Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 1 of 15

Session 12

Deploying Security Configurations

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 2 of 15

Service packs combine multiple fixes into one package

Hot fixes address only a certain issue Baseline Security Analyzer lists the updates

required by the system Software Update Services installs new updates

automatically over a network There are three wireless networking standards:

802.11b, 802.11a and 802.11g Topology is the way computers are connected

to each other

Review

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 3 of 15

Ad hoc topology can be formed when two wireless devices come within each others range

Infrastructure topology enables linking wireless and wired networks

There are three ways of authentication Open system Shared key IEEE 802.1x

Networks can be administered remotely using Remote Assistance and Remote Desktop

Review Contd…

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 4 of 15

Objectives List the appropriate security

requirements for a network Create security configurations for

networks Use security templates Test security settings of a network Deploy security settings

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 5 of 15

Security Templates Consist of text files that contain the

security settings of a machine Saved with .inf extension Windows Server 2003 machines have

default security templates installed We can create new templates and make

changes to existing templates

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 6 of 15

Security Templates Snap-in

Available in the Add Standalone Snap-in dialog box Loads in the Microsoft Management Console (MMC)

Add Standalone Snap-in dialog box

Snap-in

Microsoft Management Console

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 7 of 15

Predefined Security Templates

Rootsec.inf – Contains the default file system permissions for a system drive

DC Security.inf – Contains the security settings for a Domain Controller

Compatws.inf – Changes the default security settings for members of a User’s Group] on a Windows Server 2003 computer

Securedc.inf – Contains security settings that increase the security level of a Domain Controller

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 8 of 15

Predefined Security Templates Contd…

Hisecdc.inf – Contains security settings for a domain controller that implements a higher security compared to Securedc.inf

Securews.inf – Contains security settings that increase the security level of a workstation

Hisecws.inf – Contains security settings for a workstation that implement a higher security level compared to Securews.inf template

Setup Security.inf - Contains the default security settings of the computer during setup

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 9 of 15

Creating and Importing Security Templates

To create a new template select Action New Template

To import a template use the Import Template dialog box

Creating a template

Import Template dialog box

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 10 of 15

Application of Security Template

Refers to deployment of the new or modified template

Use the Active Directory Users And Computers console for deployment

Group policies enable the deployment of a single security template to all the computers in a domain or group

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 11 of 15

Security Configuration and Analysis Tool

Examines the effectiveness of a template

Security Configuration And Analysis snap-in compares the security settings of a template with those of a computer

To compare security settings using log file Select Action View Log File

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 12 of 15

Applying a Template To apply a new or modified template

select Action Configure Computer Now To apply the default template select

Action Import Template

Default template

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 13 of 15

Testing Security Policies Test plan – Specifies the goal of the test and how it

will be implemented Test case – Tests specific elements of a network Creation of the lab – Used for creation of the

network design and checking suitability of the security policy

Implementation of tests – Helps in determination of the suitability of the security policy

Study of the results – Involves study of every test case and its result

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 14 of 15

Deployment of Security Policies

Pilot deployment is a limited implementation of the security configuration of a network

The following points need to be noted while developing the pilot deployment plan: Select employees from different departments as

users Provide technical support team to resolve

problems Include a rollback procedure that can be used to

recover the original configuration of a network, in case of serious problems in the pilot deployment

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 15 of 15

Summary Security templates consist of text files that

contain the security settings of a machine The security templates snap-in loads in the

Microsoft Management Console (MMC) We need to deploy a new or modified template To test security policies:

Test plan Test case Creation of the lab Implementation of tests Study of the results

Pilot deployment is a limited implementation of the security configuration of a network