it103microsoft windows xp/os chap14
DESCRIPTION
TRANSCRIPT
11
CONFIGURING AND MANAGING COMPUTER SECURITY
Chapter 14
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 2
OVERVIEW
Configure and manage Local Security Policy
Manage security configuration with templates
Establish, implement, and monitor a security audit policy
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 3
Overview - 2
This chapter covers policy-based security management.
Students will learn how to manage security with Local Security Policy and security templates, how to create and copy templates, and how to apply template settings using the Security Configuration and Analysis snap-in or Secedit.exe.
We will also cover auditing and its use to detect security breaches.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 4
Security Policy?
A security policy can be defined as a set of rules and practices that govern how an organization manages and protects its assets (which can include facilities, equipment, infrastructure or information). IT security focuses on the protection of:
Computer systems/software
Network connectivity
Sensitive or confidential information
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 5
Security Policy?
Policy-based security, then, begins by defining the organization’s philosophy and priorities in regard to protection of the above. This is the management definition of “security policy.” Application of the rules and practices outlined in the policy statement is then accomplished via the technical definition of “security policy.”
In this context, a security policy is a template used to select and configure the various security mechanisms supported by the operating system or application. Modern Windows operating systems support many different types of security policies, which are configured through the Group Policy interface.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 6
SECURITY POLICY
Local Security Policy
Domain Security Policy
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 7
LOCAL SECURITY POLICY
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 8
LOCAL SECURITY POLICY (CONTINUED)
Account policies Password settings
Lockout settings
Audit policy
User rights assignment
Security settings
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 9
DOMAIN SECURITY POLICY
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 10
Domain Security Policy…a little more detail
Even though there are additional settings that apply to domains or Windows Server 2003, the familiar account policies and local policies are still present.
The domain policy overrides local policy (in Windows Server 2003), and mention that even domain policy can be overridden by security policies created for an OU within the domain.
In Win Server 2000, local overrode domain
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 11
MANAGING SECURITY POLICY
Security templates Templates are collections of security settings
that make it easy to define local or domain security policies
Security Configuration and Analysis snap-in
Secedit.exe (for command line)
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 12
SECURITY TEMPLATES
Setup security.inf The Setup security.inf template is created during
installation, and it is specific for each computer. It varies from computer to computer, based on whether the installation was a clean installation or an upgrade. Setup security.inf represents the default security settings that are applied during the installation of the operating system, including the file permissions for the root of the system drive. It can be used on servers and client computers; it cannot be applied to domain controllers. You can apply portions of this template for disaster recovery purposes.
Do not apply Setup security.inf by using Group Policy. If you do so, you may experience decreased performance.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 13
SECURITY TEMPLATES
Compatws.inf This template changes the default file and
registry permissions that are granted to the members of the Users group in a manner that is consistent with the requirements of most programs that do not belong to the Windows Logo Program for Software.
The Compatible template also removes all members of the Power Users group.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 14
SECURITY TEMPLATES
Hisecws.inf The Highly Secure templates specify
additional restrictions that are not defined by the Secure templates, such as encryption levels and signing required for authentication and data exchange over secure channels and between Server Message Block (SMB) clients and servers.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 15
SECURITY TEMPLATES
Rootsec.inf This template specifies the root permissions.
By default, Rootsec.inf defines these permissions for the root of the system drive. You can use this template to reapply the root directory permissions if they are inadvertently changed, or you can modify the template to apply the same root permissions to other volumes.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 16
SECURITY TEMPLATES
Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 17
Apply a Security Template
1.Click Start, click Run, type mmc, and then click OK.
2.On the File menu, click Add/Remove Snap-in.
3.Click Add. 4.In the Available Stand Alone Snap-ins list,
click Security Configuration and Analysis, click Add, click Close, and then click OK.
5.In the left pane, click Security Configuration and Analysis and view the instructions in the right pane.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 18
Apply a Security Template
6.Right-click Security Configuration and Analysis, and then click Open Database.
7.In the File name box, type the name of the database file, and then click Open.
8.Click the security template that you want to use, and then click Open to import the entries that are contained in the template to the database.
9.Right-click Security Configuration and Analysis in the left pane, and then click Configure Computer Now.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 19
CREATING A CUSTOM SECURITY POLICY MANAGEMENT CONSOLE
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 20
CONFIGURING SECURITY TEMPLATES
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 21
SECURITY CONFIGURATION AND ANALYSIS SNAP-IN
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 22
CREATING AN ANALYSIS DATABASE
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 23
ANALYZING SECURITY
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 24
CONFIGURING SECURITY
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 25
Important Note…
The previous slide shows a security template being used to configure security.
Emphasize that this is a one-way process.
To revert to the original settings, you have to import settings from the Setup Security template or use System Restore to revert to a restore point prior to the configuration.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 26
EXPORTING A TEMPLATE
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 27
SECEDIT.EXE
Analyze
Configure
Export
Validate
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 28
SECURITY AUDIT POLICY
Planning an audit policy
Implementing and managing an audit policy
Monitoring audit event logs
Security auditing is an important part of ensuring that security policies and procedures are effective. Without auditing, you really cannot tell when unauthorized access occurs, how it occurs, and who is responsible.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 29
WHAT CAN YOU AUDIT?
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 30
…Previous slide…
It lists the audit types you can implement. The textbook describes each type in detail and presents three other audit-related settings found in Security Settings. Audit The Access Of Global System Objects
Audit The Use Of Backup And Restore Privilege
Shut Down The System Immediately If Unable To Log Security Audits
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 31
PLANNING AN AUDIT POLICY
Determine audit requirements
Select objects for auditing
Assign responsibility for monitoring
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 32
CONFIGURING THE EVENT LOG
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 33
ENABLING AUDIT POLICY
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 34
Important Note
The network or system administrator can also enable auditing on multiple systems by using Domain Security Policy.
Remember that enabling auditing is only half the job. You also have to configure SACLs (System Access Control Lists) for each object to be audited
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 35
AUDITING NTFS OBJECT ACCESS
Amy Rusko will be audited for attempts to take ownership, change permissions, or delete objects in this folder.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 36
MONITORING SECURITY EVENTS
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 37
SUMMARY
Local Security Policy configures security on one system.
Domain Security Policy overrides Local Security Policy.
Security templates simplify configuration.
Use the Security Configuration and Analysis snap-in to manage security.
Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 38
SUMMARY (CONTINUED)
Secedit.exe manages security from a command prompt.
Security audits monitor security effectiveness.
Plan auditing in advance.
Monitor auditing with Event Viewer.