module 8: manage and configure security. best practices for securing the microsoft® windows® small...
TRANSCRIPT
![Page 1: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/1.jpg)
Module 8:Manage and
Configure Security
![Page 2: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/2.jpg)
Module 8: Manage and Configure Security
• Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment
• Windows Server Update Services (WSUS)
• Microsoft Small Business Server Best Practices Analyzer 2008
• Creating and Managing Shared Folders on the Network
• Configuring Windows Firewall with Advanced Security
![Page 3: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/3.jpg)
Lesson 1: Best Practices for Securing the Windows Small Business Server 2008 Environment
• Implementing the best technological defenses
• Active security management processes
• Features and technologies in Windows Server 2008
![Page 4: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/4.jpg)
Windows Small Business Server was Designed as an Integrated Solution with Security in Mind
Active Directory®
Server
Mail Server
Web Services Server
FileServer
DatabaseServer
PrintServer
Catch-allServer
Small Business Server
![Page 5: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/5.jpg)
Small- and Medium-sized Business (SMB) Security Check List
What other guidelines can you recommend?
![Page 6: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/6.jpg)
Additional Technological Defenses
Why should an SMB consider these technological defenses?
![Page 7: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/7.jpg)
Security for SMB
Active security management process
![Page 8: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/8.jpg)
Windows Server® 2008 Security and Protection
![Page 9: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/9.jpg)
User Account Control (UAC) Architecture
Explorer.exe
Explorer.exe
Standard user logon
Administrator in adminapproval mode
Standard user access token
Standard user access token
Full administratoraccess token
![Page 10: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/10.jpg)
New Functionality in Encrypting FileSystem (EFS)
![Page 11: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/11.jpg)
Windows BitLocker Drive Encryption
![Page 12: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/12.jpg)
Internet Protocol Security (IPsec)
![Page 13: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/13.jpg)
Smart Cards
![Page 14: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/14.jpg)
SBS Setting to Harden Network Security
![Page 15: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/15.jpg)
Lesson 2: Windows Server Update Service
• Manage Windows Server Update Services
![Page 16: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/16.jpg)
Centralized vs. Decentralized Updates
MicrosoftUpdate
Windows®
ServerUpdate Services 3.0
• The bandwidth challenge
![Page 17: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/17.jpg)
Windows Server Update Services 3.0
WSUS 3.0 Management Tasks WSUS 3.0 Management Tasks
![Page 18: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/18.jpg)
Configure WSUS Updates in the SBS Console
Microsoft update
Default Client Schedule: Every day at 3.00 AM
![Page 19: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/19.jpg)
Update Levels
![Page 20: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/20.jpg)
Demonstration: Windows Server Update Services
• In this demonstration you will learn how to configure Windows Server Update Services in the SBS Console
![Page 21: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/21.jpg)
Lesson 3: Windows Small Business Server 2008 Best Practices Analyzer
• Key features of the Windows Small Business Server 2008 Best Practices Analyzer 2008
![Page 22: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/22.jpg)
What is the SBS Best Practices Analyzer? (BPA)
![Page 23: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/23.jpg)
Demonstration: SBS 2008 Best Practices Analyzer
• In this demonstration you will learn how to configure a scan using the Windows Small Business Server 2008 Best Practices Analyzer
![Page 24: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/24.jpg)
Lesson 4: Creating and Managing Shared Folders on the Network
• Configure a shared folder controlling user access permissions
• Configure blocking unwanted content in the shared folder
![Page 25: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/25.jpg)
File Sharing Essentials
![Page 26: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/26.jpg)
Configure Share Permissions
![Page 27: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/27.jpg)
Configure NTFS Permissions
![Page 28: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/28.jpg)
Add a New Shared Folder Task
![Page 29: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/29.jpg)
Add a New Shared Folder Task
Server message block protocol
![Page 30: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/30.jpg)
Add a New Shared Folder Task
What is File Server Resource Manager (FSRM)?
![Page 31: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/31.jpg)
Add a New Shared Folder Task
![Page 32: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/32.jpg)
Additional Considerations
![Page 33: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/33.jpg)
Additional Considerations
![Page 34: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/34.jpg)
Demonstration: Adding a Shared Folder
• In this demonstration you will learn how to add a shared folder using the Shared Folder Wizard
![Page 35: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/35.jpg)
Lesson 5: Configuring Windows Firewall with Advanced Security
• Configure Windows Firewall with Advanced Security settings and rules for network security
![Page 36: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/36.jpg)
Network Location-aware Host Firewall
![Page 37: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/37.jpg)
WFAS Order of Rules Evaluation
Group policy 1
Group policy 2
Group policy 3
Ord
er
of
Evalu
ati
on
• Local rule merge is configurable via Group Policy• Default rules come from the highest precedence GPO
![Page 38: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/38.jpg)
Why Should SMBs use IPsec to ProtectNetwork Traffic?
• Protects IT assets
• Computers and data
• Malware (viruses, Trojan horses, spyware)
• To comply with government regulations
• Finance (Sarbanes-Oxley)
• Health (HIPAA)
• Privacy regulations (state privacy regulations)
• Protects intellectual property
![Page 39: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/39.jpg)
Connection Security and IPsec
![Page 40: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/40.jpg)
IPSec Authentication Methods
![Page 41: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/41.jpg)
IPsec Modes
![Page 42: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/42.jpg)
IPsec Methods
![Page 43: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/43.jpg)
Basic Firewall Policy Design
Default behavior
![Page 44: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/44.jpg)
Domain Isolation Policy Design
Isolated domain
LOB Servercritical
client data
Boundary Zone
SBS
Distrustednon-domain members
Authenticated IPsec connectionsNon-IPSec connections
Trusted non-domain members
![Page 45: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/45.jpg)
Domain Isolation
• Protects the Small Business Server domain from unmanaged, rogue, and guest PCs
• Provides ability to identify and control communications with critical client or server PCs
• Allows host to facilitate communication that is limited to domain members (managed computers)
• Requires IPsec authentication and protection for any communication with domain members (managed computers)
• Managed computers can initiate communication with managed and unmanaged computers
• Unmanaged computers cannot initiate communication with managed computers
![Page 46: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/46.jpg)
Lab: Securing the Windows Small Business Server using Best Practices
• Exercise 1: Configure Distribution of Updates and Hotfixes Using Microsoft Windows Server Update Services
• Exercise 2: Create a Shared Folder
• Exercise 3: Design an Isolation Policy
• Exercise 4: Configure Windows Firewall Settings
Logon information
Virtual machineSBS 2008 Server
Vista Office
User name Gregory
Password Pa$$w0rd
Estimated time: 60 minutes
![Page 47: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/47.jpg)
Lab Scenario
• You will configure patch management in the SBS 2008 Server to download at a schedule time and configure distribution options for domain joined clients
• You need to configure a new volume and provision shared folders, configure permission, and enable file screening for shared folders. You will then test access to the shared folders.
• A.Datum would like you to design a secure domain isolation policy that complies with government regulations
• You need to configure the Windows Firewall rules to request authentication for inbound network traffic, and test the isolation policy
![Page 48: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/48.jpg)
Lab Review
• When configuring WSUS for SBS, where are the updates stored?
• Can individual client computers be excluded from receiving updates?
• What tool should be used to create a new shared folder?
• What files can be configured using the file screen policy?
• What authentication methods are available when configuring an IPsec policy?
![Page 49: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/49.jpg)
Module Summary
• In this module, you have learned about:
• Security components that are installed by default in Microsoft Windows Small Business Server 2008, as well as security features available in Windows Server 2008 and available for download from TechNet (SBS 2008 BPA), which will allow the implementation of important security elements into the IT infrastructure.
• Group policies that define user and computer configurations for groups of users and computers, and enforce these settings on and off the network.
• Accessing and using these features to manage specific aspects of the overall security design.
• Managing the protection of the server using a host firewall and IPSec combination.
![Page 50: Module 8: Manage and Configure Security. Best Practices for Securing the Microsoft® Windows® Small Business Server 2008 Environment Windows Server Update](https://reader038.vdocument.in/reader038/viewer/2022103100/56649ec15503460f94bcdbad/html5/thumbnails/50.jpg)
Module Review and Takeaways
• Review questions
• Common issues and troubleshooting tips
• Real-world issues and scenarios
• Best practices
• Tools