html5-img
1 / 22

IS3340 Windows Security Unit 2 Setting up Windows Systems with Secure Access Controls

IS3340 Windows Security Unit 2 Setting up Windows Systems with Secure Access Controls. Learning Objective and Key Concepts. Learning Objective Implement secure access controls when setting up Microsoft Windows in a given organization. Key Concepts Principle of least privilege

magee
Télécharger la présentation

IS3340 Windows Security Unit 2 Setting up Windows Systems with Secure Access Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS3340 Windows Security Unit 2 Setting up Windows Systems with Secure Access Controls

  2. Learning Objective and Key Concepts Learning Objective • Implement secure access controls when setting up Microsoft Windows in a given organization. Key Concepts • Principle of least privilege • Identification, authentication, and authorization of Microsoft Windows users • Using access control lists • Microsoft Windows access management tools

  3. EXPLORE: CONCEPTS

  4. Access Requirements of Ken 7 Windows Limited • Ken 7 Windows Limited • Manufacturing users need access to new shop floor workstations and functions. • Planning users need access to certain workstations in the office and planning functions. • Accounting users need access to accounting workstations and accounting functions. • Purchasing users need access to certain workstations in the office and purchasing functions.

  5. Concepts of Access Controls • Active Directory allows you to define which users or groups can log on to groups of computers. • Active Directory allows you to define user or group-based access control lists (ACLs). • Active Directory can deploy ACLs that restrict object access by user or group. • Most applications also implement specific access controls.

  6. Principle of Least Privilege

  7. Identification, Authentication, and Authorization

  8. Access Control Methods

  9. Windows ACLs • Each object has ACLs. • ACLs in Active Directory are made up of lists of access control entries (ACEs). • Each ACE defines a user or group’s access privileges for an object. • Active Directory makes it easy to distribute ACLs to many computers.

  10. ACLs for Ken 7 Windows Limited • Active Directory can only allow users to logon to specific computers. • Active Directory can distribute ACLs that define standard access to objects by user or group. • Fine grained access controls are needed in the enterprise resource planning (ERP) software to limit access to functions.

  11. EXPLORE: PROCESS

  12. Think Security Control Process Evaluate Plan Implement Design

  13. EXPLORE: ROLES

  14. Key Roles in Securing Access Controls

  15. EXPLORE: CONTEXT

  16. Government Example • Documents have a classification (Integrity Level) • Unclassified • Restricted • Confidential • Secret

  17. Government Example (Continued) • Users or processes receive a clearance (Integrity Level) • Need to know • User clearance => object classification • Plus need to know

  18. Enterprise Example • Groups based on roles • ACLs defined by groups • RBAC strategy • Active Directory provides group ACL management

  19. EXPLORE: RATIONALE

  20. Payment Processor • Payment processor company—processes credit card payments • Multiple retail customers • Millions of credit card transactions • Multiple databases on server • Separate database for each retail customer

  21. Payment Processor (Continued) • Weak access controls risk leads to: • Data disclosure, modification, and inaccessibility (unavailable) • Strong access controls help by: • Making operating systems (OSs) ACLs restrict folders or files users can access • Making database or application access controls limit access to data

  22. Summary In this presentation, the following topics were covered: • Access controls • Principle of least privilege • Security control process • Example of payment processor company

More Related