it103microsoft windows xp/os chap14

11

CONFIGURING AND MANAGING COMPUTER SECURITY

Chapter 14

Chapter 14: CONFIGURING AND MANAGING COMPUTER SECURITY 2

OVERVIEW

Configure and manage Local Security Policy

Manage security configuration with templates

Establish, implement, and monitor a security audit policy


Overview - 2

This chapter covers policy-based security management.

Students will learn how to manage security with Local Security Policy and security templates, how to create and copy templates, and how to apply template settings using the Security Configuration and Analysis snap-in or Secedit.exe.

We will also cover auditing and its use to detect security breaches.


Security Policy?

A security policy can be defined as a set of rules and practices that govern how an organization manages and protects its assets (which can include facilities, equipment, infrastructure or information). IT security focuses on the protection of:

Computer systems/software

Network connectivity

Sensitive or confidential information


Security Policy?

Policy-based security, then, begins by defining the organization’s philosophy and priorities in regard to protection of the above. This is the management definition of “security policy.” Application of the rules and practices outlined in the policy statement is then accomplished via the technical definition of “security policy.”

In this context, a security policy is a template used to select and configure the various security mechanisms supported by the operating system or application. Modern Windows operating systems support many different types of security policies, which are configured through the Group Policy interface.


SECURITY POLICY

Local Security Policy

Domain Security Policy


LOCAL SECURITY POLICY


LOCAL SECURITY POLICY (CONTINUED)

Account policies Password settings

Lockout settings

Audit policy

User rights assignment

Security settings


DOMAIN SECURITY POLICY


Domain Security Policy…a little more detail

Even though there are additional settings that apply to domains or Windows Server 2003, the familiar account policies and local policies are still present.

The domain policy overrides local policy (in Windows Server 2003), and mention that even domain policy can be overridden by security policies created for an OU within the domain.

In Win Server 2000, local overrode domain


MANAGING SECURITY POLICY

Security templates Templates are collections of security settings

that make it easy to define local or domain security policies

Security Configuration and Analysis snap-in

Secedit.exe (for command line)


SECURITY TEMPLATES

Setup security.inf The Setup security.inf template is created during

installation, and it is specific for each computer. It varies from computer to computer, based on whether the installation was a clean installation or an upgrade. Setup security.inf represents the default security settings that are applied during the installation of the operating system, including the file permissions for the root of the system drive. It can be used on servers and client computers; it cannot be applied to domain controllers. You can apply portions of this template for disaster recovery purposes.

Do not apply Setup security.inf by using Group Policy. If you do so, you may experience decreased performance.


SECURITY TEMPLATES

Compatws.inf This template changes the default file and

registry permissions that are granted to the members of the Users group in a manner that is consistent with the requirements of most programs that do not belong to the Windows Logo Program for Software.

The Compatible template also removes all members of the Power Users group.


SECURITY TEMPLATES

Hisecws.inf The Highly Secure templates specify

additional restrictions that are not defined by the Secure templates, such as encryption levels and signing required for authentication and data exchange over secure channels and between Server Message Block (SMB) clients and servers.


SECURITY TEMPLATES

Rootsec.inf This template specifies the root permissions.

By default, Rootsec.inf defines these permissions for the root of the system drive. You can use this template to reapply the root directory permissions if they are inadvertently changed, or you can modify the template to apply the same root permissions to other volumes.


SECURITY TEMPLATES

Two other built-in templates—Securedc.inf and Hisecdc.inf—are used to configure security for domain controllers.


Apply a Security Template

1.Click Start, click Run, type mmc, and then click OK.

2.On the File menu, click Add/Remove Snap-in.

3.Click Add. 4.In the Available Stand Alone Snap-ins list,

click Security Configuration and Analysis, click Add, click Close, and then click OK.

5.In the left pane, click Security Configuration and Analysis and view the instructions in the right pane.


Apply a Security Template

6.Right-click Security Configuration and Analysis, and then click Open Database.

7.In the File name box, type the name of the database file, and then click Open.

8.Click the security template that you want to use, and then click Open to import the entries that are contained in the template to the database.

9.Right-click Security Configuration and Analysis in the left pane, and then click Configure Computer Now.


CREATING A CUSTOM SECURITY POLICY MANAGEMENT CONSOLE


CONFIGURING SECURITY TEMPLATES


SECURITY CONFIGURATION AND ANALYSIS SNAP-IN


CREATING AN ANALYSIS DATABASE


ANALYZING SECURITY


CONFIGURING SECURITY


Important Note…

The previous slide shows a security template being used to configure security.

Emphasize that this is a one-way process.

To revert to the original settings, you have to import settings from the Setup Security template or use System Restore to revert to a restore point prior to the configuration.


EXPORTING A TEMPLATE


SECEDIT.EXE

Analyze

Configure

Export

Validate


SECURITY AUDIT POLICY

Planning an audit policy

Implementing and managing an audit policy

Monitoring audit event logs

Security auditing is an important part of ensuring that security policies and procedures are effective. Without auditing, you really cannot tell when unauthorized access occurs, how it occurs, and who is responsible.


WHAT CAN YOU AUDIT?


…Previous slide…

It lists the audit types you can implement. The textbook describes each type in detail and presents three other audit-related settings found in Security Settings. Audit The Access Of Global System Objects

Audit The Use Of Backup And Restore Privilege

Shut Down The System Immediately If Unable To Log Security Audits


PLANNING AN AUDIT POLICY

Determine audit requirements

Select objects for auditing

Assign responsibility for monitoring


CONFIGURING THE EVENT LOG


ENABLING AUDIT POLICY


Important Note

The network or system administrator can also enable auditing on multiple systems by using Domain Security Policy.

Remember that enabling auditing is only half the job. You also have to configure SACLs (System Access Control Lists) for each object to be audited


AUDITING NTFS OBJECT ACCESS

Amy Rusko will be audited for attempts to take ownership, change permissions, or delete objects in this folder.


MONITORING SECURITY EVENTS


SUMMARY

Local Security Policy configures security on one system.

Domain Security Policy overrides Local Security Policy.

Security templates simplify configuration.

Use the Security Configuration and Analysis snap-in to manage security.


SUMMARY (CONTINUED)

Secedit.exe manages security from a command prompt.

Security audits monitor security effectiveness.

Plan auditing in advance.

Monitor auditing with Event Viewer.

it103microsoft windows xp/os chap14

Technology