Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.
-
Upload
frederick-hodge -
Category
Documents
-
view
242 -
download
1
Transcript of Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.
![Page 1: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/1.jpg)
Microsoft® Official Course
Module 11
Configuring Encryption and Advanced Auditing
![Page 2: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/2.jpg)
Module Overview
Encrypting Files by Using Encrypting File System•Configuring Advanced Auditing
![Page 3: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/3.jpg)
Lesson 1: Encrypting Files by Using Encrypting File System
What Is EFS?
How EFS Works
Recovering EFS–Encrypted Files•Demonstration: Encrypting a File by Using EFS
![Page 4: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/4.jpg)
What Is EFS?
•EFS is a feature that can encrypt files that are stored on an NTFS–formatted partition•EFS encryption acts as an additional layer of security•EFS can be used with no pre-configuration
![Page 5: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/5.jpg)
How EFS Works
•Symmetric encryption is used to protect the data•Public key encryption is used to protect the symmetric key
FEK header
File Encryptedfile
Public key
Symmetrickey
Encryptedfile with FEK in header
File Encryption
FEK header
Encrypted file
File Decryption
Symmetric key
File
Privatekey
![Page 6: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/6.jpg)
Recovering EFS–Encrypted Files
•To ensure you can recover EFS encrypted files, you should:• Back up user certificates• Configure a recovery agent
•You must back up the recovery key to:• Secure against system failure• Make the recovery key portable
![Page 7: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/7.jpg)
Demonstration: Encrypting a File by Using EFS
• In this demonstration, you will see how to:• Verify that a computer account supports EFS on a network share• Use EFS to encrypt a file on a network share• View the certificate used for encryption• Test access to an encrypted file
![Page 8: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/8.jpg)
Lesson 2: Configuring Advanced Auditing
Overview of Audit Policies
Specifying Auditing Settings on a File or Folder
Enabling Audit Policy
Evaluating Events in the Security Log
Advanced Audit Policies•Demonstration: Configuring Advanced Auditing
![Page 9: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/9.jpg)
Overview of Audit Policies
•Audit events in a category of activities, such as:• Access to NTFS files and folders• Account or object changes in AD DS• Logon• Assignment of use of user rights
•By default, domain controllers audit success events for most categories•Goal: Align audit policies with corporate security policies• Over-auditing: Logs are too big to find important events• Under-auditing: Important events are not logged
![Page 10: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/10.jpg)
Specifying Auditing Settings on a File or Folder• Auditing settings for a file or folder are specified by modifying the SACL:
• Full control will record all associated events• Recording audit events will not occur until the audit policy is enabled
![Page 11: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/11.jpg)
Enabling Audit Policy
To enable Audit Policy by configuring Audit Policy settings in a GPO:•Enable the appropriate settings in the GPO•Apply the GPO to the AD DS location where your servers are located
![Page 12: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/12.jpg)
Evaluating Events in the Security Log
View the audit events in the Details field in security log, and filter to reduce the number of events to examine:
![Page 13: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/13.jpg)
Advanced Audit Policies
Windows Server 2012 and Windows Server 2008 R2 provide the following additional set of Audit Policies to configure:
![Page 14: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/14.jpg)
Demonstration: Configuring Advanced Auditing
• In this demonstration, you will see how to create and edit a Group Policy Object for Audit Policy configuration
![Page 15: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/15.jpg)
Lab: Configuring Encryption and Advanced Auditing
Exercise 1: Encrypting and Recovering Files•Exercise 2: Configuring Advanced Auditing
Logon Information Virtual machines: 20411B-LON-DC1
20411B-LON-CL120411B-LON-SVR1
User name: Adatum\AdministratorPassword: Pa$$w0rdEstimated Time: 40 minutes
![Page 16: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/16.jpg)
Lab Scenario
A. Datum is a global engineering and manufacturing company with head office based in London, United Kingdom. An IT office and data center are located in London to support the London location and other locations. A. Datum has recently deployed a Windows Server 2012 server and client infrastructure.
You have been asked to configure the Windows Server 2012 environment to protect sensitive files, and to ensure that access to files on the network is audited appropriately. You have also been asked to configure auditing for the new server.
![Page 17: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/17.jpg)
Lab Review
• In Exercise 1, Task 1, why were you asked to generate a new Data Recovery Agent certificate by using the AdatumCA certification authority (CA)?•What are the benefits of placing servers in an organizational unit (OU), and then applying audit policies to that OU?•What is the reason for applying audit policies across the entire organization?
![Page 18: Microsoft ® Official Course Module 11 Configuring Encryption and Advanced Auditing.](https://reader033.fdocuments.in/reader033/viewer/2022061610/56649e7d5503460f94b7fb25/html5/thumbnails/18.jpg)
Module Review and Takeaways
Review Questions•Tools