Transcript Module6 - ICTSHOP

Microsoft Official Course
®
Module 6
Implementing Network Security
Module Overview
• Overview of Threats to Network Security
• Configuring Windows Firewall
• Securing Network Traffic
• Configuring Windows Defender
Lesson 1: Overview of Threats to Network Security
• Common Network Security Threats
• What Is Defense-in-Depth?
• Options for Mitigation of Network Security Threats
Common Network Security Threats
• There are a variety of network security threats, but they fall
into a number of categories
• Common network-based security threats include:
• Eavesdropping
• Denial-of-service
• Port scanning
• Man-in-the-middle
• Hacking is a generic term that refers to the act of trying to
crack a computer program or code
What Is Defense-in-Depth?
Defense-in-depth uses a layered approach to security, which:
• Reduces an attacker’s chance of success
• Increases an attacker’s risk of detection
Data
Application
Host
Internal Network
Perimeter
Physical Security
Policies, Procedures, and
Awareness
Access Control Lists, encryption,
Encrypting File System, Digital Rights
Management
Application hardening, antivirus
Hardening, authentication, update
management, host-based intrusion
detection system
Network segments, Internet Protocol
Security, Network Intrusion Detection
System
Firewalls, Network Access Quarantine
Control
Guards, locks, tracking devices
Security documents, user education
Options for Mitigation of Network Security Threats
It is important to implement a holistic approach to
network security to ensure that one loophole or
omission does not result in another
Attack
Mitigations
Eavesdropping
IPsec, VPNs, intrusion detection
Denial-of-service
Firewalls, perimeter networks, IPsec, server
hardening
Port scanning
Server hardening, firewalls
Man-in-the-middle
IPsec, DNSSEC
Virus, malicious
code
Software updates
Lesson 2: Configuring Windows Firewall
• Network Location Profiles
• Configuring Basic Firewall Settings
• Windows Firewall with Advanced Security Settings
• Well-Known Ports
• Demonstration: Configuring Inbound and
Outbound Rules
Network Location Profiles
• The first time that your server connects to a network, you
must select a network location
• There are three network location types:
• Private networks
• Public networks
• Domain networks
Configuring Basic Firewall Settings
• Configure network locations
• Turn Windows Firewall on or off, and customize
network location settings
• Add, change, or remove allowed programs
• Set up or modify multiple active profile settings
• Configure notifications for Windows Firewall
Windows Firewall with Advanced Security Settings
• Use
the Properties
page
to configure
firewall
properties
Windows
Firewall
with is
Advanced
Security
filters
incoming
and
outgoing
The
Properties
page
used
to configure
firewall
properties
for
on its
configuration
for domain,
private,
and
public
network
domain,
private,connections
and
publicbased
network
profiles,
and toprofiles,
configureand
IPsecto
settings.
configure IPsec settings
• Use inbound
rulesallow
to explicitly
block
that
Inbound
rules explicitly
or explicitlyallow
blockor
traffic
thattraffic
matches
criteria
in the rule.
matches
the rule’s criteria
• Use outbound rules to explicitly allow or deny traffic
Outbound
rules explicitly
explicitly deny
originating
that originates
fromallow
theor
computer
thattraffic
matches
the
from the computer that matches the criteria in the rule.
rule’s criteria
•Connection
Use IPsec
rulesrules
to use
IPsec
to by
secure
while
it
security
secure
traffic
using traffic
IPsec while
it crosses
thecrosses
network.the network
monitoring
interface displays
information
current firewall
•TheUse
the monitoring
interface
to viewabout
information
about
rules,
connection
security
rules,
andrules,
security
associations.
current
firewall
rules,
IPsec
and
security
associations
Well-Known Ports
TCP
ARP
IPv4
Ethernet
IGMP
ICMP
SNMP (161)
DNS (53)
POP3 (110)
SMTP (25)
FTP (21)
HTTPS (443)
HTTP (80)
When an application wants to establish communications
with an application on a remote host, it creates a TCP or
UDP socket
TCP/IP Protocol Suite
UDP
IPv6
Demonstration: Configuring Inbound and
Outbound Rules
In this demonstration, you will see how to:
• Configure an inbound rule
• Test the inbound rule
• Configure an outbound rule
• Test the outbound rule
Lab A: Configuring Inbound and Outbound
Firewall Rules
• Exercise 1: Creating an Inbound Firewall Rule
• Exercise 2: Creating an Outbound Firewall Rule
Logon Information
Virtual Machines
User Name
Password
20687B-LON-DC1
20687B-LON-CL1
20687B-LON-CL2
Adatum\Administrator
Pa$$w0rd
Estimated Time: 20 minutes
Lab Scenario
Remote desktop is enabled on all client systems through a
Group Policy Object (GPO). However, as part of your
infrastructure security plan, you must configure certain
desktops systems, such as the HR department systems, for
limited exposure to remote connections. Before
implementing the firewall rules in a GPO you want to
validate your plan by manually configuring the rules on
local systems. Due to the sensitive nature of the data that
could be on these systems, you decide to use firewall rules
to prevent all but specific systems from connecting to
them remotely. Additionally certain helpdesk systems are
not allowed to use the Remote Desktop Connection
(MSTSC.exe) program to connect to certain servers. You
decide to control this through local firewall rules blocking
outbound traffic on the client systems.
Lab Review
• In your environment, where do you use
workstation-based firewalls?
Lesson 3: Securing Network Traffic
• Benefits of IPsec
• Using IPsec
• Tools for Configuring IPsec
• What Are IPsec Rules?
• Configuring Authentication
• Choosing an Authentication Method
• Monitoring Connection Security
• Demonstration: Configuring an IPsec Rule
Benefits of IPsec
IPsec is a suite of protocols that allows secure, encrypted
communication between two computers over an unsecured
network
• IPsec has two goals: packet encryption and mutual
authentication between systems
• Configuring IPsec on sending and receiving computers
enables the two computers to send secured data to each
other
• IPsec secures network traffic by using encryption and data
signing
• An IPsec policy defines the type of traffic that IPsec
examines, how that traffic is secured and encrypted, and
how IPsec peers are authenticated
Using IPsec
Recommended uses of IPsec include:
• Packet filtering
• Authenticating and encrypting host-to-host traffic
• Authenticating and encrypting traffic to specific servers
• Providing L2TP/IPsec for VPN connections
• Site-to-site tunneling
• Enforcing logical networks
Tools for Configuring IPsec
To configure IPsec, you can use:
• Windows Firewall with Advanced Security MMC
(also used for Windows Server 2008 R2 and Windows 7)
• IP Security Policy MMC (Used for mixed environments
and to configure policies that apply to all Windows versions)
• Netsh command-line tool
• PowerShell NetSecurity module cmdlets
What Are IPsec Rules?
Connection security rules involve:
• Authenticating two computers before they begin
communications
• Securing information being sent between two computers
• Using key exchange, authentication, data integrity,
and data encryption (optionally)
How firewall rules and connection rules are related:
• Firewall rules allow traffic through, but do not secure
that traffic
• Connection security rules can secure the traffic,
but depend on a firewall rule to allow traffic through
the firewall
Configuring Authentication
When using the Connection Security Rule Wizard to create a new rule,
you use the Requirements page to choose one of the following:
Option
Request Authentication for
inbound and outbound
connections
Require authentication for
inbound connections and
request authentication for
outbound connections
Require authentication for
inbound and outbound
connections
Description
Ask that all inbound/outbound
traffic be authenticated, but allow
the connection if authentication fails
• Require inbound traffic be
authenticated or it will be blocked
• Outbound traffic can be
authenticated, but will be allowed if
authentication fails
Require that all inbound/outbound
traffic be authenticated or the traffic
will be blocked
Choosing an Authentication Method
Method
Key Points
Default
Use the authentication method that you configure on the
IPsec Settings tab.
Computer and User
(Kerberos V5)
You can request or require that both the user and computer
authenticate before communications can continue.
Requires domain membership.
Computer (Kerberos
V5)
Request or require the computer to authenticate using
Kerberos v5. Requires domain membership.
User (Kerberos V5)
Request or require the user to authenticate using Kerberos
v5. Requires domain membership.
• Request or require a valid computer certificate, requires at
Computer certificate
least one CA.
• Only accept health certificates: Request or require a valid
health certificate to authenticate, requires IPsec NAP.
Advanced
Configure any available method. You can specify methods
for first and second Authentication.
Monitoring Connection Security
Options
for usingFirewall
the IP Security
Monitor:
The Windows
in Windows
8
incorporates IPsec
• Modify IPsec data refresh interval to update information in the
• Use
theat Connection
Security Rules
console
a set interval
•and
AllowSecurity
DNS name resolution
for IP addresses
to provide
Associations
nodes
to additional
information about computers connecting with IPsec
monitor IPsec connections
• Computers can monitored remotely:
• Security
Associations
that you
• To enable
remote management
editing,can
the
HKLM\system\currentcontrolset\services\policyagent
key
monitor
include:
must have a value of 1
• To
Active security policy on a computer, examine
• Discover
Main the
Mode
the Active Policy Node in the IP Security Monitoring MMC
• Quick
Mode monitors initial IKE and SA:
• Main
Mode Monitoring
•
Information about the Internet Key Exchange
• Quick Mode Monitoring monitors subsequent key exchanges
related to IPsec:
•
Information about the IPsec driver
Demonstration: Configuring an IPsec Rule
In this demonstration, you will see how to:
• Create a connection security rule
• Review monitoring settings in Windows Firewall
Lab B: Configuring IPsec Rules
• Exercise 1: Creating and Configuring IPsec Rules
Logon Information
Virtual Machines
User Name
Password
20687B-LON-DC1
20687B-LON-CL1
20687B-LON-CL2
Adatum\Administrator
Pa$$w0rd
Estimated Time: 20 minutes
Lab Scenario
A. Datum uses many outside consultants. The
enterprise’s management has a concern that if a
consultant was on the company network, they
may be able to connect to unauthorized
computers.
Lab Review
• In your environment, where do you use
authenticated connections between workstation
computers?
Lesson 4: Configuring Windows Defender
• What Is Windows Defender?
• Scanning Options in Windows Defender
• Demonstration: Configuring Windows Defender
Settings
What Is Windows Defender?
Windows Defender is software that helps protect the
computer against security threats by detecting and
removing known spyware from the computer
Schedules scans to occur on a regular basis
Provides configurable responses to severe, high,
medium, and low alert levels
Works with Windows Update to automatically
install new spyware definitions
Provides customizable options to exclude files,
folders, and file types
Scanning Options in Windows Defender
You define when to scan:
When a scan results display on the Home page.
Scan Type
Description
Quick scan
Scan the areas of the computer that are most likely to be infected
Full scan
Scan all areas of the computer
Custom scan
Scan specific areas of the computer only
You define scan options:
Option
Scan archive files
Scan removable drives
Create a system restore
point
Allow all users to view
the full History results
Description
Include any archive files, such as .zip or .cab files
Includes removable drives, such as USB flash drives, when
running a full scan
Create a system restore point before removing, running, or
quarantining detected items
Allow all users of this PC to see all detected items on the
History tab
Remove quarantined files Quarantined files remain disabled until you allow or remove
them. The default time is one month
after: <time>
Demonstration: Configuring Windows Defender
Settings
In this demonstration, you will see how to:
• Perform a quick scan
• Test Malware Detection
• Examine the Window Defender History
Lab C: Configuring Host-Based Virus and
Malware Protection
• Exercise 1: Configuring Windows Defender
Logon Information
Virtual Machines
User Name
Password
20687B-LON-DC1
20687B-LON-CL1
Adatum\Administrator
Pa$$w0rd
Estimated Time: 10 minutes
Lab Scenario
You are planning to use Window Defender to
check for malicious files every day. You also want
to ensure that Windows Defender will quarantine
any files that it considers a severe risk to your
system’s security.
Lab Review
• In your environment, how often are your client
computers infected with malware?
Module Review and Takeaways
• Review Questions
• Tools
• Best Practice