presentation5
Download
Report
Transcript presentation5
COMP3122
Network Management
Richard Henson
March 2011
Week 5 – Active Directory &
Domain Security
Objectives
– Explain the essential features of a secure
networked system
– Use W2K group policies to implement networkwide security
– Identify the weak links in a networked
system and take steps to reduce/eliminate
the possibility of unauthorised access
The Nature of
Security within Networks
Data held on a single workstation in an open
office is unlikely to be truly secure
– operating system itself may be secure…
– still possible for the hard disk to be removed and
the data extracted in a different environment!!
Two Protection issues to be addressed:
– unauthorised system access
» network configuration & monitoring
– undesirable physical access
» keeping people away… & locking it down…
Physical Security of the Network
What to do with sensitive data
– hold in an encrypted form
– on a computer in a secure room
» only network administrators can gain access
» no chance of an outsider physically getting hold of the hard disk
containing the data
– in the highly unlikely event that an outsider/rogue
insider did get hold of the data, they wouldn’t be able
to make sense of it
Data should also be backed up in another
location in case of fire, earthquakes, etc
Physical Security
of copied data
Typically on CD or memory stick
– could also be removable hard disk
Simple way to keep copied data secure:
– password protection not enough…
– use strong encryption over all files
» previous, deleted data might still be accessible
Accessing Data on a
Secure Computer
Users should only be able to access
organisational data via network from the
server
Even then, potential physical & system
vulnerabilities:
– physical security of data as it travels along
a cable
– unauthorised access to downloaded data
» at rest on the client machine
» whilst being accessed by an authorised user
Vodafone (and how not to
do network security…)
Yesterday morning, 100,000 people couldn’t
use the Vodafone network
– thieves broke into the operator's Basingstoke
exchange and stole their switches (i.e. routers)
– the police were quickly notified
Vodafone noticed its own network collapsing
– assembled its "War Room" which is supposed to
deal with network outages
It took 12 hours to fix the problem
– why was such critical kit so vulnerable?
User Responsibility
Rule of the network:
– all users MUST bear responsibility for data they
access
– should enter a signed agreement when they get
their log on
To support this, network software should
make sure that:
– users have appropriate access through allocation
to groups
– user activities can be monitored and logged
– sufficient auditing is undertaken to scrutinise the
activity of individual users…
Accessing Data on a
Secure Computer
Typical user errors:
– giving other employees/outsiders their password
– using an easily guessed password
Typical administrator errors:
– leaving username on display after log off
– not enforcing long (8 character min, inc
caps/lower, number, punct. mark) passwords
– not ensuring that the downloaded data is
physically no longer available once that user has
logged off
Accessing Data on
a Secure Computer
Client machine MUST use an operating
system that allows file/folder level security
Suitable secure desktop file systems:
– UNIX file system
– NTFS
Alternative is to use dumb terminals
– no local storage
– impossible to get at the electronic data from the
client end
Accessing Data on a
Secure Computer
BUT even with a secure file system, other users
could still see the screen!
Even with no local storage:
– the data will be displayed on a screen
– with poor user technique:
» data could even be left on the screen
» the screen contents could be photographed by someone…
Answer:
– use screen savers that cut in very quickly when a
mouse button is not being clicked
Printing or Emailing
Accessed Data
If someone has security rights to access
the data, they will also be able to:
– print it out
– email it to someone else
Anyone with such rights must therefore
be completely trustworthy…
How File Systems
Manage Security (revision?)
Several different levels of permissions
Particular folder permissions allocated to
groups of users, starting from the root e.g.
– managers may have read, execute, and write
– students may have read and execute only
Files inherit the permissions of the folder that
contains them
Subfolders inherit the characteristics of the
parent folder
Inheritance can be overridden
Security Policy
Responsibilities of network users and
administrators needs to be clearly
defined as a matter of organisational
policy
– objective: ensure that AT ALL TIMES
company data is only being accessed by
an authorised user
Security Policies
Define expectations for:
– proper computer usage
– procedures for preventing and responding to security
incidents
Can be imposed in two ways:
– Local system policy
» security policy file held on individual computers
– Group policy
» uses active directory to impose policy across the domain
» not possible for computers running NT
» not possible if partitions are formatted using FAT or FAT-32
Enforcement of Policy on
Windows networks
Local system policy
– security policy file held on individual computers
Group policy
– uses active directory to impose policy across the
domain
– not possible for pre-Windows 2000 operating
systems
– not possible if partitions are formatted using FAT
or FAT-32
Security Template Files
“one I prepared earlier…”
– quicker to customise to needs than start over…
Implementation of security policy on
– Individuals & groups on Windows networks
– 600+ settings in Windows 2000, now many
more…
Stored as a text file (.inf)
– predefined templates are “ready to use” e.g. :
»
»
»
»
basic (default)
compatible (all applications still run)
secure
high (testing high security applications only)
Using Security Templates
SAM (security accounts manager)
crucial to setting up user security:
– controls security during logon process
During logon, security templates
imported into the relevant SAM of:
– each individual computer (system policy)
– the domain controller of a Windows domain
(group policy)
Analysing/Changing
Local Security
Templates & SAM combine:
– default security configuration of the local
computer compared with a configuration imported
from a template
– configuration then changed to become like the
template
Changes to template settings achieved by
– GUI: security configuration “snap in”
Or:
– command line tool (secedit.exe)
Implementing Policy
Group Policy settings are really
powerful
– only administrators have access to
manage these on a system or domain
As with computer policy…
– usually more convenient to edit an existing
policy template than create a new one from
scratch
Auditing Access to
System/Network Resources
Auditing - the process of tracking predefined
events
Many events can be tracked on a computer
and computer network…
– a record of each event is written to an “event file”
Contents of a Windows network Audit record:
–
–
–
–
Action
User
Success or failure
Additional info
» e.g. computer ID where event occurred/failed
Access to Audit Entries
All recent Windows systems are capable of
recording a wide range of events
– saved in Security Event Log
– as a structured text file
Contents easily viewed
– service called Event Viewer
– available from menus
The Importance of Audit
Essential in the case of:
– network failure
– server failure
– breach of security
Extremely useful for troubleshooting:
– what failed
– what went wrong
– finding who’s username was used to hack
into the system
What to Audit
Audit files can grow very large, very quickly,
– only essential information should be stored
Examples:
–
–
–
–
–
–
–
–
Account logon
Account Management
Active Directory object access
Logon
Object access
Policy Change
Privilege Use
Process Tracking
Audit Policy
Part of Information Security Policy
– Again, implemented through Group Policy
Planning:
–
–
–
–
–
which computers need events auditing?
which events to audit?
whether to audit success or failure (or both!)
whether to track trends of system usage?
when to schedule review of security logs?
Set up:
– security template for Group Policy
Auditing Access to
“file object” resources
– failure for read operations
– success and failure for delete
– success and failure for:
» change permissions
» take ownership
– success and failure of all operations
attempted by “guests” group
– file and folder access on shares
Auditing Access to Windows
“print object” resources
Reminder from COMP2122:
– Windows “printer” = printing management system
– Print device = physical printer
Auditing specified printers:
– failure events for print operations on restricted
printers
success and failure for full control operations
– success events for delete so incomplete print jobs
can be tracked
– success and failure for change permissions and
take control on restricted printers
Implementing an Audit Policy
on a System
Typical Policy Settings:
–
–
–
–
–
–
Password policy
Account Lockout policy
Audit policy
IP Security policy
user rights assignment
recovery agents for encrypted data
Local/Domain Security Policy
Local:
– available for all Windows 2000/XP/Vista/7
computers that are not domain controllers
Domain:
– local security settings still apply when
logged on locally
» but may well be overridden by policies received
from the domain controller, when logging on to
the domain
Policy Files & Tools
for editing them
Management of Policy:
– MMC (Microsoft Management Console)
– available via command line (type mmc) to
create “console” files for system admin
– user mode:
» access existing MMC consoles to administer a
system
– author mode:
» creation of new consoles or modifying existing
MMC consoles
The “Security Configuration
and Analysis” options & “Local
Policy” MMC snap ins
“Analyse computer now”
– full run down of the current settings (i.e. settings for the local
machine)
– way of checking the “local policy”
“Select local policies”
– lists of settings in categories
– e.g. security settings
» large number of settings
» control security aspects of local policy
» each setting can be set to either enabled, disabled, or not configured
“Megatool” GPMC
(Group Policy Management Console)
One of 2003’s best features…
– “contains a rich variety of tools for creating,
editing, observing, modelling and reporting
on all aspects of Group Policy”
– Also unifies Group Policy management
across the Active Directory forest
GPMC Integration
of User Management Tools
Administrators of earlier Windows networks
needed multiple tools to do this:
– Microsoft Active Directory Users and Computers
– Delegation Wizard
– ACL Editor
The story goes that 'Barking Eddie' spent two
weeks documenting all the Group Policies for
one company
– when told about GPMC, he was crestfallen and said
he could have done that same job in half an hour…
GPMC User Interface
Easy creation and editing of Group Policy
WMI filtering mechanism allows application of
policies:
» to a particular machine
» only if there is enough disk space
Options to backup, restore, import, and copy
Group Policy Objects
Simplified management of Group Policyrelated security
Reporting for GPO settings and Resultant Set
of Policy (RSoP) data
Using GPMC
Available from MMC
– Standalone Snap-in dialog box
Creating a custom console including GPMC:
– select Group Policy Management option and click
Add, click Close, OK
Several sample scripts available
– found in the %ProgramFiles%\GPMC\Scripts folder
» use cscript.exe to execute
– ScriptingReadMe.rtf file in the scripts folder
Rolling out a Group Policy
Plan the Managed Network Environment:
– consider various Common Desktop Management
Scenarios
– try them out using Group Policy Management
Console
Design a Group Policy Infrastructure
Deploy Group Policy including Security Policy
Troubleshoot…