Corso referenti S.I.R.A. – Modulo 2
15
Corso referenti S.I.R.A. – Corso referenti S.I.R.A. – Modulo 2 Modulo 2 Local Security Local Security 20/11 – 27/11 – 05/12 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola Cristiano Gentili, Massimiliano Viola (CSIA) (CSIA)
description
Corso referenti S.I.R.A. – Modulo 2. Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA). Overview. Securing Desktops and Services by Using Security Policies Auditing Access to System Resources. - PowerPoint PPT Presentation
Transcript of Corso referenti S.I.R.A. – Modulo 2
Corso referenti S.I.R.A. – Modulo 2Corso referenti S.I.R.A. – Modulo 2
Local SecurityLocal Security
20/11 – 27/11 – 05/1220/11 – 27/11 – 05/12
11/12 – 13/12 (gruppo 1)11/12 – 13/12 (gruppo 1)
12/12 – 15/12 (gruppo 2)12/12 – 15/12 (gruppo 2)
Cristiano Gentili, Massimiliano Viola (CSIA)Cristiano Gentili, Massimiliano Viola (CSIA)
OverviewOverview
Securing Desktops Securing Desktops and Services by Using and Services by Using Security PoliciesSecurity Policies
Auditing Access to System ResourcesAuditing Access to System Resources
Securing Desktops and Services by Using Securing Desktops and Services by Using Security PoliciesSecurity Policies
Implementing Security PoliciesImplementing Security Policies
Modifying Security SettingsModifying Security Settings
Using Predefined Security TemplatesUsing Predefined Security Templates
Creating Custom Security TemplatesCreating Custom Security Templates
Analyzing SecurityAnalyzing Security
Configuring and Analyzing Security from a Configuring and Analyzing Security from a Command LineCommand Line
Implementing Security PoliciesImplementing Security PoliciesInternet Services Manager
Implementing Security Policies by Using Local Security Policy
Event Viewer
Licensing
PerformanceRouting and Remote AccessServer Extensions AdministratorServicesTelnet Server Administration
Local Security Policy
Accessories
StartupInternet ExplorerOutlook Express
Administrative Tools
Group Policy
Implementing Security Policies by Using Group Policy
Modifying Security SettingsModifying Security SettingsAccount Account policiespolicies
Local policiesLocal policies
Public key Public key policiespolicies
IPSec policiesIPSec policies
Event logEvent log
Configure password and account policies
Configure auditing, user rights, and security options
Configure encrypted data recovery agents, domain roots, trusted certificate authorities, etc.
Configure IP security on a network
Configures settings for application logs, system logs, and security logs
Restricted Restricted GroupsGroups Configures group memberships for security sensitive groups
System System ServicesServices
Configure security and startup settings for services runningon a computer
RegistryRegistry Configures security on registry keys
File systemFile system Configures security on specific file paths
Using Predefined Security TemplatesUsing Predefined Security Templates
Define the default security level for Windows 2000.
Provide an additional level of security than Compatible, but do not ensure that all of the features of standard business applications will run.
Provide a a higher level of security than Basic but still ensures that all the features of standard business applications will run.
Enforce the maximum security for Windows 2000 without consideration for application functionality.
Compatible
Basic
Secure
High
Creating Custom Security TemplatesCreating Custom Security Templates
To create a custom security template To create a custom security template
Add the Security Template snap-in to MMC
Select the template to customize
Configure the new policy settings
Save the new configuration
Analyzing SecurityAnalyzing SecurityLocal Security Settings
Console
Favorites
Console Root
Policy
Security Options
Action View Favorites
Window Help
Tree Database Setting Computer Setting
Security Configuration and AAccount Policies
User Rights Assignme
Registry
MACHINECLASSES_ROOT
System ServicesRestricted GroupsEvent Log
Local PoliciesAudit Policies
Additional restriction…Allow server operato...Allow system to be s...Allowed to eject rem…Amount of idle time r...Audit the access of g...Audit use of Backup…Automatically log off…Automatically log off…Clear virtual memory...Digitally sign client co...Digitally sign client co…
Do not allow en…DisabledDisabledAdministrators
Enabled
15 minutesDisabledDisabledEnabledEnabledDisabledDisabled
None. Rely on …DisabledDisabledAdministrators
Enabled
15 minutesDisabledDisabledDisabledEnabledDisabledDisabled
CurrentCurrentComputer SettingsComputer SettingsTemplate
(.inf file)
Analysis DatabaseAnalysis Database(.sdb file)(.sdb file)
Configuring and Analyzing Security from a Configuring and Analyzing Security from a Command LineCommand Line
/analyze/analyze/configure/configure/export/export/refreshpolicy/refreshpolicy/validate/validate/areas/areas
FILESTORE
C:\WINNT\System32\cmd.exe
C:\>cd %windir%\security\database
C:\WINNT\security\Database>secedit /configure /db mysecure.sdb /areas FILESTORE /Log C:\WINNT\security\logs\MySecure.Log /verbose
Task is completed successfully.See log C:\WINNT\security\logs\MySecure.Log for detail info.
Auditing Access to System ResourcesAuditing Access to System Resources
Introduction to AuditingIntroduction to Auditing
Selecting Events to AuditSelecting Events to Audit
Planning an Audit PolicyPlanning an Audit Policy
Setting Up an Audit PolicySetting Up an Audit Policy
Auditing Access to ResourcesAuditing Access to Resources
Introduction to AuditingIntroduction to Auditing
Auditing Tracks User and Operating System Activities Auditing Tracks User and Operating System Activities
Audit Entries Contain Actions Performed, Users Who Performed the Audit Entries Contain Actions Performed, Users Who Performed the Actions, and Success or Failure of the Events Actions, and Success or Failure of the Events
Audit Policy Defines the Types of Security Events That Windows 2000 Audit Policy Defines the Types of Security Events That Windows 2000 Records Records
You Set Up an Audit Policy to Track Success or Failure of Events, Identify You Set Up an Audit Policy to Track Success or Failure of Events, Identify Unauthorized Use of Resources, and Maintain a Record Activity Unauthorized Use of Resources, and Maintain a Record Activity
You View Security Logs in Event ViewerYou View Security Logs in Event Viewer
Event ViewerEvent Viewer
User1 logon failedAccess deniedPrinting successful
Use of Use of ResourcesResources
Success or Success or Failure Failure LoggedLogged
Selecting Events to AuditSelecting Events to AuditEventEvent ExampleExample
Account logon Domain controller receives a request to validate a user account
Account management
Administrator creates, changes, or deletes a user account or group
Directory service access
User gains access to an Active Directory object
Logon User logs on or off a local computer
Object access User gains access to a file, folder, or printer
Policy change Change is made to the user security options, user rights, or Audit policies
Privilege use User exercises a right, such taking ownership of a file
Process tracking Application performs an action
System User restarts or shuts down the computer
Planning an Audit PolicyPlanning an Audit Policy
Determine the Computers on Which to Set Up Auditing
Review Security Logs Frequently
Determine Whether to Audit the Success or Failure of Events, orBoth
Determine Which Events to Audit
Determine Whether You Need to Track Trends
Setting Up an Audit PolicySetting Up an Audit Policy
ConsoleConsole1 – [Console\Root\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policie
Window Help
Action View
Tree
Console Root
Audit Policy
Audit account logon eventsAudit account managementAudit directory service accessAudit logon eventsAudit object accessAudit policy changeAudit privilege useAudit process tracking
Local Computer Policy
Favorites
Favorites Policy Local Setting Effective Setting
Audit system events
Computer ConfigurationSoftware SettingsWindow Settings
Scripts (Startup/Shutdown)Security Settings
Account PoliciesLocal Policies
User Rights AssignmeSecurity Options
Public Key PoliciesIP Security Policies on Lo
Success, FailureNo auditingNo auditingSuccess, FailureNo auditingSuccessFailureNo auditingNo auditing
No auditingNo auditingNo auditingNo auditingNo auditingNo auditingNo auditingNo auditingNo auditing
• Assign Security Settings to a Single Computer by Configuring Assign Security Settings to a Single Computer by Configuring the Settings in Local Policies in Group Policy the Settings in Local Policies in Group Policy
• Assign Security Settings to Multiple Computers by Creating a Assign Security Settings to Multiple Computers by Creating a Group Policy Object and Assigning ItGroup Policy Object and Assigning It
Auditing Access to ResourcesAuditing Access to Resources
File System Set the Audit Policy to Audit Object Access Enable Auditing for Specific NTFS Files and Folders Record Success or Failure of an Event
NTFSNTFS
Printers Set the Audit Policy to Audit Object Access Enable Auditing for Specific Printers Record Success or Failure of an Event
