microsoft ® official course module 6 implementing network security
TRANSCRIPT
Microsoft® Official Course
Module 6
Implementing Network Security
Module Overview
Overview of Threats to Network Security
Configuring Windows Firewall
Securing Network Traffic•Configuring Windows Defender
Lesson 1: Overview of Threats to Network Security
Common Network Security Threats
What Is Defense-in-Depth?•Options for Mitigation of Network Security Threats
Common Network Security Threats
• There are a variety of network security threats, but they fall into a number of categories
• Common network-based security threats include:• Eavesdropping• Denial-of-service• Port scanning• Man-in-the-middle
• Hacking is a generic term that refers to the act of trying to crack a computer program or code
What Is Defense-in-Depth?
Policies, Procedures, and Awareness
Physical Security
Hardening, authentication, update management, host-based intrusion detection system
Firewalls, Network Access Quarantine ControlGuards, locks, tracking devices
Network segments, Internet Protocol Security, Network Intrusion Detection System
Application hardening, antivirus
Access Control Lists, encryption, Encrypting File System, Digital Rights Management
Security documents, user education
Perimeter
Internal Network
Host
Application
Data
Defense-in-depth uses a layered approach to security, which:• Reduces an attacker’s chance of success• Increases an attacker’s risk of detection
Options for Mitigation of Network Security Threats
Attack Mitigations
Eavesdropping IPsec, VPNs, intrusion detection
Denial-of-serviceFirewalls, perimeter networks, IPsec, server hardening
Port scanning Server hardening, firewalls
Man-in-the-middle IPsec, DNSSEC
Virus, malicious code Software updates
It is important to implement a holistic approach to network security to ensure that one loophole or omission does not result in another
Lesson 2: Configuring Windows Firewall
Network Location Profiles
Configuring Basic Firewall Settings
Windows Firewall with Advanced Security Settings
Well-Known Ports•Demonstration: Configuring Inbound and Outbound Rules
Network Location Profiles
• The first time that your server connects to a network, you must select a network location
• There are three network location types:• Private networks• Public networks• Domain networks
Configuring Basic Firewall Settings
• Configure network locations
• Turn Windows Firewall on or off, and customize network location settings
• Add, change, or remove allowed programs
• Set up or modify multiple active profile settings
• Configure notifications for Windows Firewall
Windows Firewall with Advanced Security Settings
The monitoring interface displays information about current firewall rules, connection security rules, and security associations.
Connection security rules secure traffic by using IPsec while it crosses the network.
Outbound rules explicitly allow or explicitly deny traffic originating from the computer that matches the criteria in the rule.
Inbound rules explicitly allow or explicitly block traffic that matches criteria in the rule.
The Properties page is used to configure firewall properties for domain, private, and public network profiles, and to configure IPsec settings.
Windows Firewall with Advanced Security filters incoming and outgoing connections based on its configuration
• Use inbound rules to explicitly allow or block traffic that matches the rule’s criteria
• Use outbound rules to explicitly allow or deny traffic that originates from the computer that matches the rule’s criteria
• Use IPsec rules to use IPsec to secure traffic while it crosses the network
• Use the monitoring interface to view information about current firewall rules, IPsec rules, and security associations
• Use the Properties page to configure firewall properties for domain, private, and public network profiles, and to configure IPsec settings
Well-Known Ports
When an application wants to establish communications with an application on a remote host, it creates a TCP or UDP socket
TCP/IP Protocol Suite
TCP TCP UDP UDP
Ethernet Ethernet
HT
TP
(80)
HT
TP
(80)
FTP
(21)
FTP
(21)
SM
TP
(25)
SM
TP
(25)
DN
S (
53)
DN
S (
53)
PO
P3 (
110)
PO
P3 (
110)
SN
MP
(161)
SN
MP
(161)
IPv6IPv6IPv4IPv4ARPARP
IGMP
IGMP
ICMPICMP
HT
TP
S (
443)
HT
TP
S (
443)
Demonstration: Configuring Inbound and Outbound Rules
In this demonstration, you will see how to: • Configure an inbound rule• Test the inbound rule• Configure an outbound rule• Test the outbound rule
Lab A: Configuring Inbound and Outbound Firewall Rules
Exercise 1: Creating an Inbound Firewall Rule•Exercise 2: Creating an Outbound Firewall Rule
Logon InformationVirtual Machines 20687B-LON-DC1
20687B-LON-CL120687B-LON-CL2
User Name Adatum\AdministratorPassword Pa$$w0rd
Estimated Time: 20 minutes
Lab Scenario
Remote desktop is enabled on all client systems through a Group Policy Object (GPO). However, as part of your infrastructure security plan, you must configure certain desktops systems, such as the HR department systems, for limited exposure to remote connections. Before implementing the firewall rules in a GPO you want to validate your plan by manually configuring the rules on local systems. Due to the sensitive nature of the data that could be on these systems, you decide to use firewall rules to prevent all but specific systems from connecting to them remotely. Additionally certain helpdesk systems are not allowed to use the Remote Desktop Connection (MSTSC.exe) program to connect to certain servers. You decide to control this through local firewall rules blocking outbound traffic on the client systems.
Lab Review
• In your environment, where do you use workstation-based firewalls?
Lesson 3: Securing Network Traffic
Benefits of IPsec
Using IPsec
Tools for Configuring IPsec
What Are IPsec Rules?
Configuring Authentication
Choosing an Authentication Method
Monitoring Connection Security•Demonstration: Configuring an IPsec Rule
Benefits of IPsec
IPsec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network
• IPsec has two goals: packet encryption and mutual authentication between systems• Configuring IPsec on sending and receiving computers enables the two computers to send secured data to each other• IPsec secures network traffic by using encryption and data signing• An IPsec policy defines the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated
Using IPsec
Recommended uses of IPsec include:• Packet filtering• Authenticating and encrypting host-to-host traffic• Authenticating and encrypting traffic to specific
servers• Providing L2TP/IPsec for VPN connections• Site-to-site tunneling• Enforcing logical networks
Tools for Configuring IPsec
To configure IPsec, you can use:• Windows Firewall with Advanced Security MMC
(also used for Windows Server 2008 R2 and Windows 7)
• IP Security Policy MMC (Used for mixed environments and to configure policies that apply to all Windows versions)
• Netsh command-line tool
• PowerShell NetSecurity module cmdlets
What Are IPsec Rules?
Connection security rules involve:
• Authenticating two computers before they begin communications
• Securing information being sent between two computers• Using key exchange, authentication, data integrity,
and data encryption (optionally)
How firewall rules and connection rules are related:• Firewall rules allow traffic through, but do not secure
that traffic• Connection security rules can secure the traffic,
but depend on a firewall rule to allow traffic through the firewall
Configuring Authentication
Option Description
Request Authentication for inbound and outbound connections
Ask that all inbound/outbound traffic be authenticated, but allow the connection if authentication fails
Require authentication for inbound connections and request authentication for outbound connections
• Require inbound traffic be authenticated or it will be blocked
• Outbound traffic can be authenticated, but will be allowed if authentication fails
Require authentication for inbound and outbound connections
Require that all inbound/outbound traffic be authenticated or the traffic will be blocked
When using the Connection Security Rule Wizard to create a new rule, you use the Requirements page to choose one of the following:
Choosing an Authentication Method
Method Key Points
Default Use the authentication method that you configure on the IPsec Settings tab.
Computer and User (Kerberos V5)
You can request or require that both the user and computer authenticate before communications can continue. Requires domain membership.
Computer (Kerberos V5)
Request or require the computer to authenticate using Kerberos v5. Requires domain membership.
User (Kerberos V5)
Request or require the user to authenticate using Kerberos v5. Requires domain membership.
Computer certificate
• Request or require a valid computer certificate, requires at least one CA.
• Only accept health certificates: Request or require a valid health certificate to authenticate, requires IPsec NAP.
Advanced Configure any available method. You can specify methods for first and second Authentication.
Monitoring Connection Security
Options for using the IP Security Monitor:
• Modify IPsec data refresh interval to update information in the console at a set interval
• Allow DNS name resolution for IP addresses to provide additionalinformation about computers connecting with IPsec
• Computers can monitored remotely:• To enable remote management editing, the
HKLM\system\currentcontrolset\services\policyagent keymust have a value of 1
• To Discover the Active security policy on a computer, examine the Active Policy Node in the IP Security Monitoring MMC
• Main Mode Monitoring monitors initial IKE and SA:• Information about the Internet Key Exchange
• Quick Mode Monitoring monitors subsequent key exchanges related to IPsec:
• Information about the IPsec driver
• Use the Connection Security Rules and Security Associations nodes to monitor IPsec connections
• Security Associations that you canmonitor include:
• Main Mode• Quick Mode
The Windows Firewall in Windows 8 incorporates IPsec
Demonstration: Configuring an IPsec Rule
In this demonstration, you will see how to: • Create a connection security rule• Review monitoring settings in Windows Firewall
Lab B: Configuring IPsec Rules
•Exercise 1: Creating and Configuring IPsec Rules
Logon InformationVirtual Machines 20687B-LON-DC1
20687B-LON-CL120687B-LON-CL2
User Name Adatum\AdministratorPassword Pa$$w0rd
Estimated Time: 20 minutes
Lab Scenario
A. Datum uses many outside consultants. The enterprise’s management has a concern that if a consultant was on the company network, they may be able to connect to unauthorized computers.
Lab Review
• In your environment, where do you use authenticated connections between workstation computers?
Lesson 4: Configuring Windows Defender
What Is Windows Defender?
Scanning Options in Windows Defender•Demonstration: Configuring Windows Defender Settings
What Is Windows Defender?
Windows Defender is software that helps protect the computer against security threats
by detecting and removing known spyware from the computer
Schedules scans to occur on a regular basis
Provides configurable responses to severe, high, medium, and low alert levels
Provides customizable options to exclude files, folders, and file types
Works with Windows Update to automatically install new spyware definitions
When a scan results display on the Home page.
Scanning Options in Windows Defender
You define when to scan:
You define scan options:Option Description
Scan archive files Include any archive files, such as .zip or .cab files
Scan removable drives
Includes removable drives, such as USB flash drives, when running a full scan
Create a system restore point
Create a system restore point before removing, running, or quarantining detected items
Allow all users to view the full History results
Allow all users of this PC to see all detected items on the History tab
Remove quarantined files after: <time>
Quarantined files remain disabled until you allow or remove them. The default time is one month
Scan Type Description
Quick scan Scan the areas of the computer that are most likely to be infected
Full scan Scan all areas of the computer
Custom scan Scan specific areas of the computer only
Demonstration: Configuring Windows Defender Settings
In this demonstration, you will see how to: • Perform a quick scan• Test Malware Detection• Examine the Window Defender History
Lab C: Configuring Host-Based Virus and Malware Protection
•Exercise 1: Configuring Windows Defender
Logon InformationVirtual Machines 20687B-LON-DC1
20687B-LON-CL1User Name Adatum\AdministratorPassword Pa$$w0rd
Estimated Time: 10 minutes
Lab Scenario
You are planning to use Window Defender to check for malicious files every day. You also want to ensure that Windows Defender will quarantine any files that it considers a severe risk to your system’s security.
Lab Review
• In your environment, how often are your client computers infected with malware?
Module Review and Takeaways
•Review Questions•Tools•Best Practice