Controlling a Security Arrangement.

Uploaded on:
Managing a Security Design Security Arrangement Outline Inspecting Utilizing Security Logs Client Rights Utilizing Security Formats Security Setup and Investigation Investigating a Security Setup Security Setup Review Security Design Settings
Slide 1

Controlling a Security Configuration Security Configuration Overview Auditing Using Security Logs User Rights Using Security Templates Security Configuration and Analysis Troubleshooting a Security Configuration

Slide 2

Security Configuration Overview Security Configuration Settings

Slide 3

Security Areas Configured for a Nonlocal GPO Account strategies Local approaches Event log Restricted gatherings System administrations Registry File framework Public key arrangements IP security approaches

Slide 4

Account Policies: Overview The record arrangements security region applies to client accounts. Microsoft Windows 2000 permits one and only area account strategy, which is the record arrangement connected to the root space of the space tree. The area account strategy turns into the default account arrangement of any Windows 2000 workstation or server that is an individual from the space. Special case: When another record strategy is characterized for an OU, the OU’s account approach settings influence the nearby arrangement on any PCs contained in the OU, similar to the case with a Domain Controllers OU

Slide 5

Account Policies: Attributes Password Policy: For space or neighborhood client records, decides settings for passwords, for example, requirement and lifetimes Account Lockout Policy: For space or nearby client records, decides when and for whom a record will be bolted out of the framework Kerberos Policy: For area client records, decides Kerberos-related settings, for example, ticket lifetimes and implementation

Slide 6

Local Policies: Overview The nearby strategies security territory relates to the security settings on the PC utilized by an application or client. Nearby approaches depend on the PC to which a client sign on and the rights the client has on that specific PC. Neighborhood approaches are nearby to a PC, by definition. At the point when imported to a GPO in Active Directory, neighborhood strategies influence the nearby security settings of any PC records to which that GPO is connected.

Slide 7

Local Policies Audit Policy User Rights Assignment Security Options

Slide 8

Event Log The occasion log security zone characterizes ascribes identified with the Application, Security, and System occasion logs. Most extreme log size Access rights for every log Retention settings and techniques The occasion log size and log wrapping ought to be characterized to coordinate the business and security prerequisites. Occasion log settings ought to be actualized at the site, space, or OU level, to exploit bunch approach settings.

Slide 9

Event Log Settings

Slide 10

Restricted Groups: Overview The confined gatherings security region gives an essential new security include that goes about as a representative for gathering enrollment. Naturally gives security participations to default Windows 2000 gatherings that have predefined abilities. Any gatherings considered delicate or special to the Restricted Groups security rundown can be included later.

Slide 11

Restricted Groups: Configuring the limited gatherings security territory guarantees that gathering participations are set as indicated. Gatherings and clients not determined in confined gatherings are expelled from the particular gathering. The opposite enrollment design choice guarantees that each limited gathering is an individual from just those gatherings indicated in the Member Of segment. Confined gatherings ought to be utilized fundamentally to arrange participation of nearby gatherings on workstation or part servers.

Slide 12

System Services The framework administrations security zone is utilized to design security and startup settings for administrations running on a PC. Security properties for the administration figure out what client or gathering records have the accompanying consents: Read/Write/Delete/Execute, legacy settings, evaluating, and possession authorization. In the event that picking an Automatic startup, sufficient testing must be performed to confirm that the administrations can begin without client intercession. Framework administrations utilized on a PC ought to be followed. Pointless or unused administrations ought to be set to Manual.

Slide 13

Registry and File System Areas Registry security zone: Used to design security on registry keys. Record framework security region: Used to arrange security on particular document ways. The Security properties of the registry key or record way can be altered to figure out what client or gathering records have Read/Write/Delete/Execute authorizations, and in addition legacy settings, inspecting, and proprietorship consent.

Slide 14

Policies Public key arrangements: Used to design scrambled information recuperation operators, area roots, and trusted declaration powers IP security strategies: Used to design system IP security

Slide 15

Auditing Understanding Auditing Using an Audit Policy Audit Policy Guidelines Configuring Auditing Setting Up an Audit Policy Auditing Access to Files and Folders Auditing Access to Active Directory Objects Auditing Access to Printers Auditing Practices Practice: Auditing Resources and Events

Slide 16

Understanding Auditing: The procedure of following both client exercises and Windows 2000 exercises, called occasions. Examining is utilized to determine which occasions are composed to the security log. A review section in the security log contains The activity that was performed. The client who performed the activity. The achievement or disappointment of the occasion and when the occasion happened.

Slide 17

Using an Audit Policy A review approach characterizes the classes of occasions that Windows 2000 records in the security sign on every PC. The security log permits indicated occasions to be followed. Windows 2000 composes an occasion to the security sign on the PC where the occasion happens.

Slide 18

General Audit Policy Guidelines Determine the PCs on which to set up reviewing. Inspecting is killed of course. Arrangement the occasions to review on every PC. Figure out if to review the achievement of occasions, disappointment of occasions, or both. Following fruitful occasions distinguishes which clients obtained entrance to particular documents, printers, or articles, data that can be utilized for asset arranging. Following fizzled occasions may caution the director of conceivable security breaks.

Slide 19

Other Policy Guidelines Determine whether to track patterns of framework use. Survey security logs regularly. Characterize a review approach that is valuable and reasonable. Review asset access by the Everyone bunch rather than the Users bunch. Review every single regulatory errand by the managerial gatherings.

Slide 20

Configuring Auditing: Overview A review arrangement is actualized in view of the PC\'s part in the Windows 2000 system. The occasion classifications on an area controller are indistinguishable to those on a PC that is not a space controller.

Slide 21

Computer Roles For part or stand-alone servers and PCs running Windows 2000 Professional A review arrangement is set for every individual PC. Occasions are evaluated by designing a nearby gathering arrangement for that PC. Area controllers A review strategy is set for all space controllers in the area. Occasions are inspected by designing the review approach in a nonlocal GPO for the space, which applies to all DCs and is available through the Domain Controllers OU.

Slide 22

Auditing Requirements The Manage Auditing And Security Log client a good fit for the PC is important to design a review arrangement or survey a review log. Documents and organizers to be inspected must be on Microsoft Windows NTFS volumes.

Slide 23

Setting Up Auditing Set the review strategy: Enables inspecting of articles yet does not actuate examining of particular sorts Enable evaluating of particular assets: The particular occasions to track for documents, envelopes, printers, and Active Directory objects must be distinguished Windows 2000 then tracks and logs the predetermined occasions.

Slide 24

Setting Up an Audit Policy Categories of occasions that Windows 2000 reviews are chosen. Design settings demonstrate whether to track fruitful or fizzled endeavors for every occasion class to be reviewed. Review approaches are set in the Group Policy snap-in. The security log is constrained in size. The occasions to be evaluated must be chosen deliberately. The measure of circle space to dedicate to the security log must be considered.

Slide 25

Types of Events Audited by Windows 2000 Account logon Account administration Directory administration access Logon occasions Object access Policy change Privilege utilization Process following System occasions

Slide 26

Auditing Access to Files and Folders If security breaks are an issue for an association, examining ought to be set up for documents and envelopes on NTFS allotments. To review client access to records and organizers, the Audit Object Access occasion classification is set in the review arrangement. After Audit Object Access is set in the review strategy, examining for particular documents and envelopes is empowered, indicating which sorts of access to review, either by clients or by gatherings.

Slide 27

Auditing Entry For Dialog Box

Slide 28

User Events Traverse Folder/Execute File List Folder/Read Data Read Attributes and Read Extended Attributes Create Files/Write Data Create Folders/Append Data Write Attributes and Write Extended Attributes Delete Subfolders And Files Read Permissions Change Permissions Take Ownership

Slide 29

Auditing Access to Active Directory Objects Similar to examining document and envelope access. A review approach must be arranged, and after that specifying so as to evaluate for particular articles must be set which sorts of access, and by whom, to review. Dynamic Directory items are examined to track access to them. The Audit Directory Service Access occasion class is set in the review strategy to empower evaluating of client access to AD objects.

Slide 30

Auditing Entry For Dialog Box

Slide 31

Active Directory Object Events Full Control List Contents Read All Properties Write All Properties Create All Child Objects Delete All Child Objects Read Permissions Modify Permissions Modify Owner

Slide 32

Auditing Access to Printers Use examining to track access to touchy printers. Set the Audit Obj

View more...