260 likes | 391 Views
Windows Security On a Network. Overview. Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy Group Policy Security Policy Administrative Templates. Many security layers.
E N D
Windows Security On a Network
Overview • Microsoft Windows XP Pro (SP2) • Microsoft Windows Server 2003 • User accounts and groups • File sharing and file permissions • Password/Lockout Policy • Group Policy • Security Policy • Administrative Templates
Many security layers • Keep in mind that when it comes to securing a network, there are many security layers and many different types of security that may be enforced.
Active Directory • Active Directory (AD) is a component of Microsoft Server 2003. • AD technology is based on standard Internet protocols. • Uses the Domain Name System (DNS). DNS is a standard Internet service that organizes groups of computers into domains.
Active Directory • Provides centralized authentication and authorization services for Windows based computers. • Allows administrators to assign policies, deploy software, and apply updates to an entire network.
Microsoft Server 2003 • File Server • Print Server • Application Server • Domain Controller • Mail Server • Terminal Server • VPN Server • DHCP Server Server 2003 can be used as a server for a number of different things. Along with the examples we mentioned in class, a server can also be used for the above tasks. A server can do many things, they are not limited to the items on this screen.
Windows Networking without a Server • Managing a network without a Domain Controller can be difficult. • Keeping the network secure is even more difficult. • Usually a peer-to-peer network. • Vulnerable to viruses and being hacked.
Windows Networking without a Server • Keep your computer up to date by running Windows Updates. • Security Patches
Windows Networking without a Server • Use Anti-Virus software to protect against Trojans, Worms, and other malicious software.
Windows Networking without a Server • Enable Windows Firewall • Only allow exceptions for the services that are absolutely necessary for the network.
Windows Networking without a Server • The use of user accounts will help protect hackers from gaining access to your peer-to-peer network. • Strong passwords • Non-administrator account
Windows Networking without a Server • Automatic Updates • Virus Protection • Firewall • Users accounts • Disable Windows Services Not as secure as a Server-based network!!
Windows Networking with a Server • Allows better control of user accounts and user groups. (AD) • Allows updates to be forced to computers. (AD) • More secure and organized file/print sharing. • Allows strong security policies. • Policies can be forced to computers.
Windows Networking with a ServerUser Accounts • Enables better security and better user account control. • Roaming Profiles • Remote Access • Dial-in Access • Logon Hours • Ability to disable accounts • Groups
Windows Networking with a ServerFile Permissions • Server 2003 allows an administrator to assign file permissions to files, folders, and printers shared across the network. • Permissions can be set for a specific user, or a group of users. • NTFS permissions can be set with a Graphical User Interface or the command line.
Windows Networking with a ServerFile Permissions Share Permissions NTFS Permissions
Windows Networking with a ServerPassword Policy • Server 2003 allows an administrator to set a password policy for all users to abide by. • Password History • Password Age • Password Length • Complexity Requirements
Windows Networking with a ServerAccount Lockout Policy • Server 2003 allows an administrator to set an account lockout policy.
Windows Networking with a ServerGroup Policy • Allows an administrator to enforce various policies to the entire network, domain or specific Organization Unit (OU).
Windows Networking with a ServerGroup Policy: Security Policy • Restrict access to the CD-ROM and Floppy Drive • Disconnect users when logon hours expire • Let “everyone” permissions apply to anonymous • Access the registry remotely • Access shares anonymously
Windows Networking with a ServerGroup Policy: Administrative Templates • Remove icons from the desktop (i.e. My Computer, Network Places, etc.) • Allow/Deny access to the Control Panel • Restrict display settings (i.e. force background, no screensaver) • Remove items from the Ctrl + Alt + Del menu (i.e. Task Manager, Lock Computer, Change Password)
Windows Networking with a Server • User Accounts • Password Policy • Group Policy • Security Policy • Administrative Templates • File Permissions • Account Lockout Policy These are just some of the security features that Microsoft Windows has to offer to a Server-Based network!
Anthony J. Arduini Management Information Systems October 2007