take incredible consideration in selecting managers: Perform foundation or reference checks Educate in security strategies Use the “least privilege” idea Create and keep up a review strategy Structure designation methodology in view of parts 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 10

Exercise 4.01 Creating an Organizational Unit and Delegating Control to a Local Administrator Use Active Directory Users and Computers to make an OU Use the Delegation of Control Wizard 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 11

Using the Delegation of Control Wizard 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 12

Designing the Network Management Policy Determine how your system will be overseen: Centralized Decentralized Outsourced 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 13

Securing Common Administrative Tools Combination of: People Technology Policy 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 14

Securing the Microsoft Management Console You can: Use confined/allowed snap-ins Restrict clients from entering creator mode Restrict clients to expressly allowed rundown of snap-ins 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 15

Securing Terminal Server and Remote Desktop for Administration Change the Terminal Services port Windows Server 2003 incorporates improvements to: Security Policy Editor 128-bit encryption FIPS consistence Remote Desktop Users bunch Software confinement strategies Single-session arrangement 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 16

Securing Remote Assistance Settings: Solicited Remote Assistance Offer Remote Assistance 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 17

Securing Telnet Disabled as a matter of course Enable just for a genuine need 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 18

Designing Security for Emergency Management Services Manage a server through an out-of-band association Manage or investigate a server when: It is not completely useful Operating framework has not completely stacked It is in a “headless” setup Server must be outfitted with uncommon firmware Security measures depend on decision of terminal concentrator 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 19

Designing Security for Emergency Management Services (proceeded with) Security contemplations: Secure access to physical servers Choose administration processors Create a different system for organization 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 20

Designing a Security Update Infrastructure Software Update Services: Maintain an inside controlled Windows Update webpage Analyze and sanction security fixes Apply to arranged PCs in a predictable way 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 21

Designing a Software Update Service Infrastructure Using a SUS: Controls which fixes are unmistakable to clients Automates download and establishment procedure Can advance data transfer capacity 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 22

SUS Limitations Can just send discriminating redesigns and administration packs that are downloaded from Microsoft Not programming upgrades or redesigned gadget drivers Cannot make .EXE or .MSI records 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 23

SUS Limitations (proceeded with) Only backings: Windows 2000 Professional Windows 2000 Server, all renditions Windows XP Home Windows XP Professional Windows Server 2003, all forms No great approach to “push” establishments to customers 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 24

Synchronizing Child SUS Servers 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 25

Using Group Policy to Deploy Software Updates Use GPOs to send: Software Updates Patches Customize who gets which redesigns 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 26

Configuring Software Installation Policies 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 27

Design a Strategy for Identifying Computers That Are Not at the Current Patch Level Perform a review Ensure that machines are accepting patches Identify machines on the system that don\'t have the most state-of-the-art patch data 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 28

Design a Strategy for Identifying Computers That Are Not at the Current Patch Level (proceeded with) Tools: Microsoft Baseline Security Analyzer (MBSA) Microsoft System Management Server (SMS) HP OpenView NetIQ Security Manager Gravity Storm Software Service Pack Manager 2000 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 29

Microsoft Baseline Security Analyzer 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 30

Designing Trust Relationships Between Domains and Forests Trust: Allows clients in distinctive areas or timberlands to get to assets in different spaces or backwoods Transitive trust: Domain A trusts Domain B Domain B trusts Domain C Therefore, Domain A trusts Domain C 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 31

Designing Trust Relationships Between Domains and Forests (proceeded with) Types of trust: One-way trust Two-way trust Transitive trust Nontransitive trust 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 32

The One-Way Trust Relationship One-way: approaching One-way: cordial 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 33

The Two-Way Trust Relationship 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 34

Trust Transitivity in Domains 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 35

Trust Transitivity in Domains (proceeded) By default, in Windows 2000 and Windows Server 2003: Trusts are transitive User in any area can get to any asset in whatever other space in the same woodland Transitive trusts stream between areas into woods 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 36

Transitivity of Forest Trusts 70-298: MCSE Guide to Designing Security for a Microsoft Windows Server 2003 Network

Slide 37

Designing Forest and Domain Trust Models Default trust connections Two-way transit

Recommended
View more...