1 / 35

Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance. Module Overview. Securing a Windows Infrastructure Using Security Templates to Secure Servers Configuring an Audit Policy Overview of Windows Server Update Services Managing WSUS. Lesson 1: Securing a Windows Infrastructure.

ulric-harrington
Download Presentation

Module 14: Configuring Server Security Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 14: Configuring Server Security Compliance

  2. Module Overview • Securing a Windows Infrastructure • Using Security Templates to Secure Servers • Configuring an Audit Policy • Overview of Windows Server Update Services • Managing WSUS

  3. Lesson 1: Securing a Windows Infrastructure • Challenges of Securing a Windows Infrastructure • Applying Defense-in-Depth to Increase Security • Core Server Security Practices • What Is the Security Configuration Wizard? • What Is Windows Firewall? • Demonstration: Using the Security Configuration Wizard to Secure Server Roles

  4. Challenges of Securing a Windows Infrastructure Challenges of securing a Windows infrastructure include: • Implementing and managing secure configuration of servers • Protecting against malicious software threats and intrusions • Implementing effective identity and access control

  5. Applying Defense-in-Depth to Increase Security Defense-in-depth provides multiple layers of defense to protect a networking environment Policies, Procedures, & Awareness Physical Security Data ACLs, encryption, EFS Application Application hardening, antivirus Host OS hardening, authentication Internal Network Network segments, IPsec Perimeter Firewalls Guards, locks Security documents, user education

  6. Core Server Security Practices Apply the latest service pack and all available security updates ü Use the Security Configuration Wizard to scan and implement server security ü Use Group Policy and security templates to harden servers ü Restrict scope of access for service accounts ü Restrict who can log on locally to servers ü Restrict physical and network access to servers ü

  7. What Is the Security Configuration Wizard? SCW provides guided attack-surface reduction SCW supports: • Disables unnecessary services and IIS Web extensions • Uses IPsec to block unused ports and secure ports that are left open • Reduces protocol exposure • Configures audit settings • Rollback • Analysis • Remote configuration • Command-line support • Active Directory integration • Policy editing

  8. What Is Windows Firewall? Windows Firewall is a stateful host-based application that provides the following features: • Filters both incoming and outgoing network traffic • Integrates both firewall filtering and IPsec protection settings • Can be managed by the Control Panel tool or by the more advanced Windows Firewall with Advanced Security MMC console • Provides Group Policy support • Enabled by default in new installs

  9. Demonstration: Using the Security Configuration Wizard to Secure Server Roles In this demonstration, you will see how to implement security using the Security Configuration Wizard

  10. Lesson 2: Using Security Templates to Secure Servers • What Is a Security Policy? • What Are Security Templates? • Demonstration: Configuring Security Template Settings • What Is the Security Configuration and Analysis Tool? • Demonstration: Analyzing Security Policy Using the Security Configuration and Analysis Tool

  11. What Is a Security Policy? A Security Policy is a combination of security settings to be applied to a computer Local Security Policies include: Active Directory Security Policies include: • Account Policies • Local Policies • Windows Firewall with Advanced Security • Public Key Policies • Software Restriction Policies • IP Security Policies on Local Computer • Event Log • Restricted Groups • System Services • Registry • File System • Wired and Wireless Network Policies • Network Access protection • IP Security Policies on Active Directory

  12. What Are Security Templates? A security template is a collection of configured security settings used to apply a security policy Security Templates: • Created and modified using the Security Templates MMC snap-in • Default security templates stored in %SystemRoot%\Security\Templates • Custom security templates are stored in local user profile folder Deployment Considerations: • Create templates based upon server role • Deploy to individual computers using the SECEDIT command • Deploy to groups of computers using Group Policy

  13. Demonstration: Configuring Security Template Settings In this demonstration, you will see how to: • Add the Security Templates snap-in and configure a custom security template for the DHCP server role • Import a security template into Active Directory

  14. What Is the Security Configuration and Analysis Tool?

  15. Demonstration: Analyzing Security Policy Using the Security Configuration and Analysis Tool In this demonstration, you will see how to use the Security Configuration and Analysis Tool to analyze and configure local security policy settings

  16. Lesson 3: Configuring an Audit Policy • What Is Auditing? • What Is an Audit Policy? • Types of Events to Audit • Demonstration: How to Configure Auditing

  17. What Is Auditing? • Auditing tracks user and operating system activities, and records selected events in security logs, such as: • What occurred? • Who did it? • When? • What was the result? • Enable auditing to: • Create a baseline • Detect threats and attacks • Determine damages • Prevent further damage • Audit access to objects, management of accounts, and users logging on and off

  18. What Is an Audit Policy? • An audit policy determines the security events that will be reported to the network administrator • Set up an audit policy to: • Track success or failure of events • Minimize unauthorized use of resources • Maintain a record of activity • Security events are stored in security logs

  19. Types of Events to Audit • Account Logon • Account Management • Directory Service Access • Directory Service Changes • Directory Service Replication • Detailed Directory Service Replication • Logon • Object Access • Policy Change • Privilege Use • Process Tracking • System

  20. Demonstration: How to Configure Auditing In this demonstration, you will see how to: • Enable auditing for various events • Enable object access auditing

  21. Lesson 4: Overview of Windows Server Update Services • What Is Windows Server Update Services? • Windows Server Update Services Process • Server Requirements for WSUS • Automatic Updates Configuration • Demonstration: Installing and Configuring WSUS

  22. What Is Windows Server Update Services? Microsoft Update Web site Automatic Updates Server running Windows Server Update Services Test Clients LAN Internet Automatic Updates

  23. Windows Server Update Services Process Assess Deploy Identify Update Management Evaluate and Plan

  24. Server Requirements for WSUS Software requirements: • Windows Server 2003 SP1 or Windows Server 2008 • IIS 6.0 or later • Windows Installer 3.1 or later • Microsoft .NET Framework 2.0 • SQL Server 2005 SP1 or later (optional) • Microsoft Report Viewer Redistributable 2005

  25. Automatic Updates Configuration • Configure Automatic Updates by using Group PolicyComputer Configuration/Administrative Templates/Windows Components/Windows Update • Requires updated wuau.adm administrative template • Requires: • Windows Vista • Windows Server 2008 • Windows Server 2003 • Windows XP Professional SP2 • Windows 2000 Professional SP4, Windows 2000 Server/Advanced Server SP3 or SP4

  26. Demonstration: Installing and Configuring WSUS In this demonstration, you will see how to: • Install WSUS • Configure Automatic Update client settings using Group Policy

  27. Lesson 5: Managing WSUS • WSUS Administration • Managing Computer Groups • Approving Updates • Demonstration: Managing WSUS

  28. WSUS Administration

  29. Managing Computer Groups • Computers are automatically added • Default computer groups • All Computers • Unassigned Computers • Client-side targeting

  30. Approving Updates • Approval options include: • Install • Decline • Unapprove • Removal • Automate approval is also supported

  31. Demonstration: Managing WSUS In this demonstration, you will see how to: • Add a computer to WSUS • Approve an update

  32. Lab: Configuring Server Security Compliance • Exercise 1: Configuring and Analyzing Security • Exercise 2: Analyzing Security Templates • Exercise 3: Configuring Windows Software Update Services Logon information Estimated time: 90 minutes

  33. Lab Review • What recourse do you have if the desired result is not met when applying changes using the Security Configuration Wizard to secure server infrastructure? • How can you verify compatibility with existing settings before you apply a template to a GPO for deployment or apply the template to a local computer? • After installing the WSUS server software, a wizard appears to help you with the configuration of WSUS properties. How can you change any incorrectly assigned properties after the wizard has been completed?

  34. Module Review and Takeaways • Review Questions • Best Practices

  35. Course Evaluation

More Related