Transcript firewall

Planning Server and
Network Security
Lesson 8
Skills Matrix
Technology Skill
Objective Domain
Objective #
Using BitLocker
Plan server installations
and upgrades
1.1
Securing Network Access
Monitor and maintain
security and policies
3.3
Security
• Security is a concern on many levels, but for
the server administrator, the first concern is
the security of the individual server itself.
Physically Securing Servers
• In a rush to work with the many security
mechanisms provided by Windows Server
2008, some individuals forget about the
most basic security principle: the physical
security of the server itself.
Controlling Access
• In most cases, the term access control refers to
mechanisms that regulate access to computers,
software, or other resources.
• However, server administrators must understand that
the term also applies to the physical access that users
are granted to computers and other equipment.
• Protecting servers against theft is an important
consideration; servers and other network equipment
should always be kept under lock and key.
• Physical access control can also protect against other
occurrences, including fire, natural disasters, and even
simple accidents.
Using Physical Barriers
• A properly designed computer center or server
closet is one in which physical barriers prevent
access by anyone but authorized personnel, and
only when they have a specific reason to enter.
• Even authorized IT workers should not have to be
in the same room as sensitive networking
equipment because their desks are nearby or
because supplies are stored in there.
• In fact, servers should need very little physical
access at all, because administrators can perform
most maintenance and configuration tasks
remotely.
Biometrics
• For installations requiring extreme security, the
standard mechanisms used to control access to
the secured area, such as metal keys, magnetic
keycards, combinations, and passwords, might be
insufficient.
• Keys and keycards can be lent, lost, or stolen, and
passwords and combinations written down, shared,
or otherwise compromised.
• One increasingly popular alternative is biometrics,
the automatic identification of individuals based on
physiological characteristics.
Biometrics
• Biometric technologies can be used for two
different purposes: verification and identification.
• Biometric verification is a matter of confirming the
identity supplied by an individual.
– Fingerprint matching.
– Hand geometry.
– Iris or retinal scans.
– Speech recognition.
– Face recognition.
Security is a Balancing Act
• All security mechanisms are essentially a
compromise between the need to protect
valuable resources and the need to provide
access to them with a minimum of
inconvenience.
• Although administrators and managers are
responsible for implementing and enforcing
security policies, true security actually rests
in the hands of the people who use the
protected systems every day.
Social Engineering
• Social engineering is a term used to describe the
process of circumventing security barriers by
persuading authorized users to provide passwords
or other sensitive information.
• In many cases, users are duped into giving an
intruder access to a protected system through a
phone call in which the intruder claims to be an
employee in another department, a customer, or a
hardware vendor.
• A user might give out a seemingly innocent piece of
information, which the intruder then uses to elicit
more information from someone else.
Controlling the Environment
• The environment in which your servers must
operate is an important consideration in the
design and construction of the network and
in the technologies that you select.
• In places where high concentrations of
sensitive equipment are located, such as
computer centers and server closets, the
typical office environment is usually
augmented with additional air conditioning,
air filtration, humidity control, and/or power
conditioning.
Controlling the Environment
• In addition to protecting sensitive equipment
from theft and maintaining proper operating
conditions, fire is a major threat to continued
operation of your servers.
• The damage caused by fire, and by standard
firefighting techniques, can result not only in
data and equipment loss, but in damage to
the facilities themselves. This damage can
take a long time to repair before you can
even begin to install replacement
equipment.
Wireless Networking
• The increasing use of wireless networking
technologies has led to a new class of physical
security hazards that administrators should be
careful not to underestimate.
• The signals that most wireless networking
technologies use today can penetrate walls and
other barriers.
• You should test carefully to ascertain the
operational range of the devices and select
locations for the antennae that are near the center
of the building and as far away from the outside
walls as is practical.
Firewalls
• Once you have considered physical protection for
your servers, you can start to concern yourself with
the other main avenue of intrusion: the network.
• A firewall is a software program that protects a
computer by allowing certain types of network
traffic in and out of the system while blocking
others.
• A firewall is essentially a series of filters that
examine the contents of packets and the traffic
patterns to and from the network to determine
which packets they should allow to pass through
the filter.
Firewalls
• Some of the hazards that firewalls can protect
against are as follows:
– Network scanner applications that probe systems for
unguarded ports, which are essentially unlocked doors
that attackers can use to gain access to the system.
– Trojan horse applications that open a connection to a
computer on the Internet, enabling an attacker on the
outside to run programs or store data on the system.
– Attackers who obtain passwords by illicit means, such
as social engineering, and then use remote access
technologies to log on to a computer from another
location and compromise its data and programming.
Windows Server 2008 Firewall
• Windows Server 2008 includes a firewall program
called Windows Firewall, which is activated by
default on all Windows Server 2008 systems.
• By default, Windows Firewall blocks most network
traffic from entering the computer.
• Firewalls work by examining the contents of each
packet entering and leaving the computer and
comparing the information they find to a series of
rules, which specify which packets are allowed to
pass through the firewall and which are blocked.
TCP/IP Packets
• The three most important criteria that
firewalls can use in their rules are as follows:
– IP addresses.
– Protocol numbers.
– Port numbers.
Firewall Rules
• Firewall rules can function in two ways, as
follows:
– Admit all traffic, except that which conforms
to the applied rules.
– Block all traffic, except that which conforms
to the applied rules.
Windows Firewall
• Windows Firewall is a single program with one set of
rules, but there are two distinct interfaces you can use to
manage and monitor it.
• The Windows Firewall control panel provides a simplified
interface that enables administrators to avoid the details
of rules and port numbers.
• If you just want to turn the firewall on or off (typically for
testing or troubleshooting purposes), or work with the
firewall settings for a specific Windows role or feature,
you can do so simply by using the control panel.
• For full access to firewall rules and more sophisticated
functions, you must use the Windows Firewall with
Advanced Security console.
Windows Firewall
• In many cases, administrators never have to
work directly with Windows Firewall.
• Many of the roles and features included in
Windows Server 2008 automatically open
the appropriate firewall ports when you
install them.
• In other situations, the system warns you of
firewall issues.
Windows Explorer with Network Discovery
and File Sharing Turned Off
The Network and Sharing Center Control Panel
The Exceptions Tab of the Windows
Firewall Settings Dialog Box
The Windows Firewall with
Advanced Security Console
The Windows Firewall Control Panel Window
The Windows Firewall Settings Dialog Box
The Add a Program Dialog Box
The Change Scope Dialog Box
The Add a Port Dialog Box
Windows Firewall with Advanced Security Console
• The Windows Firewall Settings dialog box is
designed to enable administrators to create
exceptions in the current firewall settings as
needed.
• For full access to the Windows Firewall
configuration settings, you must use the
Windows Firewall With Advanced Security
snap-in for the Microsoft Management
Console.
Windows Firewall with Advanced Security Console
Profile Settings
• At the top of the Windows Firewall with Advanced
Security console’s detail (middle) pane,
• in the Overview section, are status displays for the
computer’s three possible network locations.
• Windows Firewall maintains separate profiles for
each of the three possible network locations:
domain, private, and public.
• If you connect the computer to a different network
(which is admittedly not likely with a server),
Windows Firewall can load a different profile and a
different set of rules.
Windows Firewall with Advanced Security
on Local Computer Dialog Box
Creating Rules
• The exceptions and ports that you can create
in the Windows Firewall Settings dialog box
are a relatively friendly method for working
with firewall rules.
• In the Windows Firewall with Advanced
Security console, you can work with the rules
in their raw form.
Inbound Rules List
Rules
• When you right-click the Inbound Rules (or
Outbound Rules) node and select New Rule from
the context menu, the New Inbound (or Outbound)
Rule Wizard takes you through the process of
configuring the following sets of parameters:
– Rule Type
– Program
– Protocol and Ports
– Scope
– Action
– Profile
– Name
The New Inbound Rule Wizard
Connection Security Rules
• Windows Server 2008 also includes a feature that
incorporates IPsec data protection into the
Windows Firewall.
• The IP Security (IPsec) standards are a collection of
documents that define a method for securing data
while it is in transit over a TCP/IP network.
• IPsec includes a connection establishment routine,
during which computers authenticate each other
before transmitting data, and a technique called
tunneling, in which data packets are encapsulated
within other packets, for their protection.
The New Connection Security Rule Wizard
BitLocker
• The Encrypting File System, which has been
available since Windows 2000, enables
users to protect specific files and folders so
that no one else can access them.
• BitLocker Drive Encryption, on the other
hand, is a new feature first released in
Windows Vista, which makes it possible to
encrypt an entire volume.
BitLocker
• The full volume encryption provided by BitLocker
has distinct advantages, including the following:
– Increased data protection.
– Integrity checking.
• Unlike EFS, BitLocker is not designed to protect
files for specific users, making it so other users
cannot access them.
• Instead, BitLocker protects entire volumes from
being compromised by unauthorized persons.
BitLocker
• To use BitLocker, you must have a computer with
the appropriate hardware and you must prepare it
properly before you install Windows Server 2008.
• Two of the three available BitLocker modes require
the computer to have a Trusted Platform Module
(TPM), version 1.2 or later, and a system BIOS that
is compatible with its use.
• The TPM is a dedicated cryptographic processor
chip that the system uses to store the BitLocker
encryption keys.
BitLocker
• In addition to having the TPM, and before you
install Windows Server 2008 or BitLocker, you
must create a system partition on the computer,
separate from the partition where you will install
the operating system.
• The system partition, which must be an active,
primary partition no less than 1.5 GB in size, will
remain unencrypted and contain the files needed
to boot the computer.
• In other words, this partition will hold all of the
software the computer must access before it has
unlocked the volume encrypted with BitLocker.
BitLocker Operation Modes
• Transparent operation mode.
• User authentication mode.
• USB key mode.
The Control Panel Setup: Enable Advanced Startup
Options Properties Dialog Box
The BitLocker Drive Encryption Control Panel
The Set BitLocker Startup Preferences Page
Authentication
• To authenticate a user on a network with
reasonable certainty that the individual is
who he or she claims to be, the user needs
to provide two pieces of information:
identification and proof of identity.
• Proof of Identity typically takes one of three
forms:
– Something you know.
– Something you have.
– Something you are.
Authentication Models
• Decentralized authentication
– Security Accounts Manager (SAM).
• Centralized authentication
– Active Directory.
Encryption
• To protect data stored on and transmitted
over a network, computers use various types
of Encryption to encode messages and
create digital signatures that verify their
authenticity.
• For one computer to encrypt a message and
another computer to decrypt it, both must
possess a key.
Encryption
• There are two types of encryption:
– Secret key encryption – Uses a single key to
encrypt and decrypt.
– Public key encryption – Uses a public key and
a private key.
Enhancing Security with Strong Passwords
• Encryption limits your organization’s vulnerability to
having user credentials intercepted and misused.
• Specifically, password encryption is designed to
make it extremely difficult for unauthorized users
to decrypt captured passwords.
• Ideally, when accounts use strong passwords, it
should take an attacker months, years, or decades
to extract a password after capturing the encrypted
or hashed data.
• During that time, the user should have changed
the password — thus rendering the cracked
password useless.
Enhancing Security with Strong Passwords
• Weak passwords, on the other hand, can be
cracked in a matter of hours or days, even when
encrypted.
• Encryption also cannot protect against passwords
that are easily guessable, because weak
passwords are vulnerable to dictionary attacks.
• Dictionary attacks encrypt a list of common
passwords and compare the results with the
captured cyphertext.
• If the password appears in the password
dictionary, the attacker can identify the password
quickly.
• You can defend against this vulnerability by
Enhancing Security with Strong Passwords
• A strong password is one that a user can
easily remember but is also too complex for
a stranger to guess.
Password Policies
• To help network administrators implement
strong passwords, Windows Server 2008
provides a series of password settings that
you can implement using Group Policy,
either locally or through Active Directory.
• An effective combination of password
policies compels users to select appropriate
passwords and change them at regular
intervals.
Password Policies
Account Lockout
• Account lockout policies exist to limit your network’s
vulnerability to password-guessing attacks.
• When you implement account lockout policies, a user
account is automatically locked out after a specified
number of incorrect authentication attempts.
• Windows Server 2008 does not enable account
lockouts by default, and for a good reason: enabling
account lockouts exposes you to a denial-of-service
vulnerability.
• A malicious attacker with access to user names can
guess incorrect passwords and lock everyone’s
accounts, which denies legitimate users from
accessing network resources.
Account Lockout Policies
Kerberos Authentication
• Enterprise networks that use Active Directory
authenticate their users with the Kerberos
authentication protocol.
• The three components of Kerberos are as follows:
– The client requesting services or authentication.
– The server hosting the services requested by the
client.
– A computer functioning as an authentication
provider, which is trusted by both the client and the
server.
Key Distribution Center (KDC)
• In the case of a Windows Server 2008 network, the
authentication provider is a Windows Server 2008
domain controller running the Kerberos Key
Distribution Center (KDC) service.
• The KDC maintains a database of account
information for all security principals in the domain.
• A security principal is any user, computer, or
service account that logs on to the domain.
• The KDC also stores a cryptographic key known
only to the security principal and the KDC.
• This key, derived from a user’s logon password, is
used in exchanges between the security principal
and the KDC and is known as a long-term key.
Key Distribution Center (KDC)
• To generate tickets, the KDC uses the
following two services:
– Authentication Service (AS) — Issues ticket
granting tickets (TGTs) to users that supply
valid authentication credentials, which
prevents the user from having to reauthenticate each time it requests access to
a network resource.
– Ticket-Granting Service (TGS) — Issues
service tickets that provide users with access
to specific network resources.
Kerberos Authentication Service Exchange
Kerberos Ticket-Granting Service Exchange
Kerberos Client/Server Exchange
Controlling Kerberos Authentication
Using Group Policies
• Although most of the transactions in a Kerberos
authentication are invisible to both users and
administrators, there are some Group Policy
settings you can use to configure the properties of
the Kerberos tickets issued by your domain
controllers.
• Reasonable Kerberos ticket lifetimes must be short
enough to prevent attackers from cracking the
cryptography that protects the ticket’s stored
credentials and long enough to ensure that
requests for new tickets do not overload the KDC
and network.
Kerberos Policies in the Group
Policy Management Editor
Authorization
• Authorization is the process of determining
whether an authenticated user is allowed to
perform a requested action.
– Rights
– Permissions
•Share permissions
•NTFS permissions
•Registry permissions
•Active Directory permissions
Windows Permission Architecture
• To store the permissions, each of these resources
has an access control list (ACL).
• An ACL is a collection of individual permissions, in
the form of access control entries (ACEs).
• Each ACE consists of a security principal (that is,
the name of the user, group, or computer granted
the permissions) and the specific permissions
assigned to that security principal.
• When you manage permissions in any of the
Windows Server 2008 permission systems, you are
actually creating and modifying the ACEs in an ACL.
The Security Tab of a Properties Sheet
Standard and Special Permissions
• Windows provides preconfigured permission
combinations suitable for most common access
control chores.
• When you open the Properties sheet for a system
resource and look at its Security tab, the NTFS
permissions you see are called standard
permissions.
• Standard permissions are actually combinations of
special permissions, which provide the most
granular control over the resource.
The Advanced Security Settings Dialog Box
Allowing and Denying Permissions
• There are two basic types of ACE: Allow and Deny.
• This makes it possible to approach permission
management tasks from two directions:
– Additive — Starts with no permissions and then grants
Allow permissions to individual security principals to
provide them with the access they need.
– Subtractive — Starts by granting all possible Allow
permissions to individual security principals, providing
them with full control over the system resource, and
then grants them Deny permissions for the access you
don’t want them to have.
Inheriting Permissions
• The most important principle in permission
management is that permissions tend to run
downward through a hierarchy.
• This is called permission inheritance.
Permission inheritance means that parent
resources pass their permissions down to
their subordinates.
• With inheritance, you can grant access to an
entire file system by creating one set of
Allow permissions.
Inheriting Permissions
Effective Permissions
• A security principal can receive permissions in many
ways, and it is important for an administrator to
understand how these permissions interact.
• The combination of Allow permissions and Deny
permissions that a security principal receives for a
given system resource, whether explicitly assigned,
inherited, or received through a group membership, is
called the effective permissions for that resource.
• Because a security principal can receive permissions
from so many sources, it is not unusual for those
permissions to conflict, so rules define how the
permissions combine to form the effective
permissions.
Effective Permissions
• Allow permissions are cumulative.
• Deny permissions override Allow
permissions.
• Explicit permissions take precedence over
inherited permissions.
The Effective Permissions Tab
NTFS Permissions
The Editable Advanced Security Settings Dialog Box
The Permissions Entry Dialog Box
Summary
• Before you consider any other security
mechanisms or even operating system and
application deployments, you should take
steps to ensure that your servers are stored
in a location that is physically secure.
• Biometric identification is the process of
establishing an individual’s identity based on
biometric information, essentially asking the
system to indicate who the person is.
Summary
• A firewall is a software program that protects
a computer by allowing certain types of
network traffic in and out of the system while
blocking others.
• A firewall is essentially a series of filters that
examines the contents of packets and the
traffic patterns to and from the network to
determine which packets it should allow to
pass through the filter.
Summary
• The default rules preconfigured into the
firewall are designed to admit the traffic
used by standard Windows networking
functions, such as file and printer sharing.
• For outgoing network traffic, Windows
Firewall allows all traffic to pass the firewall
except that which conforms to a rule.
Summary
• The Windows Firewall Settings dialog box is
designed to enable administrators to create
exceptions in the current firewall settings as
needed.
• For full access to the Windows Firewall
configuration settings, you must use the
Windows Firewall With Advanced Security
snap-in for the Microsoft Management
Console.
Summary
• BitLocker Drive Encryption is a new feature,
first released in Windows Vista, that makes it
possible to encrypt an entire volume.
• When you use Active Directory on an
enterprise network, it becomes responsible
for two of the most critical security concepts
in computing: authentication and
authorization.
Summary
• On most networks, users identify themselves
with an account name or an email address.
• The proof of identity can vary, however,
typically taking one of three forms:
something you know, something you have, or
something you are.
Summary
• To protect data stored on and transmitted
over a network, computers use various types
of encryption to encode messages and
create digital signatures that verify their
authenticity.
• For one computer to encrypt a message and
another computer to decrypt it, both must
possess a key.
Summary
• Windows Server 2008 provides a series of
password settings that you can implement
using Group Policy, either locally or through
Active Directory.
• An effective combination of password
policies compels users to select appropriate
passwords and change them at regular
intervals.
Summary
• Enterprise networks that use Active Directory
authenticate their users with the Kerberos
authentication protocol.
• Authorization is the process of determining
whether an authenticated user is allowed to
perform a requested action.
Summary
• Files, folders, shares, registry keys, and
Active Directory objects are all protected by
permissions.
• To store the permissions, each of these
resources has an access control list (ACL).
• An ACL is a collection of individual
permissions in the form of access control
entries (ACEs).
Summary
• Each ACE consists of a security principal
(that is, the name of the user, group, or
computer granted the permissions) and the
specific permissions assigned to that
security principal.
• When you manage permissions in any of the
Windows Server 2008 permission systems,
you are actually creating and modifying the
ACEs in an ACL.