Purpose
This course-wide project introduces you to a variety of tasks and skills that are required for an entry-level security administrator who is tasked with securing systems in a Microsoft Windows environment.
Don't use plagiarized sources. Get Your Custom Essay on
Application Security Course Project2
Just from $13/Page
The following tools and resources will be needed to complete this project:
· Course textbook
· Access to the Internet
Learning Objectives and Outcomes
You will be able to:
· Describe the impact of adding Active Directory to an existing Windows network.
· Develop procedures for changing access controls.
· Develop procedures for ensuring a malware-free environment.
· Recommend Group Policy Objects for a Windows environment.
· Develop procedures for auditing security in a Windows system.
· Develop procedures for restoring a failed Windows system.
· Recommend Windows hardening techniques.
· Describe security goals and write policies for securing Windows applications.
· Ensure the integrity of all evidence collected in a Windows environment.
Overall Project Scenario
Always Fresh Foods Inc. is a food distributor with a central headquarters and main warehouse in Colorado, as well as two regional warehouses in Nevada and Virginia.
The company runs Microsoft Windows 2019 on its servers and Microsoft Windows 10 on its workstations. There are 2 database servers, 4 application servers, 2 web servers, and 25 workstation computers in the headquarters offices and main warehouse. The network uses workgroups, and users are created locally on each computer. Employees from the regional warehouses connect to the Colorado network via a virtual private network (VPN) connection.
Due to a recent security breach, Always Fresh wants to increase the overall security of its network and systems. They have chosen to use a solid multilayered defense to reduce the likelihood that an attacker will successfully compromise the company’s information security. Multiple layers of defense throughout the IT infrastructure makes the process of compromising any protected resource or data more difficult than any single security control. In this way, Always Fresh protects its business by protecting its information.
Project Part 1: Active Directory Recommendations
Scenario
Assume you are an entry-level security administrator working for Always Fresh. You have been asked to evaluate the option of adding Active Directory to the company’s network.
Tasks
Create a summary report to management that answers the following questions to satisfy the key points of interest regarding the addition of Active Directory to the network:
1. System administrators currently create users on each computer where users need access. In Active Directory, where will system administrators create users?
2. How will the procedures for making changes to the user accounts, such as password changes, be different in Active Directory?
3. What action should administrators take for the existing workgroup user accounts after converting to Active Directory?
4. How will the administrators resolve differences between user accounts defined on different computers? In other words, if user accounts have different settings on different computers, how will Active Directory address that issue? (Hint: Consider security identifiers [SIDs].)
Required Resources
· Internet access
· Course textbook
Submission Requirements
· Format: Microsoft Word (or compatible)
· Font: Arial, size 12, double-space
· Citation Style: Follow your school’s preferred style guide
· Length: 2 to 4 pages
Self-Assessment Checklist
· I addressed all questions required for the summary report.
· I created a well-developed and formatted report with proper grammar, spelling, and punctuation.
(
Project: Securing a Microsoft Windows Environment
)
· I followed the submission guidelines
(
© 2021 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
) (
Page
10
)
Security Strategies Windows Platforms and Applications
Lesson 3
Protecting Microsoft Windows Systems
© 20
1
5 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objectives
Set up encryption in a given organization to secure Windows environment.
Install controls to protect a given Windows system from malware.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
Setting BitLocker and file, folder, and volume level encryption
Setting up secure communication protocols
Security certificate
Public key infrastructure (PKI)
Installing antivirus and anti-spyware software
Maintaining a malware free Windows system
Scanning and auditing Windows systems
Tools and techniques for malware cleanup
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
DISCOVER: CONCEPTS
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
4
Secure Communications
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Most communication protocols send data without encrypting it. Unencrypted data is data “in the clear”. Data that is encrypted in the clear is easily intercepted. Any computer or network device between the sender and receiver can read and change any message.
5
Normal communication protocols don’t use encryption
Network traffic can be seen
Secure communication protocols use encryption
Only someone with decryption key can see message’s content
Different encryption options are available
Network traffic can be viewed and changed
Encryption Protocols in Windows
Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
Virtual private network
Internet Protocol Security (IPSec) with Layer 2 Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP)
Secure Socket Tunneling Protocol (SSTP)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Windows supports several protocols that provide encryption services. Common Windows secure protocols include:
SSL/TLS – One of the most common types of encrypted communication is the transport layer security protocol—Transport Layer Security (TLS). TLS was formally called secure sockets layer (SSL), and was originally introduced to secure web application communication. TLS provides the secure channel for the hypertext transfer protocol secure (HTTPS) for secure web pages. TLS creates an encrypted tunnel between a web client, most commonly a web browser, and a web server. All data sent back and forth between the server and the client is encrypted. The client and server negotiate a cipher and then exchange a key using public key cryptography. Once the key has been securely exchanged, both sides use the symmetric key for subsequent communications. Although SSL/TLS was created for web application communication, it is commonly used in many applications, including remote desktop, database connections, and any network connections that require exchanging encrypted data.
6
Encryption Protocols in Windows (Continued)
Wireless Security
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Windows supports several protocols that provide encryption services. Common Windows secure protocols include:
SSL/TLS – One of the most common types of encrypted communication is the transport layer security protocol—Transport Layer Security (TLS). TLS was formally called secure sockets layer (SSL), and was originally introduced to secure web application communication. TLS provides the secure channel for the hypertext transfer protocol secure (HTTPS) for secure web pages. TLS creates an encrypted tunnel between a web client, most commonly a web browser, and a web server. All data sent back and forth between the server and the client is encrypted. The client and server negotiate a cipher and then exchange a key using public key cryptography. Once the key has been securely exchanged, both sides use the symmetric key for subsequent communications. Although SSL/TLS was created for web application communication, it is commonly used in many applications, including remote desktop, database connections, and any network connections that require exchanging encrypted data.
7
Encryption Algorithms
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
There are two main types of encryption algorithms: symmetric and asymmetric.
Symmetric algorithms use the same key to encrypt and decrypt data. In general, symmetric algorithms are faster than asymmetric algorithms of the same strength. For large amounts of data or frequent encryption or decryption cycles, symmetric algorithms are preferable to asymmetric algorithms because of the faster execution time. The main problem with using symmetric algorithms in distributed applications, such as web applications or virtual private network (VPNs), is getting the same key to both server and client. If you can’t get the encryption key to a client in a secure manner then you can’t create secure connection.
Asymmetric algorithms use two related keys—one key to encrypt data and another key to decrypt data. Asymmetric encryption simplifies the key exchange problem but is slower and requires substantial overhead to maintain connections.
8
Symmetric encryption
Same key to encrypt and decrypt
Asymmetric encryption (public key)
Private and public keys for encryption and decryption
Faster
Difficult to distribute keys
Slower
Easy to distribute keys
Security Certificates
Solutions to balance encryption algorithms strengths
Use asymmetric encryption to exchange a symmetric key.
Use symmetric encryption after key exchanges further messages.
Security certificate
Use identity information in addition to public key for encryption.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Server Certificates
Purchase a certificate
Use Internet information server (IIS) to request a server certificate.
Send request to issuer.
Import purchased certificate into IIS.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Server Certificates (Continued)
Create your own using Active Directory certificate services
Use IIS to create a self-signed certificate.
Export the certificate from IIS.
Import the certificate to each client.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Self-Signed Certificate
Create Certificate
Export Certificate
Import Certificate on Clients
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The process to create and distribute self-signed certificates involves these steps:
Create self-signed certificate in IIS
Export certificate
Import self-signed certificate into Web Browser’s Trusted Root Certificate Authorities list for each client
12
Public Key Infrastructure (PKI)
How it works:
General approach to handling keys
Uses trusted entities and certificates
Trusted entity—Certificate Authority (CA)
To set up a connection:
Get a certificate from a CA for the connection target.
Decrypt the certificate using the CA’s public key.
The decrypted certificate contains the public key of the connection target.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The general approach to handling keys using trusted entities and digital certificates has been formalized into a strategy called the public key infrastructure (PKI). PKI is the collection of hardware, software, policies and procedures needed to manage digital certificates.
The PKI process starts with a list of trusted entities and their public keys. A trusted entity is generally a certificate authority (CA) or a defined trusted source. Each computer system contains a list of public keys of trusted entities. A document that is encrypted with a trusted entity’s private key can be decrypted with the same entity’s public key.
When setting up a connection, you would first obtain a security certificate from a trusted entity. The formal PKI process would require you to request a certificate for the connection’s target (other end) from the PKI registration authority (RA). The RA authenticates you and directs the CA to issue the certificate. You would decrypt the certificate using the CA’s public key to decrypt the certificate. The certificate would contain the public key for the target. Once you have the target’s public key you can use that to encrypt messages that only the target can decrypt with its private key.
13
Purpose of Malware
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malware was first introduced to computers and networks as “harmless” experiments or pranks. In fact, the earliest examples of programs that later came to be known as malware really were not malicious at all. The earliest malware developers were mostly interested in learning what novel computer programs could accomplish. Today, most malware satisfies more dubious purposes. Current malware generally exists to fulfill one more more of the following purposes:
Disrupt computer operations – Malware programs can overwhelm a computer’s ability to run other programs or communicate with other computers or devices. They can also damage or even remove critical operating system components that other programs need to operate. Malware can also alter or delete memory or disk content that programs need to run. Most of the actions malware takes to disrupt computer operation results in unexpected conditions that programs cannot handle. The result is unexpected program behavior or even crashed programs.
Gather sensitive information – Many types of malware programs operate without announcing themselves. They search for sensitive data, such as financial data and personal identification data. It stores any data it finds or sends it to the malware creator using the computer’s network connection. There are many places users store sensitive information, including browser cache, files on disk, and even in memory. Malware programs know where to look for the most common sensitive data.
Gain unauthorized access to restricted computer resources – The third main purpose of malware is to provide a way for attackers to access computers and other network resources. Malware written for this purpose will exploit vulnerabilities to get inside a protected network. It will then take some action that results in a new access method for an attacker. In effect, this type of malware opens a new door to a restricted computer.
Malware may exist to carry out specific attacks or to accomplish only one step in more complicated attacks. For example, malware can often help attackers identify likely victims for a subsequent attack. Attackers routinely use many types of tools to carry out attacks. Malware is just one tool in their arsenals.
14
Disrupt computer operations
Gather sensitive information
Gain unauthorized access
Types of Malware
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
15
Programs that generate funds
Ransomware: slows down the computer, encrypts files, or restricts acesss until a payment has been made
Programs that spread
Trojan horse: masquerades as a useful program
Virus: infects other programs
Worm: self-contained program
Programs that hide
Rootkit: modifies programs to hide its presence
Spyware: covertly collects information
Indications of Malware
Advertising pop-ups frequently appear, one right after another
Additional toolbars in
Web browser that you
cannot remove
Web browser visits sites
without you directing it to visit the sites
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The most effective malware, or malicious software, does its job without alerting you of its presence. Unless the purpose of the malware is to be destructive or disruptive to your ability to use your computer you shouldn’t even know if it’s there. If good malware attempts to run undetected, how do you know if you’re infected?
The warning signs indicated above shows that your computer may be infected with malware.
16
Indications of Malware (Continued)
Changes to Web browser settings that result in home page not
opening or other
unexpected Web browser
behavior
Computer operates more
and more slowly and you don’t know why
Computer suddenly crashes more often
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
17
DISCOVER: PROCESS
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
18
Encrypted Data Transmission
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Encryption process for communications is as follows:
The sender uses the key to encrypt a plaintext message. The encryption process produces unreadable ciphertext.
The ciphertext message is sent to the receiver.
The receiver uses the same key to decrypt the ciphertext and create the original plaintext message.
19
Virtual Private Network (VPN)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Many organizations of all sizes use secure VPNs to allow remote users to connect to secure resources across the Internet. Since the secure VPN ensures all traffic is encrypted at the endpoints, no unencrypted data is ever sent across the insecure network in the clear.
VPNs are useful when connecting users or other servers to your network and a part of the transport network is insecure. The most common example of an insecure network is the Internet. Secure VPNs allow remote users to exchange confidential data across the Internet without risking disclosure or modification. This assurance comes from the fact that all traffic in the secure VPN tunnel is encrypted.
Another advantage to VPNs is that the applications do not need to handle the encryption. The secure VPN tunnel looks like just another network connection to the application software.
20
How Malware Spreads
Opening infected e-mail messages
Opening infected documents
Over the network and via e-mail address books
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
21
How Malware Spreads (Continued)
Following unknown links
Images
Embedded links in e-mail messages
Social media abbreviated links
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
22
Procedure for Protecting Computers
To be effective:
Keep antivirus/anti-malware software and definition files up to date
Periodically scan computers for malware
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
As soon as you install anti-malware software you must establish a procedure to update the software and malware data, and scan your computers for malware periodically. Check for program and data updates daily and scan your computers at least weekly.
23
DISCOVER: ROLES
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
24
Key Roles Involve in Encryption Setting
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
25
Information Technology (IT)
Systems Administrator
Security Administrator
Human Resource (HR)
End Users
Database Administrator
Key Roles Responsible for Malware-Free Environment
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
26
Information Technology (IT)
Security Administrator
Human Resource (HR)
Security Awareness Trainer
End User
DISCOVER: CONTEXT
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
27
Encryption for Compliance
Many regulations mandate encryption for transmitting sensitive data:
Health Insurance Portability and Accountability Act (HIPAA)–Private medical information
Gramm-Leach-Bliley Act (GLBA)–Financial information
Payment Card Industry Data Security Standards (PCI DSS)–Payment card information
Multiple state laws–Personal information
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Many laws and regulations require that data be encrypted before being transmitted across a network. These requirements include:
HIPAA (Health Insurance Portability and Availability Act) requires that any personal medical information be encrypted.
GLBA (Graham-Leach-Bliley Act) requires that financial transaction information be encrypted.
PCI DSS (Payment Card Industry Data Security Standards) requires any payment card information be encrypted.
Several U.S. states, including California, Massachusetts, and Nevada requires all personal identification information be encrypted.
Many government legislatures are increasingly expanding the scope of information that must be encrypted. In general, any information that identifies or describes an individual or is a corporation’s sensitive information must be encrypted before being transmitted across any unsecured network.
28
Common Areas of Malware Attacks
Non-descript e-mail messages
E-mail messages you don’t recognize or expect
Unusual documents
Attached documents with no explanation
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
29
Common Areas of Malware Attacks (Continued)
Embedded links
Hidden behind text label
Abbreviated links
Shortened to ‘save space’
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Higher Learning University (HLU) Cleans Up Malware
Adopted a policy to clean malware from all computers
HLU started with student laptops
All laptops must:
Install approved anti-malware software
Do checks and scans frequently
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
HLU adopted a new policy that ensured all HLU computers are malware free. Malware support costs have grown over the last five years to become the leading type of helpdesk request.
HLU decided to start with the most volatile and uncontrolled group of computers—student laptops. Of all the different types of computers in the HLU environment, student laptop malware problems required more helpdesk resources than any other group. HLU determined that proactively addressing student laptop malware infections would save the helpdesk $65,000 annually in labor costs.
As a pre-requisite to connecting to HLU’s network, all student laptops must demonstrate that they meet the minimum requirements:
Each laptop must have current anti-malware software installed, selected from a list of HLU approved products.
Anti-malware software must be configured to check for software and data updated daily, and immediately download and install any new updates.
Software should perform a scheduled weekly complete malware scan to ensure the computer is malware free. Students should report any reported malware found during scans or during normal operation to the HLU helpdesk.
As a result of being proactive and eradicating malware on student laptops the HLU helpdesk saved $44,000 in personnel costs during the first semester. They expect to exceed their estimates of labor savings in the first year.
31
DISCOVER: RATIONALE
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
32
PKO Bank Polski
One of Poland’s largest banks
PKO’s needs
Authorize users, devices, and applications
Protect documents and e-mail messages
Central administration
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
PKO Bank Polski is one of the largest banks in Poland.
PKO needed a solution to authorize users, devices, and applications. They also wanted to protect documents and e-mail messages. PKO decided a centralized PKI solution could provide the capabilities and assurances they needed.
After a thorough evaluation, the PKO deployed Windows Server 2008 with its built-in support for PKI and System Center Operations Manager 2007.
The centralized authentication increases security by providing authorized access to both information and bank facilities. PKO has already seen several benefits from its Windows server–based PKI solution, including better security, faster decision making, easier management, and a highly scalable infrastructure.
Reference: https://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002019
33
PKO Bank Polski (Continued)
Solution–Windows Server 2008
With System Center Operations Manager 2007
Improved security and efficiency
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
PKO Bank Polski is one of the largest banks in Poland.
PKO needed a solution to authorize users, devices, and applications. They also wanted to protect documents and e-mail messages. PKO decided a centralized PKI solution could provide the capabilities and assurances they needed.
After a thorough evaluation, the PKO deployed Windows Server 2008 with its built-in support for PKI and System Center Operations Manager 2007.
The centralized authentication increases security by providing authorized access to both information and bank facilities. PKO has already seen several benefits from its Windows server–based PKI solution, including better security, faster decision making, easier management, and a highly scalable infrastructure.
Reference: https://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002019
34
HLU Sees Overall Malware Decrease
HLU’s malware-free policy had unexpected results
Many network computer infections started with student laptops
Overall malware activity dropped
Helpdesk savings exceeded expectations
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
HLU adopted a malware-free policy and first deployed it to student laptops. The decision to start with student laptops was made because student calls related to malware made to the helpdesk dominated the call volume. The plan was to reduce the amount of time spent on student malware problems and instead spend the time saved in protecting the HLU servers and internal workstations. At the end of the first semester HLU discovered unexpected results.
Instead of just seeing a decrease in student laptop malware infection helpdesk calls, all malware-related calls reduced in number. Research concluded that most of the malware introduced into HLU’s environment originated with insecure student laptops. Enforcing the malware-free policy for laptops helped make the rest of the HLU environment more secure as well.
35
Summary
Setting BitLocker and file, folder, and volume level encryption
Setting up secure communication protocols
Security certificate
Public key infrastructure (PKI)
Installing antivirus and anti-spyware software
Maintaining a malware free Windows system
Scanning and auditing Windows systems
Tools and techniques for malware cleanup
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Virtual Labs
Configuring BitLocker and Windows Encryption
Identifying and Removing Malware from Windows Systems
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Use the following script to introduce the first lab:
“In this lesson, you explored the use of encryption to secure Windows environments. You learned about encryption concepts, secure communication protocols, security certificates, and public key infrastructure (PKI).
In the lab for this lesson, Configuring BitLocker and Windows Encryption, you will use the Microsoft Encrypting File System (EFS) to encrypt files and folders on a Windows Server 2012 machine. You will document the success or failure of your encryption efforts. You will install Microsoft BitLocker Drive Encryption, a data protection feature that is used to resist data theft and the risk of exposure from lost, stolen, or decommissioned computers. You will encrypt a data drive on the server and decrypt it using a recovery key.”
Use the following script to introduce the second lab:
“In this lesson, you explored types of malware, such as viruses and spyware, and learned to identify common warning signs or indications of malware infections. Then you learned about controls that protect Windows systems from malware, such as antivirus and anti-spyware software.
In the lab for this lesson, Identifying and Removing Malware from Windows Systems, you will use AVG Business Edition, an antivirus and anti-malware tool, to identify malware from an infected Windows 2012 workstation. You will research remediation for the malware identified by the scan, and take actions to remove those programs. You also will use Windows Defender to perform the same actions on a Windows 2008 workstation.”
37
OPTIONAL SLIDES
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
38
Object Properties Page
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
39
Server Manager—Features
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
40
Install New BitLocker Feature
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
41
Confirm BitLocker Installation
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
42
Completed BitLocker
Installation
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
43
Object Properties—Advanced Attributes
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
44
Enabling BitLocker
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
45
BitLocker Management Tool
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
46
BitLocker Authentication Options
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
47
Enabling BitLocker To Go
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
48
Secure Web Application Connection
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
49
Securing Windows Platforms and Applications
Lesson 4
Microsoft Windows Security Profile, Group Policy Controls, and Windows Backup and Recovery Tools
© 20
1
5 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objectives
Define and apply Group Policy controls in Microsoft Windows.
Explain profile and audit tools to keep Windows systems secure.
Perform backup and restore operations on a given Windows system.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
2
Key Concepts
Group Policy
Group Policy Object
Auditing Group Policy
Group Policy best practices
Profiling Windows Security
Microsoft Baseline Security Analyzer (MBSA)
Performing a security audit
Best practices for Microsoft Windows security audits
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
3
Key Concepts (Cont.)
Backup and restore procedure for Windows servers and client computers
Applying the Microsoft Windows backup and restore utility
Creating backups as virtual images
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
4
DISCOVER: CONCEPTS
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5
Group Policy
Some Group Policy features include:
Centralized location for settings
Useful to deploy security settings
Automatic settings distribution
Options to apply standard settings
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Group policy provides many features, including:
A centralized location to define, store, and manage many operating system, application, and user settings.
Can restrict user or application actions that pose a security threat.
Supports defining configuration settings for groups of users and computers.
Automatically distributes updated settings.
Allows users to operate using different configuration settings automatically as they move from computer to computer or role to role.
Provides flexible methods to define GPO scope (how many users or computers each GPO affects).
Eases the process of comparing existing settings to standards.
Options to apply standard setting to any environment.
Standard method to distribute and apply settings across multiple Windows computers running multiple versions of the Windows operating system.
6
Group Policy (Continued)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
7
Group Policy Object Order
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
8
Common Group Policy Object (GPO) Settings
Category Description
Password Policy Requirements for password strength, age, history, and how Windows stores passwords
Account Lockout Policy How Windows handles accounts locked after failed login attempts
Kerberos Policy Lifetime limits for Kerberos tickets and clock synchronization
Audit Policy Defines events Windows records in audit files
User Rights Assignment Individual user rights that define what general actions users can perform, such as “access this computer from the network” or “change the system time”
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
GPOs can define many settings. These are a few of the more common settings.
9
Common GPO Settings (Continued)
Category Description
Security Options Defines what security-related actions users can perform, such as “Allowed to format and eject removable media” or “Require smart card”
Event Log Defines maximum size, retention settings, and guest access settings for event logs
Restricted Groups Lists users in security-sensitive groups and to what other groups the restricted group can belong
System Services Defines startup mode and access permissions for system services
File System Defines access permissions on discretionary access control lists (DACLs) and audit settings for system access control lists (SACLs)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
10
Group Policy Strategies
Create GPOs for closely-related settings.
Avoid making GPOs too specific.
Create organizational units (OUs) for logical groups of computers.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
There are many ways to use Group Policy in Microsoft Windows. Here are a few strategies that can help you save time in developing an effective Group Policy.
When you create GPOs don’t put too many unrelated settings in them. Define GPOs only for a small number of related settings. That way you can use the GPO for several different uses.
Create organizational units (OUs) to define logical groups of computers. It is often convenient to define and deploy GPOs to OUs to manage groups of computers.
Use all of the available Microsoft resources and tools to avoid wasting time and effort. Microsoft resources include:
Group Policy Best Practices Analyzer – The Microsoft Group Policy Best Practice Analyzer helps you identify Group Policy configuration errors or dependency issues that may prevent settings from functioning as you expected.
Security Compliance Management Toolkit – Resources “to help you plan, deploy, and monitor the security baselines of servers running Windows Server 2008 and Windows 7”.
GPO Accelerator – The GPO Accelerator tool helps you automatically deploy the recommendations in the Security Compliance Management Toolkit. The security guides in the toolkit recommend Group Policy configurations and Security Template configurations that are enforced via Active Directory® Domain Services.
11
Group Policy Strategies (Continued)
Use Microsoft resources for effective GPOs:
Group Policy best practices analyzer
Security compliance management toolkit
GPO accelerator
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
There are many ways to use Group Policy in Microsoft Windows. Here are a few strategies that can help you save time in developing an effective Group Policy.
When you create GPOs don’t put too many unrelated settings in them. Define GPOs only for a small number of related settings. That way you can use the GPO for several different uses.
Create organizational units (OUs) to define logical groups of computers. It is often convenient to define and deploy GPOs to OUs to manage groups of computers.
Use all of the available Microsoft resources and tools to avoid wasting time and effort. Microsoft resources include:
Group Policy Best Practices Analyzer – The Microsoft Group Policy Best Practice Analyzer helps you identify Group Policy configuration errors or dependency issues that may prevent settings from functioning as you expected.
Security Compliance Management Toolkit – Resources “to help you plan, deploy, and monitor the security baselines of servers running Windows Server 2008 and Windows 7”.
GPO Accelerator – The GPO Accelerator tool helps you automatically deploy the recommendations in the Security Compliance Management Toolkit. The security guides in the toolkit recommend Group Policy configurations and Security Template configurations that are enforced via Active Directory® Domain Services.
12
Auditing Group Policy
Group Policy Inventory
You must download from Microsoft
Provides an inventory list of GPO and other settings
Resultant Set of Policy (RSOP)
Included in Windows
Shows what settings apply to a specific user on a specific computer
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Microsoft provides two main tools to audit Group Policy. These tools allow you to audit what GPOs are in place and the effect of any changes you make to your Group Policy.
The Group Policy inventory tool provides an inventory list of GPOs and many other computer and user settings.
The Resultant Set of Policy tool shows what settings Windows applies to a specific user on a specific computer.
13
Security Configuration and Analysis (SCA) Security Templates
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
14
SCA MMC Snap-in
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
15
SCA Snap-in Analysis Results
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
16
Security Configuration and Analysis Command-Line Tool
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
17
SCA Command-Line Tool Analysis Results
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
18
Microsoft Baseline Security Analyzer (MBSA)
Evaluates the current state of a Windows computer
Compares the state to a known baseline
Reports any differences as issues
Ranks issues based on severity
Recommends methods to fix each issue
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Microsoft Baseline Security Analyzer is an easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.
It not only identifies problems but also ranks them by severity and provides recommendations to fix each one. MBSA provides a convenient way to identify and address the most common security vulnerabilities.
19
MBSA Interface
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Microsoft Baseline Security Analyzer is an easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.
It not only identifies problems but also ranks them by severity and provides recommendations to fix each one. MBSA provides a convenient way to identify and address the most common security vulnerabilities.
20
NetChk Protect Limited Scan Summary
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
21
NetChk Protect Limited Scan Results Viewed in MBSA
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
22
Secunia’s Online Software Inspector (OSI)
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
23
Secunia’s Personal Software Inspector (PSI) Simple Interface
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
24
Secunia’s PSI Advanced Interface
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
25
Windows Security Audit Activities
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
26
Reasons for Data Loss
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
27
The Purpose of Backups
Data is a valuable asset
No data is stored on hardware devices
Hardware devices can encounter damage
Backups provide secondary copy
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
28
The Purpose of Backups (Continued)
Protection from data loss or damage
Hardware of software errors
Malicious software or attackers
User error
Environmental damage or disaster
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
29
Workstation Backups
Common local productivity files include:
Documents
Spreadsheets
Local databases
Presentations
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Each workstation contains local files. The most common type of workstation files are related to productivity software, such as Microsoft Office applications. Common productivity files found on workstation computers include:
Documents from word processing applications
Spreadsheets
Local databases
Presentation files
Each of the files stored on workstations generally represent work performed on that workstation. Losing workstation files often means losing work. Keeping current backup copies of local files protects organizations from losing work in the event of workstation errors or damage. In effect, backups protect the productivity of users by ensuring files are safe.
The most common backup method for workstations is to backup files to a server location. Most organizations maintain file serves that are specifically dedicated to store backup images from multiple workstations.
30
Workstation Backups (Continued)
Workstation backups protect productivity
Backup to server is most common
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Each workstation contains local files. The most common type of workstation files are related to productivity software, such as Microsoft Office applications. Common productivity files found on workstation computers include:
Documents from word processing applications
Spreadsheets
Local databases
Presentation files
Each of the files stored on workstations generally represent work performed on that workstation. Losing workstation files often means losing work. Keeping current backup copies of local files protects organizations from losing work in the event of workstation errors or damage. In effect, backups protect the productivity of users by ensuring files are safe.
The most common backup method for workstations is to backup files to a server location. Most organizations maintain file serves that are specifically dedicated to store backup images from multiple workstations.
31
Server Backups
Store mission critical shared data
Data loss affects many users
Backups should be frequent, tested, and archived
Appropriate for the servers’ function
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Server computers typically process and store an organization’s data that is shared among many users. The purpose of a server is to make data available to different users. Protecting the available property of data is one of the three pillars of data security. Server data must be available to support any organization’s data processing functions.
Any loss of server hardware or data impacts users—potentially many users. Any data stored on the server computer that is shared by multiple users is at risk and must be protected.
Since any loss of server data generally impacts more users than workstation data loss, it is important that server backup strategies be more diligent to ensure that data is protected. The backup procedures for servers should be:
Frequent: Ensure you are creating backup copies of files frequently enough to include all but the most recent changes to data. More volatile data should be backed up more frequently. Most organizations create backups at least daily.
Tested: You cannot rely on a backup image that has not been verified. It is crucial that you test each backup image after it is created to ensure it is valid to use in case you encounter problems that damage or destroy your primary data copy.
Archived: Keep several generations of backup images. You may find that a problem is one that has developed over time and requires extracting data from older backup images to recover. Malicious code and some types of hardware failures can sometimes cause slow data damage. If you keep backup images archived for longer than a few days you may be able to recover easier from slow data damage.
Each server backup strategy and schedule should match the server’s function. Servers that store and process extremely volatile and critical data should have more aggressive backup strategies than web servers with few daily data changes. Ensure you are focusing backup efforts to result in minimizing data loss when problems occur.
32
DISCOVER: PROCESS
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
33
Steps to Deploying a GPO
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
There are several steps required to create and deploy a GPO.
Create the GPO – Use local security policy for local GPOs and the Group Policy Management Console (GPMC) for Active Directory GPOs.
Define the GPO settings – Define and set values for your desired settings. You can define few or many settings in the same GPO. For maximum flexibility only define related settings in a GPO.
Define any desired GPO filters – You can limit the scope of the GPO effect by defining filters. Filters make it easy to define groups of users or computers to which GPOs will apply.
Link the GPO – You can link each GPO to one or more sites, organizational units (OU), or domains. Linking a GPO tells Windows to deploy the GPO to the linked container.
Once you link the GPO to one or more entities, Windows Active Directory takes care of the rest!
34
Create the GPO using local security policy or group policy management console (GPMC).
Define GPO settings.
Define GPO filters.
Link the GPO to one or more computers.
Local Group Policy Editor
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
35
Changing a Setting in the Local Group Policy Editor
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
36
Group Policy Setting in the Registry Editor
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
37
Group Policy Management Console
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
38
GPOs in the Policies Folder
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
39
Linking AD GPOs in the GPMC
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
40
GPO Security Filters
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
41
WMI Filters
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
42
MBSA Procedure
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
MBSA doesn’t come with Windows, you have to download it and the install it.
You can get MBSA v 2.1.1 at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.
43
Download and install MBSA
Run MBSA and select the desired option
Select desired scan options
Scan a computer
Scan multiple computers
View scan reports
Review scan results when done
MBSA Interface
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Microsoft Baseline Security Analyzer is an easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.
It not only identifies problems but also ranks them by severity and provides recommendations to fix each one. MBSA provides a convenient way to identify and address the most common security vulnerabilities.
44
MBSA Scan Options
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
MBSA doesn’t come with Windows, you have to download it and the install it.
You can get MBSA v 2.1.1 at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.
45
MBSA Scan Results
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
MBSA doesn’t come with Windows, you have to download it and the install it.
You can get MBSA v 2.1.1 at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.
46
MBSA Command-Line Interface
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
MBSA doesn’t come with Windows, you have to download it and the install it.
You can get MBSA v 2.1.1 at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.
47
MBSA Command-Line Scan Results
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
MBSA doesn’t come with Windows, you have to download it and the install it.
You can get MBSA v 2.1.1 at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en#filelist.
48
Backup Process
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The basic backup process includes these steps:
Identify the files you want to back up. You can create complete computer backups, with or without system files, or only select some files and folders to back up. Examine what you’ll need to recover each computer in an acceptable time frame and include all the needed files in your backup.
Select the location where you’ll store the backup image. In many cases this location is a file server but there are other options. Ensure there is sufficient space available for all of the backup images you’ll create. A full target location will generally cause your backup to fail and remove the ability to restore any data you may lose. Ensure your selected target location is available and secure.
Create a backup schedule that balances the need for current data backups and live system performance impact. The strategy that ensures the least data loss is a real-time replication strategy. This strategy can be expensive and cause your system to slow down. Waiting longer between backups avoids many performance problems but exposes your system to more data loss. Select a backup schedule that balances the two needs of performance and security. A good place to start for most applications is a daily backup. If your data changes rapidly and is difficult to replace, you may consider backing up multiple times each day.
49
Identify Files
Select Target Location
Set Schedule
Windows Backup and Restore Utility
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
50
Windows Backup Schedule
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
51
Windows Server Backup
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
52
Creating a Bare Metal Recovery Backup
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
53
Recovery Process
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The general process to recover, or restore files includes these steps:
The only reason to initiate a recovery process is due to some event that has cause data damage or destruction. Before you start the recovery process, ensure you have addressed the problem that cause the damage. Recovering data to a computer and encountering more data loss wastes time. Fix the problem before recovering.
Once you have identified and fixed the problem that cause the damage, identify the most recent verified backup image that contains good data. Depending on the nature of the problem that caused data loss it may be necessary to skip over one or more backup images to previous archived images to get to the data you need. Select the best backup image to restore the data you need.
Select the recovery method that best meets your needs. If you are recovering an entire computer system you’ll likely select a complete system recovery. On the other hand, if all you need is to recover a few files or folders you may save substantial time by selecting just the files or folders you need.
54
Fix the Problem
Identify Desired Image
Recover Desired Files
Windows Workstation Restore
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
55
Windows Server Recovery
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
56
DISCOVER: CONTEXT
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
57
When to Run MBSA
MBSA is a convenient tool for any organization.
MBSA is most helpful in following scenarios:
After adding new computers
To verify compliance
To ensure you haven’t missed important vulnerabilities
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
You can run MBSA at any time for any Windows computers in your organization. It provides a convenient way to compare a computer’s current settings against a Microsoft suggested baseline to disclose any vulnerabilities.
You should run MBSA periodically and whenever:
You add new computers to your environment
You suspect one or more computers are vulnerable
In addition, you must show that your computers are compliant with one or more policies
58
MBSA Benefits
Visibility of multiple computers’ security
Comparing of multiple computers’ security
Comparing settings is difficult with stand-alone computers
Identifying differences from standards
Scanning large and small groups of computers becomes easy
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
MBSA provides benefits for organizations that use it to help manage standard security settings. You can use MBSA to scan security settings for one or more computers and compare the settings to a known baseline. MBSA gives organizations the ability to see how multiple computers are configured.
MBSA makes it easy to compare settings among multiple computers selected by Internet protocol (IP) address range or domain. Comparing security settings of multiple stand-alone computers is difficult. You would have to run MBSA for each computer, then copy the results report to a central location and view each report separately. Although workgroup computers may be available for group MBSA scanning, depending on IP address ranges, the easiest way to identify large groups of computers is for each of the computers to be members of a domain.
MBSA identifies differences from a stated security standard and reports on any vulnerabilities found on any of the scanned computers.
59
Factors Determining a Backup Strategy
Important considerations include:
Target location
Files to include
Frequency
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Each organization has unique needs for backups. An organization’s environment and data needs dictate the backup configuration. Determining factors for how you design a backup strategy include:
Target location – Where you backup your files. Some organizations may identify dedicated disks or even servers for backup images. Other organizations may just use folders on existing hard disks drives. The environment and hardware availability help you decide where to backup your files.
Files to include – Files that you need to include in each backup. Database servers need to backup all files associated with databases. Web servers need to backup files that support web server functions. You should define a list of types of files each type of computer needs to back up.
Frequency – How often you need to execute a backup. You should backup volatile data more frequently than stable data. Analyze each computer type and the data it contains to determine the best frequency for backups for that computer. You should determine backup frequency to ensure you lose the minimal amount of data in the event of a disaster that results in primary data loss. Be aware that increasing backup frequency can have a detrimental effect on performance.
Creating a solid backup plan can be a challenging task. Ensure you consider all of the important variables when designing a backup plan, including:
Organization type – What are your primary business functions and what data must you have to continue operations? Backups should first ensure the integrity of your most critical data.
Infrastructure components – What resources are available for storing backup images? Which infrastructure components that store data already have data reservation controls in place? For example, if you are using redundant array of inexpensive disks (RAID) storage systems you may not need to create backups as frequently as non-RAID disks. Understand your infrastructure and the features each component provides.
Data reliance – Understand how your organization relies on each type of data. Ensure that you are aggressively backing up any data on which your organization relies. Even more importantly, ensure you have a recovery procedure in place to ensure you can recover data in the event of a disaster.
60
Factors Determining a Backup Strategy (Continued)
Other considerations include:
Organization type
Infrastructure components
Data reliance
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Each organization has unique needs for backups. An organization’s environment and data needs dictate the backup configuration. Determining factors for how you design a backup strategy include:
Target location – Where you backup your files. Some organizations may identify dedicated disks or even servers for backup images. Other organizations may just use folders on existing hard disks drives. The environment and hardware availability help you decide where to backup your files.
Files to include – Files that you need to include in each backup. Database servers need to backup all files associated with databases. Web servers need to backup files that support web server functions. You should define a list of types of files each type of computer needs to back up.
Frequency – How often you need to execute a backup. You should backup volatile data more frequently than stable data. Analyze each computer type and the data it contains to determine the best frequency for backups for that computer. You should determine backup frequency to ensure you lose the minimal amount of data in the event of a disaster that results in primary data loss. Be aware that increasing backup frequency can have a detrimental effect on performance.
Creating a solid backup plan can be a challenging task. Ensure you consider all of the important variables when designing a backup plan, including:
Organization type – What are your primary business functions and what data must you have to continue operations? Backups should first ensure the integrity of your most critical data.
Infrastructure components – What resources are available for storing backup images? Which infrastructure components that store data already have data reservation controls in place? For example, if you are using redundant array of inexpensive disks (RAID) storage systems you may not need to create backups as frequently as non-RAID disks. Understand your infrastructure and the features each component provides.
Data reliance – Understand how your organization relies on each type of data. Ensure that you are aggressively backing up any data on which your organization relies. Even more importantly, ensure you have a recovery procedure in place to ensure you can recover data in the event of a disaster.
61
Summary
Group Policy
Group Policy Object
Auditing Group Policy
Group Policy best practices
Profiling Windows Security
Microsoft Baseline Security Analyzer (MBSA)
Performing a security audit
Best practices for Microsoft Windows security audits
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
62
Summary (Cont.)
Backup and restore procedure for Windows servers and client computers
Applying the Microsoft Windows backup and restore utility
Creating a backup as virtual images
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
63
Virtual Labs
Managing Group Policy Within the Microsoft Windows Environment
Creating a Scheduled Backup and Replicating System Folders
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Use the following script to introduce the first lab:
“This lesson focused on maintaining Windows system security with Group Policy controls and Microsoft Baseline Security Analyzer (MBSA). You took an in-depth look at Group Policy and Group Policy objects (or GPOs), and how to apply Group Policy controls to keep Windows systems secure. You also learned how to use MBSA to create a baseline of systems for use in security audits.
In the lab for this lesson, Managing Group Policy Within the Microsoft Windows Environment, you will create and link Active Directory Group Policy Objects (GPO) to domain computers and use the Group Policy Manager Console (GPMC) to deploy security policies across the domain. You also will generate policy audit reports from the GPMC and the Windows Command Prompt to analyze the existence of and effectiveness of the GPO.”
Use the following script to introduce the second lab:
“A sound backup and restoration strategy is a core component of any organization. This lesson focused on performing backup and restore operations on Windows systems. You learned why backups are important for protecting data, how often to perform backups, and the type of backups you can perform such as full, differential, and incremental. You also explored the general steps involved in restoring a backup if data is lost or damaged. Virtual images were addressed as well, which you can use to restore an entire system to a point in time.
In the lab for this lesson, Creating a Scheduled Backup and Replicating System Folders, you will install the Windows Distributed File System and Windows Server Backup features from the PowerShell command line. You will schedule a daily backup of the C:\ERPdocuments folder on the TargetWindows01 server and replicate this backup to the TargetWindows02 server using the DFS Replication feature.”
64
OPTIONAL SLIDE
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
65
Disaster Recovery Options
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
66
