10 Best Practices for Windows Security - PowerPoint PPT Presentation

Loading...

PPT – 10 Best Practices for Windows Security PowerPoint presentation | free to view - id: 2125e-ZTFkN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

10 Best Practices for Windows Security

Description:

Download free from Microsoft, install and configure. Configure Clients ... Download Feature Pack (free to licensed SMS users) Configure for automated update ... – PowerPoint PPT presentation

Number of Views:303
Avg rating:3.0/5.0
Slides: 34
Provided by: searchwini
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 10 Best Practices for Windows Security


1
10 Best Practices for Windows Security
  • How many of them are you doing?
  • Roberta Bragg

2
1. Keep Systems up to date
  • CERT, and others 90 95 of successful
    attacks could be prevented with up-to-date
    systems
  • Every single attack in Hacking Exposed is
    balanced with a configuration or patch already in
    existence
  • Many world-wide security attacks would not have
    been successful if systems were updated

3
How to Keep Systems UP-to-Date
  • Apply Service Packs
  • Apply Hotfixes
  • Use automated patch distribution
  • 0 50 users use Windows Update
  • Apply service pack three Windows 2000 and
    configure
  • Configure XP
  • 50- 500 users user Software Update Services
  • Download free from Microsoft, install and
    configure
  • Configure Clients
  • 500 Use Software Update Services Feature pack
    and SMS
  • Download Feature Pack (free to licensed SMS
    users)
  • Configure for automated update and auditing

4
2. Follow Microsoft advice for hardening systems
  • Checklists, security templates, instructions
    abound!
  • Use them!
  • Many successful attacks could have been prevented
    by using these instructions.

5
What Microsoft Advice?
  • Windows Security Checklists
  • www.microsoft.com/security
  • Windows Server 2003 Security Guide
    http//go.microsoft.com/fwlink/?LinkId14845
  • Windows 2000 Security Operations Guide (and other
    prescriptive guidance documents.
  • http//msdn.microsoft.com/practices/

6
3. Use Native Security Tools
  • For deploying security settings
  • Security Templates
  • secedit
  • Security Configuration and Analysis
  • Group Policy
  • To secure systems
  • Software Restriction policies
  • Password reset disks
  • Authorization manager

7
4. Design a BaseLine Policy
  • Auditing
  • Services
  • Accounts
  • Security Options
  • User Rights
  • Then design incremental policies for computer and
    user roles in your network

8
Strengthen passwords
  • Teach users how to make strong passwords
  • Write own passfilt.dll
  • KB article 151082 Password Change Filtering
    Notification in Windows NT.
  • Enforce stronger restrictions
  • Audit password strength periodically
  • Use LC4

9
(No Transcript)
10
Turn on Auditing Review Logs
  • Monitor for attack indicators
  • 643 domain policy changed
  • 644 user account locked
  • 675 pre-authentication failed
  • 681 domain logon filature
  • 529, 530, 531, 532, 533, 535,534, 539, 548, 549
    logon failure
  • Monitor for attack patterns
  • Large number of failed logons, then success

11
Adjust User Rights
  • Restrict to Administrators, NETWORK SERVICE,
    LOCAL SERVICE
  • Adjust memory quotas

12
Use deny rights to restrict access
  • Use deny rights to restrict access
  • Deny logon rights
  • Deny access from network
  • Deny local logon
  • Logon as a batch job
  • Logon using terminal services

13
Do not grant to anyone
  • Act as part of the operating system
  • Debug

14
Restrict to Administrators
  • Right to Restore files and folders
  • Change System Time
  • Allow logon to Terminal Services (on non terminal
    services boxes)

15
Deny access
  • To SUPPORT_388945a0 account
  • To computer from network
  • Logon as a batch
  • Logon through terminal services
  • To non-operating systems service accounts
  • Logons from terminal services
  • To compute from network

16
Adjust Security Options
  • Rename administrator, guest account
  • Restrict CD-ROM, floppy to local user
  • Digitally sign network communications
  • Restrict anonymous connections
  • Tighten accessible named pipes/shares
  • Do not store LAN Manager password
  • Use NTLMv2 session security
  • Use NTLMv2 only, refuse LM and NTLM
  • Do not authorize subsystems (POSIX)
  • Shutdown clear memory page file

17
Manage Event Logs
  • Enlarge all
  • Especially security log
  • Archive and clear frequently
  • Monitor for sudden increase in size
  • Examine contents looking for attack patterns

18
Manage Services
  • Set permissions who can start , stop, disable?
  • Dont use domain accounts for services
  • Disable unnecessary services
  • Will vary for each computer role
  • Create a baseline which disables most enable
    those needed only as necessary

19
Unnecessary services?
  • Baseline
  • Application Layer Gateway Service
  • Application Management
  • ASP .NET State Service
  • Automatic Updates
  • Background Intelligent Transfer Service.
  • Certificate Services
  • Client Service for Netware
  • Clustering Service-
  • COM_System Application
  • DHCP Server
  • Distributed Link Tracking Client.
  • Distributed Link Tracking Server.
  • Distributed Transaction Coordinator
  • DNS Server
  • Error Reporting Service
  • Fax Service
  • File Replication
  • File Server for Macintosh
  • FTP Publishing Service

20
More services you dont need
  • IP Version 6 Helper Service
  • Kerberos Key Distribution Center
  • License Logging Service
  • Message Queuing
  • Message Queuing Down Level Clients
  • Message Queuing Triggers
  • Messenger
  • Microsoft POP3 Service
  • MSSQLUDDI
  • Help and Support
  • HTTP SSL
  • Human Interface Device Access
  • IIS Admin Service
  • IMAPI CD
  • Infrared
  • Internet Authentication Service
  • Internet Connection Firewall
  • Intersite Messaging

21
And More
  • MSSQLServerADHelper
  • .NET Framework Support Service
  • NetMeeting Remote Desktop Sharing
  • Network DDE
  • Network DDE DSDM
  • NNTP
  • Portable Media Serial Number
  • Print Server for Macintosh
  • Print Spooler
  • Remote Access Auto Connection Manager
  • Remote Access Connection Manager
  • Remote Desktop Help Session Manager
  • Remote Installation
  • Remote Procedure Call Locator
  • Remote Server Manager
  • Remove Server monitor
  • Remote Storage Notification
  • Remote Storage Manger
  • Removable Storage
  • Resultant Set of Policy Provider
  • Routing and Remote Access
  • SAP Agent
  • Secondary Logon

22
And More
  • Shell Hardware Detection
  • SMTP
  • Simple TCP/IP Services
  • Single Instance Storage Groveler
  • Smart Card
  • SNMP Service
  • SNMP Trap Service
  • Special Administration Console Helper
  • SQLAgent
  • Task Scheduler
  • TCP/IP Print Server
  • Telephony
  • Telnet
  • Terminal Services Licensing
  • Terminal Services Session Directory
  • Themes
  • Trivial FTP Daemon
  • UPS
  • Upload manager
  • Virtual Disk Service
  • Web Client
  • Web Element Manager
  • Windows Audio
  • Windows Image Acquisition (WIA)

23
And more
  • WINS
  • Windows Media Services
  • Windows System Resource Manger
  • WinHTTP Web Proxy Auto Discovery service
  • Wireless Configuration
  • World Wide Web Publishing Service

24
Set Restricted Groups
  • Add group
  • Enter authorized members
  • Users added in normal GUI will be removed if not
    also added here

25
Set Object ACLs, SACLs
  • Use NTFS
  • Set common settings in templates, policies

26
5. Use IPSec Policies
  • File Server Example
  • Block access from all to any port
  • Allow access from Any source address to the file
    server for ports 445, 137, 138 and 139
  • Restrict access to terminal services (port 3389)
    by allowing access from specific computers. (this
    helps to compensate for the blocking of RPC
    traffic used by many management services.)
  • Allow all traffic to and from the file server and
    domain controllers
  • Allow traffic between the file server and
    Microsoft Operations Manager (MOM)

27
6. Use Constrained Delegation
  • Only where delegation is required
  • No blanket rights
  • Only for specific services
  • Not for administrator accounts

28
7. Ensure Correct Time
  • NTLMv2 authentication requires client and server
    clocks to be within 30 minutes of each other.
  • Kerberos only allows a 5 minute difference.
  • Event correlations between computers will not be
    possible if there are time differences.
  • Evidence must be correctly identified or it is
    not valid evidence.
  • w32tm /config /synchfromflagsmanual
    /manualpeerlistPeerlist
  •  
  • w32tm /config /update

29
8. Set account restrictions
  • Logon hours
  • Logon to
  • Restrict delegation
  • others

30
  • Accounts have unique SIDS policy that might
    impact these accounts cannot be centrally set
  • Guest
  • the group Guests
  • Support 388045a0

31
9. Use Administrative Templates
32
10. Use Certificate Services
  • Key archival for EFS
  • Certificates for smart cards, authentication,
    IPSec, email etc.
  • SSL

33
Bonus - Dont use EFS
  • Unless properly managed
  • Archived keys
  • Recovery policy in place
About PowerShow.com