Download Planning Server and Network Security

Planning Server and
Network Security
Lesson 8
Controlling Access
• Server administrators must understand that the
controlling access applies to the physical access that
users are granted to computers and other equipment.
• Protecting servers against theft is an important
consideration; servers and other network equipment
should always be kept under lock and key.
• Physical access control can also protect against other
occurrences, including fire, natural disasters, and even
simple accidents.
Using Physical Barriers
• A properly designed computer center or server closet is
one in which physical barriers prevent access by anyone
but authorized personnel, and only when they have a
specific reason to enter.
• Even authorized IT workers should not have to be in the
same room as sensitive networking equipment
• Servers should need very little physical access at all,
because administrators can perform most maintenance
and configuration tasks remotely.
Social Engineering
• Social engineering is a term used to describe the process
of circumventing security barriers by persuading
authorized users to provide passwords or other sensitive
information.
• In many cases, users are duped into giving an intruder
access to a protected system through a phone call in
which the intruder claims to be an employee in another
department, a customer, or a hardware vendor.
• A user might give out a seemingly innocent piece of
information, which the intruder then uses to elicit more
information from someone else.
Using Biometrics
• Biometric technologies can be used for two different
purposes: verification and identification.
• Biometric verification is a matter of confirming the
identity supplied by an individual.
–
–
–
–
–
Fingerprint matching.
Hand geometry.
Iris or retinal scans.
Speech recognition.
Face recognition.
Controlling the Environment
• The environment in which your servers must
operate is important. Considering these factors:
– Heat
– Fire
– Flood
– Power
Wireless Networking
• The increasing use of wireless networking technologies
has led to a new class of physical security hazards that
administrators should be careful not to underestimate.
• The signals that most wireless networking technologies
use today can penetrate walls and other barriers.
• You should test carefully to ascertain the operational
range of the devices and select locations for the
antennae that are near the center of the building and as
far away from the outside walls as is practical.
Firewalls
• Once you have considered physical protection for your
servers, you can start to concern yourself with the other
main avenue of intrusion: the network.
• A firewall is a software program that protects a
computer by allowing certain types of network traffic in
and out of the system while blocking others.
Firewalls
• Some of the hazards that firewalls can protect against are
as follows:
– Network scanner applications
– Trojan horse applications
– Attackers who obtain passwords by illicit means, such as
social engineering, and then use remote access technologies
to log on to a computer from another location.
Windows Server 2008 Firewall
• By default, Windows Firewall blocks most network traffic
from entering the computer.
• Firewalls work by examining the contents of each packet
entering and leaving the computer and comparing the
information they find to a series of rules.
• Firewall rules can function in two ways, as follows:
– Admit all traffic, except that which conforms to the
applied rules.
– Block all traffic, except that which conforms to the
applied rules.
TCP/IP Packets
• The three most important criteria that firewalls
can use in their rules are as follows:
– IP addresses.
– Protocol numbers.
– Port numbers.
Windows Firewall
• Windows Firewall is a single program with one set of rules, but
there are two distinct interfaces you can use to manage and
monitor it.
• The Windows Firewall control panel provides a simplified
interface that enables administrators to avoid the details of
rules and port numbers.
• If you just want to turn the firewall on or off (typically for testing
or troubleshooting purposes), or work with the firewall settings
for a specific Windows role or feature, you can do so simply by
using the control panel.
• For full access to firewall rules and more sophisticated
functions, you must use the Windows Firewall with Advanced
Security console.
Windows Firewall
• In many cases, administrators never have to work
directly with Windows Firewall.
• Many of the roles and features included in
Windows Server 2008 automatically open the
appropriate firewall ports when you install them.
• In other situations, the system warns you of
firewall issues.
Windows Firewall with Advanced Security Console
• The Windows Firewall Settings dialog box is
designed to enable administrators to create
exceptions in the current firewall settings as
needed.
• For full access to the Windows Firewall
configuration settings, you must use the Windows
Firewall With Advanced Security snap-in for the
Microsoft Management Console.
Profile Settings
• At the top of the Windows Firewall with Advanced
Security console’s detail (middle) pane,
• in the Overview section, are status displays for the
computer’s three possible network locations.
• Windows Firewall maintains separate profiles for each of
the three possible network locations: domain, private,
and public.
• If you connect the computer to a different network
(which is admittedly not likely with a server), Windows
Firewall can load a different profile and a different set of
rules.
Rules
• When you right-click the Inbound Rules (or Outbound
Rules) node and select New Rule from the context menu,
the New Inbound (or Outbound) Rule Wizard takes you
through the process of configuring the following sets of
parameters:
–
–
–
–
–
–
–
Rule Type
Program
Protocol and Ports
Scope
Action
Profile
Name
Connection Security Rules
• Windows Server 2008 also includes a feature that
incorporates IPsec data protection into the Windows
Firewall.
• The IP Security (IPsec) standards are a collection of
documents that define a method for securing data while
it is in transit over a TCP/IP network.
• IPsec includes a connection establishment routine, during
which computers authenticate each other before
transmitting data, and a technique called tunneling, in
which data packets are encapsulated within other
packets, for their protection.
BitLocker
• The Encrypting File System, which has been
available since Windows 2000, enables users to
protect specific files and folders so that no one
else can access them.
• BitLocker Drive Encryption, on the other hand, is
a new feature first released in Windows Vista,
which makes it possible to encrypt an entire
volume.
BitLocker
• The full volume encryption provided by BitLocker has
distinct advantages, including the following:
– Increased data protection.
– Integrity checking.
• Unlike EFS, BitLocker is not designed to protect files for
specific users, making it so other users cannot access
them.
• Instead, BitLocker protects entire volumes from being
compromised by unauthorized persons.
BitLocker
• To use BitLocker, you must have a computer with the
appropriate hardware and you must prepare it properly
before you install Windows Server 2008.
• Two of the three available BitLocker modes require the
computer to have a Trusted Platform Module (TPM),
version 1.2 or later, and a system BIOS that is compatible
with its use.
• The TPM is a dedicated cryptographic processor chip that
the system uses to store the BitLocker encryption keys.
BitLocker
• In addition to having the TPM, and before you install
Windows Server 2008 or BitLocker, you must create a
system partition on the computer, separate from the
partition where you will install the operating system.
• The system partition, which must be an active, primary
partition no less than 1.5 GB in size, will remain
unencrypted and contain the files needed to boot the
computer.
• In other words, this partition will hold all of the software
the computer must access before it has unlocked the
volume encrypted with BitLocker.
BitLocker Operation Modes
• Transparent operation mode.
• User authentication mode.
• USB key mode.
Authentication
• To authenticate a user on a network with
reasonable certainty that the individual is who he
or she claims to be, the user needs to provide two
pieces of information: identification and proof of
identity.
• Proof of Identity typically takes one of three
forms:
– Something you know.
– Something you have.
– Something you are.
Authentication Models
• Decentralized authentication
– Security Accounts Manager (SAM).
• Centralized authentication
– Active Directory.
Encryption
• To protect data stored on and transmitted over a
network, computers use various types of
Encryption to encode messages and create digital
signatures that verify their authenticity.
• For one computer to encrypt a message and
another computer to decrypt it, both must
possess a key.
Encryption
• There are two types of encryption:
– Secret key encryption – Uses a single key to encrypt
and decrypt.
– Public key encryption – Uses a public key and a private
key.
Enhancing Security with Strong
Passwords
• Encryption limits your organization’s vulnerability to
having user credentials intercepted and misused.
• Specifically, password encryption is designed to make it
extremely difficult for unauthorized users to decrypt
captured passwords.
• Ideally, when accounts use strong passwords, it should
take an attacker months, years, or decades to extract a
password after capturing the encrypted or hashed data.
• During that time, the user should have changed the
password — thus rendering the cracked password
useless.
Password Policies
• A strong password is one that a user can easily
remember but is also too complex for a stranger
to guess.
• Windows Server 2008 provides a series of
password settings that you can implement using
Group Policy, either locally or through Active
Directory.
• An effective combination of password policies
compels users to select appropriate passwords
and change them at regular intervals.
Account Lockout
• Account lockout policies exist to limit your network’s
vulnerability to password-guessing attacks.
• When you implement account lockout policies, a user account
is automatically locked out after a specified number of
incorrect authentication attempts.
• Windows Server 2008 does not enable account lockouts by
default, and for a good reason: enabling account lockouts
exposes you to a denial-of-service vulnerability.
• A malicious attacker with access to user names can guess
incorrect passwords and lock everyone’s accounts, which
denies legitimate users from accessing network resources.
Kerberos Authentication
• Enterprise networks that use Active Directory
authenticate their users with the Kerberos authentication
protocol.
• The three components of Kerberos are as follows:
– The client requesting services or authentication.
– The server hosting the services requested by the client.
– A computer functioning as an authentication provider,
which is trusted by both the client and the server.
Key Distribution Center (KDC)
• In the case of a Windows Server 2008 network, the
authentication provider is a Windows Server 2008
domain controller running the Kerberos Key Distribution
Center (KDC) service.
• The KDC maintains a database of account information for
all security principals in the domain.
• A security principal is any user, computer, or service
account that logs on to the domain.
• The KDC also stores a cryptographic key known only to
the security principal and the KDC.
• This key, derived from a user’s logon password, is used in
exchanges between the security principal and the KDC
and is known as a long-term key.
Key Distribution Center (KDC)
• To generate tickets, the KDC uses the following
two services:
– Authentication Service (AS) — Issues ticket granting
tickets (TGTs) to users that supply valid authentication
credentials, which prevents the user from having to reauthenticate each time it requests access to a network
resource.
– Ticket-Granting Service (TGS) — Issues service tickets
that provide users with access to specific network
resources.
Controlling Kerberos Authentication
Using Group Policies
• Although most of the transactions in a Kerberos
authentication are invisible to both users and
administrators, there are some Group Policy settings you
can use to configure the properties of the Kerberos
tickets issued by your domain controllers.
• Reasonable Kerberos ticket lifetimes must be short
enough to prevent attackers from cracking the
cryptography that protects the ticket’s stored credentials
and long enough to ensure that requests for new tickets
do not overload the KDC and network.
Authorization
• Authorization is the process of determining
whether an authenticated user is allowed to
perform a requested action.
– Rights
– Permissions
•
•
•
•
Share permissions
NTFS permissions
Registry permissions
Active Directory permissions
Windows Permission Architecture
• To store the permissions, each of these resources has an
access control list (ACL).
• An ACL is a collection of individual permissions, in the
form of access control entries (ACEs).
• Each ACE consists of a security principal (that is, the
name of the user, group, or computer granted the
permissions) and the specific permissions assigned to
that security principal.
• When you manage permissions in any of the Windows
Server 2008 permission systems, you are actually
creating and modifying the ACEs in an ACL.
Standard and Special Permissions
• Windows provides preconfigured permission
combinations suitable for most common access control
chores.
• When you open the Properties sheet for a system
resource and look at its Security tab, the NTFS
permissions you see are called standard permissions.
• Standard permissions are actually combinations of
special permissions, which provide the most granular
control over the resource.
Allowing and Denying Permissions
• There are two basic types of ACE: Allow and Deny.
• This makes it possible to approach permission
management tasks from two directions:
– Additive — Starts with no permissions and then grants Allow
permissions to individual security principals to provide them
with the access they need.
– Subtractive — Starts by granting all possible Allow
permissions to individual security principals, providing them
with full control over the system resource, and then grants
them Deny permissions for the access you don’t want them
to have.
Inheriting Permissions
• The most important principle in permission
management is that permissions tend to run
downward through a hierarchy.
• This is called permission inheritance. Permission
inheritance means that parent resources pass
their permissions down to their subordinates.
• With inheritance, you can grant access to an
entire file system by creating one set of Allow
permissions.
Inheriting Permissions
Effective Permissions
• A security principal can receive permissions in many ways,
and it is important for an administrator to understand how
these permissions interact.
• The combination of Allow permissions and Deny permissions
that a security principal receives for a given system resource,
whether explicitly assigned, inherited, or received through a
group membership, is called the effective permissions for
that resource.
• Because a security principal can receive permissions from so
many sources, it is not unusual for those permissions to
conflict, so rules define how the permissions combine to form
the effective permissions.
Effective Permissions
• Allow permissions are cumulative.
• Deny permissions override Allow permissions.
• Explicit permissions take precedence over
inherited permissions.
Summary
• Before you consider any other security
mechanisms or even operating system and
application deployments, you should take steps to
ensure that your servers are stored in a location
that is physically secure.
• Biometric identification is the process of
establishing an individual’s identity based on
biometric information, essentially asking the
system to indicate who the person is.
Summary
• A firewall is a software program that protects a
computer by allowing certain types of network
traffic in and out of the system while blocking
others.
• A firewall is essentially a series of filters that
examines the contents of packets and the traffic
patterns to and from the network to determine
which packets it should allow to pass through the
filter.
Summary
• The default rules preconfigured into the firewall
are designed to admit the traffic used by standard
Windows networking functions, such as file and
printer sharing.
• For outgoing network traffic, Windows Firewall
allows all traffic to pass the firewall except that
which conforms to a rule.
Summary
• The Windows Firewall Settings dialog box is
designed to enable administrators to create
exceptions in the current firewall settings as
needed.
• For full access to the Windows Firewall
configuration settings, you must use the Windows
Firewall With Advanced Security snap-in for the
Microsoft Management Console.
Summary
• BitLocker Drive Encryption is a new feature, first
released in Windows Vista, that makes it possible
to encrypt an entire volume.
• When you use Active Directory on an enterprise
network, it becomes responsible for two of the
most critical security concepts in computing:
authentication and authorization.
Summary
• On most networks, users identify themselves with
an account name or an email address.
• The proof of identity can vary, however, typically
taking one of three forms: something you know,
something you have, or something you are.
Summary
• To protect data stored on and transmitted over a
network, computers use various types of
encryption to encode messages and create digital
signatures that verify their authenticity.
• For one computer to encrypt a message and
another computer to decrypt it, both must
possess a key.
Summary
• Windows Server 2008 provides a series of
password settings that you can implement using
Group Policy, either locally or through Active
Directory.
• An effective combination of password policies
compels users to select appropriate passwords
and change them at regular intervals.
Summary
• Enterprise networks that use Active Directory
authenticate their users with the Kerberos
authentication protocol.
• Authorization is the process of determining
whether an authenticated user is allowed to
perform a requested action.
Summary
• Files, folders, shares, registry keys, and Active
Directory objects are all protected by permissions.
• To store the permissions, each of these resources
has an access control list (ACL).
• An ACL is a collection of individual permissions in
the form of access control entries (ACEs).
Summary
• Each ACE consists of a security principal (that is,
the name of the user, group, or computer granted
the permissions) and the specific permissions
assigned to that security principal.
• When you manage permissions in any of the
Windows Server 2008 permission systems, you
are actually creating and modifying the ACEs in an
ACL.