corso referenti s.i.r.a. – modulo 2 local security 20/11 – 27/11 – 05/12 11/12 – 13/12...
TRANSCRIPT
Corso referenti S.I.R.A. – Modulo 2Corso referenti S.I.R.A. – Modulo 2
Local SecurityLocal Security
20/11 – 27/11 – 05/1220/11 – 27/11 – 05/12
11/12 – 13/12 (gruppo 1)11/12 – 13/12 (gruppo 1)
12/12 – 15/12 (gruppo 2)12/12 – 15/12 (gruppo 2)
Cristiano Gentili, Massimiliano Viola (CSIA)Cristiano Gentili, Massimiliano Viola (CSIA)
OverviewOverview
Securing Desktops Securing Desktops and Services by Using and Services by Using Security PoliciesSecurity Policies
Auditing Access to System ResourcesAuditing Access to System Resources
Securing Desktops and Services by Using Securing Desktops and Services by Using Security PoliciesSecurity Policies
Implementing Security PoliciesImplementing Security Policies
Modifying Security SettingsModifying Security Settings
Using Predefined Security TemplatesUsing Predefined Security Templates
Creating Custom Security TemplatesCreating Custom Security Templates
Analyzing SecurityAnalyzing Security
Configuring and Analyzing Security from a Configuring and Analyzing Security from a Command LineCommand Line
Implementing Security PoliciesImplementing Security PoliciesInternet Services Manager
Implementing Security Policies by Using Local Security Policy
Implementing Security Policies by Using Local Security Policy
Event Viewer
Licensing
PerformanceRouting and Remote AccessServer Extensions AdministratorServicesTelnet Server Administration
Local Security Policy
Accessories
StartupInternet ExplorerOutlook Express
Administrative Tools
Group PolicyGroup Policy
Implementing Security Policies by Using Group PolicyImplementing Security Policies by Using Group Policy
Modifying Security SettingsModifying Security SettingsAccount Account policiespolicies
Account Account policiespolicies
Local policiesLocal policiesLocal policiesLocal policies
Public key Public key policiespolicies
Public key Public key policiespolicies
IPSec policiesIPSec policiesIPSec policiesIPSec policies
Event logEvent logEvent logEvent log
Configure password and account policiesConfigure password and account policies
Configure auditing, user rights, and security optionsConfigure auditing, user rights, and security options
Configure encrypted data recovery agents, domain roots, trusted certificate authorities, etc.Configure encrypted data recovery agents, domain roots, trusted certificate authorities, etc.
Configure IP security on a networkConfigure IP security on a network
Configures settings for application logs, system logs, and security logsConfigures settings for application logs, system logs, and security logs
Restricted Restricted GroupsGroups
Restricted Restricted GroupsGroups Configures group memberships for security sensitive groupsConfigures group memberships for security sensitive groups
System System ServicesServicesSystem System ServicesServices
Configure security and startup settings for services runningon a computerConfigure security and startup settings for services runningon a computer
RegistryRegistryRegistryRegistry Configures security on registry keys Configures security on registry keys
File systemFile systemFile systemFile system Configures security on specific file pathsConfigures security on specific file paths
Using Predefined Security TemplatesUsing Predefined Security Templates
Define the default security level for Windows 2000.
Define the default security level for Windows 2000.
Provide an additional level of security than Compatible, but do not ensure that all of the features of standard business applications will run.
Provide an additional level of security than Compatible, but do not ensure that all of the features of standard business applications will run.
Provide a a higher level of security than Basic but still ensures that all the features of standard business applications will run.
Provide a a higher level of security than Basic but still ensures that all the features of standard business applications will run.
Enforce the maximum security for Windows 2000 without consideration for application functionality.
Enforce the maximum security for Windows 2000 without consideration for application functionality.
CompatibleCompatible
BasicBasic
SecureSecure
HighHigh
Creating Custom Security TemplatesCreating Custom Security Templates
To create a custom security template To create a custom security template To create a custom security template To create a custom security template
Add the Security Template snap-in to MMCAdd the Security Template snap-in to MMC
Select the template to customizeSelect the template to customize
Configure the new policy settingsConfigure the new policy settings
Save the new configurationSave the new configuration
Analyzing SecurityAnalyzing SecurityLocal Security Settings
Console
Favorites
Console Root
Policy
Security Options
Action View Favorites
Window Help
Tree Database Setting Computer Setting
Security Configuration and AAccount Policies
User Rights Assignme
Registry
MACHINECLASSES_ROOT
System ServicesRestricted Groups
Event Log
Local PoliciesAudit Policies
Additional restriction…
Allow server operato...
Allow system to be s...
Allowed to eject rem…
Amount of idle time r...
Audit the access of g...
Audit use of Backup…
Automatically log off…
Automatically log off…
Clear virtual memory...
Digitally sign client co...
Digitally sign client co…
Do not allow en…
Disabled
Disabled
Administrators
Enabled
15 minutes
Disabled
Disabled
Enabled
Enabled
Disabled
Disabled
None. Rely on …
Disabled
Disabled
Administrators
Enabled
15 minutes
Disabled
Disabled
Disabled
Enabled
Disabled
Disabled
CurrentCurrentComputer SettingsComputer Settings
Template(.inf file)
Analysis DatabaseAnalysis Database(.sdb file)(.sdb file)
Configuring and Analyzing Security from a Configuring and Analyzing Security from a Command LineCommand Line
/analyze/analyze
/configure/configure
/export/export
/refreshpolicy/refreshpolicy
/validate/validate
/areas/areas
FILESTORE
C:\WINNT\System32\cmd.exe
C:\>cd %windir%\security\database
C:\WINNT\security\Database>secedit /configure /db mysecure.sdb /areas FILESTORE /Log C:\WINNT\security\logs\MySecure.Log /verbose
Task is completed successfully.See log C:\WINNT\security\logs\MySecure.Log for detail info.
Auditing Access to System ResourcesAuditing Access to System Resources
Introduction to AuditingIntroduction to Auditing
Selecting Events to AuditSelecting Events to Audit
Planning an Audit PolicyPlanning an Audit Policy
Setting Up an Audit PolicySetting Up an Audit Policy
Auditing Access to ResourcesAuditing Access to Resources
Introduction to AuditingIntroduction to Auditing
Auditing Tracks User and Operating System Activities Auditing Tracks User and Operating System Activities
Audit Entries Contain Actions Performed, Users Who Performed the Audit Entries Contain Actions Performed, Users Who Performed the Actions, and Success or Failure of the Events Actions, and Success or Failure of the Events
Audit Policy Defines the Types of Security Events That Windows 2000 Audit Policy Defines the Types of Security Events That Windows 2000 Records Records
You Set Up an Audit Policy to Track Success or Failure of Events, You Set Up an Audit Policy to Track Success or Failure of Events, Identify Unauthorized Use of Resources, and Maintain a Record Activity Identify Unauthorized Use of Resources, and Maintain a Record Activity
You View Security Logs in Event ViewerYou View Security Logs in Event Viewer
Event ViewerEvent ViewerEvent ViewerEvent Viewer
User1 logon failed
Access denied
Printing successful
Use of Use of ResourcesResources
Use of Use of ResourcesResources
Success or Success or Failure Failure LoggedLogged
Success or Success or Failure Failure LoggedLogged
Selecting Events to AuditSelecting Events to AuditEventEventEventEvent ExampleExampleExampleExample
Account logonAccount logon Domain controller receives a request to validate a user accountDomain controller receives a request to validate a user account
Account management
Account management Administrator creates, changes, or deletes a user account or groupAdministrator creates, changes, or deletes a user account or group
Directory service access
Directory service access User gains access to an Active Directory objectUser gains access to an Active Directory object
LogonLogon User logs on or off a local computerUser logs on or off a local computer
Object accessObject access User gains access to a file, folder, or printerUser gains access to a file, folder, or printer
Policy changePolicy change Change is made to the user security options, user rights, or Audit policiesChange is made to the user security options, user rights, or Audit policies
Privilege usePrivilege use User exercises a right, such taking ownership of a file User exercises a right, such taking ownership of a file
Process trackingProcess tracking Application performs an actionApplication performs an action
SystemSystem User restarts or shuts down the computerUser restarts or shuts down the computer
Planning an Audit PolicyPlanning an Audit Policy
Determine the Computers on Which to Set Up AuditingDetermine the Computers on Which to Set Up Auditing
Review Security Logs FrequentlyReview Security Logs Frequently
Determine Whether to Audit the Success or Failure of Events, orBothDetermine Whether to Audit the Success or Failure of Events, orBoth
Determine Which Events to AuditDetermine Which Events to Audit
Determine Whether You Need to Track TrendsDetermine Whether You Need to Track Trends
Setting Up an Audit PolicySetting Up an Audit Policy
ConsoleConsole1 – [Console\Root\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policie
Window Help
Action View
Tree
Console Root
Audit Policy
Audit account logon eventsAudit account managementAudit directory service accessAudit logon eventsAudit object accessAudit policy changeAudit privilege useAudit process tracking
Local Computer Policy
Favorites
Favorites Policy Local Setting Effective Setting
Audit system events
Computer ConfigurationSoftware SettingsWindow Settings
Scripts (Startup/Shutdown)Security Settings
Account PoliciesLocal Policies
User Rights AssignmeSecurity Options
Public Key PoliciesIP Security Policies on Lo
Success, FailureNo auditingNo auditingSuccess, FailureNo auditingSuccessFailureNo auditingNo auditing
No auditingNo auditingNo auditingNo auditingNo auditingNo auditingNo auditingNo auditingNo auditing
• Assign Security Settings to a Single Computer by Configuring Assign Security Settings to a Single Computer by Configuring the Settings in Local Policies in Group Policy the Settings in Local Policies in Group Policy
• Assign Security Settings to Multiple Computers by Creating a Assign Security Settings to Multiple Computers by Creating a Group Policy Object and Assigning ItGroup Policy Object and Assigning It
Auditing Access to ResourcesAuditing Access to Resources
File SystemFile System Set the Audit Policy to Audit Object Access Enable Auditing for Specific NTFS Files and Folders Record Success or Failure of an Event
Set the Audit Policy to Audit Object Access Enable Auditing for Specific NTFS Files and Folders Record Success or Failure of an Event
NTFSNTFS
PrintersPrinters Set the Audit Policy to Audit Object Access Enable Auditing for Specific Printers Record Success or Failure of an Event
Set the Audit Policy to Audit Object Access Enable Auditing for Specific Printers Record Success or Failure of an Event