session 12 tp 12
DESCRIPTION
TRANSCRIPT
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 1 of 15
Session 12
Deploying Security Configurations
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 2 of 15
Service packs combine multiple fixes into one package
Hot fixes address only a certain issue Baseline Security Analyzer lists the updates
required by the system Software Update Services installs new updates
automatically over a network There are three wireless networking standards:
802.11b, 802.11a and 802.11g Topology is the way computers are connected
to each other
Review
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 3 of 15
Ad hoc topology can be formed when two wireless devices come within each others range
Infrastructure topology enables linking wireless and wired networks
There are three ways of authentication Open system Shared key IEEE 802.1x
Networks can be administered remotely using Remote Assistance and Remote Desktop
Review Contd…
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 4 of 15
Objectives List the appropriate security
requirements for a network Create security configurations for
networks Use security templates Test security settings of a network Deploy security settings
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 5 of 15
Security Templates Consist of text files that contain the
security settings of a machine Saved with .inf extension Windows Server 2003 machines have
default security templates installed We can create new templates and make
changes to existing templates
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 6 of 15
Security Templates Snap-in
Available in the Add Standalone Snap-in dialog box Loads in the Microsoft Management Console (MMC)
Add Standalone Snap-in dialog box
Snap-in
Microsoft Management Console
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 7 of 15
Predefined Security Templates
Rootsec.inf – Contains the default file system permissions for a system drive
DC Security.inf – Contains the security settings for a Domain Controller
Compatws.inf – Changes the default security settings for members of a User’s Group] on a Windows Server 2003 computer
Securedc.inf – Contains security settings that increase the security level of a Domain Controller
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 8 of 15
Predefined Security Templates Contd…
Hisecdc.inf – Contains security settings for a domain controller that implements a higher security compared to Securedc.inf
Securews.inf – Contains security settings that increase the security level of a workstation
Hisecws.inf – Contains security settings for a workstation that implement a higher security level compared to Securews.inf template
Setup Security.inf - Contains the default security settings of the computer during setup
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 9 of 15
Creating and Importing Security Templates
To create a new template select Action New Template
To import a template use the Import Template dialog box
Creating a template
Import Template dialog box
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 10 of 15
Application of Security Template
Refers to deployment of the new or modified template
Use the Active Directory Users And Computers console for deployment
Group policies enable the deployment of a single security template to all the computers in a domain or group
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 11 of 15
Security Configuration and Analysis Tool
Examines the effectiveness of a template
Security Configuration And Analysis snap-in compares the security settings of a template with those of a computer
To compare security settings using log file Select Action View Log File
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 12 of 15
Applying a Template To apply a new or modified template
select Action Configure Computer Now To apply the default template select
Action Import Template
Default template
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 13 of 15
Testing Security Policies Test plan – Specifies the goal of the test and how it
will be implemented Test case – Tests specific elements of a network Creation of the lab – Used for creation of the
network design and checking suitability of the security policy
Implementation of tests – Helps in determination of the suitability of the security policy
Study of the results – Involves study of every test case and its result
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 14 of 15
Deployment of Security Policies
Pilot deployment is a limited implementation of the security configuration of a network
The following points need to be noted while developing the pilot deployment plan: Select employees from different departments as
users Provide technical support team to resolve
problems Include a rollback procedure that can be used to
recover the original configuration of a network, in case of serious problems in the pilot deployment
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 12 / Slide 15 of 15
Summary Security templates consist of text files that
contain the security settings of a machine The security templates snap-in loads in the
Microsoft Management Console (MMC) We need to deploy a new or modified template To test security policies:
Test plan Test case Creation of the lab Implementation of tests Study of the results
Pilot deployment is a limited implementation of the security configuration of a network