Monitoring and Administer

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 44

Monitoring and Administer

System and Network Security

Chapter One: Ensure user accounts are


controlled
Chapter At Glance (Chapter 1)
1. Modify default user settings to confirm security policy

2. Modify previously created user setting to update security policy

3. Ensure Displayed legal notices at logon

4. Use appropriate utilities to check strength of passwords and


complexity

5. Review actions taken to ensure password procedures

6. Access information services to identify security gaps


Modifying default user settings to confirm security policy
 What is Windows Security Policies ?

 Windows Security Policies are a set of configurations that can be

applied on desktops to enhance security.

 Security policies determine the various security restrictions that


can be imposed on the users in a network.

 Windows Server 2008 creates a Default Domain Policy GPO

for every domain in the forest.


Modifying default user settings to confirm security
policy(cont…)
Group Policy Object (GPO)
Microsoft’s Group Policy Object (GPO) is a collection of
Group Policy settings that defines what a system will look
like and how it will behave for a defined group of users.
Types of GPOs
There are three types of GPOs:
1. Local,
2. Non-local and
3. Starter.
1. Local Group Policy Objects
Local group policy objects exist by default on all

Windows computers and are utilized when IT admins


need to apply policy settings to a single Windows
computer or user.
These types of GPO's only apply to local computers and

to the users that log on to that computer on-site.


2. Non-local Group Policy Objects
Unlike local GPO's, non-local group policy objects

require your Windows computers and users to be linked


to Active Directory objects, sites, domains, or
organizational units.
This means that non-local GPO's can apply to one or

more Windows computers and users.


3. Starter Group Policy Objects
Starter GPOs are templates for group policy

settings.
These templates enable IT, administrators, to

pre-configure a group of settings that represent a


baseline for any future policy to be created.
Modifying default user settings to confirm security
policy(cont…)
Windows Server 2008 creates a Default Domain Policy GPO
for every domain in the forest. This domain is the primary
method used to set some security-related policies such as
password expiration and account lockout.
You can use fine-grain password and account lockout policy
to apply custom password and account lockout policy
settings to individual users and global security groups within
a domain.
Modifying default user settings to confirm security
policy(cont…)
The domain password policy allows you to specify a range of
password security options, including how frequently users change
their passwords, how long passwords must be, how many unique
passwords must be used before a user can reuse one, and how
complex passwords must be.
You can use account lockout to prevent successful brute force
password guessing. If it's not enabled, someone can keep
attempting to guess username/password combinations very rapidly
using a software-based attack. The proper combination of settings
can effectively block these types of security vulnerabilities.
Using Account Lockout Policy, you can configure the
following settings:

1. Account lockout duration

2. Account lockout threshold

3. Reset account lockout counter after


Account lockout duration
This option determines the amount of time that a locked-

out account will remain inaccessible. Setting this option to


0 means that the account will remain locked out until an
administrator manually unlocks it. Select a lockout duration
that will deter intruders without crippling your authorized
users; 30 to 60 minutes is sufficient for most environments.
Account lockout threshold
This option determines the number of invalid logon

attempts that can occur before an account will be


locked out. Setting this option to 0 means that accounts
on your network will never be locked out.
Reset account lockout counter after
 This option defines the amount of time in minutes after a bad

logon attempt that the “counter” will reset. If this value is set to
45 minutes, and user jsmith types his password incorrectly two
times before logging on successfully, his running tally of failed
logon attempts will reset to 0 after 45 minutes have elapsed. Be
careful not to set this option too high, or your users could lock
themselves out through simple typographical errors.
Self Check
1. ___option determines the amount of time that a locked-out
account will remain inaccessible.

A. Reset account lockout counter after

B. Account lockout duration

C. Account lockout threshold


Cont…
2. _____ allows you to specify a range of password security options

A. The domain password policy

B. Client password policy

C. Adding roles
3. _____ Option defines the amount of time in minutes after a
bad logon attempt that the “counter” will reset.
A. Reset account lockout counter after
B. Account lockout duration
C. Account lockout threshold
Modifying previously created user
setting to update security policy
Managing user account settings
User accounts are created so that people can identify
themselves to the system and receive access to the network
resources they need.
In Windows Server 2008 with Active Directory enabled, user
accounts (often called user IDs) are assigned using the Active
Directory Users and Computers management console.
On standalone Windows Server 2008 computers, user accounts
are created using the User Accounts applet in Control Panel.
User Account Settings
User Account Settings
 "User must change password at next logon" means that the user will
be required to change their password the next time they log in to the
system.
 User Cannot Change Password. Typically, an organization wants users
to be able to change their own passwords, but occasionally (as for a
visitor account) the password should not be changed.
 Password never Expire
 These applications expect the password to never be changed, or if it is
changed, the change must be performed using the management tool for
the application, and not through the ADUC.
Account Is Disabled.
Self Check
1. Users are identify themselves to the
system and receive access to the network
resources they need using:
A. User accounts
B. File server
C. Print server
2. ____setting prevents users to be able to
change their own passwords.
A. Disable password
B. User Cannot Change Password
C. Expire password
3. _____ setting that allows the administrator to
exempt the account from the password-
expiration rule.
A. Creating password
B. Password expiration
C. Changing password
Ensuring Displayed legal notices at logon
Configure Legal Notices on Domain Computers Using Group Policy
 On most operating systems, one of the most effective ways to
regularly communicate legal obligations to users is with a login
message.
 When you configure legal notice, the legal notice message appears
when the user hits CTRL+ALT+DEL.
 Most of all you can configure legal notices on domain computers
in two ways:
1. You can write a fancy script and execute it at the every logon
2. Configure legal notice using a group policy.
Self Check
1. When you configure legal notice,
the legal notice message appears
when the user
hits__________________ keys
2. Most of all you can configure legal notices on domain
computers in two ways :
A. _______________________________________________
B. _______________________________________________
3. the most effective ways to regularly communicate legal
obligations to users is with a _______message.
Using appropriate utilities to check strength of passwords
and complexity

Utilities used to check strength of passwords and complexity


Best Practices for Password Strength Checkers

Critically, most password strength checkers judge


credentials based on two key factors: strength and
complexity
Consider the following recommendations
 Don’t Allow Repeated Passwords: They should never cross-use their credentials.

 Don’t Allow the Sharing of Passwords: forbid employees from writing down

their passwords, either on physical paper or in document applications.


 Don’t Incorporate Personal Information into Your Passwords: birthdays…

 Remember Password Expiration Policies Don’t Work

 Secure Privileged Access Accounts as Well

 Select a Next-Gen Identity and Access Management Solution


The Top 6 Password Strength Checkers and Validation Tools

1. Comparitech Password Strength Test: provides a strong baseline for other


password strength checkers.

2. My1Login Password Strength Test: gives an estimate on the time needed to


crack the password.

3. Thycotic Password Strength Checker: recognize the most common passwords


and warns against them.

4. LastPass: How Secure Is My Password?

5. JavaScript Password Strength Checkers Code: external password strength


Self Check
1. The two credentials used to check password is:
A. Strength and complexity.
B. Hacker and cracker
C. Password expiration policy
2. Which one not allowed to securing pass word?
A. Incorporate Personal Information into Your Passwords
B. Sharing password
C. All
3. To make our password complex we have to use a
combination of:
A. letters both upper and lower case
B. Numbers
C. Punctuation
D. All
Reviewing actions taken to ensure password procedures
Best Practices/Recommendations to implement password procedures
When creating a password procedure, it is important to consider:
 Enforced through software security settings.
Minimum length of a password and expiry cycle for passwords.
Issues that would be linked to user education include not having
passwords displayed on sticky notes and not sharing passwords.
 Password retention.
Benefits of a Password Procedure
• Appropriate access for all staff;

• Effective identity management and access auditing;

• Preservation and protection of personal information


entrusted to your care;

• Protection of YOUR personal information


After Action Review (AAR)
 The After Action Review (AAR) is a simple but powerful tool to

help you do this. Conducting an AAR at the end of a Project,


program or event
 Can help you and your team learns from your efforts.

 Furthermore, sharing the results from your AAR can help future

teams learn your successful strategies and avoid pitfalls you have
worked to overcome.
An AAR is centered on four questions:
1. What was expected to happen?
2. What actually occurred?
3. What went well and why?
4. What can be improved and how?
Self-Check
1. Which one of the following NOT benefits of a password
procedure?
A. Appropriate access for all staff;
B. Effective identity management and access auditing;
C. Single Point Of Failure;
D. All of the above
2. When creating a password procedure, it is important to
consider
________________________________________
________________________________________
________________________________________
________________________________________
________________________________________
________________________________________
3. AAR stands for ____________________________
4. The four After Action Review question is:
________________________________________
________________________________________
________________________________________
________________________________________
Accessing information services to identify security
gaps
A primary task of any information security professional is to
manage or perform an information security gap analysis to
find potential security vulnerabilities and risks and to use
the information to implement solutions to bridge the gaps.
The main objective of security analysis is to continually
improve and move closer to the desired security position
and to transition security from its current state to its future
improved state.
Importance of gap analysis
 A gap analysis can be performed for various reasons. Generally, no

matter the background,


 It is a tool used for improving the state of something to raise the

performance level of the particular area in question.


 It can be used at different levels. Also,

 It can be centered on different perspectives, such as organizational,

business process, business direction, and technology perspectives.


Cont….
An information security gap analysis is an excellent way for
an organization to understand where to focus its security
efforts for maximum security improvement.
Additionally, it’s often a compliance requirement, to obtain
and maintain compliance with a particular standard or
regulation. However, this is not the only reason for
performing one. A primary purpose is to help organizations
uncover risks and vulnerabilities and to improve their
information security posture ultimately.
Self-Check
1. The main objective of security analysis is to continually
improve and move closer to the desired security position
A. True
B. False
2. Gap analysis can be centered on:
A. Organizational
B. business process
C. business direction and technology perspectives
D. All
The End of Chapter One
1. What is windows security policies 6. Most of all you can configure
? legal notices on domain
2. What is group policy object computers in two ways:
(GPO) and it types of gpos
3. Explain types of account lockout 7. Explain
Comparitech Password Strength
policy
4. Define user accounts and method Test
My1Login Password Strength
of creating user account.
5. User account setting Test
 User must change password at next Thycotic Password Strength
logon Checker
 User cannot change password JavaScript Password Strength
 Password never expire
Checkers Code
 Account is disabled
LastPass

You might also like