……….
Challenges of Securing a Windows Infrastructure
Challenges of securing a Windows infrastructure include:
• Implementing and managing secure configuration of servers
• Protecting against malicious software threats and intrusions
• Implementing effective identity and access control
Core Server Security Practices
Apply the latest service pack and all available security updates
-Use the Security Configuration Wizard to scan and implement server security
-Use Group Policy and security templates to harden servers
-Restrict scope of access for service accounts
-Restrict who can log on locally to servers
-Restrict physical and network access to servers
What Is Windows Firewall?
Windows Firewall is a stateful host-based application that provides the following features:
• Filters both incoming and outgoing network traffic
• Integrates both firewall filtering and IPsec protection settings
• Can be managed by the Control Panel tool or by the more advanced Windows Firewall with Advanced Security MMC console
• Provides Group Policy support
• Enabled by default in new installs
Demonstration: Using the Security Configuration
Wizard to Secure Server Roles
In this demonstration, you will see how to implement
security using the Security Configuration Wizard
What Are Security Templates?
Security Templates:
Deployment Considerations:
• Create templates based upon server role
• Deploy to individual computers using the SECEDIT command
• Deploy to groups of computers using Group Policy
• Created and modified using the Security Templates MMC snap-in
• Default security templates stored in %SystemRoot%\Security\Templates
• Custom security templates are stored in local user profile folder
A security template is a collection of configured security settings used to apply a security policy
What Is Auditing?
• Auditing tracks user and operating system activities, and records selected events in security logs, such as:
• What occurred?
• Who did it?
• When?
• What was the result?
• Enable auditing to:
• Create a baseline
• Detect threats and attacks
• Determine damages
• Prevent further damage
• Audit access to objects, management of accounts, and users logging on and off
What Is an Audit Policy?
• An audit policy determines the security events that will be reported to the network administrator
• Set up an audit policy to:
• Track success or failure of events
• Minimize unauthorized use of resources
• Maintain a record of activity
• Security events are stored in security logs