Scribd Logo
Upload

Welcome to Scribd!

  • 50 views

    6430A - 05 Managing Security

    Uploaded by

    Katherine Ngai Lam Wong

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    6430A - 05 Managing Security

    Uploaded by

    Katherine Ngai Lam Wong
    50 views17 pages

    Original Title

    6430A_05 Managing Security

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    50 views17 pages

    6430A - 05 Managing Security

    Uploaded by

    Katherine Ngai Lam Wong

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    You are on page 1of 17

    Planning and Administering

    Windows Server® 2008


    Servers
    Module 5: Managing Windows Server 2008 Security
    • Planning a Defense-in-Depth Strategy

    • Implementing Host-Level Security for Windows Server


    2008
    • Implementing Network Security for Windows Server 2008
    Lesson: Planning a Defense-in-Depth Strategy
    • Characteristics of a Defense-in-Depth Strategy

    • Layers in a Defense-in-Depth Strategy


    Characteristics of a Defense in Depth Strategy

    A robust defense-in-depth strategy includes:

     A security risk management framework


     Identity and access management policies
     Network protection
     Update management
     Education
     Incident response
     Continual reassessment and optimization
    Layers in a Defense-in-Depth Strategy

    Perimeter defenses

    Network defenses

    Host defenses

    Application defenses

    Data defenses

    Physical security

    Policies and procedures


    Lesson: Implementing Host-Level Security for
    Windows Server 2008
    • Assigning Administrative Permissions

    • Windows Server 2008 Firewall Configuration

    • Implementing Security Policies

    • Implementing Security Templates

    • Converting Security Configuration Wizard Settings to


    Security Templates
    Assigning Administrative Permissions

    • Principle of least privilege


     Identify administrative permissions or
    privileges required
     Grant only those permissions or privileges
    • Granting privileges
     Factors affecting decision
     Relinquishing rights
    Windows Server 2008 Firewall Configuration

    • Direction

    • Port

    • Program

    • Protocol

    • Source IP address

    • Destination IP address

    • Connection security rule


    Implementing Security Policies

    Security Configuration Wizard template


    settings include:
    • Server roles
    • Client features
    • Additional services
    • Firewall rules
    • Authentication options
    • Audit policy
    Implementing Security Templates

    • Built-in templates
     Configure default security settings or
    recommended values

    • Microsoft templates
     Download additional templates with
    security guides

    • Custom templates
     Security Templates MMC snap-in
     Security Configuration and Analysis MMC
    snap-in
    Converting Security Configuration Wizard
    Settings to Security Templates

    Convert SCW security policies directly to GPOs

    Scwcmd.exe transform /p:SCWpolicyname.xml


    /g:GPOname
    Lesson: Implementing Network Security for
    Windows Server 2008
    • Windows Server 2008 Server Locations

    • Options for Network Security

    • Recommendations for Implementing Windows Server 2008


    Server Core
    Windows Server 2008 Server Locations

    Bastion host

    Internal

    Perimeter
    Network

    • Perimeter network

    • Bastion host

    • Internal
    Segmented
    networks • Segmented networks
    Options for Network Security

    Requirement Security Measures


    • Physical security
    • 802.1x authentication
    • Network segmentation
    Secure Network Access
    • Firewalls
    • Network Access Protection
    (NAP)
    • Network segmentation
    Secure Network Traffic • Firewalls
    • IPSec
    Recommendations for Implementing Windows
    Server 2008 Server Core

    Server Core enables


    you to install roles
    without additional
    services or the GUI
    Extranet
    • AD DS
    • AD LDS
    • DHCP
    • DNS
    • File Server
    • Print Server
    • IIS
    Perimeter
    network • Streaming Media
    Lab: Managing Windows Server 2008 Security
    • Exercise 1: Planning a Windows Server 2008 Security
    Configuration
    • Exercise 2: Implementing File Server Security

    Logon information
    6430A-NYC-DC1-05
    Virtual machine
    6430A-NYC-SVR1-05

    User name Woodgrovebank\Administrator

    Password Pa$$w0rd

    Estimated time: 45 minutes


    Module Review and Takeaways
    • Review Questions

    • Best Practices

    • Tools

    You might also like