Gerardo T. Ortega Carrasquillo, profile picture
Uploaded byGerardo T. Ortega Carrasquillo
PDF, PPTX309 views

Network Security of Windows Servers

This document discusses network security and auditing Windows servers. It provides background on the speaker and defines information security. It outlines fundamentals of information security like the triangle of security. It describes important documents, regulations and standards, and the purpose of auditing Windows servers for compliance, risk reduction, health, and performance. It discusses evaluating event logs, active directory, user account properties, and group policy settings. It recommends tools for auditing like Wireshark, GFI Languard, Nessus, and OpenVas and maintaining server documentation, backups, and patches.

Technology
Related topics:
Network Security

Embed presentation

Download as PDF, PPTX
Network Security : Windows Servers Prof. Gerardo T. Ortega Carrasquillo MCP, MCTS, A+ Network +, IC3
About the Speaker • More than 7 years of Professional Experience on the IT Field • IT Professor on different universities. • MCP, MCTS, A+, Network +, IC3 Certifications • Master Degree on Information Technology Audit of University of the Sacret Heart of Puerto Rico • Currently pursuing a doctoral degree on Information Security and Assurance on Capella University. (Dissertation Phase)
Information Security • According to SANS Institute, “Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, • or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.” http://www.sans.org/information-security
Fundamentals of Information Security • Triangle of Information Security
Important Documents • Internet Usage and Management Policy • Network Usage and Management Policy • Email Usage and Management Policy • Network Documentation (Updated) • Disaster Recovery Plan (Updated)
Why is important a Network Server Audit? • The servers are one of the core components of an network infrastructure of an organization.They usually manage a large amount of users, groups, and other resources in the organization. It is important to periodically make IT Audits and assessment to verify the health of the IT Network Infrastructure.
Regulations and Standards • • • • • HIPAA GLBA SOX PCI DSS Others
Purpose of Windows Server Audit and requirements • • • • • Ensure compliance with regulations and standards Reduce the risk of information security attacks in the network Verify the health of the network Verify the employee’s performance in the work Improve the security and quality of the operations.
Event Viewer •The EventViewer is a Windows Server Application that the Network Admin should use to evaluate all the events that occurs in the server. As part of the IT Audit, is imperative that the auditor evaluates all time if the Network Administrator is performing this job.
Active Directory The IT Auditor always should perform an Audit of the Active Directory to ensure that all elements are running well in the network and to ensure more security and a better health for the network.
Important aspects of Security • When a employee leaves an organization, the Network Administrator should not delete the user account, always should be disabled. This allow the IT Auditor to verify all the activity of the user, if the user is no longer working in the organization. for AD Users
User Account Properties of Active Directory The IT Auditor always need to verify that the properties of user accounts were configured appropriately. Example: Verify that the user can access their account only in the hours permitted by the organization and according to the policy of the organization.
Where to verify compliance on security settings of GPO (Group Policy Management)
Where to verify compliance on security settings of GPO (Group Policy Management)
Where to verify compliance on security settings of GPO (Group Policy Management)
RecognizedTools from the Industry to conducts ITAudits in Networks and Systems *The IT Auditor always should have written permission from the organization to conduct these tasks. Without the appropriate permission, the auditor would be in violation of the law and could have legal problems.
Wireshark • Tool that is used to conduct network scanning and to see open ports in the network.
GFI Languard Commercial recognized application to conduct network audits.
Nessus Commercial tool that makes network vulnerabilities assessment.
OpenVas • Makes similar functions as Nessus, and is a free application.
Recommendations for a Good Windows and Network Audit • Server Verify the logs Maintain updated the servers with all patches Verify and maintain network documentation. Always verify the Backups of the Network. Ensure that the software and operating systems updated are running well • • • •
Server Security Template SANS https://www.sans.org/security-resources/policies/server- security/pdf/server-security-policy

More Related Content

PPT
Information security and other issues
byHaseeb Ahmed Awan
 
PPTX
Basic Security Training for End Users
byCommunity IT Innovators
 
PPTX
Introduction to Information Security
byShreedevi Tharanidharan
 
PPTX
System Security-Chapter 1
byVamsee Krishna Kiran
 
PPTX
Cyber security ppt
bykaranramani4
 
PPTX
Information security
byAlaaMahmoud108
 
PPTX
Ceh intro
byAnimesh Roy
 
PPTX
Information Security Lecture #1 ppt
byvasanthimuniasamy
 
Information security and other issues
byHaseeb Ahmed Awan
 
Basic Security Training for End Users
byCommunity IT Innovators
 
Introduction to Information Security
byShreedevi Tharanidharan
 
System Security-Chapter 1
byVamsee Krishna Kiran
 
Cyber security ppt
bykaranramani4
 
Information security
byAlaaMahmoud108
 
Ceh intro
byAnimesh Roy
 
Information Security Lecture #1 ppt
byvasanthimuniasamy
 

What's hot

PDF
Offensive cyber security engineer updated
byInfosecTrain
 
ODP
Database security for PHP
byRohan Faye
 
PPTX
Security and management
byArtiSolanki5
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPTX
Data security
bySoumen Mondal
 
PDF
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
byRonan Martin
 
PPTX
Information security challenges in today’s banking environment
byEvan Francen
 
PPTX
Network security # Lecture 2
byKabul Education University
 
PDF
Health Information Privacy and Security
byNawanan Theera-Ampornpunt
 
PPT
Database Security
byalraee
 
PPT
Nguyễn Tấn Vi - office of the CISO
bySecurity Bootcamp
 
PPTX
Introduction to information security field
byAhmed Musaad
 
PPT
Information security
byYogeshwari M Yogi
 
PPTX
Cryptography and Network Security # Lecture 2
byKabul Education University
 
PPTX
Information Security Basics for Businesses and Individuals
byJosh Moulin, MSISA,CISSP
 
PPT
Iss lecture 1
byAli Habeeb
 
PPTX
Information security / Cyber Security ppt
byGryffin EJ
 
PPT
Database Security
byRabiaIftikhar10
 
PPTX
security and ethical challenges in information systems
byhilal12
 
Offensive cyber security engineer updated
byInfosecTrain
 
Database security for PHP
byRohan Faye
 
Security and management
byArtiSolanki5
 
Introduction to information security
byjayashri kolekar
 
Data security
bySoumen Mondal
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
byRonan Martin
 
Information security challenges in today’s banking environment
byEvan Francen
 
Network security # Lecture 2
byKabul Education University
 
Health Information Privacy and Security
byNawanan Theera-Ampornpunt
 
Database Security
byalraee
 
Nguyễn Tấn Vi - office of the CISO
bySecurity Bootcamp
 
Introduction to information security field
byAhmed Musaad
 
Information security
byYogeshwari M Yogi
 
Cryptography and Network Security # Lecture 2
byKabul Education University
 
Information Security Basics for Businesses and Individuals
byJosh Moulin, MSISA,CISSP
 
Iss lecture 1
byAli Habeeb
 
Information security / Cyber Security ppt
byGryffin EJ
 
Database Security
byRabiaIftikhar10
 
security and ethical challenges in information systems
byhilal12
 

Similar to Network Security of Windows Servers

PPT
Information security principles chapter 1
byEstherBaguma
 
PPT
cyber security in information technology.ppt
byubaidullah75790
 
PPT
Principles of information security Chapter 1 (1).ppt
byEstherBaguma
 
PPT
Chapter 1 (1) (1).pptghtrtt76utrurtutrut
byugpgcs22
 
DOC
Security
byalmabsli
 
PPTX
Centrify Access Manager Presentation.pptx
byjohncenafls
 
PDF
Authentication.pdf
bykarthikvcyber
 
PPT
A brief Introduction_of_Active_Directory
bynavneetyohaya
 
PPTX
Authorization and Authentication.pptx
bykarthikvcyber
 
PPTX
Compliance
byNetBR
 
PPTX
Ramnish Singh Platform Security Briefing
byguestb099f64c
 
PPTX
Solución de auditoría para directorio activo de ME
byronaldorosales12
 
PPTX
Dcit 418-Slide two presentation (1).pptx
bykojokoranteng19
 
PPT
Introduction_to_Active_Directory and Windows Server
bynavneetyohaya
 
PDF
Introduction to active_directory
byCouploa Couploa
 
PDF
Cyber security series administrative control breaches
byJim Kaplan CIA CFE
 
PPTX
Provide_Network_System_Administration LO1.pptx
bysimachewtakele
 
PPTX
Professional Designations IT Assurance
bya3virani
 
PPTX
IBM2202E_Network Security_Group Work_General Security.pptx
bykristineply58
 
PDF
CNIT 160 4e Security Program Management (Part 5)
bySam Bowne
 
Information security principles chapter 1
byEstherBaguma
 
cyber security in information technology.ppt
byubaidullah75790
 
Principles of information security Chapter 1 (1).ppt
byEstherBaguma
 
Chapter 1 (1) (1).pptghtrtt76utrurtutrut
byugpgcs22
 
Security
byalmabsli
 
Centrify Access Manager Presentation.pptx
byjohncenafls
 
Authentication.pdf
bykarthikvcyber
 
A brief Introduction_of_Active_Directory
bynavneetyohaya
 
Authorization and Authentication.pptx
bykarthikvcyber
 
Compliance
byNetBR
 
Ramnish Singh Platform Security Briefing
byguestb099f64c
 
Solución de auditoría para directorio activo de ME
byronaldorosales12
 
Dcit 418-Slide two presentation (1).pptx
bykojokoranteng19
 
Introduction_to_Active_Directory and Windows Server
bynavneetyohaya
 
Introduction to active_directory
byCouploa Couploa
 
Cyber security series administrative control breaches
byJim Kaplan CIA CFE
 
Provide_Network_System_Administration LO1.pptx
bysimachewtakele
 
Professional Designations IT Assurance
bya3virani
 
IBM2202E_Network Security_Group Work_General Security.pptx
bykristineply58
 
CNIT 160 4e Security Program Management (Part 5)
bySam Bowne
 

Recently uploaded

PDF
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
AI in the Real World: From University to Industry
byDarvan Shvan
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Exploring-AI-Basics in Artificial Intelligence
bysharmilas219546
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
AI in the Real World: From University to Industry
byDarvan Shvan
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Exploring-AI-Basics in Artificial Intelligence
bysharmilas219546
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 

Network Security of Windows Servers

  • 1.
    Network Security : WindowsServers Prof. Gerardo T. Ortega Carrasquillo MCP, MCTS, A+ Network +, IC3
  • 2.
    About the Speaker •More than 7 years of Professional Experience on the IT Field • IT Professor on different universities. • MCP, MCTS, A+, Network +, IC3 Certifications • Master Degree on Information Technology Audit of University of the Sacret Heart of Puerto Rico • Currently pursuing a doctoral degree on Information Security and Assurance on Capella University. (Dissertation Phase)
  • 3.
    Information Security • Accordingto SANS Institute, “Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, • or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.” http://www.sans.org/information-security
  • 4.
    Fundamentals of InformationSecurity • Triangle of Information Security
  • 5.
    Important Documents • InternetUsage and Management Policy • Network Usage and Management Policy • Email Usage and Management Policy • Network Documentation (Updated) • Disaster Recovery Plan (Updated)
  • 6.
    Why is importanta Network Server Audit? • The servers are one of the core components of an network infrastructure of an organization.They usually manage a large amount of users, groups, and other resources in the organization. It is important to periodically make IT Audits and assessment to verify the health of the IT Network Infrastructure.
  • 7.
  • 8.
    Purpose of WindowsServer Audit and requirements • • • • • Ensure compliance with regulations and standards Reduce the risk of information security attacks in the network Verify the health of the network Verify the employee’s performance in the work Improve the security and quality of the operations.
  • 9.
    Event Viewer •The EventVieweris a Windows Server Application that the Network Admin should use to evaluate all the events that occurs in the server. As part of the IT Audit, is imperative that the auditor evaluates all time if the Network Administrator is performing this job.
  • 10.
    Active Directory The ITAuditor always should perform an Audit of the Active Directory to ensure that all elements are running well in the network and to ensure more security and a better health for the network.
  • 11.
    Important aspects ofSecurity • When a employee leaves an organization, the Network Administrator should not delete the user account, always should be disabled. This allow the IT Auditor to verify all the activity of the user, if the user is no longer working in the organization. for AD Users
  • 12.
    User Account Propertiesof Active Directory The IT Auditor always need to verify that the properties of user accounts were configured appropriately. Example: Verify that the user can access their account only in the hours permitted by the organization and according to the policy of the organization.
  • 13.
    Where to verifycompliance on security settings of GPO (Group Policy Management)
  • 14.
    Where to verifycompliance on security settings of GPO (Group Policy Management)
  • 15.
    Where to verifycompliance on security settings of GPO (Group Policy Management)
  • 16.
    RecognizedTools from theIndustry to conducts ITAudits in Networks and Systems *The IT Auditor always should have written permission from the organization to conduct these tasks. Without the appropriate permission, the auditor would be in violation of the law and could have legal problems.
  • 17.
    Wireshark • Tool thatis used to conduct network scanning and to see open ports in the network.
  • 18.
    GFI Languard Commercial recognizedapplication to conduct network audits.
  • 19.
    Nessus Commercial tool that makesnetwork vulnerabilities assessment.
  • 20.
    OpenVas • Makes similarfunctions as Nessus, and is a free application.
  • 21.
    Recommendations for aGood Windows and Network Audit • Server Verify the logs Maintain updated the servers with all patches Verify and maintain network documentation. Always verify the Backups of the Network. Ensure that the software and operating systems updated are running well • • • •
  • 22.
    Server Security TemplateSANS https://www.sans.org/security-resources/policies/server- security/pdf/server-security-policy