presentation5

advertisement
COMP3122
Network Management
Richard Henson
March 2011
Week 5 – Active Directory &
Domain Security
 Objectives
– Explain the essential features of a secure
networked system
– Use W2K group policies to implement networkwide security
– Identify the weak links in a networked
system and take steps to reduce/eliminate
the possibility of unauthorised access
The Nature of
Security within Networks

Data held on a single workstation in an open
office is unlikely to be truly secure
– operating system itself may be secure…
– still possible for the hard disk to be removed and
the data extracted in a different environment!!

Two Protection issues to be addressed:
– unauthorised system access
» network configuration & monitoring
– undesirable physical access
» keeping people away… & locking it down…
Physical Security of the Network

What to do with sensitive data
– hold in an encrypted form
– on a computer in a secure room
» only network administrators can gain access
» no chance of an outsider physically getting hold of the hard disk
containing the data
– in the highly unlikely event that an outsider/rogue
insider did get hold of the data, they wouldn’t be able
to make sense of it

Data should also be backed up in another
location in case of fire, earthquakes, etc
Physical Security
of copied data

Typically on CD or memory stick
– could also be removable hard disk

Simple way to keep copied data secure:
– password protection not enough…
– use strong encryption over all files
» previous, deleted data might still be accessible
Accessing Data on a
Secure Computer
Users should only be able to access
organisational data via network from the
server
 Even then, potential physical & system
vulnerabilities:

– physical security of data as it travels along
a cable
– unauthorised access to downloaded data
» at rest on the client machine
» whilst being accessed by an authorised user
Vodafone (and how not to
do network security…)

Yesterday morning, 100,000 people couldn’t
use the Vodafone network
– thieves broke into the operator's Basingstoke
exchange and stole their switches (i.e. routers)
– the police were quickly notified

Vodafone noticed its own network collapsing
– assembled its "War Room" which is supposed to
deal with network outages

It took 12 hours to fix the problem
– why was such critical kit so vulnerable?
User Responsibility

Rule of the network:
– all users MUST bear responsibility for data they
access
– should enter a signed agreement when they get
their log on

To support this, network software should
make sure that:
– users have appropriate access through allocation
to groups
– user activities can be monitored and logged
– sufficient auditing is undertaken to scrutinise the
activity of individual users…
Accessing Data on a
Secure Computer

Typical user errors:
– giving other employees/outsiders their password
– using an easily guessed password

Typical administrator errors:
– leaving username on display after log off
– not enforcing long (8 character min, inc
caps/lower, number, punct. mark) passwords
– not ensuring that the downloaded data is
physically no longer available once that user has
logged off
Accessing Data on
a Secure Computer


Client machine MUST use an operating
system that allows file/folder level security
Suitable secure desktop file systems:
– UNIX file system
– NTFS

Alternative is to use dumb terminals
– no local storage
– impossible to get at the electronic data from the
client end
Accessing Data on a
Secure Computer


BUT even with a secure file system, other users
could still see the screen!
Even with no local storage:
– the data will be displayed on a screen
– with poor user technique:
» data could even be left on the screen
» the screen contents could be photographed by someone…

Answer:
– use screen savers that cut in very quickly when a
mouse button is not being clicked
Printing or Emailing
Accessed Data

If someone has security rights to access
the data, they will also be able to:
– print it out
– email it to someone else

Anyone with such rights must therefore
be completely trustworthy…
How File Systems
Manage Security (revision?)


Several different levels of permissions
Particular folder permissions allocated to
groups of users, starting from the root e.g.
– managers may have read, execute, and write
– students may have read and execute only



Files inherit the permissions of the folder that
contains them
Subfolders inherit the characteristics of the
parent folder
Inheritance can be overridden
Security Policy

Responsibilities of network users and
administrators needs to be clearly
defined as a matter of organisational
policy
– objective: ensure that AT ALL TIMES
company data is only being accessed by
an authorised user
Security Policies

Define expectations for:
– proper computer usage
– procedures for preventing and responding to security
incidents

Can be imposed in two ways:
– Local system policy
» security policy file held on individual computers
– Group policy
» uses active directory to impose policy across the domain
» not possible for computers running NT
» not possible if partitions are formatted using FAT or FAT-32
Enforcement of Policy on
Windows networks

Local system policy
– security policy file held on individual computers

Group policy
– uses active directory to impose policy across the
domain
– not possible for pre-Windows 2000 operating
systems
– not possible if partitions are formatted using FAT
or FAT-32
Security Template Files

“one I prepared earlier…”
– quicker to customise to needs than start over…

Implementation of security policy on
– Individuals & groups on Windows networks
– 600+ settings in Windows 2000, now many
more…

Stored as a text file (.inf)
– predefined templates are “ready to use” e.g. :
»
»
»
»
basic (default)
compatible (all applications still run)
secure
high (testing high security applications only)
Using Security Templates

SAM (security accounts manager)
crucial to setting up user security:
– controls security during logon process

During logon, security templates
imported into the relevant SAM of:
– each individual computer (system policy)
– the domain controller of a Windows domain
(group policy)
Analysing/Changing
Local Security

Templates & SAM combine:
– default security configuration of the local
computer compared with a configuration imported
from a template
– configuration then changed to become like the
template

Changes to template settings achieved by
– GUI: security configuration “snap in”

Or:
– command line tool (secedit.exe)
Implementing Policy

Group Policy settings are really
powerful
– only administrators have access to
manage these on a system or domain

As with computer policy…
– usually more convenient to edit an existing
policy template than create a new one from
scratch
Auditing Access to
System/Network Resources


Auditing - the process of tracking predefined
events
Many events can be tracked on a computer
and computer network…
– a record of each event is written to an “event file”

Contents of a Windows network Audit record:
–
–
–
–
Action
User
Success or failure
Additional info
» e.g. computer ID where event occurred/failed
Access to Audit Entries

All recent Windows systems are capable of
recording a wide range of events
– saved in Security Event Log
– as a structured text file

Contents easily viewed
– service called Event Viewer
– available from menus
The Importance of Audit

Essential in the case of:
– network failure
– server failure
– breach of security

Extremely useful for troubleshooting:
– what failed
– what went wrong
– finding who’s username was used to hack
into the system
What to Audit

Audit files can grow very large, very quickly,
– only essential information should be stored

Examples:
–
–
–
–
–
–
–
–
Account logon
Account Management
Active Directory object access
Logon
Object access
Policy Change
Privilege Use
Process Tracking
Audit Policy

Part of Information Security Policy
– Again, implemented through Group Policy

Planning:
–
–
–
–
–

which computers need events auditing?
which events to audit?
whether to audit success or failure (or both!)
whether to track trends of system usage?
when to schedule review of security logs?
Set up:
– security template for Group Policy
Auditing Access to
“file object” resources
– failure for read operations
– success and failure for delete
– success and failure for:
» change permissions
» take ownership
– success and failure of all operations
attempted by “guests” group
– file and folder access on shares
Auditing Access to Windows
“print object” resources

Reminder from COMP2122:
– Windows “printer” = printing management system
– Print device = physical printer

Auditing specified printers:
– failure events for print operations on restricted
printers
success and failure for full control operations
– success events for delete so incomplete print jobs
can be tracked
– success and failure for change permissions and
take control on restricted printers
Implementing an Audit Policy
on a System

Typical Policy Settings:
–
–
–
–
–
–
Password policy
Account Lockout policy
Audit policy
IP Security policy
user rights assignment
recovery agents for encrypted data
Local/Domain Security Policy

Local:
– available for all Windows 2000/XP/Vista/7
computers that are not domain controllers

Domain:
– local security settings still apply when
logged on locally
» but may well be overridden by policies received
from the domain controller, when logging on to
the domain
Policy Files & Tools
for editing them

Management of Policy:
– MMC (Microsoft Management Console)
– available via command line (type mmc) to
create “console” files for system admin
– user mode:
» access existing MMC consoles to administer a
system
– author mode:
» creation of new consoles or modifying existing
MMC consoles
The “Security Configuration
and Analysis” options & “Local
Policy” MMC snap ins

“Analyse computer now”
– full run down of the current settings (i.e. settings for the local
machine)
– way of checking the “local policy”

“Select local policies”
– lists of settings in categories
– e.g. security settings
» large number of settings
» control security aspects of local policy
» each setting can be set to either enabled, disabled, or not configured
“Megatool” GPMC
(Group Policy Management Console)

One of 2003’s best features…
– “contains a rich variety of tools for creating,
editing, observing, modelling and reporting
on all aspects of Group Policy”
– Also unifies Group Policy management
across the Active Directory forest
GPMC Integration
of User Management Tools

Administrators of earlier Windows networks
needed multiple tools to do this:
– Microsoft Active Directory Users and Computers
– Delegation Wizard
– ACL Editor

The story goes that 'Barking Eddie' spent two
weeks documenting all the Group Policies for
one company
– when told about GPMC, he was crestfallen and said
he could have done that same job in half an hour…
GPMC User Interface


Easy creation and editing of Group Policy
WMI filtering mechanism allows application of
policies:
» to a particular machine
» only if there is enough disk space



Options to backup, restore, import, and copy
Group Policy Objects
Simplified management of Group Policyrelated security
Reporting for GPO settings and Resultant Set
of Policy (RSoP) data
Using GPMC

Available from MMC
– Standalone Snap-in dialog box

Creating a custom console including GPMC:
– select Group Policy Management option and click
Add, click Close, OK

Several sample scripts available
– found in the %ProgramFiles%\GPMC\Scripts folder
» use cscript.exe to execute
– ScriptingReadMe.rtf file in the scripts folder
Rolling out a Group Policy

Plan the Managed Network Environment:
– consider various Common Desktop Management
Scenarios
– try them out using Group Policy Management
Console



Design a Group Policy Infrastructure
Deploy Group Policy including Security Policy
Troubleshoot…
Download