11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.
If you can't read please download the document
-
Upload
cleopatra-dalton -
Category
Documents
-
view
217 -
download
0
description
Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE3 CHOOSING AN ADMINISTRATION MODEL
Transcript of 11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.
11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7 Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE2 GATHERING AND ANALYZING DESIGN INFORMATION Administration model Active Directory structure Security group structure Group Policy structure User job roles Hardware resources Physical topology Forest and domain design Administration model Active Directory structure Security group structure Group Policy structure User job roles Hardware resources Physical topology Forest and domain design Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE3 CHOOSING AN ADMINISTRATION MODEL Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE4 UNDERSTANDING ORGANIZATIONAL UNITS Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE5 STANDARD MODELS FOR OU STRUCTURE Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE6 USING OUs TO DELEGATE ADMINISTRATIVE CONTROL Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE7 ENVISIONING THE OU STRUCTURE Physical locations Types of administrative tasks Types of objects Physical locations Types of administrative tasks Types of objects Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE8 PLANNING FOR INHERITANCE Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE9 USING OUs TO LIMIT OBJECT VISIBILITY Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE10 ORGANIZATIONAL UNITS AND GROUP POLICY Create GPOs for OUs as needed Add OUs to support Group Policy as needed. For example: Subdivide OUs so that you can apply different policies to different groups of users Create new OUs based on location Create new OUs based on the type of objects that will be stored in the OU Create GPOs for OUs as needed Add OUs to support Group Policy as needed. For example: Subdivide OUs so that you can apply different policies to different groups of users Create new OUs based on location Create new OUs based on the type of objects that will be stored in the OU Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE11 OU STRUCTURE AND GROUP POLICY Security requirements Administration requirements Software deployment and update requirements Planned network infrastructure Security requirements Administration requirements Software deployment and update requirements Planned network infrastructure Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE12 DETERMINING DESIGN REQUIREMENTS Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE13 SECURITY REQUIREMENTS Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE14 ADMINISTRATION REQUIREMENTS Planned administrative model and roles User requirements Computer requirements Remote office requirements Planned administrative model and roles User requirements Computer requirements Remote office requirements Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE15 SOF T WARE DEPLOYMENT AND UPDATE REQUIREMENTS Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE16 GROUP POLICY DESIGN CONSIDERATIONS Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE17 INHERITANCE AND FILTERING METHODS Group Policy inheritance review Security filtering through access control lists (ACLs) Windows Management Instrumentation (WMI) filters User Group Policy loopback processing mode Block Policy Inheritance Group Policy inheritance review Security filtering through access control lists (ACLs) Windows Management Instrumentation (WMI) filters User Group Policy loopback processing mode Block Policy Inheritance Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE18 PERFORMANCE CONSIDERATIONS Limit the number of GPOs Consider slow links Limit how often GPOs are updated Group Policy and slow link detection Disable unused portion of GPO (Computer Settings | User Settings) Monitor and track usage Limit the number of GPOs Consider slow links Limit how often GPOs are updated Group Policy and slow link detection Disable unused portion of GPO (Computer Settings | User Settings) Monitor and track usage Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE19 TESTING AND MAINTENANCE OF GROUP POLICIES Group Policy backup procedures Administrative strategy Change management plan Group Policy backup procedures Administrative strategy Change management plan Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE20 DEVELOPING AN ADMINSTRATIVE STRATEGY Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE21 DEVELOPING A CHANGE MANAGEMENT PLAN Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE22 GROUP POLICY IMPLEMENTATION FOR NEW USERS New computers and users added to default locations unless otherwise specified. Redirusr.exe Redircomp.exe Allows you to immediately apply user- and computer-specific GPOs to new objects. New computers and users added to default locations unless otherwise specified. Redirusr.exe Redircomp.exe Allows you to immediately apply user- and computer-specific GPOs to new objects. Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE23 FINALIZING THE GROUP POLICY DESIGN Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE24 PLANNING AN ACCOUNT STRATEGY Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE25 ACCOUNT NAMING STRATEGIES Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE26 PLANNING A PASSWORD POLICY Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE27 CREATING AN AUTHENTICATION, AUTHORIZATION, AND ADMINISTRATION STRATEGY Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE28 DESIGNING A SECURITY GROUP STRATEGY Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE29 SECURITY GROUP STRATEGY (continued) Chapter 7: DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE30 SUMMARY Gather information before making your design plans Name some factors that influence OU design Give some examples of IT administration models Top-level OU structure should be relatively static Identify and plan for security threats Carefully assess user and computer requirements Separate users, groups, and permissions to increase the efficiency of network administration Gather information before making your design plans Name some factors that influence OU design Give some examples of IT administration models Top-level OU structure should be relatively static Identify and plan for security threats Carefully assess user and computer requirements Separate users, groups, and permissions to increase the efficiency of network administration
