Application Security

profilesbadugula
winsec_ppt08_l04.pdf
Home>Computer Science homework help>Application Security

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Securing Windows Platforms and

Applications

Lesson 4

Microsoft Windows Security Profile,

Group Policy Controls, and Windows

Backup and Recovery Tools

Page 2Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Learning Objectives

 Define and apply Group Policy controls in Microsoft

Windows.

 Explain profile and audit tools to keep Windows

systems secure.

 Perform backup and restore operations on a given

Windows system.

Page 3Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Key Concepts

 Group Policy

 Group Policy Object

 Auditing Group Policy

 Group Policy best practices

 Profiling Windows Security

 Microsoft Baseline Security Analyzer (MBSA)

 Performing a security audit

 Best practices for Microsoft Windows security audits

Page 4Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Chapter 6 Slides

Chapter 6: Group Policy Control in

Microsoft Windows

Page 5Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy and Group Policy

Objects

 Some Group Policy features include:

• Centralized location for settings

• Useful to deploy security settings

• Automatic settings distribution

• Options to apply standard settings

 Collections of Group Policy settings can be stored in named objects called Group Policy

Objects (GPOs)

Page 6Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy (Continued)

Page 7Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Common Group Policy Object

(GPO) Settings

Category Description

Password Policy Requirements for password strength, age,

history, and how Windows stores passwords

Account Lockout

Policy

How Windows handles accounts locked after

failed login attempts

Kerberos Policy Lifetime limits for Kerberos tickets and clock

synchronization

Audit Policy Defines events Windows records in audit files

User Rights

Assignment

Individual user rights that define what general

actions users can perform, such as “access this

computer from the network” or “change the

system time”

Page 8Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Common GPO Settings (Continued)

Category Description

Security Options Defines what security-related actions users can

perform, such as “Allowed to format and eject

removable media” or “Require smart card”

Event Log Defines maximum size, retention settings, and guest

access settings for event logs

Restricted

Groups

Lists users in security-sensitive groups and to what

other groups the restricted group can belong

System Services Defines startup mode and access permissions for

system services

File System Defines access permissions on discretionary access

control lists (DACLs) and audit settings for system

access control lists (SACLs)

Page 9Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy Strategies

 Create GPOs for closely-related settings.

 Avoid making GPOs too specific.

 Create organizational units (OUs) for logical

groups of computers.

Page 10Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy Strategies (Continued)

 Use Microsoft resources for effective

GPOs:

• Group Policy best practices analyzer

• Security compliance management toolkit

• GPO accelerator

Page 11Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Making Group Policy Conform to

Security Policy

 GPOs you define and use should conform

to your security policy

 Reasons:

• To allow management to meet security

responsibilities

• To ensure that there are no gaps in your

security policy and your policy doesn’t

contain additional controls

Page 12Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy Object Order

Page 13Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Types of GPOs in the Registry

 The Registry:

• Is a database in Windows that stores

configuration settings for the computer and

users

• Stores Group Policy settings in

HKEY_CURRENT_USER (HKCU) or

HKEY_LOCAL_MACHINE (HKLM)

Page 14Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Local Group Policy Editor

Page 15Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Changing a Setting in the Local

Group Policy Editor

Page 16Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy Setting in the

Registry Editor

Page 17Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Types of GPOs in Active

Directory  Defining GPOs in AD lets you centralize

security rules and control how Windows

applies each rule

 Create AD GPOs on a domain controller using

the Group Policy Management Console

(GPMC)

Page 18Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Actions You Can Perform in the

GPMC  Create and edit GPOs

 Import and export GPOs

 Copy and paste GPOs

 Back up and restore GPOs

 Search for GPOs

 Create reports on GPOs

Page 19Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy Management

Console

Page 20Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

GPOs in the Policies Folder

Page 21Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Linking AD GPOs in the GPMC

Page 22Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Designing, Deploying, and

Tracking Group Policy Controls

GPO application order

Security filters

GPT Windows Management Instrumentation (WMI) filters

Page 23Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

GPO Security Filters

Page 24Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

WMI Filters

Page 25Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Steps for Deploying a GPO

Create the GPO using local security policy or

group policy management console

(GPMC).

Define GPO settings.

Define GPO filters. Link the GPO to

one or more computers.

Page 26Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Auditing Group Policy

 Group Policy Inventory

• You must download from Microsoft

• Provides an inventory list of GPO and

other settings

 Resultant Set of Policy (RSOP)

• Included in Windows

• Shows what settings apply to a specific

user on a specific computer

Page 27Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices Group Policy

Guidelines  Define OUs that reflect your organization’s functional structure.

 Create OU GPOs for controls required in your security policy.

 Use meaningful names for GPOs to make maintenance and

administration easier.

 Deploy GPOs in a test environment before deploying to your

live environment.

 Use security filtering and WMI filters to restrict settings when

necessary.

 Back up your GPOs regularly.

 Do not modify the default policies—instead, create new GPOs.

Page 28Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Chapter 7 Slides

Chapter 7: Microsoft Windows Security

Profile and Audit Tools

Page 29Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Profiling Microsoft Windows

Security

Baseline

• A collection of configuration settings

Profiling

• The process of comparing real computer configurations to known baselines

Page 30Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Security Configuration and Analysis

(SCA) Security Templates

Page 31Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

SCA MMC Snap-in

Page 32Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

SCA Snap-in Analysis Results

Page 33Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

SCA Command-Line Tool

Page 34Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

SCA Command-Line Tool

Analysis Results

Page 35Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Microsoft Baseline Security

Analyzer (MBSA)

 Evaluates the current state of a Windows

computer

 Compares the state to a known baseline

 Reports any differences as issues

• Ranks issues based on severity

• Recommends methods to fix each issue

Page 36Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

When to Run MBSA

 MBSA is a convenient tool for any

organization.

 MBSA is most helpful in following

scenarios:

• After adding new computers

• To verify compliance

• To ensure you haven’t missed important

vulnerabilities

Page 37Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Benefits

 Visibility of multiple computers’ security

 Comparing of multiple computers’ security

• Comparing settings is difficult with stand-

alone computers

 Identifying differences from standards

• Scanning large and small groups of

computers becomes easy

Page 38Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Procedure

Review scan results when done

Select desired scan options

Run MBSA and select the desired option Scan a computer Scan multiple computers View scan reports

Download and install MBSA

Page 39Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Interface

Page 40Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Scan Options

Page 41Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Scan Results

Page 42Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Command-Line Interface

Page 43Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA Command-Line Scan

Results

Page 44Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

NetChk Protect Limited Scan

Summary

Page 45Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

NetChk Protect Limited Scan

Results Viewed in MBSA

Page 46Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Secunia’s Online Software

Inspector (OSI)

Page 47Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Secunia’s Personal Software

Inspector (PSI) Simple Interface

Page 48Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Secunia’s PSI Advanced

Interface

Page 49Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Security Audit

Activities

Page 50Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Audits

Windows security audit involves identifying, collecting, and analyzing information.

Make an audit plan and gather tools to make the task manageable.

Collect audit information as soon as possible.

Goal is to collect all information that an auditor can use to verify compliance or research unusual activity.

Page 51Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices for Security

Audits

 Create initial baselines

 Develop security templates in SCA

 Run SCA/MBSA using command-line interface options

 Develop batch files to run scans and collect operational

information

 Collect information using a set schedule

 Archive collected data files

 Maintain current backups

 Enable Windows auditing

 Do not enable Read or List auditing

Page 52Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices for Security

Audits (con’t)

 Do not enable Execute auditing on binary files e

 Limit enabling all auditing actions to files, folders,

programs, and other resources

 Enable auditing for all change actions for your Windows

install folder

 Audit all printer actions

 Ignore Read and Write actions for temporary folders

 Develop Windows policies and Group Policy Objects that

are as simple as possible

Page 53Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Chapter 8 Slides

Chapter 8: Microsoft Windows Backup

and Recovery Tools

Page 54Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

The Purpose of Backups

 Data is a valuable asset

• Data is stored on hardware devices

• Hardware devices can encounter damage

 Backups provide secondary copy

Page 55Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

The Purpose of Backups (Continued)

 Protection from data loss or damage

• Hardware of software errors

• Malicious software or attackers

• User error

• Environmental damage or disaster

Page 56Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Reasons for Data Loss

Page 57Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Factors Determining a Backup

Strategy

 Important considerations include:

• Target location

• Files to include

• Frequency

Page 58Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Factors Determining a Backup

Strategy (Continued)

 Other considerations include:

• Organization type

• Infrastructure components

• Data reliance

Page 59Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Backup Process

Identify Files

Select Target

Location Set

Schedule

Page 60Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Workstation Backups

 Common local productivity files include:

• Documents

• Spreadsheets

• Local databases

• Presentations

Page 61Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Workstation Backups (Continued)

 Workstation backups protect productivity

 Backup to server is most common

Page 62Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Backup and Restore

Utility

Page 63Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Backup Schedule

Page 64Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Server Backups

 Store mission-critical shared data

 Data loss affects many users

 Backups should be frequent, tested, and

archived

 Appropriate for the servers’ function

Page 65Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Server Backup

Page 66Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Network Backups

 Back up files and folders to a network

shared folder

 Protects backed-up data from damage to

primary computer or storage device

 Local disk space not used to create

backups

 Can degrade network performance

Page 67Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Internet Backups

 Physically separate from your local

computer

 Main restriction is bandwidth

 Anyone with a network sniffer between you

and backup destination can intercept data

 Use strong connection encryption with

Internet backup product

Page 68Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Disaster Recovery and Business

Continuity Plans

Disaster Recovery Plan (DRP)

Business Continuity Plan (BCP)

Page 69Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Disaster Recovery Options

Page 70Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Recovery Process

Fix the Problem

Identify Desired Image

Recover Desired

Files

Page 71Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Workstation Restore

Page 72Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Server Recovery

Page 73Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Creating a Bare Metal Recovery

Backup

Page 74Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Virtualization Products

Hyper-V VMWare

VirtualBox Virtual PC

Page 75Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices

 Identify critical business functions

 Develop a plan to continue critical business functions.

 Define recovery time objectives

 Develop a backup plan

 Automate backup operations

 Verify backup operations

 Document backup and recovery

 Test recovery procedures

 Review recovery plan quarterly

Page 76Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Summary

 Group Policy

 Group Policy Object

 Auditing Group Policy

 Group Policy best practices

 Profiling Windows Security

 Microsoft Baseline Security Analyzer (MBSA)

 Performing a security audit

 Best practices for Microsoft Windows security audits

Page 77Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Virtual Labs

 Managing Group Policy Within the

Microsoft Windows Environment

 Creating a Scheduled Backup and

Replicating System Folders