Your SlideShare is downloading. ×
0
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Chapter 8
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
289
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Planning Server and Network Security Lesson 8
  • 2. Skills Matrix Technology Skill Objective Domain Objective # Using BitLocker Plan server installations and upgrades 1.1 Securing Network Access Monitor and maintain security and policies 3.3
  • 3. Lesson 8 Creating a Firewall Exception
    • Click Start, and then click Control Panel.
    • Double-click the Windows Firewall icon.
    • Click Allow a program through Windows Firewall.
  • 4. Lesson 8 Creating a Firewall Exception (cont.)
    • To create a program exception, click Add Program.
    • Select the program for which you want to create an exception from the Programs list, or click Browse to locate the program.
  • 5. Lesson 8 Creating a Firewall Exception (cont.)
    • Click Change Scope to limit the exception to a specific network or specific addresses.
    • Click OK to close the Add a Program dialog box.
    • To open a port, click Add Port to open the Add a Port dialog box.
  • 6. Lesson 8 Creating a Firewall Exception (cont.)
    • Specify a name for the port, the port number, and whether you want to allow TCP or UDP traffic using that port through the firewall.
    • Click Change Scope to limit the exception to a specific network or specific addresses.
    • Click OK to close the Add a Port dialog box.
    • Click OK to close the Windows Firewall Settings dialog box.
  • 7. Lesson 8 Installing BitLocker
    • Install the BitLocker Drive Encryption feature using the Server Manager console.
    • Open the Local Group Policy Editor console, browse to the Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption node, and open the Control Panel Setup: Enable advanced startup options policy.
  • 8. Lesson 8 Installing BitLocker (cont.)
    • Select the Enabled option, and configure the listed settings to select an operational mode.
    • Open the BitLocker Drive Encryption control panel, and click Turn On BitLocker for the volume you want to encrypt.
  • 9. Lesson 8 Installing BitLocker (cont.)
    • On the Set BitLocker startup preferences page, select an option that specifies the operational mode.
  • 10. Lesson 8 Installing BitLocker (cont.)
    • On the Save the recovery password page, specify where you want to store the password needed to override a locked BitLocker volume.
    • On the Encrypt the volume page, click continue and restart the computer.
  • 11. Lesson 8 Assigning Standard NTFS Permissions
    • Click Start > Administrative Tools > Share and Storage Management.
    • In the detail (middle) pane, click the Shares tab.
    • Select the share you want to modify and, in the actions pane, select Properties.
    • Click the Permissions tab, and then click NTFS Permissions.
  • 12. Lesson 8 Assigning Standard NTFS Permissions (cont.)
    • Click Add.
    • In the Enter the object names to select text box, key the name of the user or group that you want to add, and click OK.
  • 13. Lesson 8 Assigning Standard NTFS Permissions (cont.)
    • Select the user or group you just added and, in the Permissions box, select or clear the check boxes to Allow or Deny the user any of the standard permissions.
    • Click OK twice to close the Permissions dialog box and the Properties sheet.
  • 14. Lesson 8 Assigning Special NTFS Permissions
    • Open the Properties sheet for a file, folder, or share on an NTFS drive using one of the following procedures:
      • Open Windows Explorer, right-click a file or folder and, from the context menu, select Properties. Then, click the Security tab.
      • Open the Share and Storage Management console, select a share, and click Properties. Click the Permissions tab, and then click the NTFS Permissions button.
  • 15. Lesson 8 Assigning Special NTFS Permissions (cont.)
    • Click Advanced.
    • Click Edit.
    • Click Add.
  • 16. Lesson 8 Assigning Special NTFS Permissions (cont.)
    • In the Enter the object names to select text box, key the name of the user or group you want to add, and click OK.
    • In the Apply To drop-down list, select which subordinate resources should receive the permissions you assign using this dialog box.
  • 17. Lesson 8 Assigning Special NTFS Permissions (cont.)
    • In the Permissions list, select or clear the check boxes to Allow or Deny the user any of the special permissions.
    • Click OK four times to close all of the dialog boxes.
  • 18. Lesson 8 You Learned
      • Before you consider any other security mechanisms or even operating system and application deployments, you should take steps to ensure that your servers are stored in a location that is physically secure.
      • Biometric identification is the process of establishing an individual’s identity based on biometric information, essentially asking the system to indicate who the person is.
  • 19. Lesson 8 You Learned (cont.)
      • A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. A firewall is essentially a series of filters that examines the contents of packets and the traffic patterns to and from the network to determine which packets it should allow to pass through the filter.
  • 20. Lesson 8 You Learned (cont.)
      • The default rules preconfigured into the firewall are designed to admit the traffic used by standard Windows networking functions, such as file and printer sharing. For outgoing network traffic, Windows Firewall allows all traffic to pass the firewall except that which conforms to a rule.
  • 21. Lesson 8 You Learned (cont.)
      • The Windows Firewall Settings dialog box is designed to enable administrators to create exceptions in the current firewall settings as needed. For full access to the Windows Firewall configuration settings, you must use the Windows Firewall With Advanced Security snap-in for the Microsoft Management Console.
  • 22. Lesson 8 You Learned (cont.)
      • BitLocker Drive Encryption is a new feature, first released in Windows Vista, that makes it possible to encrypt an entire volume.
      • When you use Active Directory on an enterprise network, it becomes responsible for two of the most critical security concepts in computing: authentication and authorization.
  • 23. Lesson 8 You Learned (cont.)
      • On most networks, users identify themselves with an account name or an email address. The proof of identity can vary, however, typically taking one of three forms: something you know, something you have, or something you are.
  • 24. Lesson 8 You Learned (cont.)
      • To protect data stored on and transmitted over a network, computers use various types of encryption to encode messages and create digital signatures that verify their authenticity. For one computer to encrypt a message and another computer to decrypt it, both must possess a key.
  • 25. Lesson 8 You Learned (cont.)
      • Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory. An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals.
  • 26. Lesson 8 You Learned (cont.)
      • Enterprise networks that use Active Directory authenticate their users with the Kerberos authentication protocol.
      • Authorization is the process of determining whether an authenticated user is allowed to perform a requested action.
  • 27. Lesson 8 You Learned (cont.)
      • Files, folders, shares, registry keys, and Active Directory objects are all protected by permissions. To store the permissions, each of these resources has an access control list (ACL). An ACL is a collection of individual permissions in the form of access control entries (ACEs).
  • 28. Lesson 8 You Learned (cont.)
      • Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL.

×