19 Jan Microsoft Windows computers can be very useful by themselves, but they are far more effective when they are able to communicate
Microsoft Windows computers can be very useful by themselves, but they are far more effective when they are able to communicate with one another. In an essay, address the following:
- Discuss the techniques that many organizations use to ensure that their Windows networks are secure.
- Additionally, examine how to connect computers together without risking your organization’s information to loss, alteration, or disclosure.
- Provide an example of how each principle of the CIA triad can be used to secure the network
Provide information from your readings to support your statements.
Deliverables:
Your well-written essay should be 4-5 pages in length, incorporating at least two academic sources from the Library in addition to the case study. Cite all sources using University academic writing standards and APA style guidelines found in the Library, citing references as appropriate.
Course's textbook:
Solomon, M. G. (2014). Security strategies in Windows platforms and applications (2nd ed.). Burlington, MA: Jones & Bartlett Learning.
Security Strategies in Windows Platforms and Applications
Lesson 10
Microsoft Windows Security Administration
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objective and Key Concepts
Learning Objective
Develop a security administration framework to ensure your organization meets its security policy goals.
Key Concepts
Security administration
Due diligence
End user security awareness training program
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
2
Operating System Administration
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
3
Workstation Administration
Server Administration
Network Device Administration
Security Administration Process
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
4
C-I-A
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Availability, integrity, and confidentiality (A-I-C)
Aka confidentiality, integrity, and availability, (C-I-A)
Aka the A-I-C triad or the C-I-A triad
5
Types of Security Administration
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Availability, integrity, and confidentiality (A-I-C)
Aka confidentiality, integrity, and availability, (C-I-A)
Aka the A-I-C triad or the C-I-A triad
6
Firewall
Backup
Operating system service pack
Group Policy
Types of Security Administration
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Availability, integrity, and confidentiality (A-I-C)
Aka confidentiality, integrity, and availability, (C-I-A)
Aka the A-I-C triad or the C-I-A triad
7
DACL
Encryption
Anti-malware software
Windows Firewall with Advanced Security MMC Snap-in
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
8
Windows Performance Monitor
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
9
Windows Backup and Restore for Windows 7
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
10
Windows Server 2008 Backup
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
11
MBSA GUI
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
12
Group Policy Management Console
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
13
Object Properties Security Page
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
14
DACL Advanced Security Settings
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
15
Object Properties—Advanced Attributes
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
16
Enabling BitLocker
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
17
BitLocker Management Tool
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
18
Compliance and Due Diligence
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
19
Compliance
Due Diligence
Security Policies, Standards, Procedures, and Guidelines
Guidance Documents
Security policy
Security standard
Security procedure
Security guidelines
Main Security Elements
Clearly stated security goals
Documented plans
Communication with stakeholders
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
20
Best Practices
Clearly state security goals
Include all compliance requirements
Use the PDCA method
Communicate with all stakeholders
Strive for simplicity
Search for controls that have little impact on users
Coordinate AUPs with technical controls
Automate
Use AD GPOs
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
21
Best Practices (Cont.)
Coordinate physical and technical controls
Use anti-malware controls
Develop a plan to monitor system and network performance
Use up to date software
Examine log files
Stay current on emerging attacks
Test your recovery plans
Define DACLs
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
22
Summary
Methods of Windows security administration
Process of security administration
Key roles involved in security administration
Recent security breaches
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
23
,
Security Strategies in Windows Platforms and Applications
Lesson 9
Microsoft Windows Network Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objective and Key Concepts
Learning Objective
Design techniques to protect Windows networks from security vulnerabilities.
Key Concepts
Network security
Windows security protocols
Securing wireless networks
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
2
Purpose of Network Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
3
Acts as a layer of defense
Helps keep attackers out
Reduces risk of compromised computers
Limits exposure of protected resources
Supports availability, integrity, and confidentiality
Seven Domains of a Typical IT Infrastructure
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
4
Network Types
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5
Local area network (LAN)
Metropolitan area network (MAN)
Wide area network (WAN)
Personal area network (PAN)
Campus area network (CAN)
Global area network (GAN)
Network Security Controls
Access controls
Communication controls
Anti-malware software
Recovery plans, including backups
Procedures to control network device configuration changes
Monitoring tools and other detective controls
Software patch management
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
6
Principles of Microsoft Windows Network Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
7
Physical and logical access
Traffic flow
Computer and device security
Common Components Found in Networks
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
8
Connection Media
Wireless network connections
Wired connections
Unshielded twisted pair (UTP)
Shielded twisted pair (STP)
Coaxial cable
Fiber optic cable
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
9
802.11 Wireless Standards
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
10
Simple Network with a Hub
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
11
DMZ with Two Firewalls
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
12
TCP/IP and OSI Reference Models
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
13
Message Flow in the U.N. Example
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
14
Common Network Communication Protocols
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
15
Telnet
Secure Shell (SSH)
HTTP/ HTTPS
SSL/TLS
TCP/IP
UDP
Common Network Communication Protocols (Cont.)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
16
IPSec
PPP/PPTP
L2TP
SSTP
WEP/WPA
Kerberos
Securing Network Services Strategies
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
17
Service Updates
Service Accounts
Necessary Services
Windows Services Startup Options
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
18
Wireless Network Security Guidelines
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
19
Use WPA or WPA2 encryption
Use Media Access Control (MAC) address filtering
Disable Service Set Identifier (SSID) broadcast
Limit outside eavesdropping
Physically separate wireless networks by purpose
Desktop and Server Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
20
Desktop Security
User authorization and authentication
Malicious software protection
Server Security
Outbound software filtering
Authentication and authorization
Network traffic filtering
Malicious software protection
Security Administration Process
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
21
Prepare/Plan
Design
Implement
Optimize
Best Practices
Identify sensitive data
Use encryption
Establish unique domain user accounts
Enforce strong passwords
Create new user accounts with limited rights and permission for services
Do not allow any services to run as a domain admin user
Use Kerberos for secure authentication
Install firewalls to create a DMZ
Use encrypted communication
Establish firewall rules
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
22
Best Practices (Cont.)
Deny all suspicious traffic
Allow only approved traffic for servers
Filter inbound and outbound traffic for malicious messages
Install anti-malware software
Perform quick scans daily
Perform complete scans weekly
WPA or WPA2
Disable SSID broadcast
Do not enable wireless or mobile broadband cards while connected to your organization’s internal network
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
23
Best Practices (Cont.)
Do not allow visitors to roam around your facilities using wireless LANs
Avoid connecting to public networks
Use VPN
Install separate wireless access point for guests
Disable or uninstall services you don’t need
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
24
Summary
Methods of Windows network security
Process of network security
Key roles involved in network security
Purpose of network security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
25
OPTIONAL SLIDES
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
26
Securing Windows Networks
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
27
Network Security Controls
Securing Network Services
Hardening Windows Authentication
