Windows Server 2003 Security.


122 views
Uploaded on:
Category: Sports / Games
Description
Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Labyrinth and Partners San Diego City School Los Medanos School What we are taking a gander at today Need Shift Access was a top need Open-of course
Transcripts
Slide 1

Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos College

Slide 2

What we are taking a gander at today

Slide 3

Priority Shift Access was a top need Open-of course Start with everything transparent begin securing as required Control is presently a top need Closed-as a matter of course Start with everything shut and open just what is required

Slide 4

Security Enhancements

Slide 5

Server 2003 Defaults IIS – Internet Information Services IIS is not introduced of course When you introduce IIS 6 it is secured More startup administrations are crippled in 2003 Everyone Group No more has full control it has perused and execute No more incorporates mysterious clients

Slide 6

Server 2003 Defaults Accounts with invalid passwords are console-bound Software limitation strategies Hash principle Path tenet Certificate standard Internet Zone guideline Protected EAP (PEAP) Detailed security examining

Slide 7

File System NTFS Permissions & inspecting EFS - Encrypted File System (numerous clients) VSS - Volume Shadow Copy (Server 2003) Quotas ABE (Server 2003 SP1) Future advancements WinFS Won’t be in Longhorn

Slide 8

ABE (Access-Based Enumeration)

Slide 9

Internet Connection Firewall Windows Firewall

Slide 10

Boot-time Security Global arrangement Audit logging Scope confinements Command-line bolster Program-based exemptions Multiple Profiles Unattended setup bolster Enhanced multicast and show bolster IPv6 bolster New Group Policy Support ICF versus Windows Firewall

Slide 11

PSSU (Post-Setup Security Updates) Service Pack 1 improvement Protects the PC until it can upgrade Uses Windows Firewall

Slide 12

DEP (Data Execution Prevention) Prevent pernicious programming as opposed to blunder out and conceivably slamming the framework Hardware-upheld DEP Protects memory areas The no-execute page-insurance (NX) processor highlight as characterized by AMD. The Execute Disable Bit (XD) highlight as characterized by Intel. Programming authorized DEP Protects framework parallels and exemption taking care of Software assembled with SafeSEH

Slide 13

TCP/IP security Enhancements: Smart TCP port distribution SYN assault assurance is empowered naturally New SYN assault notice IP Helper APIs Winsock self-recuperating

Slide 14

RAS customer set in Quarantine RAS customer meets Quarantine strategies RAS customer fizzles approach check Quarantine timeout Reached RAS customer detached RAS customer gets full access to arrange What Is Network Access Quarantine? Remote access customer verifies

Slide 15

Forest (root) Trusts in Windows Server 2003 Forest 1 Forest 2 Tree/Root Trust Forest Trust Parent/Child Trust Forest (root) Domain D Domain E Domain A Domain B Domain P Domain Q Shortcut Trust External Trust Realm Trust Domain F Domain C Kerberos Realm

Slide 16

Coming Soon: IE 7 Information Security Magazine (Jan 2006)

Slide 17

Server Hardening

Slide 18

Server Hardening Appropriate settings for a protected gauge Settings for applications and administrations Operating framework segments Permissions and rights Administrative systems Physical access

Slide 19

Server Hardening - Templates Predefined Security Templates Security Guide Templates Industrial Templates SANS CIAC NSA DoD Custom Templates

Slide 20

Template Deployment Test before organization Periodic investigation Security Configuration and Analysis snap-in Scripting (Secedit.exe) Deployment Methods Group Policy (Active Directory) Security Configuration and Analysis snap-in Scripting (Secedit.exe)

Slide 21

Server Hardening Security Configuration Wizard (SCW) Comes with Service Pack 1 (Server 2003) Disables unneeded administrations Blocks unused ports Allows further address or security limitations for ports that are left open Prohibits superfluous Internet Information Services (IIS) Web augmentations, if relevant Reduces convention introduction to server message square (SMB), NTLM, LanMan, and Lightweight Directory Access Protocol (LDAP) Defines a high flag to-clamor review approach Best for servers with numerous parts

Slide 22

Security Configuration Wizard Supports Rollback Analysis Remote setup Command-line bolster Active Directory reconciliation Policy altering Export to Group Policy

Slide 23

Security Tools

Slide 24

Updates Manual Requires client intercession – work serious Windows Updates Automatic process fine for little arrangements SUS Updates affirmed basic patches for different machines at a chairman selected time (supplanted with WSUS) WSUS Same as SUS however incorporates support for different fixes, for example, Office and basic drivers

Slide 25

PKI Some uses EFS, Authentication, Smart Card, IPSec, Servers Auto enlistment Command line devices (Certreq.exe, Certutil.exe) Key recuperation (DRA or KRA) Delta CRL

Slide 26

Available Tools - GPMC New User Interface Backup and restore Import and fare Group Policy Modeling Resultant Set of Policy (RSoP)

Slide 27

Available Tools - MBSA Microsoft Baseline Security Analyzer (v2)

Slide 28

Available Tools - MSAT Microsoft Security Assessment Tool

Slide 29

Available Tools – Windows Defender Microsoft Anti-Spyware – Windows Defender Spyware recognition Scheduled examining and evacuation Straightforward operation and careful evacuation innovation

Slide 30

Available Tools Security Resource Kit Various apparatuses to specify access control records, list drivers, rundown administrations, dump occasion logs, parse logs, focus confirmation strategy, and a great deal more Security Guide Templates Various test scripts

Slide 31

3 rd Party Tools Winternals http://www.winternals.com/Sysinternals http://www.systernals.com/CERT http://www.cert.org/SANS http://www.sans.org/

Slide 32

Resources Windows Server 2003 Security Guide http://go.microsoft.com/fwlink/?LinkId=14846 WindowSecurity.com SecWish@microsoft.com (Feedback email) Microsoft Windows Security Resource Kit (2 nd Ed.) ISBN 0-7356-2174-8 Service Pack 1 Overview http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/overview.mspx

Slide 33

Resources Microsoft Security Assessment Tool (MSAT) https://www.securityguidance.com/Microsoft Security http://www.microsoft.com/security/default.mspx Microsoft Baseline Security Analyzer (MBSA) http://www.microsoft.com/technet/security/instruments/mbsahome.mspx Microsoft Anti-Spyware (beta) Defender http://www.microsoft.com/athome/security/spyware/programming/default.mspx

Slide 34

Resources RootKit Revealer http://www.sysinternals.com/Utilities/RootkitRevealer.html Strider GhostBuster Project (Rootkit locator) http://research.microsoft.com/rootkit/Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP http://go.microsoft.com/fwlink/?LinkId=15160

Slide 35

Contact Info Donald E. Hester DonaldH@MazeAssociates.com https://www.linkedin.com/in/donaldehester .:tslidesep.

Recommended
View more...