350 likes | 533 Views
Module 6. Implementing Network Security . Module Overview. Overview of Threats to Network Security Configuring Windows Firewall Securing Network Traffic Configuring Windows Defender. Lesson 1: Overview of Threats to Network Security.
E N D
Module 6 Implementing Network Security
Module Overview • Overview of Threats to Network Security Configuring Windows Firewall Securing Network Traffic Configuring Windows Defender
Lesson 1: Overview of Threats to Network Security • Common Network Security Threats What Is Defense-in-Depth? Options for Mitigation of Network Security Threats
Common Network Security Threats • There are a variety of network security threats, but they fall into a number of categories • Common network-based security threats include: • Eavesdropping • Denial-of-service • Port scanning • Man-in-the-middle • Hacking is a generic term that refers to the act of trying to crack a computer program or code
What Is Defense-in-Depth? • Defense-in-depth uses a layered approach to security, which: • Reduces an attacker’s chance of success • Increases an attacker’s risk of detection Access Control Lists, encryption, Encrypting File System, Digital Rights Management Policies, Procedures, and Awareness Physical Security Data Application hardening, antivirus Application Hardening, authentication, update management, host-based intrusion detection system Host Network segments, Internet Protocol Security, Network Intrusion Detection System Internal Network Perimeter Firewalls, Network Access Quarantine Control Guards, locks, tracking devices Security documents, user education
Options for Mitigation of Network Security Threats It is important to implement a holistic approach to network security to ensure that one loophole or omission does not result in another
Lesson 2: Configuring Windows Firewall • Network Location Profiles Configuring Basic Firewall Settings Windows Firewall with Advanced Security Settings Well-Known Ports Demonstration: Configuring Inbound and Outbound Rules
Network Location Profiles • The first time that your server connects to a network, you must select a network location • There are three network location types: • Private networks • Public networks • Domain networks
Configuring Basic Firewall Settings • Configure network locations • Turn Windows Firewall on or off, and customize network location settings • Add, change, or remove allowed programs • Set up or modify multiple active profile settings • Configure notifications for Windows Firewall
Windows Firewall with Advanced Security Settings The Properties page is used to configure firewall properties for domain, private, and public network profiles, and to configure IPsec settings. Windows Firewall with Advanced Security filters incoming and outgoing connections based on its configuration Inbound rules explicitly allow or explicitly block traffic that matches criteria in the rule. Outbound rules explicitly allow or explicitly deny traffic originating from the computer that matches the criteria in the rule. • Use the Properties page to configure firewall properties for domain, private, and public network profiles, and to configure IPsec settings Connection security rules secure traffic by using IPsec while it crosses the network. The monitoring interface displays information about current firewall rules, connection security rules, and security associations. • Use inbound rules to explicitly allow or block traffic that matches the rule’s criteria • Use outbound rules to explicitly allow or deny traffic that originates from the computer that matches the rule’s criteria • Use IPsec rules to use IPsec to secure traffic while it crosses the network • Use the monitoring interface to view information about current firewall rules, IPsec rules, and security associations
When an application wants to establish communications with an application ona remote host, it creates a TCP or UDP socket Well-Known Ports ARP IPv4 IPv6 IGMP ICMP TCP/IP Protocol Suite HTTPS (443) HTTP (80) FTP (21) SMTP (25) SNMP (161) POP3 (110) DNS (53) TCP UDP Ethernet
Demonstration: Configuring Inbound and Outbound Rules In this demonstration, you will see how to: • Configure an inbound rule • Test the inbound rule • Configure an outbound rule • Test the outbound rule
Lab A: Configuring Inbound and Outbound Firewall Rules • Exercise 1: Creating an Inbound Firewall Rule Exercise 2: Creating an Outbound Firewall Rule Logon Information Virtual Machines 20687B-LON-DC1 20687B-LON-CL1 20687B-LON-CL2 User Name Adatum\Administrator Password Pa$$w0rd Estimated Time: 20 minutes
Lab Scenario Remote desktop is enabled on all client systems through a Group Policy Object (GPO). However, as part of your infrastructure security plan, you must configure certain desktops systems, such as the HR department systems, for limited exposure to remote connections. Before implementing the firewall rules in a GPO you want to validate your plan by manually configuring the rules on local systems. Due to the sensitive nature of the data that could be on these systems, you decide to use firewall rules to prevent all but specific systems from connecting to them remotely. Additionally certain helpdesk systems are not allowed to use the Remote Desktop Connection (MSTSC.exe) program to connect to certain servers. You decide to control this through local firewall rules blocking outbound traffic on the client systems.
Lab Review • In your environment, where do you use workstation-based firewalls?
Lesson 3: Securing Network Traffic • Benefits of IPsec Using IPsec Tools for Configuring IPsec What Are IPsec Rules? Configuring Authentication Choosing an Authentication Method Monitoring Connection Security Demonstration: Configuring an IPsec Rule
Benefits of IPsec • IPsec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network • IPsec has two goals: packet encryption and mutual authentication between systems • Configuring IPsec on sending and receiving computers enables the two computers to send secured data to each other • IPsec secures network traffic by using encryption and data signing • An IPsec policy defines the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated
Using IPsec • Recommended uses of IPsec include: • Packet filtering • Authenticating and encrypting host-to-host traffic • Authenticating and encrypting traffic to specific servers • Providing L2TP/IPsec for VPN connections • Site-to-site tunneling • Enforcing logical networks
Tools for Configuring IPsec To configure IPsec, you can use: • Windows Firewall with Advanced Security MMC(also used for Windows Server 2008 R2 and Windows 7) • IP Security Policy MMC (Used for mixed environments and to configure policies that apply to all Windows versions) • Netsh command-line tool • PowerShell NetSecurity module cmdlets
What Are IPsec Rules? Connection security rules involve: • Authenticating two computers before they begin communications • Securing information being sent between two computers • Using key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: • Firewall rules allow traffic through, but do not secure that traffic • Connection security rules can secure the traffic, but depend on a firewall rule to allow traffic through the firewall
Configuring Authentication When using the Connection Security Rule Wizard to create a new rule, you use the Requirements page to choose one of the following:
Monitoring Connection Security The Windows Firewall in Windows 8 incorporates IPsec Options for using the IP Security Monitor: • Modify IPsec data refresh interval to update information in the console at a set interval • Allow DNS name resolution for IP addresses to provide additionalinformation about computers connecting with IPsec • Computers can monitored remotely: • To enable remote management editing, the HKLM\system\currentcontrolset\services\policyagent keymust have a value of 1 • To Discover the Active security policy on a computer, examine the Active Policy Node in the IP Security Monitoring MMC • Main Mode Monitoring monitors initial IKE and SA: • Information about the Internet Key Exchange • Quick Mode Monitoring monitors subsequent key exchanges related to IPsec: • Information about the IPsec driver • Use the Connection Security Rules and Security Associations nodes to monitor IPsec connections • Security Associations that you canmonitor include: • Main Mode • Quick Mode
Demonstration: Configuring an IPsec Rule In this demonstration, you will see how to: • Create a connection security rule • Review monitoring settings in Windows Firewall
Lab B: Configuring IPsec Rules • Exercise 1: Creating and Configuring IPsec Rules Logon Information Virtual Machines 20687B-LON-DC1 20687B-LON-CL1 20687B-LON-CL2 User Name Adatum\Administrator Password Pa$$w0rd Estimated Time: 20 minutes
Lab Scenario A. Datum uses many outside consultants. The enterprise’s management has a concern that if a consultant was on the company network, they may be able to connect to unauthorized computers.
Lab Review • In your environment, where do you use authenticated connections between workstation computers?
Lesson 4: Configuring Windows Defender • What Is Windows Defender? Scanning Options in Windows Defender Demonstration: Configuring Windows Defender Settings
Windows Defender is software that helps protect the computer against security threats by detecting and removing known spyware from the computer What Is Windows Defender? Schedules scans to occur on a regular basis Provides configurable responses to severe, high, medium, and low alert levels Provides customizable options to exclude files, folders, and file types • Works with Windows Update to automatically install new spyware definitions
When a scan results display on the Home page. Scanning Options in Windows Defender You define when to scan: You define scan options:
Demonstration: Configuring Windows Defender Settings In this demonstration, you will see how to: • Perform a quick scan • Test Malware Detection • Examine the Window Defender History
Lab C: Configuring Host-Based Virus and Malware Protection • Exercise 1: Configuring Windows Defender Logon Information Virtual Machines 20687B-LON-DC1 20687B-LON-CL1 User Name Adatum\Administrator Password Pa$$w0rd Estimated Time: 10 minutes
Lab Scenario You are planning to use Window Defender to check for malicious files every day. You also want to ensure that Windows Defender will quarantine any files that it considers a severe risk to your system’s security.
Lab Review • In your environment, how often are your client computers infected with malware?
Module Review and Takeaways • Review Questions • Tools Best Practice