Technical Requirements - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Technical Requirements

Description:

Any reference to products are for example only and are not an ... editor (regedit) ... regedit. Chapter 8. Windows NT. Account Controls. User ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 38
Provided by: SandyP1
Category:

less

Transcript and Presenter's Notes

Title: Technical Requirements


1
FAISSR
  • Technical Requirements
  • What is feasible?
  • How do I Configure Security Features?

This presentation was produced for the Florida
Association of IS Security Representatives
(FAISSR). Any reference to products are for
example only and are not an endorsement by
FAISSR. CAUTION - Not all of the information in
this presentation has been tested.
Implementation of the suggestions contained in
this presentation must be validated by the ISSM
and approved by the CSA.
3-Apr-2001
2
Before we Start .
DISCLAIMER
  • This presentation is intended as a Starting Point
    only
  • Not everything in this presentation has been
    verified (tested)
  • Viewgraphs that define events to be audited are a
    first cut suggestion to meet the minimum
    requirements

3
Technical Security Features
  • Technical Security Features now required by
    Chapter 8
  • Logon Authentication
  • Session Controls
  • Access Controls
  • Audit
  • When technically feasible ??

4
The Questions .
SGI IRIX
?
 
5
Windows 95/98
6
Windows 95/98
  • Logon Banner
  • Use MS Paint to create a Bitmap Image (.bmp) with
    the DoD Banner. Within paint, select File gt Set
    as Wallpaper (Centered)
  • Windows 95/98 is not capable of implementing any
    other technical security features

7
Windows NT
8
Windows NT
   
  • Logon Banner
  • Execute the registry editor (regedit)
  • Edit the key HKEY_LOCAL_MACHINE\Software\Microsoft
    \WindowsNT\CurrentVersion\Winlogon

 
9
Windows NT
   
  • Account Controls
  • User Manager for Domains
  • Disable the Guest Account

10
Windows NT
   
  • Password and Logon Controls
  • User Manager for Domains
  • Policies gt Account Policies

 
11
Windows NT
   
  • Audit Policies
  • User Manager for Domains
  • Policies gt Audit Policies

 
12
Windows NT
  • Access Controls NTFS versus FAT
  • You must convert to an NTFS file system in order
    to perform auditing of access to files
  • Execute the convert utility from the DOS prompt.
  • When executed on the system disk, it will perform
    the conversion during the next boot.

13
Windows NT
  • Access Controls
  • Setting permissions on Files/Directories
  • Bring up the File Properties window
  • Right click on the File gt Properties

14
Windows NT
  • Access Controls
  • Select Permissions gt Security
  • Allow Authenticated Users to - Read Execute,
    List Folder Contents, Read
  • Remove Everyone
  • Users that have
  • not authenticated

15
Windows NT
  • Access Controls
  • In addition to permissions on files, privileged
    and non-privileged users may be controlled
    through
  • Granting or denying access to built-in groups
    with pre-defined privileges Administrators,
    Backup Operators, Poser Users, Server Operators,
    Account Operators, Print Operators.
  • Granting or denying access to User Rights through
    the User Rights Policy window in User Manager
    for Domains
  • The RunAs service, executed from the DOS prompt
    allows someone with knowledge of an account
    password to execute a program as another user
    (e.g. Administrator)

16
Windows NT
  • Specifying Files/Directories to be Audited
  • Bring up the File Properties window
  • Right click on the File gt Properties

17
Windows NT
  • Specifying Files/Directories to be Audited
  • Add
  • Select Everyone gt Add gt OK

18
Windows NT
  • Specifying Files/Directories to be Audited
  • Replace Auditing on Sub-Directories - Yes
  • Replace Auditing on Existing Files - Yes
  • Enable all Fails

19
Windows NT
  • Reviewing NT Audit Files
  • Event Viewer
  • Security Event Log

20
Windows NT
  • Reviewing NT Audit Files
  • Double click on individual records

21
Windows NT
  • Events of Interest
  • 517 Audit Log cleared
  • 529 Logon Failure Unknown username or bad
    password
  • 531 Logon Failure Account disabled
  • 532 Logon Failure Account expired
  • 533 Logon Failure Not authorized for this
    system
  • 535 Logon Failure Password expired
  • 537 Logon Failure Catch all for other reasons
  • 539 Logon Failure Account Locked Out due to
    failed attempts
  • 578 Privileged Object Operation
  • 612 Audit Policy Change
  • 624 User Account Created
  • 627 Password Change by account owner
  • 628 Password Change by privileged user

22
Windows NT
  • Security Configuration Editor
  • Enables you to create a security configuration
    template and apply that template to multiple
    machines
  • Available with Windows NT 4.0 Resource Kit

23
Windows 2000
24
Windows 2000
   
  • Windows 2000 Security Features are similar to
    Windows NT
  • All Security Policy Information is stored within
    Active Directory
  • Different User Interface
  • Domain Security Policy
  • Active Directory Users and Computers

25
Windows 2000
   
  • Domain Security Policy

26
Windows 2000
   
  • Password Policies

27
Windows 2000
   
  • Password Policies

28
Windows 2000
   
  • Account Lockout Policies

29
Windows 2000
   
  • Account Lockout Policies
  • When you set the lockout threshold to 5, the
    lockout duration and lockout reset policies will
    default to 30. You will need to change them to 5.

30
Windows 2000
   
  • Audit Policies

31
Windows 2000
   
  • Audit Policies

32
Windows 2000
   
  • Audit Policies
  • Also
  • Process Tracking Disable
  • Privilege Use Audit both Success and Failure

33
Windows 2000
   
  • Local Policies Set Logon Banner

34
Windows 2000
   
  • Active Directory Users and Computers
  • Disable the Guest Account

35
Windows 2000
   
  • Access Controls
  • Same as Windows NT - File permissions, assignment
    of users to privileged groups (new groups Cert
    publishers, Enterprise Admins, and Schema Admins)
    , and assignment of user rights. The RunAs
    services now has a GUI interface and is called
    the Secondary Logon Service (SLS)
  • Configuring files to be audited
  • Same as Windows NT
  • Security Configuration Editor
  • Built into Windows 2000
  • Snap-in to Management Console
  • Comes with pre-defined security templates that
    may be customized

36
Windows 2000
  • Reviewing Windows 2000 Audit Files
  • Event Viewer
  • Pretend this is a screen shot from Windows 2000,
    essentially the same as Windows NT

37
One more slide .
  • What I havent told you .
  • How to control the size and maintenance of audit
    files. Make sure you research this and plan for
    plenty of disk space!
  • Be aware that these audit systems can be
    configured to shut down auditing if a disk fills
    up .. Or shut down the system
  • The impact on performance from auditing.
  • A strategy to archive all of the audit files so
    they can be kept for the required time periods
Write a Comment
User Comments (0)
About PowerShow.com