* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
Planning Server and Network Security Lesson 8 Controlling Access • Server administrators must understand that the controlling access applies to the physical access that users are granted to computers and other equipment. • Protecting servers against theft is an important consideration; servers and other network equipment should always be kept under lock and key. • Physical access control can also protect against other occurrences, including fire, natural disasters, and even simple accidents. Using Physical Barriers • A properly designed computer center or server closet is one in which physical barriers prevent access by anyone but authorized personnel, and only when they have a specific reason to enter. • Even authorized IT workers should not have to be in the same room as sensitive networking equipment • Servers should need very little physical access at all, because administrators can perform most maintenance and configuration tasks remotely. Social Engineering • Social engineering is a term used to describe the process of circumventing security barriers by persuading authorized users to provide passwords or other sensitive information. • In many cases, users are duped into giving an intruder access to a protected system through a phone call in which the intruder claims to be an employee in another department, a customer, or a hardware vendor. • A user might give out a seemingly innocent piece of information, which the intruder then uses to elicit more information from someone else. Using Biometrics • Biometric technologies can be used for two different purposes: verification and identification. • Biometric verification is a matter of confirming the identity supplied by an individual. – – – – – Fingerprint matching. Hand geometry. Iris or retinal scans. Speech recognition. Face recognition. Controlling the Environment • The environment in which your servers must operate is important. Considering these factors: – Heat – Fire – Flood – Power Wireless Networking • The increasing use of wireless networking technologies has led to a new class of physical security hazards that administrators should be careful not to underestimate. • The signals that most wireless networking technologies use today can penetrate walls and other barriers. • You should test carefully to ascertain the operational range of the devices and select locations for the antennae that are near the center of the building and as far away from the outside walls as is practical. Firewalls • Once you have considered physical protection for your servers, you can start to concern yourself with the other main avenue of intrusion: the network. • A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. Firewalls • Some of the hazards that firewalls can protect against are as follows: – Network scanner applications – Trojan horse applications – Attackers who obtain passwords by illicit means, such as social engineering, and then use remote access technologies to log on to a computer from another location. Windows Server 2008 Firewall • By default, Windows Firewall blocks most network traffic from entering the computer. • Firewalls work by examining the contents of each packet entering and leaving the computer and comparing the information they find to a series of rules. • Firewall rules can function in two ways, as follows: – Admit all traffic, except that which conforms to the applied rules. – Block all traffic, except that which conforms to the applied rules. TCP/IP Packets • The three most important criteria that firewalls can use in their rules are as follows: – IP addresses. – Protocol numbers. – Port numbers. Windows Firewall • Windows Firewall is a single program with one set of rules, but there are two distinct interfaces you can use to manage and monitor it. • The Windows Firewall control panel provides a simplified interface that enables administrators to avoid the details of rules and port numbers. • If you just want to turn the firewall on or off (typically for testing or troubleshooting purposes), or work with the firewall settings for a specific Windows role or feature, you can do so simply by using the control panel. • For full access to firewall rules and more sophisticated functions, you must use the Windows Firewall with Advanced Security console. Windows Firewall • In many cases, administrators never have to work directly with Windows Firewall. • Many of the roles and features included in Windows Server 2008 automatically open the appropriate firewall ports when you install them. • In other situations, the system warns you of firewall issues. Windows Firewall with Advanced Security Console • The Windows Firewall Settings dialog box is designed to enable administrators to create exceptions in the current firewall settings as needed. • For full access to the Windows Firewall configuration settings, you must use the Windows Firewall With Advanced Security snap-in for the Microsoft Management Console. Profile Settings • At the top of the Windows Firewall with Advanced Security console’s detail (middle) pane, • in the Overview section, are status displays for the computer’s three possible network locations. • Windows Firewall maintains separate profiles for each of the three possible network locations: domain, private, and public. • If you connect the computer to a different network (which is admittedly not likely with a server), Windows Firewall can load a different profile and a different set of rules. Rules • When you right-click the Inbound Rules (or Outbound Rules) node and select New Rule from the context menu, the New Inbound (or Outbound) Rule Wizard takes you through the process of configuring the following sets of parameters: – – – – – – – Rule Type Program Protocol and Ports Scope Action Profile Name Connection Security Rules • Windows Server 2008 also includes a feature that incorporates IPsec data protection into the Windows Firewall. • The IP Security (IPsec) standards are a collection of documents that define a method for securing data while it is in transit over a TCP/IP network. • IPsec includes a connection establishment routine, during which computers authenticate each other before transmitting data, and a technique called tunneling, in which data packets are encapsulated within other packets, for their protection. BitLocker • The Encrypting File System, which has been available since Windows 2000, enables users to protect specific files and folders so that no one else can access them. • BitLocker Drive Encryption, on the other hand, is a new feature first released in Windows Vista, which makes it possible to encrypt an entire volume. BitLocker • The full volume encryption provided by BitLocker has distinct advantages, including the following: – Increased data protection. – Integrity checking. • Unlike EFS, BitLocker is not designed to protect files for specific users, making it so other users cannot access them. • Instead, BitLocker protects entire volumes from being compromised by unauthorized persons. BitLocker • To use BitLocker, you must have a computer with the appropriate hardware and you must prepare it properly before you install Windows Server 2008. • Two of the three available BitLocker modes require the computer to have a Trusted Platform Module (TPM), version 1.2 or later, and a system BIOS that is compatible with its use. • The TPM is a dedicated cryptographic processor chip that the system uses to store the BitLocker encryption keys. BitLocker • In addition to having the TPM, and before you install Windows Server 2008 or BitLocker, you must create a system partition on the computer, separate from the partition where you will install the operating system. • The system partition, which must be an active, primary partition no less than 1.5 GB in size, will remain unencrypted and contain the files needed to boot the computer. • In other words, this partition will hold all of the software the computer must access before it has unlocked the volume encrypted with BitLocker. BitLocker Operation Modes • Transparent operation mode. • User authentication mode. • USB key mode. Authentication • To authenticate a user on a network with reasonable certainty that the individual is who he or she claims to be, the user needs to provide two pieces of information: identification and proof of identity. • Proof of Identity typically takes one of three forms: – Something you know. – Something you have. – Something you are. Authentication Models • Decentralized authentication – Security Accounts Manager (SAM). • Centralized authentication – Active Directory. Encryption • To protect data stored on and transmitted over a network, computers use various types of Encryption to encode messages and create digital signatures that verify their authenticity. • For one computer to encrypt a message and another computer to decrypt it, both must possess a key. Encryption • There are two types of encryption: – Secret key encryption – Uses a single key to encrypt and decrypt. – Public key encryption – Uses a public key and a private key. Enhancing Security with Strong Passwords • Encryption limits your organization’s vulnerability to having user credentials intercepted and misused. • Specifically, password encryption is designed to make it extremely difficult for unauthorized users to decrypt captured passwords. • Ideally, when accounts use strong passwords, it should take an attacker months, years, or decades to extract a password after capturing the encrypted or hashed data. • During that time, the user should have changed the password — thus rendering the cracked password useless. Password Policies • A strong password is one that a user can easily remember but is also too complex for a stranger to guess. • Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory. • An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals. Account Lockout • Account lockout policies exist to limit your network’s vulnerability to password-guessing attacks. • When you implement account lockout policies, a user account is automatically locked out after a specified number of incorrect authentication attempts. • Windows Server 2008 does not enable account lockouts by default, and for a good reason: enabling account lockouts exposes you to a denial-of-service vulnerability. • A malicious attacker with access to user names can guess incorrect passwords and lock everyone’s accounts, which denies legitimate users from accessing network resources. Kerberos Authentication • Enterprise networks that use Active Directory authenticate their users with the Kerberos authentication protocol. • The three components of Kerberos are as follows: – The client requesting services or authentication. – The server hosting the services requested by the client. – A computer functioning as an authentication provider, which is trusted by both the client and the server. Key Distribution Center (KDC) • In the case of a Windows Server 2008 network, the authentication provider is a Windows Server 2008 domain controller running the Kerberos Key Distribution Center (KDC) service. • The KDC maintains a database of account information for all security principals in the domain. • A security principal is any user, computer, or service account that logs on to the domain. • The KDC also stores a cryptographic key known only to the security principal and the KDC. • This key, derived from a user’s logon password, is used in exchanges between the security principal and the KDC and is known as a long-term key. Key Distribution Center (KDC) • To generate tickets, the KDC uses the following two services: – Authentication Service (AS) — Issues ticket granting tickets (TGTs) to users that supply valid authentication credentials, which prevents the user from having to reauthenticate each time it requests access to a network resource. – Ticket-Granting Service (TGS) — Issues service tickets that provide users with access to specific network resources. Controlling Kerberos Authentication Using Group Policies • Although most of the transactions in a Kerberos authentication are invisible to both users and administrators, there are some Group Policy settings you can use to configure the properties of the Kerberos tickets issued by your domain controllers. • Reasonable Kerberos ticket lifetimes must be short enough to prevent attackers from cracking the cryptography that protects the ticket’s stored credentials and long enough to ensure that requests for new tickets do not overload the KDC and network. Authorization • Authorization is the process of determining whether an authenticated user is allowed to perform a requested action. – Rights – Permissions • • • • Share permissions NTFS permissions Registry permissions Active Directory permissions Windows Permission Architecture • To store the permissions, each of these resources has an access control list (ACL). • An ACL is a collection of individual permissions, in the form of access control entries (ACEs). • Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. • When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL. Standard and Special Permissions • Windows provides preconfigured permission combinations suitable for most common access control chores. • When you open the Properties sheet for a system resource and look at its Security tab, the NTFS permissions you see are called standard permissions. • Standard permissions are actually combinations of special permissions, which provide the most granular control over the resource. Allowing and Denying Permissions • There are two basic types of ACE: Allow and Deny. • This makes it possible to approach permission management tasks from two directions: – Additive — Starts with no permissions and then grants Allow permissions to individual security principals to provide them with the access they need. – Subtractive — Starts by granting all possible Allow permissions to individual security principals, providing them with full control over the system resource, and then grants them Deny permissions for the access you don’t want them to have. Inheriting Permissions • The most important principle in permission management is that permissions tend to run downward through a hierarchy. • This is called permission inheritance. Permission inheritance means that parent resources pass their permissions down to their subordinates. • With inheritance, you can grant access to an entire file system by creating one set of Allow permissions. Inheriting Permissions Effective Permissions • A security principal can receive permissions in many ways, and it is important for an administrator to understand how these permissions interact. • The combination of Allow permissions and Deny permissions that a security principal receives for a given system resource, whether explicitly assigned, inherited, or received through a group membership, is called the effective permissions for that resource. • Because a security principal can receive permissions from so many sources, it is not unusual for those permissions to conflict, so rules define how the permissions combine to form the effective permissions. Effective Permissions • Allow permissions are cumulative. • Deny permissions override Allow permissions. • Explicit permissions take precedence over inherited permissions. Summary • Before you consider any other security mechanisms or even operating system and application deployments, you should take steps to ensure that your servers are stored in a location that is physically secure. • Biometric identification is the process of establishing an individual’s identity based on biometric information, essentially asking the system to indicate who the person is. Summary • A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. • A firewall is essentially a series of filters that examines the contents of packets and the traffic patterns to and from the network to determine which packets it should allow to pass through the filter. Summary • The default rules preconfigured into the firewall are designed to admit the traffic used by standard Windows networking functions, such as file and printer sharing. • For outgoing network traffic, Windows Firewall allows all traffic to pass the firewall except that which conforms to a rule. Summary • The Windows Firewall Settings dialog box is designed to enable administrators to create exceptions in the current firewall settings as needed. • For full access to the Windows Firewall configuration settings, you must use the Windows Firewall With Advanced Security snap-in for the Microsoft Management Console. Summary • BitLocker Drive Encryption is a new feature, first released in Windows Vista, that makes it possible to encrypt an entire volume. • When you use Active Directory on an enterprise network, it becomes responsible for two of the most critical security concepts in computing: authentication and authorization. Summary • On most networks, users identify themselves with an account name or an email address. • The proof of identity can vary, however, typically taking one of three forms: something you know, something you have, or something you are. Summary • To protect data stored on and transmitted over a network, computers use various types of encryption to encode messages and create digital signatures that verify their authenticity. • For one computer to encrypt a message and another computer to decrypt it, both must possess a key. Summary • Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory. • An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals. Summary • Enterprise networks that use Active Directory authenticate their users with the Kerberos authentication protocol. • Authorization is the process of determining whether an authenticated user is allowed to perform a requested action. Summary • Files, folders, shares, registry keys, and Active Directory objects are all protected by permissions. • To store the permissions, each of these resources has an access control list (ACL). • An ACL is a collection of individual permissions in the form of access control entries (ACEs). Summary • Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. • When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL.