Securing Windows Networking - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Securing Windows Networking

Description:

Request NERDC scanning service to provide an external view ... Use password protected screensaver whenever unattended. Secure network connection ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 20
Provided by: robb77
Learn more at: http://infosec.ufl.edu
Category:

less

Transcript and Presenter's Notes

Title: Securing Windows Networking


1
Securing Windows Networking
  • Risk Analysis Access Control

2
Topics
  • Risk Analysis
  • Mapping Your Network Services
  • Understanding Your Traffic
  • Controlling Network Access
  • Access Control
  • Restricting Physical Access
  • Account Management
  • Questions

3
Risk Analysis
  • Mapping Your Network Services
  • Logical Diagram
  • IP addresses of all devices
  • Physical Location
  • Networks/Masks
  • Identify Ingress/Egress points
  • Identify Critical Services
  • Living Document

4
Risk Analysis
  • Mapping Your Network Services (cont.)
  • Services List
  • All services, by subnetwork
  • All services that cross subnetwork boundaries
  • What does it look like now?
  • Request NERDC scanning service to provide an
    external view
  • Use port scanner to provide internal view

5
Risk Analysis
  • Understanding your traffic
  • NBTstat
  • Netstat
  • SMS Network Monitor
  • Collect traffic sample from each subnetwork
  • Determine protocol distribution (IP, IPX, ARP,
    BPDUs, etc.)
  • Note IP addresses, services
  • Reevaluate periodically

6
Risk Analysis
  • Controlling Network Access
  • Convert shared media to switched
  • Separate servers from workstations by placing
    them in different subnetworks
  • Restrict management access of network hardware to
    trusted network or addresses

7
Risk Analysis
  • Controlling Network Access (cont.)
  • Disable IP source-routing on routers
  • Make sure RIP routing is disabled on systems with
    RRAS
  • Use TCP/IP Advanced Security

8
Risk Analysis
  • Controlling Network Access (cont.)
  • Use router access lists to filter outbound
    traffic from each subnetwork, at a minimum
  • NetBus (t-12345/12346), Back Orifice (u-31337),
    NetBus Pro (t-20034)
  • ICMP types 9 10 (IRDP)
  • Proper Source Addresses

9
Risk Analysis
  • Controlling Network Access (cont.)
  • Use router access lists to filter inbound traffic
    at the peering point, at a minimum
  • No packets sourced with internal addresses
  • NetBus (t-12345/12346), Back Orifice (u-31337),
    NetBus Pro (t-20034)
  • ICMP types 9 10 (IRDP)
  • ICMP to any internal broadcast addresses
  • SNMP, if appropriate

10
Questions?

11
Access Control
  • Controlling Physical Access
  • Critical Systems
  • Secure behind a locked door
  • Lockable cases
  • Backup power
  • Backup solution w/central storage
  • Use BIOS passwords
  • Disable floppy boot

12
Access Control
  • Controlling Physical Access (cont.)
  • Critical Systems (cont.)
  • Use password protected screensaver whenever
    unattended
  • Secure network connection
  • NT caches credentials of last 10 users
  • MAC address locking
  • No uncontrolled modems

13
Access Control
  • Account Management
  • Use Strong Passwords
  • Password Filtering - PASSFILT.DLL
  • minimum length
  • character class restrictions
  • no name or full name
  • policy customizable
  • Avoid Clear-Text Passwords
  • Use Only Windows NT as a client

14
Access Control
  • Account Management
  • Define Strong Account Policy
  • Maximum Age - 180 days or less
  • Minimum Age - 5 days or more
  • Minimum Length - 6 characters or more
  • Uniqueness - Last 36, or (Age-max/Age-min)
  • Account Lockout - 5 bad attempts within 30 min
  • Lockout Period - 30 minutes or more

15
Access Control
  • Account Management (cont.)
  • Define Strong Account Policy (cont.)
  • User must logon to change password
  • Use logon hours
  • Forcibly disconnect users, if appropriate
  • Restrict User Rights
  • Access this computer from network
  • Log on locally - admin only
  • Manage auditing and security log - admin only

16
Access Control
  • Account Management (cont.)
  • Restrict User Rights (cont.)
  • Take ownership of files/objects - admin only
  • Change system time - admin only if possible
  • Force shutdown from remote system
  • Shutdown locally, whats appropriate?

17
Access Control
  • Account Management (cont.)
  • Special Accounts
  • Administrator - Change name
  • Create dummy administrator account, monitor
  • Guest Account - Disable
  • Use dedicated service accounts
  • Monitor unusual behavior in IUSR_ accounts

18
Access Control
  • Account Management (cont.)
  • Winlogon Considerations
  • Use logon banners which state at a minimum
  • Logon is restricted to authorized users only
  • All subsequent actions are subject to audit
  • Edit HKLM\SOFTWARE\Microsoft\WindowsNT
    \CurrentVersion\Winlogon Registry Keys with
    notice
  • Hide the username of the last user
  • DontDisplayLastUserName (REG_SZ, 1)
  • Use roaming profiles

19
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Securing Windows Networking" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!