Windows Security On a Network Overview Microsoft Windows

  • Slides: 26
Download presentation
Windows Security On a Network

Windows Security On a Network

Overview • • • Microsoft Windows XP Pro (SP 2) Microsoft Windows Server 2003

Overview • • • Microsoft Windows XP Pro (SP 2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy Group Policy – Security Policy – Administrative Templates

Many security layers • Keep in mind that when it comes to securing a

Many security layers • Keep in mind that when it comes to securing a network, there are many security layers and many different types of security that may be enforced.

Active Directory • Active Directory (AD) is a component of Microsoft Server 2003. •

Active Directory • Active Directory (AD) is a component of Microsoft Server 2003. • AD technology is based on standard Internet protocols. • Uses the Domain Name System (DNS). DNS is a standard Internet service that organizes groups of computers into domains.

Active Directory • Provides centralized authentication and authorization services for Windows based computers. •

Active Directory • Provides centralized authentication and authorization services for Windows based computers. • Allows administrators to assign policies, deploy software, and apply updates to an entire network.

Active Directory

Active Directory

Microsoft Server 2003 • • File Server Print Server Application Server Domain Controller •

Microsoft Server 2003 • • File Server Print Server Application Server Domain Controller • • Mail Server Terminal Server VPN Server DHCP Server 2003 can be used as a server for a number of different things. Along with the examples we mentioned in class, a server can also be used for the above tasks. A server can do many things, they are not limited to the items on this screen.

Windows Networking without a Server • Managing a network without a Domain Controller can

Windows Networking without a Server • Managing a network without a Domain Controller can be difficult. • Keeping the network secure is even more difficult. • Usually a peer-to-peer network. • Vulnerable to viruses and being hacked.

Windows Networking without a Server • Keep your computer up to date by running

Windows Networking without a Server • Keep your computer up to date by running Windows Updates. – Security Patches

Windows Networking without a Server • Use Anti-Virus software to protect against Trojans, Worms,

Windows Networking without a Server • Use Anti-Virus software to protect against Trojans, Worms, and other malicious software.

Windows Networking without a Server • Enable Windows Firewall • Only allow exceptions for

Windows Networking without a Server • Enable Windows Firewall • Only allow exceptions for the services that are absolutely necessary for the network.

Windows Networking without a Server • The use of user accounts will help protect

Windows Networking without a Server • The use of user accounts will help protect hackers from gaining access to your peer-to-peer network. • Strong passwords • Non-administrator account

Windows Networking without a Server • • • Automatic Updates Virus Protection Firewall Users

Windows Networking without a Server • • • Automatic Updates Virus Protection Firewall Users accounts Disable Windows Services Not as secure as a Server-based network!!

Windows Networking with a Server • Allows better control of user accounts and user

Windows Networking with a Server • Allows better control of user accounts and user groups. (AD) • Allows updates to be forced to computers. (AD) • More secure and organized file/print sharing. • Allows strong security policies. • Policies can be forced to computers.

Windows Networking with a Server User Accounts • Enables better security and better user

Windows Networking with a Server User Accounts • Enables better security and better user account control. • Roaming Profiles • Remote Access • Dial-in Access • Logon Hours • Ability to disable accounts • Groups

Windows Networking with a Server File Permissions • Server 2003 allows an administrator to

Windows Networking with a Server File Permissions • Server 2003 allows an administrator to assign file permissions to files, folders, and printers shared across the network. • Permissions can be set for a specific user, or a group of users. • NTFS permissions can be set with a Graphical User Interface or the command line.

Windows Networking with a Server File Permissions Share Permissions NTFS Permissions

Windows Networking with a Server File Permissions Share Permissions NTFS Permissions

Windows Networking with a Server Password Policy • Server 2003 allows an administrator to

Windows Networking with a Server Password Policy • Server 2003 allows an administrator to set a password policy for all users to abide by. • Password History • Password Age • Password Length • Complexity Requirements

Windows Networking with a Server Password Policy

Windows Networking with a Server Password Policy

Windows Networking with a Server Account Lockout Policy • Server 2003 allows an administrator

Windows Networking with a Server Account Lockout Policy • Server 2003 allows an administrator to set an account lockout policy.

Windows Networking with a Server Group Policy • Allows an administrator to enforce various

Windows Networking with a Server Group Policy • Allows an administrator to enforce various policies to the entire network, domain or specific Organization Unit (OU).

Windows Networking with a Server Group Policy: Security Policy • Restrict access to the

Windows Networking with a Server Group Policy: Security Policy • Restrict access to the CD-ROM and Floppy Drive • Disconnect users when logon hours expire • Let “everyone” permissions apply to anonymous • Access the registry remotely • Access shares anonymously

Windows Networking with a Server Group Policy: Administrative Templates • Remove icons from the

Windows Networking with a Server Group Policy: Administrative Templates • Remove icons from the desktop (i. e. My Computer, Network Places, etc. ) • Allow/Deny access to the Control Panel • Restrict display settings (i. e. force background, no screensaver) • Remove items from the Ctrl + Alt + Del menu (i. e. Task Manager, Lock Computer, Change Password)

Windows Networking with a Server Group Policy

Windows Networking with a Server Group Policy

Windows Networking with a Server • User Accounts • Password Policy • Group Policy

Windows Networking with a Server • User Accounts • Password Policy • Group Policy • File Permissions • Account Lockout Policy – Security Policy – Administrative Templates These are just some of the security features that Microsoft Windows has to offer to a Server-Based network!

Anthony J. Arduini Management Information Systems October 2007

Anthony J. Arduini Management Information Systems October 2007