Application Security

profilesbadugula
winsec_ppt08_l05_db.pdf
Home>Computer Science homework help>Application Security

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Security Strategies in Windows

Platforms and Applications

Lesson 5

Securing Microsoft Windows Networks

Page 2Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Learning Objectives

 Design techniques to protect Windows networks from

security vulnerabilities.

 Develop a security administration framework to

ensure your organization meets its security policy

goals.

Page 3Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Key Concepts

 Network security

 Windows security protocols

 Securing wireless networks

 Security administration

 Due diligence

 End user security awareness training program

Page 4Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Chapter 9 Slides

Chapter 9: Microsoft Windows

Network Security

Page 5Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Purpose of Network Security

Acts as a layer of defense

Helps keep attackers out

Reduces risk of

compromised computers

Limits exposure of protected resources

Supports availability,

integrity, and confidentiality

Page 6Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Seven Domains of a Typical IT

Infrastructure

Page 7Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Network Types

Local area network (LAN)

Metropolitan area network

(MAN)

Wide area network (WAN)

Personal area network (PAN)

Campus area network (CAN)

Global area network (GAN)

Page 8Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Network Security Controls

 Access controls

 Communication controls

 Anti-malware software

 Recovery plans, including backups

 Procedures to control network device

configuration changes

 Monitoring tools and other detective controls

 Software patch management

Page 9Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Principles of Microsoft Windows

Network Security

Physical and logical access

Traffic flow

Computer and device security

Page 10Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Common Components Found in

Networks

Page 11Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Connection Media

 Wireless network connections

 Wired connections

• Unshielded twisted pair (UTP)

• Shielded twisted pair (STP)

• Coaxial cable

• Fiber optic cable

Page 12Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

802.11 Wireless Standards

Page 13Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Simple Network with a Hub

Page 14Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

DMZ with Two Firewalls

Page 15Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

TCP/IP and OSI Reference

Models

Page 16Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Message Flow in the U.N.

Example

Page 17Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Common Network

Communication Protocols

Telnet Secure Shell

(SSH) HTTP/ HTTPS

SSL/TLS TCP/IP UDP

Page 18Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Common Network

Communication Protocols (Cont.)

IPSec PPP/PPTP L2TP

SSTP WEP/WPA Kerberos

Page 19Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Securing Network Services

Strategies

Service Updates

Service Accounts

Necessary Services

Page 20Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Services Startup

Options

Page 21Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Wireless Network Security

Guidelines

Use WPA or WPA2 encryption

Use Media Access Control (MAC) address filtering

Disable Service Set Identifier (SSID) broadcast

Limit outside eavesdropping

Physically separate wireless networks by purpose

Page 22Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Desktop and Server Security

Desktop Security

User authorization and authentication

Malicious software protection

Outbound software filtering

Server Security

Authentication and authorization

Malicious software protection

Network traffic filtering

Page 23Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Security Administration Process

Prepare/ Plan

Design

Implement

Optimize

Page 24Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices

 Identify sensitive data

 Use encryption

 Establish unique domain user accounts

 Enforce strong passwords

 Create new user accounts with limited rights and

permission for services

 Do not allow any services to run as a domain admin user

 Use Kerberos for secure authentication

 Install firewalls to create a DMZ

 Use encrypted communication

 Establish firewall rules

Page 25Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices (Cont.)

 Deny all suspicious traffic

 Allow only approved traffic for servers

 Filter inbound and outbound traffic for malicious

messages

 Install anti-malware software

 Perform quick scans daily

 Perform complete scans weekly

 WPA or WPA2

 Disable SSID broadcast

 Do not enable wireless or mobile broadband cards while

connected to your organization’s internal network

Page 26Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices (Cont.)

 Do not allow visitors to roam around your facilities using

wireless LANs

 Avoid connecting to public networks

 Use VPN

 Install separate wireless access point for guests

 Disable or uninstall services you don’t need

Page 27Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Chapter 10 Slides

Chapter 10: Microsoft Windows Security

Administration

Page 28Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Operating System Administration

Workstation Administration

Server Administration

Network Device Administration

Page 29Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Security Administration Process

Page 30Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

C-I-A

Page 31Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Types of Security Administration

Firewall

Backup

Operating system service pack

Group Policy

Page 32Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Types of Security Administration

DACL

Encryption

Anti-malware software

Page 33Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Firewall with Advanced

Security MMC Snap-in

Page 34Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Performance Monitor

Page 35Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Backup and Restore for

Windows 7

Page 36Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Server 2008 Backup

Page 37Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

MBSA GUI

Page 38Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Group Policy Management

Console

Page 39Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Object Properties Security Page

Page 40Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

DACL Advanced Security

Settings

Page 41Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Object Properties—Advanced

Attributes

Page 42Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Enabling BitLocker

Page 43Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

BitLocker Management Tool

Page 44Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Compliance and Due Diligence

Compliance Due

Diligence

Page 45Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Security Policies, Standards, Procedures,

and Guidelines

Guidance Documents

 Security policy

 Security standard

 Security procedure

 Security guidelines

Main Security

Elements

 Clearly stated security

goals

 Documented plans

 Communication with

stakeholders

Page 46Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices

 Clearly state security goals

 Include all compliance requirements

 Use the PDCA method

 Communicate with all stakeholders

 Strive for simplicity

 Search for controls that have little impact on users

 Coordinate AUPs with technical controls

 Automate

 Use AD GPOs

Page 47Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Best Practices (Cont.)

 Coordinate physical and technical controls

 Use anti-malware controls

 Develop a plan to monitor system and network

performance

 Use up to date software

 Examine log files

 Stay current on emerging attacks

 Test your recovery plans

 Define DACLs

Page 48Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Summary

 Network security

 Windows security protocols

 Securing wireless networks

 Security administration

 Due diligence

 End user security awareness training program

Page 49Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

 Mid Term Exam this week - No labs