Session 9 Tp 9
-
Upload
githe26200 -
Category
Technology
-
view
888 -
download
0
description
Transcript of Session 9 Tp 9
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 1 of 38
Session 9
Planning a Secure Baseline
Installation
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 2 of 38
Windows Server 2003 provides two tools to analyze the server performance: Performance Console Network Monitor
The types of counter logs are: trace counter Alert
Review
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 3 of 38
Review Contd… Two filters provided by the Network monitor are
Capture Filter Display Filter
Network services are applications that always run in the background
Four services that enable us to monitor the network server are: DHCP DNS WINS Routing and Remote Access
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 4 of 38
Review Contd… DNS server hosts the information that
enables client computers to resolve memorable, alphanumeric DNS names to the IP addresses that computers use to communicate with each other
WINS uses a distributed database that is automatically updated with the names of computers currently available and the IP address assigned to each one
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 5 of 38
Objectives Select Computers on a Network Select Operating System in Network Discuss security issues Set permissions Work with Group Policy Object Explain domain controller Secure servers
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 6 of 38
Selecting Computers in a Network
Each machine in a network performs a certain role
Standardizing the hardware and software depending on the roles of computer in the network enables: Administration of several computers
manageable in a network Easier to troubleshoot the network
Computers in a network are classified as: Server Desktop Workstation Portable Workstation
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 7 of 38
Server Server is a centralized computer in a network
which performs different roles on a network Server is a computer having a faster processor,
larger memory size, and hard disk space Depending on the roles servers on a network
are classified as follows: Backup server Database server Domain Controller Web server
E-mail server File and Print server Infrastructure server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 8 of 38
Hardware Specifications for the Server
Depends on the requirements and capabilities of the applications that will be running on the server
Computers designed to be a server usually have more robust power supplies than personal computers or workstations
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 9 of 38
Desktop Desktop workstation can have a wide
range of roles ranging from simple systems designed to run one or two small applications to high-powered computers performing complex graphics, video and computer-aided functions
Workstation may work without CD-ROM and floppy disk drives. Such workstation cannot install their own applications.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 10 of 38
Hardware Specifications for the Desktop
While designing the hardware specifications for a desktop workstation, the objective is to create hardware specifications suitable for a wide variety of jobs
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 11 of 38
Selecting Operating System
While selecting the operating system in a network, we must match up it with the hardware specifications
Some of the important factors are as follows: Application Compatibility Support issues Security features Cost
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 12 of 38
Security Design Team Security team must be a well balanced team
consisting of people from technical, management, and financial backgrounds
Security team should consider the following issues: Identifying the most valuable resources Identifying danger to the resources Significant resources Analyzing different security resources available Deciding the security features Impact of the security features on the administrator,
managers, and the users
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 13 of 38
Security Life Cycle The security life cycle consists of the
following: Security Infrastructure
Access Control Auditing Authentication Encryption Firewalls
Implementation of security features Security Management
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 14 of 38
Managing Security Managing the security in a network is
continuous process Network must after a certain period of time
the network according to the latest technology available
Administrator must monitor the user accounts Network traffics must be maintained If several users on a network try to access the
network, sometimes the network may crash due to heavy traffic
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 15 of 38
Modifying Permissions of a File or Folder
We can set different permissions for a file
File permissions serve as an important security tool on a network
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 16 of 38
Sharing File Permissions We can assign
permissions to the desired group or users
When the Windows 2003 operating system is installed, the windows share program creates administrative share by default
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 17 of 38
Registry Permissions Registry gets modified
when we install different applications
Registry also gets modified if we configure the operating system
We can also manually edit this registry
Administrator has the rights to modify the contents of the registry
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 18 of 38
Group Policy Object Group policy Object enables
us to configure the security parameters
It performs the functions such as distributing new software for configuring system settings and remapping directories
Group Policy Object is associated with an Active Directory container object
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 19 of 38
Event Log Event log enables us to control the log
performance
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 20 of 38
System Services Certain programs are
continuously running at the background
Windows 2003 assigns default values to the services
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 21 of 38
Domain Controller Requires more security, as the failure of domain
controller may be a disaster to the network Performs the following functions:
Provides authentication Stores group policies Distributes group policies
To provide security these domain controllers must be in a secured location
We must provide a password for domain controller, so that unauthorized users will not get access to the domain controller
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 22 of 38
Debug Programs Debug Programs provides a
debugging tool This tool enables the
software developers to debug applications during process of creating
It enables us to access any process on the computer. We can even access the kernel of the operating system.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 23 of 38
Services for a Domain Controller
Domain controller requires additional services along with the member services
These services are as follows: Distributed file system File replication service Intersite messaging Kerberos key distribution center Remote procedure call locator
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 24 of 38
Adding Workstations to the Domain
Authenticated users have the rights to add computers to the domain up to 10 ten computers to an Active Directory
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 25 of 38
Allow Log On Locally Facilitates users and groups to log
on the computer from the console Users having this right also have
the right to access some of the important operating system elements
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 26 of 38
Shut Down the Domain Controller
It is necessary to carefully shut down the system as this would affect the systems over the network
Default Domain Controller grants this right to the following groups: Administrators Backup operators Print operators Server operators
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 27 of 38
Securing Infrastructure Servers
Infrastructure servers are the computers that run network support services such as, DNS, DHCP, and Windows Internet Name Service.
Services that we must include using the automatic startup type are as follow: DHCP server DNS server NT LM security support provider Windows internet name service
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 28 of 38
Configuring DNS Security DHCP servers centrally manage IP
addresses and related information and provide it to clients automatically
If you want this computer to distribute IP addresses to clients, then configure this computer as a DHCP server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 29 of 38
Protecting Active Directory-Integrated DNS
When we create Active Directory-integrated zones on the DNS server, the zone database is stored as part of the Active Directory database
Groups such as, DnsAdmins, Domain Admins, and Enterprise Admins groups have full permission for the MicrosoftDNS container
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 30 of 38
Protecting DNS Database Files
Active Directory does not have all the DNS zones integrated. For such DNS zones the zone databases are simple text files.
System creates DNS logs files There are no file system permissions to
maintain the DNS zone databases using the DNS zone databases using the DNS console or for accessing DNS server information using a client
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 31 of 38
Configuring DHCP Security Several techniques can be used
against denial of service attacks, they are as follows: Use the 80/20 address allocation
method Create a DHCP server cluster
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 32 of 38
Monitoring DHCP Activity We are able to monitor the activity of a
DHCP sever with the help of different tools Performance console and Network Monitor
tools enables to monitor the activity of the DHCP server
Windows 2003 server operating system directly integrates the DHCP audit log facility. We can enable DHCP audit logging using group policies.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 33 of 38
Summary We can categorize the computers in a
network as follows: Server Desktop workstation Portable workstation
While selecting the operating systems consider the following: Application compatibility Support issues Security features Cost
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 34 of 38
Summary Contd… The security team should identify the
following issues: Identify the most valuable resources Identify danger to the resources Analyze different security resources
available Decide the security features Impact of the security features on the
administrator, managers, and the users
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 35 of 38
Summary Contd… File permissions serve as an important
security tool on a network. Suppose that an organization stores the information of a customer in a particular file.
Registry of windows gets modified when we install different applications. It also gets modified if we configure the operating system.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 36 of 38
Summary Contd… Group policy Object enables us to
configure the security parameters We can configure the Windows Server
2003 operating system to audit the events
Active directory permission enables us to modify the permissions for accessing and managing objects in the Active Directory database
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 37 of 38
Summary Contd… Most important server on the windows
2003 server operating system using the active Directory is the domain controllers
Domain controller requires more security, as the failure of domain controller may be a disaster to the network
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 38 of 38
Summary Contd… Authenticated users have the rights to
add computers to the domain. They can add up to 10 ten computers to an Active Directory
Infrastructure servers are the computers that run network support services such as, DNS, DHCP, and Windows Internet Name Service