Your SlideShare is downloading. ×
0
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IT103Microsoft Windows XP/OS Chap14

503

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
503
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • This chapter covers policy-based security management. Students will learn how to manage security with Local Security Policy and security templates, how to create and copy templates, and how to apply template settings using the Security Configuration and Analysis snap-in or Secedit.exe. We will also cover auditing and its use to detect security breaches.
  • This section introduces Local Security Policy and Domain Security Policy. Emphasize the relationship between these policies, with the domain policy overriding the local policy.
  • This slide shows the major security policy areas discussed in the textbook. As you discuss each frame, point out specific policies and explain what they do.
  • Continue the discussion of settings, referring to the textbook for descriptions of policies in each policy area. Account policy and user rights assignment should be familiar to the students from Chapter 13.
  • This slide depicts the Domain Security Policy console on a Windows Server 2003 system. Point out that even though there are additional settings that apply to domains or Windows Server 2003, the familiar account policies and local policies are still present. Describe the role of domain security in managing security for workstations in the domain. Be sure to emphasize that domain policy overrides local policy, and mention that even domain policy can be overridden by security policies created for an OU within the domain.
  • This section covers managing security with security templates. Templates are collections of security settings that make it easy to define local or domain security policies. We will discuss the built-in security templates as well as how to create and use custom templates. We will then discuss importing, analyzing, and exporting templates using the Security Configuration and Analysis snap-in and Secedit.exe.
  • This slide lists the workstation templates included with Windows XP. Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers. Discuss each template’s intended purpose and use. You can refer to the textbook for descriptions of each template.
  • This slide lists the workstation templates included with Windows XP. Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers. Discuss each template’s intended purpose and use. You can refer to the textbook for descriptions of each template.
  • This slide lists the workstation templates included with Windows XP. Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers. Discuss each template’s intended purpose and use. You can refer to the textbook for descriptions of each template.
  • This slide lists the workstation templates included with Windows XP. Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers. Discuss each template’s intended purpose and use. You can refer to the textbook for descriptions of each template.
  • This slide lists the workstation templates included with Windows XP. Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers. Discuss each template’s intended purpose and use. You can refer to the textbook for descriptions of each template.
  • This slide depicts the creation of a custom Security Policy Management console. You can step through the screen shots or build the console in class. This is a good time to make sure students are familiar with customizing Microsoft Management Console (MMC). Point out the inclusion of the default security templates in the Security Templates snap-in.
  • This slide depicts the creation of a new security template. Discuss the steps taken to create, modify, and save the template. If time permits, open some of the built-in templates and discuss their settings. Encourage students to familiarize themselves with templates and their configuration.
  • This slide shows the first screen of the Security Configuration and Analysis snap-in. If possible, walk through the next few slides on a classroom system to demonstrate how to import, analyze, and configure security settings using templates.
  • This slide depicts the creation of a security analysis database. This is the first step in analyzing or configuring security with Security Configuration and Analysis. Step through the frames, explaining what is being done in each frame. You can also demonstrate this on a classroom system.
  • This slide shows the use of the custom template we created earlier to analyze security on a system. Once again, step through the procedure using the slides or a classroom system. Point out the green check mark icons for settings that are consistent with the template and the red X for settings that are not.
  • This slide shows a security template being used to configure security. Emphasize that this is a one-way process. To revert to the original settings, you have to import settings from the Setup Security template or use System Restore to revert to a restore point prior to the configuration.
  • This slide shows the export of security settings to a template file. The new template (New Base.inf) can be used to configure security on other systems/domains/OUs.
  • You can use Secedit.exe to perform the tasks of the Security Configuration and Analysis snap-in from the command prompt. Type Secedit /? at a command prompt, and browse the help file to show students the complete syntax for this utility.
  • Security auditing is an important part of ensuring that security policies and procedures are effective. Without auditing, you really cannot tell when unauthorized access occurs, how it occurs, and who is responsible. This section covers planning and implementing an audit policy. We also discuss the use of Event Viewer to monitor security audits.
  • This slide shows the Audit Policy section of Local Security Policy. It lists the audit types you can implement. The textbook describes each type in detail and presents three other audit-related settings found in Security Settings. Describe each one and discuss when each might be used. Audit The Access Of Global System Objects Audit The Use Of Backup And Restore Privilege Shut Down The System Immediately If Unable To Log Security Audits
  • This slide lists the three steps in planning an audit policy. Discuss the tasks you would perform at each juncture and why it is important to begin this process with a plan.
  • This slide depicts the Security Properties dialog box in Event Viewer. Demonstrate the configuration options of the Security log in class, if possible. For students not familiar with log settings, explain how to configure log size and the settings for actions to be taken when the log reaches the maximum size.
  • This slide shows the use of Local Security Policy to enable auditing of object access on a system. Emphasize that you can also enable auditing on multiple systems by using Domain Security Policy. Also point out that enabling auditing is only half the job. You also have to configure SACLs for each object to be audited (next slide).
  • This slide depicts the configuration for auditing a user on the C:\\Deploy folder. Amy Rusko will be audited for attempts to take ownership, change permissions, or delete objects in this folder. If time permits, enable auditing on objects in another area such as System Events on a classroom system.
  • This slide shows an administrator monitoring events in the Security log. It also demonstrates the use of Find and Filter to locate specific events. Step through this slide or demonstrate these steps on a classroom system.
  • Emphasize key points of the lecture, tailored to your class’s level of comprehension. Stress the importance of proper planning of security configuration and monitoring.
  • Stress the importance once again of proper planning for successful auditing.
  • Transcript

    • 1. CONFIGURING AND MANAGING COMPUTER SECURITY Chapter 14
    • 2. OVERVIEW <ul><li>Configure and manage Local Security Policy </li></ul><ul><li>Manage security configuration with templates </li></ul><ul><li>Establish, implement, and monitor a security audit policy </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 3. Overview - 2 <ul><li>This chapter covers policy-based security management. </li></ul><ul><li>Students will learn how to manage security with Local Security Policy and security templates, how to create and copy templates, and how to apply template settings using the Security Configuration and Analysis snap-in or Secedit.exe. </li></ul><ul><li>We will also cover auditing and its use to detect security breaches. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 4. Security Policy? <ul><li>A security policy can be defined as a set of rules and practices that govern how an organization manages and protects its assets (which can include facilities, equipment, infrastructure or information). IT security focuses on the protection of: </li></ul><ul><li>Computer systems/software </li></ul><ul><li>Network connectivity </li></ul><ul><li>Sensitive or confidential information </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 5. Security Policy? <ul><li>Policy-based security, then, begins by defining the organization’s philosophy and priorities in regard to protection of the above. This is the management definition of “security policy.” Application of the rules and practices outlined in the policy statement is then accomplished via the technical definition of “security policy.” </li></ul><ul><li>In this context, a security policy is a template used to select and configure the various security mechanisms supported by the operating system or application. Modern Windows operating systems support many different types of security policies, which are configured through the Group Policy interface. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 6. SECURITY POLICY <ul><li>Local Security Policy </li></ul><ul><li>Domain Security Policy </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 7. LOCAL SECURITY POLICY Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 8. LOCAL SECURITY POLICY (CONTINUED) <ul><li>Account policies </li></ul><ul><ul><li>Password settings </li></ul></ul><ul><ul><li>Lockout settings </li></ul></ul><ul><li>Audit policy </li></ul><ul><li>User rights assignment </li></ul><ul><li>Security settings </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 9. DOMAIN SECURITY POLICY Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 10. Domain Security Policy…a little more detail <ul><li>Even though there are additional settings that apply to domains or Windows Server 2003, the familiar account policies and local policies are still present. </li></ul><ul><li>The domain policy overrides local policy ( in Windows Server 2003 ), and mention that even domain policy can be overridden by security policies created for an OU within the domain. </li></ul><ul><li>In Win Server 2000, local overrode domain </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 11. MANAGING SECURITY POLICY <ul><li>Security templates </li></ul><ul><ul><li>Templates are collections of security settings that make it easy to define local or domain security policies </li></ul></ul><ul><li>Security Configuration and Analysis snap-in </li></ul><ul><li>Secedit.exe (for command line) </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 12. SECURITY TEMPLATES <ul><li>Setup security.inf </li></ul><ul><ul><li>The Setup security.inf template is created during installation, and it is specific for each computer. It varies from computer to computer, based on whether the installation was a clean installation or an upgrade. Setup security.inf represents the default security settings that are applied during the installation of the operating system, including the file permissions for the root of the system drive. It can be used on servers and client computers; it cannot be applied to domain controllers. You can apply portions of this template for disaster recovery purposes. Do not apply Setup security.inf by using Group Policy. If you do so, you may experience decreased performance. </li></ul></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 13. SECURITY TEMPLATES <ul><li>Compatws.inf </li></ul><ul><ul><li>This template changes the default file and registry permissions that are granted to the members of the Users group in a manner that is consistent with the requirements of most programs that do not belong to the Windows Logo Program for Software. </li></ul></ul><ul><ul><li>The Compatible template also removes all members of the Power Users group. </li></ul></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 14. SECURITY TEMPLATES <ul><li>Hisecws.inf </li></ul><ul><ul><li>The Highly Secure templates specify additional restrictions that are not defined by the Secure templates, such as encryption levels and signing required for authentication and data exchange over secure channels and between Server Message Block (SMB) clients and servers. </li></ul></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 15. SECURITY TEMPLATES <ul><li>Rootsec.inf </li></ul><ul><ul><li>This template specifies the root permissions. By default, Rootsec.inf defines these permissions for the root of the system drive. You can use this template to reapply the root directory permissions if they are inadvertently changed, or you can modify the template to apply the same root permissions to other volumes. </li></ul></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 16. SECURITY TEMPLATES <ul><li>Two other built-in templates— Securedc.inf and Hisecdc.inf —are used to configure security for domain controllers. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 17. Apply a Security Template <ul><li>1.Click Start, click Run, type mmc, and then click OK. </li></ul><ul><li>2.On the File menu, click Add/Remove Snap-in. </li></ul><ul><li>3.Click Add. </li></ul><ul><li>4.In the Available Stand Alone Snap-ins list, click Security Configuration and Analysis, click Add, click Close, and then click OK. </li></ul><ul><li>5.In the left pane, click Security Configuration and Analysis and view the instructions in the right pane. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 18. Apply a Security Template <ul><li>6.Right-click Security Configuration and Analysis, and then click Open Database. </li></ul><ul><li>7.In the File name box, type the name of the database file, and then click Open. </li></ul><ul><li>8.Click the security template that you want to use, and then click Open to import the entries that are contained in the template to the database. </li></ul><ul><li>9.Right-click Security Configuration and Analysis in the left pane, and then click Configure Computer Now. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 19. CREATING A CUSTOM SECURITY POLICY MANAGEMENT CONSOLE Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 20. CONFIGURING SECURITY TEMPLATES Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 21. SECURITY CONFIGURATION AND ANALYSIS SNAP-IN Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 22. CREATING AN ANALYSIS DATABASE Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 23. ANALYZING SECURITY Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 24. CONFIGURING SECURITY Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 25. Important Note… <ul><li>The previous slide shows a security template being used to configure security. </li></ul><ul><li>Emphasize that this is a one-way process. </li></ul><ul><li>To revert to the original settings, you have to import settings from the Setup Security template or use System Restore to revert to a restore point prior to the configuration. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 26. EXPORTING A TEMPLATE Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 27. SECEDIT.EXE <ul><li>Analyze </li></ul><ul><li>Configure </li></ul><ul><li>Export </li></ul><ul><li>Validate </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 28. SECURITY AUDIT POLICY <ul><li>Planning an audit policy </li></ul><ul><li>Implementing and managing an audit policy </li></ul><ul><li>Monitoring audit event logs </li></ul><ul><li>Security auditing is an important part of ensuring that security policies and procedures are effective. Without auditing, you really cannot tell when unauthorized access occurs, how it occurs, and who is responsible. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 29. WHAT CAN YOU AUDIT? Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 30. … Previous slide… <ul><li>It lists the audit types you can implement. The textbook describes each type in detail and presents three other audit-related settings found in Security Settings. </li></ul><ul><ul><li>Audit The Access Of Global System Objects </li></ul></ul><ul><ul><li>Audit The Use Of Backup And Restore Privilege </li></ul></ul><ul><ul><li>Shut Down The System Immediately If Unable To Log Security Audits </li></ul></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 31. PLANNING AN AUDIT POLICY <ul><li>Determine audit requirements </li></ul><ul><li>Select objects for auditing </li></ul><ul><li>Assign responsibility for monitoring </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 32. CONFIGURING THE EVENT LOG Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 33. ENABLING AUDIT POLICY Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 34. Important Note <ul><li>The network or system administrator can also enable auditing on multiple systems by using Domain Security Policy. </li></ul><ul><li>Remember that enabling auditing is only half the job. You also have to configure SACLs ( System Access Control Lists ) for each object to be audited </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 35. AUDITING NTFS OBJECT ACCESS Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY Amy Rusko will be audited for attempts to take ownership, change permissions, or delete objects in this folder.
    • 36. MONITORING SECURITY EVENTS Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 37. SUMMARY <ul><li>Local Security Policy configures security on one system. </li></ul><ul><li>Domain Security Policy overrides Local Security Policy. </li></ul><ul><li>Security templates simplify configuration. </li></ul><ul><li>Use the Security Configuration and Analysis snap-in to manage security. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY
    • 38. SUMMARY (CONTINUED) <ul><li>Secedit.exe manages security from a command prompt. </li></ul><ul><li>Security audits monitor security effectiveness. </li></ul><ul><li>Plan auditing in advance. </li></ul><ul><li>Monitor auditing with Event Viewer. </li></ul>Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY

    ×