Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Exercise 1 Information Protection with AD RMS and

advertisement 
Business Ready Security
Information Protection
Lab Manual
version 4.0g (5-Dec-2010)
Page |1
Business Ready Security - Lab Manual
Identity and Access Management
Abstract
The Information Protection Lab showcases the core technologies that enable a safe and secure
information scenario. Employees using different email clients, based in different locations, share critical
and confidential business information using email. This scenario shows Exchange customers how
Forefront and AD RMS can mitigate the risks and enable organizations to securely communicate using
email.
Scenario-based Hands-on-Lab
Note: This is a scenario hands-on-lab. That is different from a regular product-based hands-on-lab. In
the lab environment, multiple products are used in combination. You will not perform all the
confirmation of the different products, but instead examine the configuration needed for a particular
scenario.
Page |2
Environment
The complete Business Ready Security (BRS) demo environment, consists of 15 VMs. It can be used to
demonstrate all Forefront products, including Windows access technologies, such as AD FS and
DirectAccess.
The machine on the left are in the Woodgrove Bank domain. Paris and Tokyo are in the
Trey Engineering domain. The two companies have established an AD FS relationship between the two
domains.
For the Information Protection Solution lab, 5 of the VMs are needed.
Page |3
Exercise 1
Information Protection with AD RMS and Exchange 2010
In this exercise, you will examine how AD RMS protects email messages that are sent by Exchange 2010.
The user Joe will connect from an unmanaged client computer (Kiosk) on the Internet, through Unified
Access Gateway (UAG) in order to access his email.
Tasks
Detailed Steps
This exercise uses the following virtual machines: Denver (AD DS/AD RMS/AD FS), Ibiza (UAG), Madrid
(Exchange 2010), Cairo (Managed Internal Client), and Kiosk (Unmanaged Kiosk Computer).
Perform the following steps on the Kiosk (Client) computer.
1. On the Kiosk computer, log into the
company’s remote access portal from a kiosk
computer.
Log on
- User: Chris
- Password: password
2. Navigate to OWA and attempt to send an
attachment
a. On the Kiosk computer, on the Start menu,
open Internet Explorer.
b. In Internet Explorer, connect to
https://portal.woodgrovebank.com/
 While the page is loading notice the
Checking for endpoint compliance
message.
 The Application and Network Access
Portal logon page opens.
c. In the Application and Network Access
Portal, log on with the following
credentials:
 User name: Chris
 Password: password
d. The Application and Network Access Portal
page opens.
 Chris can easily access his company’s
remote access portal from anywhere, as
long as he has an Internet connection.
a. Under File Access, click the Details.
 Microsoft Forefront Unified Access
Gateway (UAG) has detected that the
client computer does not meet the
configured access policy, and therefore is
not allowed to access this application.
 The access policy for the File Access
application specifies that the client
Page |4
b.
c.
d.
e.
f.
3. Using OWA on a kiosk send an unprotected
email that contains confidential information
computer must be in the domain. The
Kiosk computer is not member of the
domain.
Close the UAG Error Page.
Click Woodgrove Bank Mail.
 The Inbox of Joe opens in Outlook Web
App.
In Outlook Web App, right-click the email
from Alan Brewer with subject
Urgent Information, and then click Reply All.
In the new message window, click the
Attach File icon.
 Notice that UAG has blocked Chris’s
ability to send files using OWA based on
the compliance status of the kiosk
computer.
Close the UAG notification window.
a. In the new message, in the body of the
email reply, type Hi Joe, Can you provide
Alan the information? The purchase order
number is 1-0912-0248.
 Notice that Chris has not used AD RMS to
protect the email.
b. Click Send.
Perform the following steps on the Cairo (Client) computer.
4. On the Cairo computer, review the email
request from Chris and notice that the email
has been automatically protected by RMS.
a. On the Cairo computer, log on as user Joe
with password password.
b. On the Start menu, click Microsoft Outlook
2010.
 Microsoft Outlook appears.
c. Select the new email from Chris Preston.
 Notice that the email has been
automatically protected by Exchange
without any user interaction. This is
based on RMS transport rules defined in
Exchange 2010.
d. In the preview pane, click the permission
banner, and then click View Permission.
 On this message, Joe only has
permission to View, Reply, and
Reply All.
e. Click OK to close the My Permission
Page |5
message box.
Perform the following steps on the Madrid (Exchange 2010) computer.
5. On the Madrid computer, in the Exchange
Management Console, review the transport
policy that triggered the automatic
protection of the email.
a. On the Exchange computer, on the Start
menu, click Microsoft Exchange Server 2010,
and then click
Exchange Management Console.
 The Exchange Management Console
opens.
b. In the Exchange Management Console,
expand Microsoft Exchange On-Premises,
expand Organization Configuration, and then
select Hub Transport.
c. In the middle pane, on the Transport Rules
tab, right-click Woodgrove Bank–AD RMS
Protect–Purchase Order, and then click
Edit Rule.
 The Edit Transport Rule dialog box opens.
d. On the Introduction page, click Next.
 Notice that the transport rule applies
RMS protection to all messages between
members of the allusers and sales
groups, that contain a particular text
pattern (\d-\d\d\d\d-\d\d\d\d).
 The text pattern is a regular expression
that corresponds to the Purchase Order
IDs that Woodgrove Bank uses.
e. Click Cancel to close the Edit Transport Rule
wizard.
Perform the following steps on the Cairo (Client) computer.
6. On the Cairo computer, in Outlook, reply to
the email from Chris.
Attach an infected file in the reply.
a. On the Cairo computer, in Outlook, right-click
the new message from Chris Preston, and
then click Reply All.
b. In the new message window, click the
Attach File button.
c. In the Insert File dialog box, browse to the
C:\Tools\Docs folder, select the
Woodgrove Bank - Trey Information.doc file
and click Insert.
d. In the body of the message, type Alan/Chris Attached you will find the requested
information.
Page |6
e. Click Send.
Perform the following steps on the Kiosk (Client) computer.
7. On the Kiosk computer, use OWA to open
the email and file attachment.
Notice that the file has been cleaned by
Forefront Protection for Exchange.
a. On the Kiosk computer, in Outlook Web App,
select the new message from Joe Andreshak.
 Notice that Outlook Web App 2010
provides native AD RMS integration. This
means that users can open RMS
protected emails directly in OWA.
b. In the preview pane, right-click the
attachment named
Woodgrove Bank-Trey Information.txt, and
then click Open.
c. In the File Download message box, click
Open.
 Notice that Forefront Protection for
Exchange has detected a virus infection in
the attachment file, and has removed the
file.
 Note: Exchange 2010 allows
anti-malware applications access to the
unprotected content of RMS protected
messages, so that the content can be
inspected.
d. Close Notepad.
e. Close the Outlook Web App window.
f. Close the Application and Network Access
Portal window.
Perform the following steps on the Cairo (Client) computer.
8. On the Cairo computer, in Outlook, create an
new email to
financial@woodgrovebank.com.
Notice that the message is automatically
protected based on the recipient.
a. On the Cairo computer, in Outlook, click
New E-Mail.
b. In the new message window, in the To text
box, type financial@woodgrovebank.com,
and then press Tab.
 Notice how the email is automatically
protected with AD RMS because the
recipient group triggered the protection.
 This is based on a so-called Outlook
Protection Rule in Exchange 2010.
c. Close the new message window without
saving the changes.
Page |7
Exercise 2
Information Protection with AD RMS and FCI
In this exercise, you will explore the new File Classification Infrastructure (FCI) functionality in Windows
Server 2008 R2. FCI can be used to classify existing documents on a file share, and use the AD RMS Bulk
Protection tool to apply the appropriate RMS protection to those files.
Tasks
Detailed Steps
This demonstration uses the following virtual machines: Denver (AD DS, AD RMS, FCI/Bulk Protection
Tool) and Cairo (Client).
Perform the following steps on the Cairo computer.
1. On the Cairo computer, Joe is storing
sensitive information in the organization
using a network share.
a. On the Cairo computer, open the
C:\Tools\Bank Docs folder.
b. In the Bank Docs folder, right-click the
Woodgrove Bank-Customer Information.docx
document, and then click Open.
 The document contains sensitive customer
information, including credit card
information.
 Note that the document is currently not
protected by AD RMS.
c. Close the document.
d. Select the five documents in the folder, and
drag them to the Sensitive Docs Share
shortcut.
 This operation will copy the documents to
the \\denver\WGBDocument share on the
server.
e. Right-click the Sensitive Docs Share shortcut,
and then click Open.
 Woodgrove Bank’s share folder
\\denver\WGBDocuments appears.
 Note that the documents are not RMS
protected at this time.
Perform the following steps on the Denver (AD RMS/FCI Server) computer.
Page |8
Tasks
2. On the Denver computer, examine the
configuration of the FCI Server and notice how
the policies has been set up in Windows Server
2008 R2 File server to protect using the AD
RMS Bulk Protection tool.
Detailed Steps
a. On the Denver computer, on the Start menu,
click Administrative Tools, and then click
File Server Resource Manager.
 The File Server Resource Manager console
opens.
b. Expand Classification Management and then
select Classification Properties.
 Notice the two classification properties that
are going to be assigned. For all documents
stored in the file share, depending on the
content, we will assign a High Business
Impact (HBI) tag or a Low Business Impact
(LBI) tag.
c. In the left pane, select Classification Rules.
d. In the middle pane, right the
High Business Impact (RegEx) policy, and then
click Edit Rule Properties.
 After creating the different classification
policies, we define the conditions/content
that will trigger the HBI tag. For this
scenario, we will be use regular expressions;
there is another scenario for keywords.
e. Select the Classification tab.
 Notice that this policy will assign the High
Business Impact (HBI) property to all
documents matching this rule.
f. On the Classification tab, click Advanced, and
then select the
Additional Classification Parameters tab.
 FCI will look in the documents for regular
expressions (text patterns). In this particular
case, FCI will look for credit card numbers
represented with the regular expression
value and \d{4}-\d{4}-\d{4}-\d{4} value.
g. Click Cancel to close the Additional Rule
Parameters dialog box.
h. Click Cancel to close the Classification Rule
Definition dialog box.
i. In the right pane, click
Run Classification With all rules now.
j. In the Run Classification dialog box, select Wait
for classification to complete execution, and
Page |9
Tasks
Detailed Steps
then click OK.
 This will be classifying the files stored in the
share folder, at the end you will see a report
provided by FCI.
k. Close the Automatic Classification Report.
l. In the File Server Resource Manager console,
in the left pane, select
File Management Tasks.
m. In the middle pane, select the
Protect HBI documents with AD RMS task
 The FCI tool leverages the new AD RMS Bulk
Protection Tool in order to apply RMS
protection after scanning and classifying the
content.
 The FCI tool invokes the protection of the
content using a PowerShell script that has all
the parameters required to protect content
using the AD RMS Bulk Protection tool.
n. In the right pane, click
Run File Management Task Now.
o. In the Run File Management Task dialog box,
select Wait for task to complete execution,
and then click OK.
 In the File Management Task Report, you
can see that the action (apply RMS
protection) was applied to two documents:
- Woodgrove Bank–Cycle Design.pptx
- Woodgrove Bank–Customer
Information.docx.
 For more technical info open the file
C:\Tools\WGBdocuments\RMSLog.log.
p. Close the File Management Task Report
window.
q. Close the File Server Resource Manager
console.
Perform the following steps on the Cairo (client) computer.
3. On the Cairo computer, examine the RMS
protection of the documents in the file
share.
a. On the Cairo computer, in the
\\denver\WGBDocuments share, right-click
Woodgrove Bank–Customer
Information.docx, and then click Open.
P a g e | 10
Tasks
Detailed Steps
 Notice that the document is now protected
by RMS.
b. Close the document.
c. Close the WGBDocuments share.
Related documents
Open Source In State and Local Government - Mil-OSS
Open Source In State and Local Government - Mil-OSS
CORRECTING RMS VALUE OF A SINE WAVEFORM SAMPLED DUE LIMITED NUMBER
CORRECTING RMS VALUE OF A SINE WAVEFORM SAMPLED DUE LIMITED NUMBER
Turbulence-induced Vibration
Turbulence-induced Vibration
PHY 2140
PHY 2140
Electric Currents
Electric Currents
The Director of Revenue Management is responsible for maximizing
The Director of Revenue Management is responsible for maximizing
Microphone suppression of air
Microphone suppression of air
3 Strategic Planning Framework
3 Strategic Planning Framework
Download
advertisement