1 / 46

Components of WS Security

Components of WS Security. Security Policies and Procedures A well patched system Passwords Users, permissions and file systems Services Malware protection Information assurance. Security Policies. Complete Current Procedures also Must be enforced or they are useless.

mikasi
Télécharger la présentation

Components of WS Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Components of WS Security • Security Policies and Procedures • A well patched system • Passwords • Users, permissions and file systems • Services • Malware protection • Information assurance

  2. Security Policies • Complete • Current • Procedures also • Must be enforced or they are useless

  3. Keep the system current • Patch the OS • Turn on automatic updates • Microsoft does the rest • Just trust them with my machine? • They are only upgrading! • Patch all of the apps • TEST, TEST, TEST

  4. Applications and Services • General • Only applications necessary for job • Only approved applications • NO unapproved applications • Keep applications up to date • Configuration according to procedures and permission • Client or Server

  5. File System Permissions • Directories • Data • Home • Shared • Cloud • System • Application • Permissions • Read, Write, Delete, Execute

  6. Malware Protection • Anti-Virus software • Auto updates • Robust package • Ingress and egress filtering • Current license

  7. Users • Groups and users • Rights/permissions • Access level • Directory access

  8. Accounts • Uniform rules to establish an account • Belongs to only the groups necessary • Signed approval • Usually only in one workgroup

  9. Passwords • Length • At least 8 characters • Upper & lower case, numeric & non • Hints – geometric patterns, equations, code • Lifetime • Max - 30 – 60 days • Min – at least one day • History – 10 – 20 changes • Authority

  10. Password Use • Require authentication at login • Require re-authentication after Idle periods • Deny login after n attempts

  11. Password Policy • Complexity • Age – min & max • History • Length

  12. Workstation Security Tools • Windows Security Tools • MMC • Security Configuration & Analysis Snap-in • secpol.msc http://csrc.nist.gov/itsec/download_WinXP.html Windows Vista Security Guide Windows XP Security Guide.

  13. A GUI way to do it • Microsoft Management Console • Permits “Snap-in”s for various system management functions • Security configuration and analysis is one • Accessed via the “run” option or a command line prompt

  14. Security Templates Tool • MMC Snap-in • Creates security templates • Imports security templates • Modifies security templates

  15. Get the Security Templates • Go Windows Vista Security Guide • Scroll dow to the down load button • Retreive the .msi file • Double click on the downloaded file • Follow your nose • Make a note where it put the templates

  16. Find Local Security Policies

  17. Security Templates Location XP Vista Windows 7

  18. mmc Console • A GUI snap-in for the mmc • Microsoft Management Console • Windows-r -> Run... typemmcclick OK • Select File > Add/Remove Snap-in • Click Add.. • Select Security Templates • Right click on security and select path to templates • Click Add, Close, OK • File -> Save As • Name the Console Sec_I_Console.msc • Save

  19. Add/Remove Snap-in

  20. Add Snap-In

  21. Select Path to Templates Right click on Security Templates

  22. Select Path under current user

  23. Save it! ->File -> Save As

  24. Saved

  25. Check it out (MS) • Run mmc • Open your previous Security Console • File -> open -> Sec_I_Console.msc • Open Security Templates • Open VSG EC Domain • Open Account Policies • Open Password Policy • Check it out

  26. XP - mmc Console

  27. XP - Password Policy

  28. Vista - Open your Consol

  29. Vista - Check It Out

  30. Vista - Edit a Policy

  31. Vista - Password Policy

  32. Check it out (NIST) • Run mmc • Open your previous Security Console • File -> open -> Sec_I_Console.msc • Open Security Templates • Open VSG EC Domian • Open Account Policies • Open Password Policy • Check it out

  33. Adjust settings • Choose the template that you wish to adjust • Adjust settings to comply with policy • Right click on template name • Choose Save As(different)

  34. Security Configuration &Analysis • A GUI snap-in for the MMC • Microsoft Management Console • Programs -> Run...typemmcclick OK • Select File > Add Remove Snap-in • ClickAdd.. • Select Security Configuration and Analysis • Click Add, Close, OK • File -> Save in Administrative Tools

  35. Security Configuration and Analysis

  36. Create a Security SettingsDatabase • Right click Security Configuration and Analysis • SelectOpen Database • Type in a file name to create a new database

  37. Create a Data Base

  38. Security Settings Database

  39. Pick a Name

  40. Analyze • Compare current security settings to settings saved in the data base • Right click onSecurity Configuration and Analysis • SelectAnalyze Computer Now • Save log somewhere you can remember • Take a look at the log

  41. Analyze current WS configagainst VSG EC Domian

  42. Check Out the Ratings

  43. Configure Security Settings • Right click on Security Configuration and Analysis • Select Configure Computer Now • CAUTION: • It is all over • Make sure your password satisfies the policy • Etc., etc., etc., etc., etc.

  44. Security Settings • You can have many templates • You can create your own • You can merge templates • You will have to reinstall Windows many times before you get it right • Develop your template on a test bench • Test, test, test!

  45. Lab • Do what we just did • Comment on the settings of the workstation • Start with the Default Settings • Change some of the settings • Configure the workstation • Analyze again • How are you doing? • Show some work

  46. Assignment • Write a password policy • Implement this password policy • List the procedure, i.e. list the settings for the mmc • Test it.

More Related