6430a_05 managing security
TRANSCRIPT
![Page 1: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/1.jpg)
Planning and Administering Windows
Server® 2008 Servers
![Page 2: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/2.jpg)
Module 5: Managing Windows Server 2008 Security
• Planning a Defense-in-Depth Strategy
• Implementing Host-Level Security for Windows Server 2008
• Implementing Network Security for Windows Server 2008
![Page 3: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/3.jpg)
Lesson: Planning a Defense-in-Depth Strategy
• Characteristics of a Defense-in-Depth Strategy
• Layers in a Defense-in-Depth Strategy
![Page 4: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/4.jpg)
Characteristics of a Defense in Depth Strategy
A robust defense-in-depth strategy includes:A robust defense-in-depth strategy includes:
A security risk management framework
Identity and access management policies
Network protection
Update management
Education
Incident response
Continual reassessment and optimization
A security risk management framework
Identity and access management policies
Network protection
Update management
Education
Incident response
Continual reassessment and optimization
![Page 5: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/5.jpg)
Layers in a Defense-in-Depth Strategy
Policies and proceduresPolicies and procedures
Physical securityPhysical security
Perimeter defensesPerimeter defenses
Network defensesNetwork defenses
Host defensesHost defenses
Application defensesApplication defenses
Data defensesData defenses
![Page 6: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/6.jpg)
Lesson: Implementing Host-Level Security for Windows Server 2008
• Assigning Administrative Permissions
• Windows Server 2008 Firewall Configuration
• Implementing Security Policies
• Implementing Security Templates
• Converting Security Configuration Wizard Settings to Security Templates
![Page 7: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/7.jpg)
Assigning Administrative Permissions
• Principle of least privilege Identify administrative permissions or
privileges required Grant only those permissions or privileges
• Granting privileges Factors affecting decision Relinquishing rights
• Principle of least privilege Identify administrative permissions or
privileges required Grant only those permissions or privileges
• Granting privileges Factors affecting decision Relinquishing rights
![Page 8: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/8.jpg)
Windows Server 2008 Firewall Configuration
• Direction
• Port
• Program
• Protocol
• Source IP address
• Destination IP address
• Connection security rule
• Direction
• Port
• Program
• Protocol
• Source IP address
• Destination IP address
• Connection security rule
![Page 9: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/9.jpg)
Implementing Security Policies
Security Configuration Wizard template settings include:
• Server roles
• Client features
• Additional services
• Firewall rules
• Authentication options
• Audit policy
Security Configuration Wizard template settings include:
• Server roles
• Client features
• Additional services
• Firewall rules
• Authentication options
• Audit policy
![Page 10: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/10.jpg)
Implementing Security Templates
• Built-in templates Configure default security settings or
recommended values
• Built-in templates Configure default security settings or
recommended values
• Microsoft templates Download additional templates with
security guides
• Microsoft templates Download additional templates with
security guides
• Custom templates Security Templates MMC snap-in Security Configuration and Analysis MMC
snap-in
• Custom templates Security Templates MMC snap-in Security Configuration and Analysis MMC
snap-in
![Page 11: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/11.jpg)
Converting Security Configuration Wizard Settings to Security Templates
Convert SCW security policies directly to GPOsConvert SCW security policies directly to GPOs
Scwcmd.exe transform /p:SCWpolicyname.xml /g:GPOnameScwcmd.exe transform /p:SCWpolicyname.xml /g:GPOname
![Page 12: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/12.jpg)
Lesson: Implementing Network Security for Windows Server 2008
• Windows Server 2008 Server Locations
• Options for Network Security
• Recommendations for Implementing Windows Server 2008 Server Core
![Page 13: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/13.jpg)
Windows Server 2008 Server Locations
• Perimeter network
• Bastion host
• Internal
• Segmented networks
• Perimeter network
• Bastion host
• Internal
• Segmented networksSegmented networks
Segmented networks
Perimeter Network
Perimeter Network
InternalInternal
Bastion hostBastion host
![Page 14: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/14.jpg)
Options for Network Security
Requirement Security Measures
Secure Network Access
• Physical security
• 802.1x authentication
• Network segmentation
• Firewalls
• Network Access Protection (NAP)
Secure Network Traffic
• Network segmentation
• Firewalls
• IPSec
![Page 15: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/15.jpg)
Server Core enables you to install roles without additional services or the GUI
Server Core enables you to install roles without additional services or the GUI
Recommendations for Implementing Windows Server 2008 Server Core
• AD DS
• AD LDS
• DHCP
• DNS
• File Server
• Print Server
• IIS
• Streaming Media
• AD DS
• AD LDS
• DHCP
• DNS
• File Server
• Print Server
• IIS
• Streaming Media
ExtranetExtranet
Perimeter network
Perimeter network
![Page 16: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/16.jpg)
Lab: Managing Windows Server 2008 Security
• Exercise 1: Planning a Windows Server 2008 Security Configuration
• Exercise 2: Implementing File Server Security
Logon information
Virtual machine6430A-NYC-DC1-05
6430A-NYC-SVR1-05
User name Woodgrovebank\Administrator
Password Pa$$w0rd
Estimated time: 45 minutes
![Page 17: 6430A_05 Managing Security](https://reader033.vdocuments.us/reader033/viewer/2022051820/553dd31d5503461f418b479e/html5/thumbnails/17.jpg)
Module Review and Takeaways
• Review Questions
• Best Practices
• Tools