it:network:apps. security options group policy applocker acl

Securing the Infrastructure

IT:Network:Apps

Security Options Group Policy AppLocker ACL

Securing the Infrastructure

Defense in depth◦ Physical◦ File level

Folder/File permissions Minimalist mentality

◦ Object level Object permissions

Security Options

Desktop◦ Physical◦ Group Policy◦ Access/Authentication

Server◦ Physical◦ Group Policy◦ Access/Authentication

Security Options

Perimeter◦ NAT◦ Firewall◦ Security Appliances

Mail/Spam Gateway VPN concentrator

◦ Network Access Protection

Security Options

Antivirus solutions http://www.windowsitpro.com/article/antivirus/enterp

rise-antivirus-software.aspx http://www.av-test.org/

◦ Network based Antivirus Centrally managed Centrally deployed Engines for both server and client Agents for server based applications

Exchange filtering Central point for updates

Engines Definitions

Security Options

Antivirus solutions Centralized reporting

Reports on activities, updates and policies

Security Options

Antivirus solutions◦ Client based Antivirus

Updates done individually at client directly to Internet

Reporting local to client Typically has engine for desktops and not server

Security Options

Group Policy Objects (GPO) can be used to secure both server and desktop machines

Security Configuration Wizard (SCW)◦ http://technet.microsoft.com/en-us/library/cc7714

92(WS.10).aspx

Group Policy

What does SCW do?◦ Guides you through the process of creating,

editing, applying, or rolling back a security policy. ◦ It provides a way to create or modify a security

policy for your server based on its role. ◦ Use Group Policy to apply the security policy to

multiple target servers that perform the same role◦ You can compare a server's security settings with

a desired security policy to check for vulnerable configurations in the system.

Group Policy

Security Configuration Wizard StartProgramsAdministrative Tools

Group Policy

Group Policy

SCW will create/edit or roll back security settings based on your selections

Creates role based policy settings◦ Detects what roles are installed on server

Group Policy

Group Policies Controlling applications

◦ Application Control Policies

◦ Software Restriction Policies

Group Policies Applocker

requirements◦ Works on Windows 7

and newer◦ Only available on 7

Enterprise and Ultimate…not Pro

◦ Application Identity service must be running.

◦ Add default rules to prevent stepping on “required” services

Group Policies

Applocker◦ Add default

rules◦ Create new

rule

Group Policies

Software Restriction Polices◦ Similar to

Applocker, works on XP and later

Security can be controlled from the file level to the Active Directory Object level

NTFS permissions Share permissions ADO permissions Out of sight, out of mind approach Minimalist approach

ACL

Questions?