1 / 48

Second Week Chapter 5-8

Second Week Chapter 5-8. Kidane Sengal March 2003. Chapter Five. Managing Security. Topics. Account Policies Local Policies Security Policies Security Analysis and Configuration utility. Managing Windows 200 Security. Local Level Local security policies Domain Level

juanhernandez
Download Presentation

Second Week Chapter 5-8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Second Week Chapter 5-8 Kidane Sengal March 2003

  2. ChapterFive Managing Security

  3. Topics • Account Policies • Local Policies • Security Policies • Security Analysis and Configuration utility

  4. Managing Windows 200 Security • Local Level • Local security policies • Domain Level • Domain security policies

  5. Managing Security Setting • Any Domain security policies defined overrides the local policies of a computer • To manage Local Policies • Use Group Policy with the local computer Group Policy Objects (GPO’s) • To manage Domain Policies • Use Group Policy with Domain Controller (GPO’s)

  6. Group Policies within Active Directory • Group policies contain configuration setting for • Software • Script • Security • Application and Filer Deployment

  7. Overview of Active Directory • Hierarchy structure of Active directory • Domain • Users, groups, and GPOs • OU • You can create OU depends • Geography NY, SJ, DC • Function SALES, ACCT , TECHSUPP

  8. Group Policy Object and Active Directory • Specific order of inheritance of application on GPOs • 1 Local Computer • 2 Site ( group of domain) • 3 Domain • 4 OU

  9. Continue.. • If there is a conflict between user and computer, the user policies setting applied

  10. Options on GPOs • NO override • No override have to set on both end • This option can be set per container basis as needed • Block Inheritance • This option is if you didn’t want child containers to inherit GPO setting from parent containers • Conflict between NO override and block inheritance NO Override option Applied

  11. Administrative Templates used by Windows 2000 • System.adm for windows 2k clients • Intres.adm for IE • winnt.adm for NT clients • Windows.adm Win 95/98 • common.adm Common to both NT 4.0 &win 95/98

  12. Setting Computer Configuration • Account Policies • Local Policies • Public Key Policies

  13. Account policies • Allow you to configure computer security settings for • Password • Account lockout specification • Kerberos Authentication with in domain (only in DC)

  14. Kerberos Policies • Version 5 security protocol • Dual verification or mutual authentication • DC automatically becomes Key Distribution Center (KDC) • KDC responsible for holding password and account information

  15. Kerberos Authentication Steps • 1st Clients request authentication from KDC using password or smart card • 2nd The KDC issues Ticket grant Ticket (TGT) • Clients uses TGT to access the ticket-granting service (TGS) • 3rd The client presents the service ticket to the requested network service • This service ticket authenticates the user to the service and the service to the user for mutual authentication

  16. Local Policies • Uses to control logon procedures • Auditing • User right • Security option

  17. System Policies • Logon Policies • Disk quotas Policies • DNS Client Policies • Group Policy Policies • Windows File Protection Policies

  18. Security Configuration and Analysis Tool • Compares actual security configuration to a security template configured with your desired settings

  19. Managing Disks Chapter Six

  20. Managing Disks • Monitor, configure and troubleshoot disks and volume • Configure data compression • Monitor and configure disk quotas • Recover from disk quotas • Encrypt data on hard disk by EFS

  21. Continue … • Convert • you can convert from FAT or FAT32 to NTFS • Convert D: /fs:NTFS

  22. Configuring Disk Storage • Basic Storage • Compatible with all operating systems • Supports up to four partitions • Basic (primary) and extended • Dynamic Storage • Only Windows 2000 • Dynamic disks divided into dynamic volumes • Supports up to five dynamic volume

  23. A. Simple Volume

  24. Types of Dynamic Volumes • Simple • Spanned • Striped • Mirrored • RAID-5

  25. Dynamic Disks

  26. A. Simple Volume • A simple volume contains disk space from a single disk and is not fault tolerant • Used When you have enough space on a single drive

  27. B. Spanned Volume • A spanned volume includes disk space from multiple disks (up to 32) • Used to dynamically increase the size of dynamic volumes • Data is written sequentially • No performance enhancement • A spanned volume is not fault tolerant. • If any disk in a spanned volume fails, the data in the entire volume is lost • Running out of space just add another hard drive

  28. Spanned Volume

  29. C. Striped Volumes • A striped volume (RAID-0) combines areas of free space from multiple hard disks (up to 32) into one logical volume • Windows 2000 optimizes performance by adding data to all disks at the same rate • Advantage combine several physical drives in to one logical volume • If a disk in a striped volume fails, the data in the entire volume is lost • No fault tolerance

  30. Striped Volume

  31. D. Mirrored Volumes • Mirrored volume consists of two identical copies of a simple volume, each on a separate hard disk • Provide fault tolerance in the event of hard disk failure • Enhances disk-read performance • Disadvantage is double the size of the drive

  32. Mirrored Volume

  33. E. RAID-5 Volumes • A RAID-5 volume is a fault-tolerant striped volume • Windows 2000 adds a parity-information stripe to each disk partition in the volume • Windows 2000 uses the parity-information stripe to reconstruct data when a physical disk fails • minimum of three hard disks is required in a RAID-5 volume.

  34. RAID-5

  35. Accessing file and folders Chapter Seven

  36. Managing Local Access • Full Control Permission • Modify Permission • Read and Execute Permission • Read Permission • Write Permission • The list Contents Permission

  37. If you move file from one folder to anther folder on the same NTFS volume the file will retain the original NTFS permission If you move file from one folder to anther folder between different NTFS volumes, the file will have the same permission as the destination folder NTFS Permissions for Copied and Moved Files

  38. Moving Files

  39. Coping Files • If you Copy file from one folder to anther folder the file will have the same permission as the destination folder • If you copy or move a folder or file to a FAT partition, It will not retain any NTFS Permissions.

  40. Coping Files

  41. Flow of Resource Access • Access Token • Security Identifier (SID) • Access Control List (ACL) • Should be granted access • Access control entries (ACEs) • Type of access users should be given

  42. Administering The Distributed file System Chapter Eight

  43. Distributed File System (Dfs) Overview • Dfs is a single, logical, hierarchical file system. It organizes shared folders on different computers in a network to provide a logical tree structure for file system resources • Dfs tree is a single point of reference, regardless of the actual location of the underlying resources, users can easily gain access to network resources.

  44. Example of a Dfs share

  45. Benefit of Dfs • Easier file Access • Increased file Availability • Server load balancing

  46. Dfs Topology • Dfs roots • Dfs links • Dfs shared folders or replica

  47. Dfs Roots • Stand alone Dfs Roots • No replication • Not fault tolerant • Can’t use active directory • Only a single level of Dfs link • No root-level Dfs shared folders

  48. Domain-based Dfs root • Hosted only on domain controller • Root-level Dfs shared folder • Multiple level of Dfs links in hierarchy • Fault tolerant on NTFS version 5

More Related