Application Security Course Project2

madhu_ladu10

winsec_ppt08_l04.pptx

Home >Computer Science homework help >Application Security Course Project2

Securing Windows Platforms and Applications

Lesson 4

Microsoft Windows Security Profile, Group Policy Controls, and Windows Backup and Recovery Tools

www.jblearning.com

Learning Objectives

Define and apply Group Policy controls in Microsoft Windows.

Explain profile and audit tools to keep Windows systems secure.

Perform backup and restore operations on a given Windows system.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Key Concepts

Group Policy

Group Policy Object

Auditing Group Policy

Group Policy best practices

Profiling Windows Security

Microsoft Baseline Security Analyzer (MBSA)

Performing a security audit

Best practices for Microsoft Windows security audits

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Key Concepts (Cont.)

Backup and restore procedure for Windows servers and client computers

Applying the Microsoft Windows backup and restore utility

Creating backups as virtual images

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

DISCOVER: CONCEPTS

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Group Policy

Some Group Policy features include:

Centralized location for settings

Useful to deploy security settings

Automatic settings distribution

Options to apply standard settings

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Group policy provides many features, including:

A centralized location to define, store, and manage many operating system, application, and user settings.

Can restrict user or application actions that pose a security threat.

Supports defining configuration settings for groups of users and computers.

Automatically distributes updated settings.

Allows users to operate using different configuration settings automatically as they move from computer to computer or role to role.

Provides flexible methods to define GPO scope (how many users or computers each GPO affects).

Eases the process of comparing existing settings to standards.

Options to apply standard setting to any environment.

Standard method to distribute and apply settings across multiple Windows computers running multiple versions of the Windows operating system.

Group Policy (Continued)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Group Policy Object Order

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Common Group Policy Object (GPO) Settings

Category	Description
Password Policy	Requirements for password strength, age, history, and how Windows stores passwords
Account Lockout Policy	How Windows handles accounts locked after failed login attempts
Kerberos Policy	Lifetime limits for Kerberos tickets and clock synchronization
Audit Policy	Defines events Windows records in audit files
User Rights Assignment	Individual user rights that define what general actions users can perform, such as “access this computer from the network” or “change the system time”

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

GPOs can define many settings. These are a few of the more common settings.

Common GPO Settings (Continued)

Category	Description
Security Options	Defines what security-related actions users can perform, such as “Allowed to format and eject removable media” or “Require smart card”
Event Log	Defines maximum size, retention settings, and guest access settings for event logs
Restricted Groups	Lists users in security-sensitive groups and to what other groups the restricted group can belong
System Services	Defines startup mode and access permissions for system services
File System	Defines access permissions on discretionary access control lists (DACLs) and audit settings for system access control lists (SACLs)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Group Policy Strategies

Create GPOs for closely-related settings.

Avoid making GPOs too specific.

Create organizational units (OUs) for logical groups of computers.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

There are many ways to use Group Policy in Microsoft Windows. Here are a few strategies that can help you save time in developing an effective Group Policy.

When you create GPOs don’t put too many unrelated settings in them. Define GPOs only for a small number of related settings. That way you can use the GPO for several different uses.

Create organizational units (OUs) to define logical groups of computers. It is often convenient to define and deploy GPOs to OUs to manage groups of computers.

Use all of the available Microsoft resources and tools to avoid wasting time and effort. Microsoft resources include:

Group Policy Best Practices Analyzer - The Microsoft Group Policy Best Practice Analyzer helps you identify Group Policy configuration errors or dependency issues that may prevent settings from functioning as you expected.

Security Compliance Management Toolkit - Resources “to help you plan, deploy, and monitor the security baselines of servers running Windows Server 2008 and Windows 7”.

GPO Accelerator - The GPO Accelerator tool helps you automatically deploy the recommendations in the Security Compliance Management Toolkit. The security guides in the toolkit recommend Group Policy configurations and Security Template configurations that are enforced via Active Directory® Domain Services.

Group Policy Strategies (Continued)

Use Microsoft resources for effective GPOs:

Group Policy best practices analyzer

Security compliance management toolkit

GPO accelerator

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

There are many ways to use Group Policy in Microsoft Windows. Here are a few strategies that can help you save time in developing an effective Group Policy.

When you create GPOs don’t put too many unrelated settings in them. Define GPOs only for a small number of related settings. That way you can use the GPO for several different uses.

Create organizational units (OUs) to define logical groups of computers. It is often convenient to define and deploy GPOs to OUs to manage groups of computers.

Use all of the available Microsoft resources and tools to avoid wasting time and effort. Microsoft resources include:

Security Compliance Management Toolkit - Resources “to help you plan, deploy, and monitor the security baselines of servers running Windows Server 2008 and Windows 7”.

Auditing Group Policy

Group Policy Inventory

You must download from Microsoft

Provides an inventory list of GPO and other settings

Resultant Set of Policy (RSOP)

Included in Windows

Shows what settings apply to a specific user on a specific computer

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Microsoft provides two main tools to audit Group Policy. These tools allow you to audit what GPOs are in place and the effect of any changes you make to your Group Policy.

The Group Policy inventory tool provides an inventory list of GPOs and many other computer and user settings.

The Resultant Set of Policy tool shows what settings Windows applies to a specific user on a specific computer.

Security Configuration and Analysis (SCA) Security Templates

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

SCA MMC Snap-in

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

SCA Snap-in Analysis Results

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Security Configuration and Analysis Command-Line Tool

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

SCA Command-Line Tool Analysis Results

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Microsoft Baseline Security Analyzer (MBSA)

Evaluates the current state of a Windows computer

Compares the state to a known baseline

Reports any differences as issues

Ranks issues based on severity

Recommends methods to fix each issue

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The Microsoft Baseline Security Analyzer is an easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.

It not only identifies problems but also ranks them by severity and provides recommendations to fix each one. MBSA provides a convenient way to identify and address the most common security vulnerabilities.

MBSA Interface

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The Microsoft Baseline Security Analyzer is an easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.

NetChk Protect Limited Scan Summary

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

NetChk Protect Limited Scan Results Viewed in MBSA

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Secunia’s Online Software Inspector (OSI)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Secunia’s Personal Software Inspector (PSI) Simple Interface

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Secunia’s PSI Advanced Interface

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Security Audit Activities

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Reasons for Data Loss

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The Purpose of Backups

Data is a valuable asset

No data is stored on hardware devices

Hardware devices can encounter damage

Backups provide secondary copy

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The Purpose of Backups (Continued)

Protection from data loss or damage

Hardware of software errors

Malicious software or attackers

User error

Environmental damage or disaster

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Workstation Backups

Common local productivity files include:

Documents

Spreadsheets

Local databases

Presentations

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Each workstation contains local files. The most common type of workstation files are related to productivity software, such as Microsoft Office applications. Common productivity files found on workstation computers include:

Documents from word processing applications

Spreadsheets

Local databases

Presentation files

Each of the files stored on workstations generally represent work performed on that workstation. Losing workstation files often means losing work. Keeping current backup copies of local files protects organizations from losing work in the event of workstation errors or damage. In effect, backups protect the productivity of users by ensuring files are safe.

The most common backup method for workstations is to backup files to a server location. Most organizations maintain file serves that are specifically dedicated to store backup images from multiple workstations.

Workstation Backups (Continued)

Workstation backups protect productivity

Backup to server is most common

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Documents from word processing applications

Spreadsheets

Local databases

Presentation files

Server Backups

Store mission critical shared data

Data loss affects many users

Backups should be frequent, tested, and archived

Appropriate for the servers’ function

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Server computers typically process and store an organization’s data that is shared among many users. The purpose of a server is to make data available to different users. Protecting the available property of data is one of the three pillars of data security. Server data must be available to support any organization’s data processing functions.

Any loss of server hardware or data impacts users—potentially many users. Any data stored on the server computer that is shared by multiple users is at risk and must be protected.

Since any loss of server data generally impacts more users than workstation data loss, it is important that server backup strategies be more diligent to ensure that data is protected. The backup procedures for servers should be:

Frequent: Ensure you are creating backup copies of files frequently enough to include all but the most recent changes to data. More volatile data should be backed up more frequently. Most organizations create backups at least daily.

Tested: You cannot rely on a backup image that has not been verified. It is crucial that you test each backup image after it is created to ensure it is valid to use in case you encounter problems that damage or destroy your primary data copy.

Archived: Keep several generations of backup images. You may find that a problem is one that has developed over time and requires extracting data from older backup images to recover. Malicious code and some types of hardware failures can sometimes cause slow data damage. If you keep backup images archived for longer than a few days you may be able to recover easier from slow data damage.

Each server backup strategy and schedule should match the server’s function. Servers that store and process extremely volatile and critical data should have more aggressive backup strategies than web servers with few daily data changes. Ensure you are focusing backup efforts to result in minimizing data loss when problems occur.

DISCOVER: PROCESS

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Steps to Deploying a GPO

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

There are several steps required to create and deploy a GPO.

Create the GPO – Use local security policy for local GPOs and the Group Policy Management Console (GPMC) for Active Directory GPOs.

Define the GPO settings – Define and set values for your desired settings. You can define few or many settings in the same GPO. For maximum flexibility only define related settings in a GPO.

Define any desired GPO filters – You can limit the scope of the GPO effect by defining filters. Filters make it easy to define groups of users or computers to which GPOs will apply.

Link the GPO – You can link each GPO to one or more sites, organizational units (OU), or domains. Linking a GPO tells Windows to deploy the GPO to the linked container.

Once you link the GPO to one or more entities, Windows Active Directory takes care of the rest!

Create the GPO using local security policy or group policy management console (GPMC).

Define GPO settings.

Define GPO filters.

Link the GPO to one or more computers.

Local Group Policy Editor

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Changing a Setting in the Local Group Policy Editor

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Group Policy Setting in the Registry Editor

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Group Policy Management Console

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

GPOs in the Policies Folder

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Linking AD GPOs in the GPMC

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

GPO Security Filters

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

WMI Filters

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA Procedure

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA doesn’t come with Windows, you have to download it and the install it.

You can get MBSA v 2.1.1 at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.

Download and install MBSA

Run MBSA and select the desired option

Select desired scan options

Scan a computer

Scan multiple computers

View scan reports

Review scan results when done

MBSA Interface

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The Microsoft Baseline Security Analyzer is an easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.

MBSA Scan Options

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA doesn’t come with Windows, you have to download it and the install it.

You can get MBSA v 2.1.1 at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.

MBSA Scan Results

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA doesn’t come with Windows, you have to download it and the install it.

You can get MBSA v 2.1.1 at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.

MBSA Command-Line Interface

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA doesn’t come with Windows, you have to download it and the install it.

You can get MBSA v 2.1.1 at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.

MBSA Command-Line Scan Results

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA doesn’t come with Windows, you have to download it and the install it.

You can get MBSA v 2.1.1 at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.

Backup Process

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The basic backup process includes these steps:

Identify the files you want to back up. You can create complete computer backups, with or without system files, or only select some files and folders to back up. Examine what you’ll need to recover each computer in an acceptable time frame and include all the needed files in your backup.

Select the location where you’ll store the backup image. In many cases this location is a file server but there are other options. Ensure there is sufficient space available for all of the backup images you’ll create. A full target location will generally cause your backup to fail and remove the ability to restore any data you may lose. Ensure your selected target location is available and secure.

Create a backup schedule that balances the need for current data backups and live system performance impact. The strategy that ensures the least data loss is a real-time replication strategy. This strategy can be expensive and cause your system to slow down. Waiting longer between backups avoids many performance problems but exposes your system to more data loss. Select a backup schedule that balances the two needs of performance and security. A good place to start for most applications is a daily backup. If your data changes rapidly and is difficult to replace, you may consider backing up multiple times each day.

Identify Files

Select Target Location

Set Schedule

Windows Backup and Restore Utility

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Backup Schedule

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Server Backup

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Creating a Bare Metal Recovery Backup

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Recovery Process

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The general process to recover, or restore files includes these steps:

The only reason to initiate a recovery process is due to some event that has cause data damage or destruction. Before you start the recovery process, ensure you have addressed the problem that cause the damage. Recovering data to a computer and encountering more data loss wastes time. Fix the problem before recovering.

Once you have identified and fixed the problem that cause the damage, identify the most recent verified backup image that contains good data. Depending on the nature of the problem that caused data loss it may be necessary to skip over one or more backup images to previous archived images to get to the data you need. Select the best backup image to restore the data you need.

Select the recovery method that best meets your needs. If you are recovering an entire computer system you’ll likely select a complete system recovery. On the other hand, if all you need is to recover a few files or folders you may save substantial time by selecting just the files or folders you need.

Fix the Problem

Identify Desired Image

Recover Desired Files

Windows Workstation Restore

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Server Recovery

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

DISCOVER: CONTEXT

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

When to Run MBSA

MBSA is a convenient tool for any organization.

MBSA is most helpful in following scenarios:

After adding new computers

To verify compliance

To ensure you haven’t missed important vulnerabilities

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

You can run MBSA at any time for any Windows computers in your organization. It provides a convenient way to compare a computer’s current settings against a Microsoft suggested baseline to disclose any vulnerabilities.

You should run MBSA periodically and whenever:

You add new computers to your environment

You suspect one or more computers are vulnerable

In addition, you must show that your computers are compliant with one or more policies

MBSA Benefits

Visibility of multiple computers’ security

Comparing of multiple computers’ security

Comparing settings is difficult with stand-alone computers

Identifying differences from standards

Scanning large and small groups of computers becomes easy

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

MBSA provides benefits for organizations that use it to help manage standard security settings. You can use MBSA to scan security settings for one or more computers and compare the settings to a known baseline. MBSA gives organizations the ability to see how multiple computers are configured.

MBSA makes it easy to compare settings among multiple computers selected by Internet protocol (IP) address range or domain. Comparing security settings of multiple stand-alone computers is difficult. You would have to run MBSA for each computer, then copy the results report to a central location and view each report separately. Although workgroup computers may be available for group MBSA scanning, depending on IP address ranges, the easiest way to identify large groups of computers is for each of the computers to be members of a domain.

MBSA identifies differences from a stated security standard and reports on any vulnerabilities found on any of the scanned computers.

Factors Determining a Backup Strategy

Important considerations include:

Target location

Files to include

Frequency

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Each organization has unique needs for backups. An organization’s environment and data needs dictate the backup configuration. Determining factors for how you design a backup strategy include:

Target location – Where you backup your files. Some organizations may identify dedicated disks or even servers for backup images. Other organizations may just use folders on existing hard disks drives. The environment and hardware availability help you decide where to backup your files.

Files to include – Files that you need to include in each backup. Database servers need to backup all files associated with databases. Web servers need to backup files that support web server functions. You should define a list of types of files each type of computer needs to back up.

Frequency – How often you need to execute a backup. You should backup volatile data more frequently than stable data. Analyze each computer type and the data it contains to determine the best frequency for backups for that computer. You should determine backup frequency to ensure you lose the minimal amount of data in the event of a disaster that results in primary data loss. Be aware that increasing backup frequency can have a detrimental effect on performance.

Creating a solid backup plan can be a challenging task. Ensure you consider all of the important variables when designing a backup plan, including:

Organization type – What are your primary business functions and what data must you have to continue operations? Backups should first ensure the integrity of your most critical data.

Infrastructure components – What resources are available for storing backup images? Which infrastructure components that store data already have data reservation controls in place? For example, if you are using redundant array of inexpensive disks (RAID) storage systems you may not need to create backups as frequently as non-RAID disks. Understand your infrastructure and the features each component provides.

Data reliance – Understand how your organization relies on each type of data. Ensure that you are aggressively backing up any data on which your organization relies. Even more importantly, ensure you have a recovery procedure in place to ensure you can recover data in the event of a disaster.

Factors Determining a Backup Strategy (Continued)

Other considerations include:

Organization type

Infrastructure components

Data reliance

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Each organization has unique needs for backups. An organization’s environment and data needs dictate the backup configuration. Determining factors for how you design a backup strategy include:

Creating a solid backup plan can be a challenging task. Ensure you consider all of the important variables when designing a backup plan, including:

Organization type – What are your primary business functions and what data must you have to continue operations? Backups should first ensure the integrity of your most critical data.

Summary

Group Policy

Group Policy Object

Auditing Group Policy

Group Policy best practices

Profiling Windows Security

Microsoft Baseline Security Analyzer (MBSA)

Performing a security audit

Best practices for Microsoft Windows security audits

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Summary (Cont.)

Backup and restore procedure for Windows servers and client computers

Applying the Microsoft Windows backup and restore utility

Creating a backup as virtual images

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Virtual Labs

Managing Group Policy Within the Microsoft Windows Environment

Creating a Scheduled Backup and Replicating System Folders

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Use the following script to introduce the first lab:

“This lesson focused on maintaining Windows system security with Group Policy controls and Microsoft Baseline Security Analyzer (MBSA). You took an in-depth look at Group Policy and Group Policy objects (or GPOs), and how to apply Group Policy controls to keep Windows systems secure. You also learned how to use MBSA to create a baseline of systems for use in security audits.

In the lab for this lesson, Managing Group Policy Within the Microsoft Windows Environment, you will create and link Active Directory Group Policy Objects (GPO) to domain computers and use the Group Policy Manager Console (GPMC) to deploy security policies across the domain. You also will generate policy audit reports from the GPMC and the Windows Command Prompt to analyze the existence of and effectiveness of the GPO.”

Use the following script to introduce the second lab:

“A sound backup and restoration strategy is a core component of any organization. This lesson focused on performing backup and restore operations on Windows systems. You learned why backups are important for protecting data, how often to perform backups, and the type of backups you can perform such as full, differential, and incremental. You also explored the general steps involved in restoring a backup if data is lost or damaged. Virtual images were addressed as well, which you can use to restore an entire system to a point in time.

In the lab for this lesson, Creating a Scheduled Backup and Replicating System Folders, you will install the Windows Distributed File System and Windows Server Backup features from the PowerShell command line. You will schedule a daily backup of the C:\ERPdocuments folder on the TargetWindows01 server and replicate this backup to the TargetWindows02 server using the DFS Replication feature.”

OPTIONAL SLIDE

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Disaster Recovery Options

Page ‹#›

Security Strategies in Windows Platforms and Applications