Main 10 Controls to Review in Windows Server.


65 views
Uploaded on:
Description
Main 10 Controls to Review in Windows Server Randy Franklin Smith, CISA, SSCP, Security MVP Monterey Innovation Bunch, Inc. www.montereytechgroup.com Windows Renditions NT 3.51 NT 4.0 Windows 2000 (NT 5.0) Windows XP (NT 5.1) Windows Server 2003 (NT 5.2) Dynamic Index Engineering
Transcripts
Slide 1

Main 10 Controls to Audit in Windows Server Randy Franklin Smith, CISA, SSCP, Security MVP Monterey Technology Group, Inc. www.montereytechgroup.com

Slide 2

Windows Versions NT 3.51 NT 4.0 Windows 2000 (NT 5.0) Windows XP (NT 5.1) Windows Server 2003 (NT 5.2) (c) 2004 Monterey Technology Group Inc.

Slide 3

Active Directory Architecture Multi-level Structure finds and controls Computers Users Groups Printers Shared organizers (c) 2004 Monterey Technology Group Inc.

Slide 4

AD Structure Forests Trees Domains Organizational Units Sites (c) 2004 Monterey Technology Group Inc.

Slide 5

Forests and trees (c) 2004 Monterey Technology Group Inc.

Slide 6

Domains and Organizational Units (c) 2004 Monterey Technology Group Inc.

Slide 7

AD Structure and IT Audits Auditing AD and Windows NOT a matter of applying the an agenda on every server Controls and dangers dwell at every level Enterprise Forest Domain controller Member server Workstation (c) 2004 Monterey Technology Group Inc.

Slide 8

Member Server Level Controls Each server has its own particular security arrangement (c) 2004 Monterey Technology Group Inc.

Slide 9

Member Server Level Controls Local Users Administrator, Guest Cardinality Each MS One DC per area Where to get the confirmation: Administrative Tools\Computer Management DumpSEC Reports Users as Table (c) 2004 Monterey Technology Group Inc.

Slide 10

AD SAM space controller SAM workstation part server Local SAM versus Active Directory User records Groups Password and lockout arrangement (c) 2004 Monterey Technology Group Inc.

Slide 11

Domain accounts (c) 2004 Monterey Technology Group Inc.

Slide 12

Member Server Level Controls Local Groups Administrators, Power Users, Backup Operators Cardinality Each MS Where to get the confirmation: Administrative Tools\Computer Management DumpSEC Reports Users as Table (c) 2004 Monterey Technology Group Inc.

Slide 13

Member Server Level Controls Administrative Authority Local gatherings Administrators, Power Users, Backup Operators Where to get the proof: Administrative Tools\Computer Management DumpSEC Reports Groups as Table (c) 2004 Monterey Technology Group Inc.

Slide 14

Member Server Level Controls Password & Lockout Policy Minimum length, age, unpredictability Lockout represents X minutes after X awful logins inside of X minutes Cardinality One DC per space Where to get the confirmation: Administrative Tools\Local Security Policy DumpSEC strategy report (c) 2004 Monterey Technology Group Inc.

Slide 15

Member Server Level Controls Audit strategy 9 classifications control what w2k records in security log Cardinality One DC per space Each MS WS? Where to get the confirmation: Administrative Tools\Local Security Policy DumpSEC approach report (c) 2004 Monterey Technology Group Inc.

Slide 16

Member Server Level Controls Service pack level Ctrl-Alt-Del – Task Manager – Help\About Hotfixes Control Panel\Add/Remove Programs Microsoft Baseline Security Analyzer (c) 2004 Monterey Technology Group Inc.

Slide 17

Member Server Level Controls File and Folder Permissions Important application, departmental and database indexes Where to get the proof: Windows Explorer DumpSEC record authorizations report (c) 2004 Monterey Technology Group Inc.

Slide 18

Member Server Level Controls User Rights Change framework time, reboot PC, clear security log, and so forth Where to get the confirmation: Administrative Tools\Local Security Policy DumpSEC client rights report (c) 2004 Monterey Technology Group Inc.

Slide 19

Member Server Level Controls Services FTP, WWW, Telnet, SMTP, NNTP, Terminal Services, and so forth Where to get the proof: Administrative Tools\Services DumpSEC administrations report (c) 2004 Monterey Technology Group Inc.

Slide 20

Domain Controller Level Controls A subset of part server level controls Can be diverse on every space controller inside of area Subset Services Patch status (c) 2004 Monterey Technology Group Inc.

Slide 21

Domain Level Controls Subset of part server level controls Collect from anybody DC in the area Subset Users and gatherings Password and lockout strategy Audit arrangement User rights (c) 2004 Monterey Technology Group Inc.

Slide 22

Domain Control Areas Coarse managerial power Domain Admins, Administrators, Enterprise Admins*, Account Operators, Server Operators, Backup Operators, Schema Admins, DNSAdmins Where to get the confirmation: Administrative Tools\Active Directory Users and Computers DumpSEC gatherings report (c) 2004 Monterey Technology Group Inc.

Slide 23

Domain Control Areas Coarse regulatory power Domain Admins, Administrators, Enterprise Admins*, Account Operators, Server Operators, Backup Operators, Schema Admins, DNSAdmins Where to get the proof: DumpSEC gatherings report (c) 2004 Monterey Technology Group Inc.

Slide 24

Domain Control Areas Granular authoritative power Permissions Organizational units Group approach objects Where to get the confirmation: Administrative Tools\Active Directory Users and Computers DumpSEC gatherings report (c) 2004 Monterey Technology Group Inc.

Slide 25

Forest Level Domain proprietorship and physical area Trust connections Root space contemplations (c) 2004 Monterey Technology Group Inc.

Slide 26

Windows and Active Directory Evidence Collection Screen prints DumpSEC reports www.systemtools.com Microsoft Baseline Security Analyzer Patch status (c) 2004 Monterey Technology Group Inc.

Slide 27

Top 10 Things to Audit in a Win2k Domain Local Security Policy of one DC 1. Secret word 2. Lockout strategy 3. Review arrangement Account Management, Account Logon, System Policy, Policy Changes Failure AND Success! Dynamic Directory Users and Computers 4. Vital gathering enrollments Domain Admins, Administrators, Account Ops, Server Ops, Backup Ops If the root space of the woods additionally check: Enterprise Admins, Schema Admins, DNSAdmins (c) 2004 Monterey Technology Group Inc.

Slide 28

Top 10 Things to Audit in a Win2k Domain One or more Domain Controllers 5. Administration Pack Level 6. Hazardous Services One or more Member Servers 7. Review Policy Account Logon, Account Management, System Policy, Policy Change 8. Administration Pack Level 9. Hazardous Services 10. Overseer record (c) 2004 Monterey Technology Group Inc.

Slide 29

Monterey Technology Group Windows and Active Directory Audit Kit Absolutely free Request at www.montereytechgroup.com (c) 2004 Monterey Technology Group Inc.

Slide 30

"How numerous and which Forests are a piece of this project?" Forest Evidence Findings Active Directory Domain Active Directory Evidence Findings Evidence Findings (discretionary) Domain Member Server Member Server Controller Findings Evidence Findings Evidence Report in your organization and dialect (c) 2004 Monterey Technology Group Inc.

Slide 31

Monterey Technology Group, Inc. Administrations: Windows & Active Directory Auditing Turnkey outsourcing Co-sourcing w/learning exchange Application Auditing Specification/outline versus conveyed item Coding quality Maintainability Contact data www.montereytechgroup.com rsmith@montereytechgroup.com (c) 2004 Monterey Technology Group Inc.

Slide 32

.:tslid

Recommended
View more...