COMP 3122 Network Management Richard Henson March 2011

  • Slides: 36
Download presentation
COMP 3122 Network Management Richard Henson March 2011

COMP 3122 Network Management Richard Henson March 2011

Week 5 – Active Directory & Domain Security n Objectives – Explain the essential

Week 5 – Active Directory & Domain Security n Objectives – Explain the essential features of a secure networked system – Use W 2 K group policies to implement networkwide security – Identify the weak links in a networked system and take steps to reduce/eliminate the possibility of unauthorised access

The Nature of Security within Networks n Data held on a single workstation in

The Nature of Security within Networks n Data held on a single workstation in an open office is unlikely to be truly secure – operating system itself may be secure… – still possible for the hard disk to be removed and the data extracted in a different environment!! n Two Protection issues to be addressed: – unauthorised system access » network configuration & monitoring – undesirable physical access » keeping people away… & locking it down…

Physical Security of the Network n What to do with sensitive data – hold

Physical Security of the Network n What to do with sensitive data – hold in an encrypted form – on a computer in a secure room » only network administrators can gain access » no chance of an outsider physically getting hold of the hard disk containing the data – in the highly unlikely event that an outsider/rogue insider did get hold of the data, they wouldn’t be able to make sense of it n Data should also be backed up in another location in case of fire, earthquakes, etc

Physical Security of copied data n Typically on CD or memory stick – could

Physical Security of copied data n Typically on CD or memory stick – could also be removable hard disk n Simple way to keep copied data secure: – password protection not enough… – use strong encryption over all files » previous, deleted data might still be accessible

Accessing Data on a Secure Computer Users should only be able to access organisational

Accessing Data on a Secure Computer Users should only be able to access organisational data via network from the server n Even then, potential physical & system vulnerabilities: n – physical security of data as it travels along a cable – unauthorised access to downloaded data » at rest on the client machine » whilst being accessed by an authorised user

Vodafone (and how not to do network security…) n Yesterday morning, 100, 000 people

Vodafone (and how not to do network security…) n Yesterday morning, 100, 000 people couldn’t use the Vodafone network – thieves broke into the operator's Basingstoke exchange and stole their switches (i. e. routers) – the police were quickly notified n Vodafone noticed its own network collapsing – assembled its "War Room" which is supposed to deal with network outages n It took 12 hours to fix the problem – why was such critical kit so vulnerable?

User Responsibility n Rule of the network: – all users MUST bear responsibility for

User Responsibility n Rule of the network: – all users MUST bear responsibility for data they access – should enter a signed agreement when they get their log on n To support this, network software should make sure that: – users have appropriate access through allocation to groups – user activities can be monitored and logged – sufficient auditing is undertaken to scrutinise the activity of individual users…

Accessing Data on a Secure Computer n Typical user errors: – giving other employees/outsiders

Accessing Data on a Secure Computer n Typical user errors: – giving other employees/outsiders their password – using an easily guessed password n Typical administrator errors: – leaving username on display after log off – not enforcing long (8 character min, inc caps/lower, number, punct. mark) passwords – not ensuring that the downloaded data is physically no longer available once that user has logged off

Accessing Data on a Secure Computer n n Client machine MUST use an operating

Accessing Data on a Secure Computer n n Client machine MUST use an operating system that allows file/folder level security Suitable secure desktop file systems: – UNIX file system – NTFS n Alternative is to use dumb terminals – no local storage – impossible to get at the electronic data from the client end

Accessing Data on a Secure Computer n n BUT even with a secure file

Accessing Data on a Secure Computer n n BUT even with a secure file system, other users could still see the screen! Even with no local storage: – – the data will be displayed on a screen with poor user technique: » data could even be left on the screen » the screen contents could be photographed by someone… n Answer: – use screen savers that cut in very quickly when a mouse button is not being clicked

Printing or Emailing Accessed Data n If someone has security rights to access the

Printing or Emailing Accessed Data n If someone has security rights to access the data, they will also be able to: – print it out – email it to someone else n Anyone with such rights must therefore be completely trustworthy…

How File Systems Manage Security (revision? ) n n Several different levels of permissions

How File Systems Manage Security (revision? ) n n Several different levels of permissions Particular folder permissions allocated to groups of users, starting from the root e. g. – – n n n managers may have read, execute, and write students may have read and execute only Files inherit the permissions of the folder that contains them Subfolders inherit the characteristics of the parent folder Inheritance can be overridden

Security Policy n Responsibilities of network users and administrators needs to be clearly defined

Security Policy n Responsibilities of network users and administrators needs to be clearly defined as a matter of organisational policy – objective: ensure that AT ALL TIMES company data is only being accessed by an authorised user

Security Policies n Define expectations for: – proper computer usage – procedures for preventing

Security Policies n Define expectations for: – proper computer usage – procedures for preventing and responding to security incidents n Can be imposed in two ways: – Local system policy » security policy file held on individual computers – Group policy » uses active directory to impose policy across the domain » not possible for computers running NT » not possible if partitions are formatted using FAT or FAT-32

Enforcement of Policy on Windows networks n Local system policy – security policy file

Enforcement of Policy on Windows networks n Local system policy – security policy file held on individual computers n Group policy – uses active directory to impose policy across the domain – not possible for pre-Windows 2000 operating systems – not possible if partitions are formatted using FAT or FAT-32

Security Template Files n “one I prepared earlier…” – quicker to customise to needs

Security Template Files n “one I prepared earlier…” – quicker to customise to needs than start over… n Implementation of security policy on – Individuals & groups on Windows networks – 600+ settings in Windows 2000, now many more… n Stored as a text file (. inf) – predefined templates are “ready to use” e. g. : » » basic (default) compatible (all applications still run) secure high (testing high security applications only)

Using Security Templates n SAM (security accounts manager) crucial to setting up user security:

Using Security Templates n SAM (security accounts manager) crucial to setting up user security: – controls security during logon process n During logon, security templates imported into the relevant SAM of: – each individual computer (system policy) – the domain controller of a Windows domain (group policy)

Analysing/Changing Local Security n Templates & SAM combine: – default security configuration of the

Analysing/Changing Local Security n Templates & SAM combine: – default security configuration of the local computer compared with a configuration imported from a template – configuration then changed to become like the template n Changes to template settings achieved by – GUI: security configuration “snap in” n Or: – command line tool (secedit. exe)

Implementing Policy n Group Policy settings are really powerful – only administrators have access

Implementing Policy n Group Policy settings are really powerful – only administrators have access to manage these on a system or domain n As with computer policy… – usually more convenient to edit an existing policy template than create a new one from scratch

Auditing Access to System/Network Resources n n Auditing - the process of tracking predefined

Auditing Access to System/Network Resources n n Auditing - the process of tracking predefined events Many events can be tracked on a computer and computer network… – a record of each event is written to an “event file” n Contents of a Windows network Audit record: – – Action User Success or failure Additional info » e. g. computer ID where event occurred/failed

Access to Audit Entries n All recent Windows systems are capable of recording a

Access to Audit Entries n All recent Windows systems are capable of recording a wide range of events – saved in Security Event Log – as a structured text file n Contents easily viewed – service called Event Viewer – available from menus

The Importance of Audit n Essential in the case of: – – – n

The Importance of Audit n Essential in the case of: – – – n network failure server failure breach of security Extremely useful for troubleshooting: – – – what failed what went wrong finding who’s username was used to hack into the system

What to Audit n Audit files can grow very large, very quickly, – only

What to Audit n Audit files can grow very large, very quickly, – only essential information should be stored n Examples: – – – – Account logon Account Management Active Directory object access Logon Object access Policy Change Privilege Use Process Tracking

Audit Policy n Part of Information Security Policy – Again, implemented through Group Policy

Audit Policy n Part of Information Security Policy – Again, implemented through Group Policy n Planning: – – – n which computers need events auditing? which events to audit? whether to audit success or failure (or both!) whether to track trends of system usage? when to schedule review of security logs? Set up: – security template for Group Policy

Auditing Access to “file object” resources – failure for read operations – success and

Auditing Access to “file object” resources – failure for read operations – success and failure for delete – success and failure for: » change permissions » take ownership – success and failure of all operations attempted by “guests” group – file and folder access on shares

Auditing Access to Windows “print object” resources n Reminder from COMP 2122: – Windows

Auditing Access to Windows “print object” resources n Reminder from COMP 2122: – Windows “printer” = printing management system – Print device = physical printer n Auditing specified printers: – failure events for print operations on restricted printers success and failure for full control operations – success events for delete so incomplete print jobs can be tracked – success and failure for change permissions and take control on restricted printers

Implementing an Audit Policy on a System n Typical Policy Settings: – Password policy

Implementing an Audit Policy on a System n Typical Policy Settings: – Password policy – Account Lockout policy – Audit policy – IP Security policy – user rights assignment – recovery agents for encrypted data

Local/Domain Security Policy n Local: – available for all Windows 2000/XP/Vista/7 computers that are

Local/Domain Security Policy n Local: – available for all Windows 2000/XP/Vista/7 computers that are not domain controllers n Domain: – local security settings still apply when logged on locally » but may well be overridden by policies received from the domain controller, when logging on to the domain

Policy Files & Tools for editing them n Management of Policy: – MMC (Microsoft

Policy Files & Tools for editing them n Management of Policy: – MMC (Microsoft Management Console) – available via command line (type mmc) to create “console” files for system admin – user mode: » access existing MMC consoles to administer a system – author mode: » creation of new consoles or modifying existing MMC consoles

The “Security Configuration and Analysis” options & “Local Policy” MMC snap ins n “Analyse

The “Security Configuration and Analysis” options & “Local Policy” MMC snap ins n “Analyse computer now” – full run down of the current settings (i. e. settings for the local machine) – way of checking the “local policy” n “Select local policies” – lists of settings in categories – e. g. security settings » large number of settings » control security aspects of local policy » each setting can be set to either enabled, disabled, or not configured

“Megatool” GPMC (Group Policy Management Console) n One of 2003’s best features… – “contains

“Megatool” GPMC (Group Policy Management Console) n One of 2003’s best features… – “contains a rich variety of tools for creating, editing, observing, modelling and reporting on all aspects of Group Policy” – Also unifies Group Policy management across the Active Directory forest

GPMC Integration of User Management Tools n Administrators of earlier Windows networks needed multiple

GPMC Integration of User Management Tools n Administrators of earlier Windows networks needed multiple tools to do this: – Microsoft Active Directory Users and Computers – Delegation Wizard – ACL Editor n The story goes that 'Barking Eddie' spent two weeks documenting all the Group Policies for one company – when told about GPMC, he was crestfallen and said he could have done that same job in half an hour…

GPMC User Interface n n Easy creation and editing of Group Policy WMI filtering

GPMC User Interface n n Easy creation and editing of Group Policy WMI filtering mechanism allows application of policies: » to a particular machine » only if there is enough disk space n n n Options to backup, restore, import, and copy Group Policy Objects Simplified management of Group Policyrelated security Reporting for GPO settings and Resultant Set of Policy (RSo. P) data

Using GPMC n Available from MMC – Standalone Snap-in dialog box n Creating a

Using GPMC n Available from MMC – Standalone Snap-in dialog box n Creating a custom console including GPMC: – select Group Policy Management option and click Add, click Close, OK n Several sample scripts available – found in the %Program. Files%GPMCScripts folder » use cscript. exe to execute – Scripting. Read. Me. rtf file in the scripts folder

Rolling out a Group Policy n Plan the Managed Network Environment: – consider various

Rolling out a Group Policy n Plan the Managed Network Environment: – consider various Common Desktop Management Scenarios – try them out using Group Policy Management Console n n n Design a Group Policy Infrastructure Deploy Group Policy including Security Policy Troubleshoot…