1 / 23

HARDENING CLIENT COMPUTERS

Chapter 8. HARDENING CLIENT COMPUTERS. OPERATING SYSTEM SECURITY FEATURES. Microsoft Windows 98/Windows Me Windows NT 4.0 Windows 2000 Professional Windows XP with Service Pack 2. DESIGNING CLIENT SECURITY TEMPLATES. Create a custom security template for each client role: Desktop Laptop

zack
Télécharger la présentation

HARDENING CLIENT COMPUTERS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 HARDENING CLIENT COMPUTERS

  2. Chapter 8: Hardening Client Computers OPERATING SYSTEM SECURITY FEATURES • Microsoft Windows 98/Windows Me • Windows NT 4.0 • Windows 2000 Professional • Windows XP with Service Pack 2

  3. Chapter 8: Hardening Client Computers DESIGNING CLIENT SECURITY TEMPLATES • Create a custom security template for each client role: • Desktop • Laptop • Kiosk • Base custom templates on default workstation templates • Never modify default security templates

  4. Chapter 8: Hardening Client Computers DESIGNING A CLIENT COMPUTER OU MODEL • Create OUs for different operating system versions • Avoid using Windows Management Instrumentation (WMI) filtering • Create OUs for different computer roles • Create OUs for organizations with special security requirements • Use security groups to apply GPOs to cross-sections of client computers

  5. Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 1

  6. Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 2

  7. Chapter 8: Hardening Client Computers CLIENT COMPUTER OU MODEL SAMPLE 3

  8. Chapter 8: Hardening Client Computers THIRD-PARTY SECURITY SOFTWARE • Antivirus protection • Antispyware protection • Network backups • Host-based firewalls for earlier versions of Windows

  9. Chapter 8: Hardening Client Computers DESIGNING SOFTWARE RESTRICTION POLICIES • Hash rules • Certificate rules • Path rules • Internet zone rules

  10. Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT • Windows components • The Start menu • The desktop • The Control Panel

  11. Chapter 8: Hardening Client Computers RESTRICTING THE DESKTOP ENVIRONMENT (CONT.) • Shared folders • The network • System settings • Printers

  12. Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: BEFORE

  13. Chapter 8: Hardening Client Computers RESTRICTING THE START MENU: AFTER

  14. Chapter 8: Hardening Client Computers PROTECTING DESKTOP COMPUTERS • Grant users only local User privileges or less • Remove unnecessary items from the desktop and the Start menu • Leverage the Hisecws.inf security template • Use Group Policy settings to rename default accounts

  15. Chapter 8: Hardening Client Computers PROTECTING MOBILE COMPUTERS • At greater risk than desktop computers, mobile computers might be: • Stolen • Damaged • Used for personal use • Mobile computers require greater flexibility than desktop computers: • Connect to home networks and wireless hotspots • Users might need to install printer drivers • Mobile computers use EFS to protect confidential files

  16. Chapter 8: Hardening Client Computers PROTECTING KIOSKS • Very likely to be abused • Should be extremely restricted • Should not be connected to the internal network

  17. Chapter 8: Hardening Client Computers THE .NET FRAMEWORK • Next-generation application environment: • Required for many new applications • Dramatically more secure • Included with Windows Server 2003 • Free download for earlier operating systems

  18. Chapter 8: Hardening Client Computers CAS OVERVIEW • Role-based security restricts what users can do • CAS restricts what applications can do • Grants access to the file system, registry, printers, the network, and other resources based on permissions assigned to an application • Enables you to run potentially malicious applications safely • Works only with .NET Framework applications

  19. Chapter 8: Hardening Client Computers CAS AT WORK

  20. Chapter 8: Hardening Client Computers CAS ELEMENTS • Evidence • Permission • Permission set • Code groups

  21. Chapter 8: Hardening Client Computers CAS AND OPERATING SYSTEM SECURITY

  22. Chapter 8: Hardening Client Computers GUIDELINES FOR USING CAS • Use the principle of least privilege • Test applications thoroughly after restricting CAS • Push developers to use the .NET Framework • Encourage software vendors to migrate to the .NET Framework

  23. Chapter 8: Hardening Client Computers SUMMARY • Earlier versions of Windows lack important security features • Use security templates and GPOs to implement client security • Create different configuration settings for client roles, operating systems, and security requirements • Use .NET Framework and CAS to reduce the risks of malicious or vulnerable software

More Related