![Page 1: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/1.jpg)
Windows Server 2003 Security
Donald E. HesterCISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV
Maze & Associates
San Diego City College
Los Medanos College
![Page 2: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/2.jpg)
What we are looking at today
![Page 3: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/3.jpg)
Priority Shift Access was a top priority
Open-by-default Start with everything open and then start locking
down as needed Control is now a top priority
Closed-by-default Start with everything closed and open only what
is needed
![Page 4: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/4.jpg)
Security Enhancements
![Page 5: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/5.jpg)
Server 2003 Defaults IIS – Internet Information Services
IIS is not installed by default When you install IIS 6 it is locked down
More startup services are disabled in 2003 Everyone Group
No longer has full control it has read and execute No longer includes anonymous users
![Page 6: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/6.jpg)
Server 2003 Defaults Accounts with null passwords are console-bound Software restriction policies
Hash rule Path rule Certificate rule Internet Zone rule
Protected EAP (PEAP) Detailed security auditing
![Page 7: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/7.jpg)
File System NTFS
Permissions & auditing EFS - Encrypted File System (multiple users) VSS - Volume Shadow Copy (Server 2003) Quotas ABE (Server 2003 SP1)
Future developments WinFS Won’t be in Longhorn
![Page 8: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/8.jpg)
ABE (Access-Based Enumeration)
![Page 9: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/9.jpg)
Internet Connection Firewall Windows Firewall
![Page 10: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/10.jpg)
ICF vs. Windows Firewall Boot-time Security Global configuration Audit logging Scope restrictions Command-line support Program-based
exceptions Multiple Profiles
Unattended setup support
Enhanced multicast and broadcast support
IPv6 support New Group Policy
Support
![Page 11: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/11.jpg)
PSSU (Post-Setup Security Updates) Service Pack 1
enhancement Protects the computer
until it can update Uses Windows
Firewall
![Page 12: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/12.jpg)
DEP (Data Execution Prevention) Prevent malicious software rather than error out and
potentially crashing the system Hardware-enforced DEP
Protects memory locations The no-execute page-protection (NX) processor feature as
defined by AMD. The Execute Disable Bit (XD) feature as defined by Intel.
Software-enforced DEP Protects system binaries and exception-handling Software built with SafeSEH
![Page 13: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/13.jpg)
TCP/IP protection Enhancements:
Smart TCP port allocation
SYN attack protection is enabled by default
New SYN attack notification IP Helper APIs
Winsock self-healing
![Page 14: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/14.jpg)
What Is Network Access Quarantine?
RAS client meets RAS client meets Quarantine policiesQuarantine policies
RAS client RAS client gets full gets full
access to access to networknetwork
RAS client RAS client disconnecteddisconnected
1.1. RAS client fails RAS client fails policy checkpolicy check
2.2. Quarantine timeout Quarantine timeout ReachedReached
RAS client placed in RAS client placed in QuarantineQuarantine
Remote access Remote access client authenticatesclient authenticates
![Page 15: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/15.jpg)
Trusts in Windows Server 2003
Forest(root)
Tree/RootTrust
Tree/RootTrust
Forest Trust
Forest Trust
Shortcut TrustShortcut TrustExternal
TrustExternal
Trust
Kerberos Realm
Realm Trust
Realm Trust
Domain D
Forest 1
Domain BDomain ADomain E
Domain F
Forest(root)
Domain P Domain Q
Parent/ChildTrust
Parent/ChildTrust
Forest 2
Domain C
![Page 16: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/16.jpg)
Coming Soon: IE 7 Information Security Magazine (Jan 2006)
![Page 17: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/17.jpg)
Server Hardening
![Page 18: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/18.jpg)
Server Hardening Appropriate settings for a secure baseline
Settings for applications and services Operating system components Permissions and rights Administrative procedures Physical access
![Page 19: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/19.jpg)
Server Hardening - Templates Predefined Security Templates Security Guide Templates Industrial Templates
SANS CIAC NSA DoD
Custom Templates
![Page 20: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/20.jpg)
Template Deployment Test before deployment Periodic analysis
Security Configuration and Analysis snap-in Scripting (Secedit.exe)
Deployment Methods Group Policy (Active Directory) Security Configuration and Analysis snap-in Scripting (Secedit.exe)
![Page 21: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/21.jpg)
Server Hardening Security Configuration Wizard (SCW)
Comes with Service Pack 1 (Server 2003) Disables unneeded services Blocks unused ports Allows further address or security restrictions for ports that are left
open Prohibits unnecessary Internet Information Services (IIS) Web
extensions, if applicable Reduces protocol exposure to server message block (SMB), NTLM,
LanMan, and Lightweight Directory Access Protocol (LDAP) Defines a high signal-to-noise audit policy Best for servers with multiple roles
![Page 22: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/22.jpg)
Security Configuration Wizard Supports
Rollback Analysis Remote configuration Command-line support Active Directory integration Policy editing Export to Group Policy
![Page 23: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/23.jpg)
Security Tools
![Page 24: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/24.jpg)
Updates Manual
Requires user intervention – labor intensive Windows Updates
Automatic process fine for small deployments SUS
Updates approved critical patches for multiple machines at an administrator appointed time (replaced with WSUS)
WSUS Same as SUS but includes support for other patches such
as Office and critical drivers
![Page 25: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/25.jpg)
PKI Some uses
EFS, Authentication, Smart Card, IPSec, Servers Auto enrollment Command line tools (Certreq.exe,
Certutil.exe) Key recovery (DRA or KRA) Delta CRL
![Page 26: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/26.jpg)
Available Tools - GPMC New User Interface Backup and restore Import and export Group Policy
Modeling Resultant Set of
Policy (RSoP)
![Page 27: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/27.jpg)
Available Tools - MBSA Microsoft Baseline Security Analyzer (v2)
![Page 28: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/28.jpg)
Available Tools - MSAT Microsoft Security Assessment Tool
![Page 29: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/29.jpg)
Available Tools – Windows Defender Microsoft Anti-Spyware – Windows Defender
Spyware detection Scheduled scanning and removal Straightforward operation and thorough removal
technology
![Page 30: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/30.jpg)
Available Tools Security Resource Kit
Various tools to enumerate access control lists, list drivers, list services, dump event logs, parse logs, determine authentication method, and much more
Security Guide Templates Various test scripts
![Page 31: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/31.jpg)
3rd Party Tools Winternals http://www.winternals.com/ Sysinternals http://www.systernals.com/ CERT http://www.cert.org/ SANS http://www.sans.org/
![Page 32: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/32.jpg)
Resources Windows Server 2003 Security Guide
http://go.microsoft.com/fwlink/?LinkId=14846 WindowSecurity.com [email protected] (Feedback email) Microsoft Windows Security Resource Kit (2nd Ed.)
ISBN 0-7356-2174-8 Service Pack 1 Overview
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/overview.mspx
![Page 33: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/33.jpg)
Resources Microsoft Security Assessment Tool (MSAT) https://www.securityguidance.com/ Microsoft Security http://www.microsoft.com/security/default.mspx Microsoft Baseline Security Analyzer (MBSA) http://www.microsoft.com/technet/security/tools/
mbsahome.mspx Microsoft Anti-Spyware (beta) Defender http://www.microsoft.com/athome/security/
spyware/software/default.mspx
![Page 34: Windows Server 2003 Security Donald E. Hester CISSP, CISA, MCT, MCSE, MCSA, MCDST, Security+, CTT+, MV Maze & Associates San Diego City College Los Medanos](https://reader030.vdocuments.net/reader030/viewer/2022032702/56649cdf5503460f949a8d47/html5/thumbnails/34.jpg)
Resources RootKit Revealer http://www.sysinternals.com/Utilities/
RootkitRevealer.html Strider GhostBuster Project (Rootkit detector) http://research.microsoft.com/rootkit/ Threats and Countermeasures: Security Settings in
Windows Server 2003 and Windows XP http://go.microsoft.com/fwlink/?LinkId=15160