IT430 Information Assurance - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

IT430 Information Assurance

Description:

... when you are Microsoft and can make up your own protocols? ... What Services Should Administrators Not Run? Who's Who in Security. NSA Security Guides ... – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 13
Provided by: comp156
Category:

less

Transcript and Presenter's Notes

Title: IT430 Information Assurance


1
IT430 Information Assurance
  • Lesson 11 Microsoft Security

2
Why Study MS Windows
  • Used by Most of the Entire Federal Government
  • Clients and now Servers on Systems of All
    Classifications
  • Navy Still Uses Windows NT for Legacy Systems

3
Microsoft
  • The Only Keyboard Youll Ever Need

4
Brief History of MS Windows
1990
1993
1995
1998
2001
2000
2003
2007
1981
Windows 95
Windows 2000
Windows 3.0
Windows 2003Server
MS DOS (Yes, there were computers prior to
Windows!)
Windows 98
Windows NT
Windows XP
Microsoft WindowsVista
Minimal Security
Security Options
Built-in Security
5
What Makes MS Windows Different?
  • Active Directory
  • Changes made to any domain controller are
    propagated to all others in larger tree
  • Policies can be local or pushed down from
    higher level
  • Battalion overrides company policy

6
Island Hopping
  • No Windows Box acts alone with Active Directory
  • If set wrong, once in one box, you can tromps the
    entire network

7
Active Directories can be HUGE
  • Large portions of entire USN, USMC, USAF, and
    USA connected world wide
  • Pros
  • Cons

8
Policies
  • Account
  • Password
  • Lockout
  • Audit / Logs
  • Software Restriction
  • User Rights

9
File Systems
  • Read, Write, Delete, Change Permissions, and Take
    Ownership, Delete Subfolders, Read compression
    and encryption

10
Protocols
  • Why wait years for standards with consensus when
    you are Microsoft and can make up your own
    protocols?
  • SMB File Shares
  • IIS Web server

11
Run at Lowest Possible Permissions
  • Run As Command
  • Operate at a low level and use Run As to run
    applications that must be run as root
  • What Services Should Administrators Not Run?

12
Whos Who in Security
  • NSA Security Guides
  • DISA STIGs
  • SANS Organization (Center for Internet Security)
Write a Comment
User Comments (0)
About PowerShow.com