Planning Server and Planning Server and Network SecurityNetwork Security

Lesson 8

Skills MatrixSkills Matrix

Technology Skill Objective Domain Objective #

Using BitLocker Plan server installations and upgrades

1.1

Securing Network Access

Monitor and maintain security and policies

3.3

SecuritySecurity

• Security is a concern on many levels, but for the server administrator, the first concern is the security of the individual server itself.

Physically Securing ServersPhysically Securing Servers

• In a rush to work with the many security mechanisms provided by Windows Server 2008, some individuals forget about the most basic security principle: the physical security of the server itself.

Controlling AccessControlling Access• In most cases, the term access control refers

to mechanisms that regulate access to computers, software, or other resources.

• However, server administrators must understand that the term also applies to the physical access that users are granted to computers and other equipment.

• Protecting servers against theft is an important consideration; servers and other network equipment should always be kept under lock and key.

• Physical access control can also protect against other occurrences, including fire, natural disasters, and even simple accidents.

Using Physical BarriersUsing Physical Barriers• A properly designed computer center or server

closet is one in which physical barriers prevent access by anyone but authorized personnel, and only when they have a specific reason to enter.

• Even authorized IT workers should not have to be in the same room as sensitive networking equipment because their desks are nearby or because supplies are stored in there.

• In fact, servers should need very little physical access at all, because administrators can perform most maintenance and configuration tasks remotely.

BiometricsBiometrics• For installations requiring extreme security,

the standard mechanisms used to control access to the secured area, such as metal keys, magnetic keycards, combinations, and passwords, might be insufficient.

• Keys and keycards can be lent, lost, or stolen, and passwords and combinations written down, shared, or otherwise compromised.

• One increasingly popular alternative is biometrics, the automatic identification of individuals based on physiological characteristics.

BiometricsBiometrics• Biometric technologies can be used for

two different purposes: verification and identification.

• Biometric verification is a matter of confirming the identity supplied by an individual.– Fingerprint matching.– Hand geometry.– Iris or retinal scans.– Speech recognition.– Face recognition.

Security is a Balancing ActSecurity is a Balancing Act• All security mechanisms are essentially

a compromise between the need to protect valuable resources and the need to provide access to them with a minimum of inconvenience.

• Although administrators and managers are responsible for implementing and enforcing security policies, true security actually rests in the hands of the people who use the protected systems every day.

Social EngineeringSocial Engineering• Social engineering is a term used to

describe the process of circumventing security barriers by persuading authorized users to provide passwords or other sensitive information.

• In many cases, users are duped into giving an intruder access to a protected system through a phone call in which the intruder claims to be an employee in another department, a customer, or a hardware vendor.

• A user might give out a seemingly innocent piece of information, which the intruder then uses to elicit more information from someone else.

Controlling the EnvironmentControlling the Environment• The environment in which your servers

must operate is an important consideration in the design and construction of the network and in the technologies that you select.

• In places where high concentrations of sensitive equipment are located, such as computer centers and server closets, the typical office environment is usually augmented with additional air conditioning, air filtration, humidity control, and/or power conditioning.

Controlling the EnvironmentControlling the Environment• In addition to protecting sensitive

equipment from theft and maintaining proper operating conditions, fire is a major threat to continued operation of your servers.

• The damage caused by fire, and by standard firefighting techniques, can result not only in data and equipment loss, but in damage to the facilities themselves. This damage can take a long time to repair before you can even begin to install replacement equipment.

Wireless NetworkingWireless Networking• The increasing use of wireless networking

technologies has led to a new class of physical security hazards that administrators should be careful not to underestimate.

• The signals that most wireless networking technologies use today can penetrate walls and other barriers.

• You should test carefully to ascertain the operational range of the devices and select locations for the antennae that are near the center of the building and as far away from the outside walls as is practical.

FirewallsFirewalls• Once you have considered physical

protection for your servers, you can start to concern yourself with the other main avenue of intrusion: the network.

• A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others.

• A firewall is essentially a series of filters that examine the contents of packets and the traffic patterns to and from the network to determine which packets they should allow to pass through the filter.

FirewallsFirewalls• Some of the hazards that firewalls can protect

against are as follows:– Network scanner applications that probe systems

for unguarded ports, which are essentially unlocked doors that attackers can use to gain access to the system.

– Trojan horse applications that open a connection to a computer on the Internet, enabling an attacker on the outside to run programs or store data on the system.

– Attackers who obtain passwords by illicit means, such as social engineering, and then use remote access technologies to log on to a computer from another location and compromise its data and programming.

Windows Server 2008 FirewallWindows Server 2008 Firewall• Windows Server 2008 includes a firewall

program called Windows Firewall, which is activated by default on all Windows Server 2008 systems.

• By default, Windows Firewall blocks most network traffic from entering the computer.

• Firewalls work by examining the contents of each packet entering and leaving the computer and comparing the information they find to a series of rules, which specify which packets are allowed to pass through the firewall and which are blocked.

TCP/IP PacketsTCP/IP Packets

• The three most important criteria that firewalls can use in their rules are as follows:– IP addresses.– Protocol numbers.– Port numbers.

Firewall RulesFirewall Rules

• Firewall rules can function in two ways, as follows:– Admit all traffic, except that which

conforms to the applied rules.– Block all traffic, except that which

conforms to the applied rules.

Windows FirewallWindows Firewall• Windows Firewall is a single program with one set

of rules, but there are two distinct interfaces you can use to manage and monitor it.

• The Windows Firewall control panel provides a simplified interface that enables administrators to avoid the details of rules and port numbers.

• If you just want to turn the firewall on or off (typically for testing or troubleshooting purposes), or work with the firewall settings for a specific Windows role or feature, you can do so simply by using the control panel.

• For full access to firewall rules and more sophisticated functions, you must use the Windows Firewall with Advanced Security console.

Windows FirewallWindows Firewall

• In many cases, administrators never have to work directly with Windows Firewall.

• Many of the roles and features included in Windows Server 2008 automatically open the appropriate firewall ports when you install them.

• In other situations, the system warns you of firewall issues.

Windows Explorer with Network DiscoveryWindows Explorer with Network Discoveryand File Sharing Turned Offand File Sharing Turned Off

The Network and Sharing Center Control The Network and Sharing Center Control PanelPanel

The Exceptions Tab of the Windows The Exceptions Tab of the Windows Firewall Settings Dialog BoxFirewall Settings Dialog Box

The Windows Firewall with The Windows Firewall with Advanced Security ConsoleAdvanced Security Console

The Windows Firewall Control Panel The Windows Firewall Control Panel WindowWindow

The Windows Firewall Settings Dialog The Windows Firewall Settings Dialog BoxBox

The Add a Program Dialog BoxThe Add a Program Dialog Box

The Change Scope Dialog BoxThe Change Scope Dialog Box

The Add a Port Dialog BoxThe Add a Port Dialog Box

Windows Firewall with Advanced Security Windows Firewall with Advanced Security ConsoleConsole

• The Windows Firewall Settings dialog box is designed to enable administrators to create exceptions in the current firewall settings as needed.

• For full access to the Windows Firewall configuration settings, you must use the Windows Firewall With Advanced Security snap-in for the Microsoft Management Console.

Windows Firewall with Advanced Security Windows Firewall with Advanced Security ConsoleConsole

Profile SettingsProfile Settings• At the top of the Windows Firewall with

Advanced Security console’s detail (middle) pane,

• in the Overview section, are status displays for the computer’s three possible network locations.

• Windows Firewall maintains separate profiles for each of the three possible network locations: domain, private, and public.

• If you connect the computer to a different network (which is admittedly not likely with a server), Windows Firewall can load a different profile and a different set of rules.

Windows Firewall with Advanced Security Windows Firewall with Advanced Security on Local Computer Dialog Boxon Local Computer Dialog Box

Creating RulesCreating Rules

• The exceptions and ports that you can create in the Windows Firewall Settings dialog box are a relatively friendly method for working with firewall rules.

• In the Windows Firewall with Advanced Security console, you can work with the rules in their raw form.

Inbound Rules ListInbound Rules List

RulesRules• When you right-click the Inbound Rules (or

Outbound Rules) node and select New Rule from the context menu, the New Inbound (or Outbound) Rule Wizard takes you through the process of configuring the following sets of parameters:– Rule Type– Program– Protocol and Ports– Scope– Action– Profile– Name

The New Inbound Rule WizardThe New Inbound Rule Wizard

Connection Security RulesConnection Security Rules• Windows Server 2008 also includes a feature

that incorporates IPsec data protection into the Windows Firewall.

• The IP Security (IPsec) standards are a collection of documents that define a method for securing data while it is in transit over a TCP/IP network.

• IPsec includes a connection establishment routine, during which computers authenticate each other before transmitting data, and a technique called tunneling, in which data packets are encapsulated within other packets, for their protection.

The New Connection Security Rule The New Connection Security Rule WizardWizard

BitLockerBitLocker

• The Encrypting File System, which has been available since Windows 2000, enables users to protect specific files and folders so that no one else can access them.

• BitLocker Drive Encryption, on the other hand, is a new feature first released in Windows Vista, which makes it possible to encrypt an entire volume.

BitLockerBitLocker• The full volume encryption provided by

BitLocker has distinct advantages, including the following:– Increased data protection.– Integrity checking.

• Unlike EFS, BitLocker is not designed to protect files for specific users, making it so other users cannot access them.

• Instead, BitLocker protects entire volumes from being compromised by unauthorized persons.

BitLockerBitLocker• To use BitLocker, you must have a computer

with the appropriate hardware and you must prepare it properly before you install Windows Server 2008.

• Two of the three available BitLocker modes require the computer to have a Trusted Platform Module (TPM), version 1.2 or later, and a system BIOS that is compatible with its use.

• The TPM is a dedicated cryptographic processor chip that the system uses to store the BitLocker encryption keys.

BitLockerBitLocker• In addition to having the TPM, and before you

install Windows Server 2008 or BitLocker, you must create a system partition on the computer, separate from the partition where you will install the operating system.

• The system partition, which must be an active, primary partition no less than 1.5 GB in size, will remain unencrypted and contain the files needed to boot the computer.

• In other words, this partition will hold all of the software the computer must access before it has unlocked the volume encrypted with BitLocker.

BitLocker Operation ModesBitLocker Operation Modes

• Transparent operation mode.• User authentication mode.• USB key mode.

The Control Panel Setup: Enable Advanced The Control Panel Setup: Enable Advanced Startup Options Properties Dialog BoxStartup Options Properties Dialog Box

The BitLocker Drive Encryption Control The BitLocker Drive Encryption Control PanelPanel

The Set BitLocker Startup Preferences The Set BitLocker Startup Preferences PagePage

AuthenticationAuthentication• To authenticate a user on a network

with reasonable certainty that the individual is who he or she claims to be, the user needs to provide two pieces of information: identification and proof of identity.

• Proof of Identity typically takes one of three forms:– Something you know.– Something you have.– Something you are.

Authentication ModelsAuthentication Models

• Decentralized authentication– Security Accounts Manager (SAM).

• Centralized authentication– Active Directory.

EncryptionEncryption

• To protect data stored on and transmitted over a network, computers use various types of Encryption to encode messages and create digital signatures that verify their authenticity.

• For one computer to encrypt a message and another computer to decrypt it, both must possess a key.

EncryptionEncryption

• There are two types of encryption:– Secret key encryption – Uses a single

key to encrypt and decrypt.– Public key encryption – Uses a public

key and a private key.

Enhancing Security with Strong Enhancing Security with Strong PasswordsPasswords• Encryption limits your organization’s

vulnerability to having user credentials intercepted and misused.

• Specifically, password encryption is designed to make it extremely difficult for unauthorized users to decrypt captured passwords.

• Ideally, when accounts use strong passwords, it should take an attacker months, years, or decades to extract a password after capturing the encrypted or hashed data.

• During that time, the user should have changed the password — thus rendering the cracked password useless.

Enhancing Security with Strong Enhancing Security with Strong PasswordsPasswords• Weak passwords, on the other hand, can be

cracked in a matter of hours or days, even when encrypted.

• Encryption also cannot protect against passwords that are easily guessable, because weak passwords are vulnerable to dictionary attacks.

• Dictionary attacks encrypt a list of common passwords and compare the results with the captured cyphertext.

• If the password appears in the password dictionary, the attacker can identify the password quickly.

• You can defend against this vulnerability by implementing a strong password policy.

Enhancing Security with Strong Enhancing Security with Strong PasswordsPasswords

• A strong password is one that a user can easily remember but is also too complex for a stranger to guess.

Password PoliciesPassword Policies

• To help network administrators implement strong passwords, Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory.

• An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals.

Password PoliciesPassword Policies

Account LockoutAccount Lockout• Account lockout policies exist to limit your

network’s vulnerability to password-guessing attacks.

• When you implement account lockout policies, a user account is automatically locked out after a specified number of incorrect authentication attempts.

• Windows Server 2008 does not enable account lockouts by default, and for a good reason: enabling account lockouts exposes you to a denial-of-service vulnerability.

• A malicious attacker with access to user names can guess incorrect passwords and lock everyone’s accounts, which denies legitimate users from accessing network resources.

Account Lockout PoliciesAccount Lockout Policies

Kerberos AuthenticationKerberos Authentication• Enterprise networks that use Active

Directory authenticate their users with the Kerberos authentication protocol.

• The three components of Kerberos are as follows:– The client requesting services or

authentication.– The server hosting the services requested by

the client.– A computer functioning as an authentication

provider, which is trusted by both the client and the server.

Key Distribution Center (KDC)Key Distribution Center (KDC)• In the case of a Windows Server 2008 network,

the authentication provider is a Windows Server 2008 domain controller running the Kerberos Key Distribution Center (KDC) service.

• The KDC maintains a database of account information for all security principals in the domain.

• A security principal is any user, computer, or service account that logs on to the domain.

• The KDC also stores a cryptographic key known only to the security principal and the KDC.

• This key, derived from a user’s logon password, is used in exchanges between the security principal and the KDC and is known as a long-term key.

Key Distribution Center (KDC)Key Distribution Center (KDC)• To generate tickets, the KDC uses the

following two services:– Authentication Service (AS) — Issues

ticket granting tickets (TGTs) to users that supply valid authentication credentials, which prevents the user from having to re-authenticate each time it requests access to a network resource.

– Ticket-Granting Service (TGS) — Issues service tickets that provide users with access to specific network resources.

Kerberos Authentication Service Kerberos Authentication Service ExchangeExchange

Kerberos Ticket-Granting Service Kerberos Ticket-Granting Service ExchangeExchange

Kerberos Client/Server ExchangeKerberos Client/Server Exchange

Controlling Kerberos AuthenticationControlling Kerberos AuthenticationUsing Group PoliciesUsing Group Policies

• Although most of the transactions in a Kerberos authentication are invisible to both users and administrators, there are some Group Policy settings you can use to configure the properties of the Kerberos tickets issued by your domain controllers.

• Reasonable Kerberos ticket lifetimes must be short enough to prevent attackers from cracking the cryptography that protects the ticket’s stored credentials and long enough to ensure that requests for new tickets do not overload the KDC and network.

Kerberos Policies in the GroupKerberos Policies in the GroupPolicy Management EditorPolicy Management Editor

AuthorizationAuthorization

• Authorization is the process of determining whether an authenticated user is allowed to perform a requested action.– Rights– Permissions

•Share permissions•NTFS permissions•Registry permissions•Active Directory permissions

Windows Permission ArchitectureWindows Permission Architecture• To store the permissions, each of these

resources has an access control list (ACL). • An ACL is a collection of individual permissions,

in the form of access control entries (ACEs). • Each ACE consists of a security principal

(that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal.

• When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL.

The Security Tab of a Properties SheetThe Security Tab of a Properties Sheet

Standard and Special PermissionsStandard and Special Permissions• Windows provides preconfigured

permission combinations suitable for most common access control chores.

• When you open the Properties sheet for a system resource and look at its Security tab, the NTFS permissions you see are called standard permissions.

• Standard permissions are actually combinations of special permissions, which provide the most granular control over the resource.

The Advanced Security Settings Dialog The Advanced Security Settings Dialog BoxBox

Allowing and Denying PermissionsAllowing and Denying Permissions• There are two basic types of ACE: Allow and

Deny. • This makes it possible to approach permission

management tasks from two directions:– Additive — Starts with no permissions and then

grants Allow permissions to individual security principals to provide them with the access they need.

– Subtractive — Starts by granting all possible Allow permissions to individual security principals, providing them with full control over the system resource, and then grants them Deny permissions for the access you don’t want them to have.

Inheriting PermissionsInheriting Permissions• The most important principle in

permission management is that permissions tend to run downward through a hierarchy.

• This is called permission inheritance. Permission inheritance means that parent resources pass their permissions down to their subordinates.

• With inheritance, you can grant access to an entire file system by creating one set of Allow permissions.

Inheriting PermissionsInheriting Permissions

Effective PermissionsEffective Permissions• A security principal can receive permissions in

many ways, and it is important for an administrator to understand how these permissions interact.

• The combination of Allow permissions and Deny permissions that a security principal receives for a given system resource, whether explicitly assigned, inherited, or received through a group membership, is called the effective permissions for that resource.

• Because a security principal can receive permissions from so many sources, it is not unusual for those permissions to conflict, so rules define how the permissions combine to form the effective permissions.

Effective PermissionsEffective Permissions

• Allow permissions are cumulative.• Deny permissions override Allow

permissions.• Explicit permissions take precedence

over inherited permissions.

The Effective Permissions TabThe Effective Permissions Tab

NTFS PermissionsNTFS Permissions

The Editable Advanced Security Settings The Editable Advanced Security Settings Dialog BoxDialog Box

The Permissions Entry Dialog BoxThe Permissions Entry Dialog Box

SummarySummary

• Before you consider any other security mechanisms or even operating system and application deployments, you should take steps to ensure that your servers are stored in a location that is physically secure.

• Biometric identification is the process of establishing an individual’s identity based on biometric information, essentially asking the system to indicate who the person is.

SummarySummary

• A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others.

• A firewall is essentially a series of filters that examines the contents of packets and the traffic patterns to and from the network to determine which packets it should allow to pass through the filter.

SummarySummary

• The default rules preconfigured into the firewall are designed to admit the traffic used by standard Windows networking functions, such as file and printer sharing.

• For outgoing network traffic, Windows Firewall allows all traffic to pass the firewall except that which conforms to a rule.

SummarySummary

• The Windows Firewall Settings dialog box is designed to enable administrators to create exceptions in the current firewall settings as needed.

• For full access to the Windows Firewall configuration settings, you must use the Windows Firewall With Advanced Security snap-in for the Microsoft Management Console.

SummarySummary

• BitLocker Drive Encryption is a new feature, first released in Windows Vista, that makes it possible to encrypt an entire volume.

• When you use Active Directory on an enterprise network, it becomes responsible for two of the most critical security concepts in computing: authentication and authorization.

SummarySummary

• On most networks, users identify themselves with an account name or an email address.

• The proof of identity can vary, however, typically taking one of three forms: something you know, something you have, or something you are.

SummarySummary

• To protect data stored on and transmitted over a network, computers use various types of encryption to encode messages and create digital signatures that verify their authenticity.

• For one computer to encrypt a message and another computer to decrypt it, both must possess a key.

SummarySummary

• Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory.

• An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals.

SummarySummary

• Enterprise networks that use Active Directory authenticate their users with the Kerberos authentication protocol.

• Authorization is the process of determining whether an authenticated user is allowed to perform a requested action.

SummarySummary

• Files, folders, shares, registry keys, and Active Directory objects are all protected by permissions.

• To store the permissions, each of these resources has an access control list (ACL).

• An ACL is a collection of individual permissions in the form of access control entries (ACEs).

SummarySummary

• Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal.

• When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL.