1 / 26

Microsoft Server 2008 R2

Microsoft Server 2008 R2. Group Policies & Network Policy and Access Services. Agenda. Group Policies Network Policy and Access Services. Group Policies. Using Group Policies to harden W indows 7

beata
Télécharger la présentation

Microsoft Server 2008 R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services

  2. Agenda • Group Policies • Network Policy and Access Services

  3. Group Policies • Using Group Policies to harden Windows 7 • The following will outline several methods to secure a network environment using Group Policies • Microsoft doc defining settings to harden Windows 7 • http://www.microsoft.com/en-us/download/details.aspx?id=24373

  4. Group Policies • Computer Configuration(CC)Privacy settings • Interactive logon: Do not display last user name • CCSecurity Settings • Shutdown: Allow system to be shut down without having to log on • Network security: Do not store LAN Manager hash value on next password change • This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.

  5. Group Policies • Network access: Do not allow storage of credentials or .NET Passports for network authentication • This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication. If you enable this setting, Credential Manager does not store passwords and credentials on the computer. • Removable Disks: Deny write access • Internet Explorer • Disable context menu • Ensures that users cannot access other features that have been disabled • Disable customizing buttons • Disable Internet Options tabs

  6. Group Policies • Control Panel Access • Prevent access • Windows Explorer • Do not move deleted files to the Recycle Bin • Hide these specified drives in My Computer • Start menu and taskbar • Hide the notification area • Lock the Taskbar • System • Prevent access to registry editing tools • Prevent access to the command prompt

  7. Group Policies • Controlling applications • Application Control Policies • Software Restriction Policies

  8. Group Policies • Applocker requirements • Works on Windows 7 and newer • Only available on 7 Enterprise and Ultimate…not Pro  • Application Identity service must be running. • Add default rules to prevent stepping on “required” services

  9. Group Policies • Applocker • Add default rules • Create new rule

  10. Group Policies • Software Restriction Polices • Similar to Applocker, works on XP and later

  11. GPO Questions

  12. Network Policy and Access Services • Routing and Remote Access Service(RRAS)-pronounced “R-Razz” • Formerly Remote Access Service in NT 4.0 • Bundled to compete with Novell's NetWare Connect • Now included as a role in Network Policy and Access Services

  13. Network Policy and Access Services • First we must know some routing information • TCP adds more to IP to allow they concepts of connection • Handshaking—3 way handshake. SYN, SYN/ACK, SYN • Sequencing—ensures that no two bytes are repeated or sent out of sequence • Flow control—keeps traffic flowing w/out having to wait and take up too much memory. • Error indication—an application that closes unexpectedly can be signaled to its communicating partner with a reset • Ports—each IP address has 131,070 ports. Similar to extensions for a phone number • Socket • Port (both local and foreign) • IP Address (both local and foreign) • Protocol (TCP/UDP)

  14. Network Policy and Access Services • Routing un-routable addresses? • NAPT—Network address/port translator. • One external IP address for several internal private IP addresses. This router would look beyond the IP layer into the TCP/UDP layer and use the IP address and port to map connections. • This is also referred to as Port Address Translation (PAT)

  15. Network Policy and Access Services • Viewing and troubleshooting our routing tables • Route print

  16. Network Policy and Access Services • Viewing and troubleshooting our routing tables

  17. Network Policy and Access Services • Two functions: • Accepting Inbound calls • Universal Gateway to your network • Same functionality as if they were attached to the LAN, although slower. • Connecting one private network to another. • Placing Outbound calls (DUN) • Dial Up Networking • Internet Connectivity • Internet Gateway utilizing NAT (Network Address Translation) • Poor-mans proxy server

  18. Network Policy and Access Services • Accepting VPN (virtual private network) from remote clients • Running a secure private network over an insecure public network (internet). • All clients need is an internet connection and a valid IP address and then establishing a VPN session to the RAS server. • Session is secure and encrytped.

  19. Network Policy and Access Services • Added as a Role in 2008 R2

  20. Network Policy and Access Services • Add supporting role features

  21. Network Policy and Access Services • After installed, you must Enable Routing and Remote Access • Read carefully all options based on need

  22. Network Policy and Access Services • Determine how the remote uses will be assigned IP addresses for internal network.

  23. Network Policy and Access Services

  24. Network Policy and Access Services • Configure client connection by adding a new connection in Network and Sharing Center

  25. Network Policy and Access Services • Select connection option and complete wizard on workstation

  26. Things to consider • How will it be utilized? • What will be running on your DUN or VPN? • File-based apps versus client-server apps • Microsoft Access versus Microsoft SQL Server • Access requests continuously query the drive after each record search. • SQL a query is sent to the server from a client application and the query is run at the server and results are then transmitted back to the client. • What connection will be required? • RRAS supports: • X.25: old “cloud” technology that typically tops out at 56-64k, although reliable • Frame-Relay: same as x.25 but faster, single connection to cloud. • Modems • ISDN • Point to point…

More Related