Welcome to Scribd!

CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Active Directory

Uploaded by

0% found this document useful (0 votes)

18 views13 pages

This document discusses strategies for securing an Active Directory environment in Windows 2003. It covers: 1) Designing access control strategies and establishing account/password policies for directory services. 2) Analyzing auditing requirements and the auditing data to understand vulnerabilities. 3) Creating a delegation strategy to organize administration and isolate departments using service/data administrators.

Original Description:

cis341_week09_ch08

Original Title

cis341_week09_ch08

Copyright

Available Formats

PPT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

18 views13 pages

CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Active Directory

Uploaded by

ghar_dash

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 13

Search inside document

CIS288 Security Design in a Windows 2003 Environment

CIS288 Securing Active Directory

Objectives
When you complete this lesson you will be able to: Design an access control strategy for directory services Establish account and password requirements for security Analyze auditing requirements Create a delegation strategy Design the appropriate group strategy for accessing resources Design a permission structure for directory service objects

Designing an Access Control Strategy for Directory Services

2 Strategies:
Access Control

What you need is the perfect blend between access and control for your environment.

Analyzing Risks to Directory Services

Todays networks are so diversified and large that it is imperative to understand the vulnerabilities that an attacker can use to create risks within your directory services architecture. Usernames Passwords Associated Risks

Establishing Account Security Policies

Establishing a strong account security policy is crucial, because the user account is the single most important entity in Active Directory that links to all rights and permissions on the network. Windows 2000 and Windows Server 2003 allows us to implement security on accounts via Group Policy.

Establishing Password Security

Windows 2000 and Windows Server 2003 both offer settings enforced through Group Policy that allow you configure tightened password security within your organization. The password policy has the following configurable settings:
Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption

Establishing Password Security (continued)

An Account lockout policy offers you an additional level of control and security by controlling how, when, and why an account can be locked out. The account lockout policy offers the following configurable settings:
Account lockout duration Account lockout threshold Reset account lockout counter after

Analyzing Auditing Data

Once youve configured your auditing policy, you need to be able to analyze it and make sense of it all. Windows provides a central repository where auditing and other events are stored for later analysis and troubleshooting. Event Viewer With the Event Viewer, you are able to:
Sort events by type, time, and other parameters Filter events View advanced event information Sort events Export the log file to an .EVT, .TXT, or .CSV file Connect to a remote computers Event Viewer

Creating a Delegation Strategy

One of the best enhancements that was introduced in Windows 2000 and continues in Windows Server 2003 is the ability to delegate administration. Delegation of authority can also be used to organize and isolate departmental or suborganizations in your environment. Delegated Administrators categories
Service Administrators Data Administrators

Creating a Delegation Strategy (continued)

Requirements will generally fall under the following two categories:
Isolation Autonomy

Selecting the Delegation Structure

Forest Domain OU

Designing the Appropriate Group Strategy for Accessing Resources

There are three group scopes that exist in Windows Server 2003:
Global groups Domain local groups Universal groups

Designing a Permission Structure for Data

The AGDLP calls for:
Adding domain users to global groups Adding global groups to Domain Local Groups Assigning domain local groups Permissions on resources. Adding domain users to Global groups Adding global groups to Universal groups Adding universal groups to Domain Local groups Assigning domain local groups Permissions on resources.

The AGUDLP and calls for:

Summary
Designing an Access Control Strategy for Directory Services Establishing Password Security Analyzing Auditing Data Designing a Permission Structure for Data

CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Network Resources
Document11 pages
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Network Resources
ghar_dash
No ratings yet
70-298: MCSE Guide To Designing Security For A Microsoft Windows Server 2003 Network
Document52 pages
70-298: MCSE Guide To Designing Security For A Microsoft Windows Server 2003 Network
Vivek Tripathi
No ratings yet
Microsoft Official Course: Securing Windows Servers Using Group Policy Objects
Document35 pages
Microsoft Official Course: Securing Windows Servers Using Group Policy Objects
J Loudes Anthoo Roys
No ratings yet
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Network Clients
Document12 pages
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Network Clients
ghar_dash
No ratings yet
CIS 288 WEEK 9: Securing Active Directory
Document7 pages
CIS 288 WEEK 9: Securing Active Directory
ghar_dash
No ratings yet
Configuring The User and Computer Environment Using Group Policy
Document41 pages
Configuring The User and Computer Environment Using Group Policy
addislibro
No ratings yet
Configuring The User and Computer Environment Using Group Policy
Document41 pages
Configuring The User and Computer Environment Using Group Policy
addislibro
No ratings yet
AZ-300-Week1-DevelopConfigureInfrastructure
Document115 pages
AZ-300-Week1-DevelopConfigureInfrastructure
friends_always
No ratings yet
Microsoft Jump Start: M10: Implementing Dynamic Access Control
Document24 pages
Microsoft Jump Start: M10: Implementing Dynamic Access Control
Edmundo Lozada
No ratings yet
Information Security IV
Document39 pages
Information Security IV
Pratik Bajaj
No ratings yet
CYSE 1005 - Week 12 - Lab
Document20 pages
CYSE 1005 - Week 12 - Lab
Aarambh Gupta
No ratings yet
Microsoft Official Course: Implementing Dynamic Access Control
Document25 pages
Microsoft Official Course: Implementing Dynamic Access Control
vamshikiran ponugoti
No ratings yet
Hardening Microsoft Active Directory
Document14 pages
Hardening Microsoft Active Directory
Marquete Navarro
No ratings yet
6425C - Module 10
Document34 pages
6425C - Module 10
Bekele Getachew
No ratings yet
BT281 Barracuda SSL VPN Training
Document53 pages
BT281 Barracuda SSL VPN Training
Harry Johnson
No ratings yet
Security Design in A Windows 2003 Environment: CIS 288 Designing A Secure Public Key Infrastructure
Document13 pages
Security Design in A Windows 2003 Environment: CIS 288 Designing A Secure Public Key Infrastructure
ghar_dash
No ratings yet
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing The Network Management Process
Document11 pages
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing The Network Management Process
ghar_dash
No ratings yet
Administering Accounts and Services
Document35 pages
Administering Accounts and Services
Rekha Mudalagiri
No ratings yet
Securing Active Directory Domain Services
Document45 pages
Securing Active Directory Domain Services
Abdul-alim Bhnsawy
No ratings yet
Lo2 (3) Network Security
Document21 pages
Lo2 (3) Network Security
melaku Sabure
No ratings yet
WindowsServer ActiveDirectory Module 03
Document21 pages
WindowsServer ActiveDirectory Module 03
Mihai
No ratings yet
Pcwas622 PDF
Document70 pages
Pcwas622 PDF
ernmur
No ratings yet
Server 2012 Webinar
Document41 pages
Server 2012 Webinar
ing_joguar
No ratings yet
Windows Server 2012
Document42 pages
Windows Server 2012
Jakayla41
25% (4)
Best Practices For Securing Active Directory
Document123 pages
Best Practices For Securing Active Directory
Fede Villanueva
No ratings yet
WS-011 Windows Server 2019/2022 Administration
Document50 pages
WS-011 Windows Server 2019/2022 Administration
Syed Amir Iqbal
100% (1)
Isam Lec6
Document34 pages
Isam Lec6
Alicia Cecilia Fonseca
No ratings yet
Database Security CH 14
Document55 pages
Database Security CH 14
Nur Haslina Abdullah
No ratings yet
WS-011 Windows Server 2019 Administration
Document68 pages
WS-011 Windows Server 2019 Administration
Albert Jeremy
100% (1)
20336A 08 Archiving Monitoring
Document20 pages
20336A 08 Archiving Monitoring
cviga
No ratings yet
Security Design in A Windows 2003 Environment: CIS 288 Designing A Secure Network Framework
Document10 pages
Security Design in A Windows 2003 Environment: CIS 288 Designing A Secure Network Framework
ghar_dash
No ratings yet
ITPROADD-04 60 Minute Version
Document48 pages
ITPROADD-04 60 Minute Version
balraj1
No ratings yet
Monitoring and Administrating System IS With Selftest
Document30 pages
Monitoring and Administrating System IS With Selftest
feruza musema
No ratings yet
IT19215716 ISM Lab Sheet 10
Document15 pages
IT19215716 ISM Lab Sheet 10
it19215716 Ratnasuriya M. M. D.
No ratings yet
Network Management - (LO1) Part 2
Document26 pages
Network Management - (LO1) Part 2
Hein Khant Shane
No ratings yet
Mary Help College: Managing Users, Computers, and Groups
Document24 pages
Mary Help College: Managing Users, Computers, and Groups
abenezer abiti
No ratings yet
Exam MD 100 Windows Client-Skills Measured
Document7 pages
Exam MD 100 Windows Client-Skills Measured
Muhammad Salman Saeed
No ratings yet
Knowledge Assessment Answers 8
Document4 pages
Knowledge Assessment Answers 8
ruletriplex
No ratings yet
Ch03-Security Part 1. Auditing Operating Systems and Networks
Document42 pages
Ch03-Security Part 1. Auditing Operating Systems and Networks
Alfin Abdullah
100% (1)
Active Directory Security Fundamentals
Document113 pages
Active Directory Security Fundamentals
Javier Ramirez Delgado
No ratings yet
Ad Security Fundamentals 1
Document118 pages
Ad Security Fundamentals 1
Saif
100% (1)
Administración Redes Telecomunicaciones-04072017 PDF
Document45 pages
Administración Redes Telecomunicaciones-04072017 PDF
alcides
No ratings yet
Chapter 4 ISS (Access Control)
Document64 pages
Chapter 4 ISS (Access Control)
Ndiawo Musician
No ratings yet
Server 2012 Webinar
Document41 pages
Server 2012 Webinar
Hanah Jane Requita Rosel
No ratings yet
BMIS 33243 Distributed Systems Management: Lesson 8
Document38 pages
BMIS 33243 Distributed Systems Management: Lesson 8
wirdina
No ratings yet
Database (Ibrahem)
Document15 pages
Database (Ibrahem)
Saif
No ratings yet
Managing and Maintaining A Microsoft Windows Server 2003 Environment Course Outline
Document11 pages
Managing and Maintaining A Microsoft Windows Server 2003 Environment Course Outline
Mystic Blueh
No ratings yet
Topic 7 Auditing Database Dan Storage: Course: Information System Audit Effective Period: September 2017
Document31 pages
Topic 7 Auditing Database Dan Storage: Course: Information System Audit Effective Period: September 2017
Melissa Indah Fianty
No ratings yet
Assignment
Document22 pages
Assignment
Haris Chaudhry
No ratings yet
Asset Management
Document3 pages
Asset Management
vamsi79
No ratings yet
SCC.363 Security and Risk Coursework: Prerequisites
Document3 pages
SCC.363 Security and Risk Coursework: Prerequisites
Mori Yu
No ratings yet
Database Security and Authorization
Document51 pages
Database Security and Authorization
Bonsa Desale
No ratings yet
Microsoft Virtual Academy: Protecting Servers and Clients
Document31 pages
Microsoft Virtual Academy: Protecting Servers and Clients
pajar kurniawan
No ratings yet
20336A 08 Archiving Monitoring
Document20 pages
20336A 08 Archiving Monitoring
paulo marcelo sosa
No ratings yet
AZ-500 Links
Document47 pages
AZ-500 Links
djksk
No ratings yet
DBProject
Document22 pages
DBProject
Saif
No ratings yet
(Ebook) Microsoft Windows Server 2003 Group Policy White Paper
Document169 pages
(Ebook) Microsoft Windows Server 2003 Group Policy White Paper
arrivaellobo
No ratings yet
Database Security and Authorization
Document29 pages
Database Security and Authorization
Roha Cbc
No ratings yet
1 Introduction
Document50 pages
1 Introduction
akira
No ratings yet
SQL Server Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series
From Everand
SQL Server Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series
Vibrant Publishers
No ratings yet
List of Docker Commands
Document6 pages
List of Docker Commands
ghar_dash
No ratings yet
Docker Commands PDF
Document11 pages
Docker Commands PDF
ghar_dash
No ratings yet
List of Docker Commands
Document6 pages
List of Docker Commands
ghar_dash
No ratings yet
UEM Getting Started With REST
Document12 pages
UEM Getting Started With REST
ghar_dash
No ratings yet
Background Threads in ASP
Document11 pages
Background Threads in ASP
ghar_dash
No ratings yet
Entity Framework / Validation Model: (Key) Databasegeneratedoption - Identity) )
Document5 pages
Entity Framework / Validation Model: (Key) Databasegeneratedoption - Identity) )
ghar_dash
No ratings yet
UEM Getting Started With REST
Document12 pages
UEM Getting Started With REST
ghar_dash
No ratings yet
SELECT FROM (Db1) - (Dbo) .Table1 A INNER JOIN (Server2) - (Db1) - (Dbo) .Table2 B ON A.Id B.Id
Document3 pages
SELECT FROM (Db1) - (Dbo) .Table1 A INNER JOIN (Server2) - (Db1) - (Dbo) .Table2 B ON A.Id B.Id
ghar_dash
No ratings yet
Cognito TechTalk
Document71 pages
Cognito TechTalk
ghar_dash
No ratings yet
BlackBerry Dynamics Bindings For Xamarin - Android 3.4.1.78 Release Notes en
Document8 pages
BlackBerry Dynamics Bindings For Xamarin - Android 3.4.1.78 Release Notes en
ghar_dash
No ratings yet
Aws Glossary General PDF
Document265 pages
Aws Glossary General PDF
ghar_dash
No ratings yet
qt5 Cadaques PDF
Document263 pages
qt5 Cadaques PDF
André Castro
No ratings yet
Draft TV Commercials: Similar Situations or Problems?
Document2 pages
Draft TV Commercials: Similar Situations or Problems?
ghar_dash
No ratings yet
Student Opinion Poll Results, Fall 2007
Document2 pages
Student Opinion Poll Results, Fall 2007
ghar_dash
No ratings yet
Aws Glossary General PDF
Document265 pages
Aws Glossary General PDF
ghar_dash
No ratings yet
Cheat Sheet - Subversion
Document1 page
Cheat Sheet - Subversion
ghar_dash
No ratings yet
JSON Data Set Sample
Document21 pages
JSON Data Set Sample
ghar_dash
No ratings yet
Icebergs For Kuwait: Similar Situations or Problems?
Document3 pages
Icebergs For Kuwait: Similar Situations or Problems?
ghar_dash
No ratings yet
8102 Lifespan Project
Document8 pages
8102 Lifespan Project
api-346419959
No ratings yet
Case MC ColleaguesVsClients
Document2 pages
Case MC ColleaguesVsClients
Sri Harsha
50% (2)
Ex 5308-Alexandra Thedeby-Heating and Cooling With Solar Powered Peltier Elements
Document93 pages
Ex 5308-Alexandra Thedeby-Heating and Cooling With Solar Powered Peltier Elements
Mohammad Naufal
No ratings yet
Case Study Research
Document20 pages
Case Study Research
Manish Puttyah
No ratings yet
Bidang Pengajian HLP 2021 - Perkhidmatan Bukan Gunasama Persekutuan
Document4 pages
Bidang Pengajian HLP 2021 - Perkhidmatan Bukan Gunasama Persekutuan
Masnah Insyirah Anneski
No ratings yet
It (Cesec - Form 4 - 5) Outline
Document7 pages
It (Cesec - Form 4 - 5) Outline
api-287025606
No ratings yet
Extra Counting Problems
Document25 pages
Extra Counting Problems
Wilson Zhang
No ratings yet
Gupta R. S., Principles of Structural Design Wood, Steel, and Concrete, 2nd Ed, 2014
Document58 pages
Gupta R. S., Principles of Structural Design Wood, Steel, and Concrete, 2nd Ed, 2014
rey
No ratings yet
KSS 41 END en
Document702 pages
KSS 41 END en
Javier Del Pozo Garcia
100% (1)
Dental Health Cavitation
Document3 pages
Dental Health Cavitation
Ayu Pujiwati
100% (1)
The Essential Guide To Developing A Social Recruiting Strategy
Document48 pages
The Essential Guide To Developing A Social Recruiting Strategy
subzzz222
No ratings yet
TR 4015
Document62 pages
TR 4015
Matias André
No ratings yet
SSRN Id3126098
Document3 pages
SSRN Id3126098
Aditya kompalli
No ratings yet
10 Laws of Love: Principles That Will Transform Your Life!
Document72 pages
10 Laws of Love: Principles That Will Transform Your Life!
rammohan2b
No ratings yet
Challenges To Freedom
Document11 pages
Challenges To Freedom
gerlie orque
No ratings yet
(Intelligent Systems, Control and Automation_ Science and Engineering 72) B. S. Goh, W. J. Leong, K. L. Teo (Auth.), Honglei Xu, Xiangyu Wang (Eds.)-Optimization and Control Methods in Industrial Engi
Document300 pages
(Intelligent Systems, Control and Automation_ Science and Engineering 72) B. S. Goh, W. J. Leong, K. L. Teo (Auth.), Honglei Xu, Xiangyu Wang (Eds.)-Optimization and Control Methods in Industrial Engi
Vu Duc Truong
No ratings yet
The Science of Bonding From First To Sixth Generation
Document6 pages
The Science of Bonding From First To Sixth Generation
Rolzilah Rohani
No ratings yet
Resarch Paper - Google Search
Document2 pages
Resarch Paper - Google Search
hud
No ratings yet
Wahs 1 PDF
Document12 pages
Wahs 1 PDF
Kadek Deddy Tara
No ratings yet
Industrial Hydraulics Trainer's Project Manual PDF
Document57 pages
Industrial Hydraulics Trainer's Project Manual PDF
richardppz124
100% (2)
Rohingya Poems in Rohingyalish
Document32 pages
Rohingya Poems in Rohingyalish
Mohammed Siddique Basu
100% (7)
High School Kids Science Fiction Short Stories
Document5 pages
High School Kids Science Fiction Short Stories
Harshal bhardwaj
100% (1)
Victor Vroom Presentación
Document7 pages
Victor Vroom Presentación
api-3831590
100% (1)
ENFSI
Document8 pages
ENFSI
kmrd
No ratings yet
Lecture 1 - Surveying Fieldwork
Document16 pages
Lecture 1 - Surveying Fieldwork
Architect Architect
No ratings yet
Visallo Brochure PDF
Document2 pages
Visallo Brochure PDF
chris jonas
No ratings yet
Indonesia Fertilisers 2009
Document5 pages
Indonesia Fertilisers 2009
George Van Bommel
No ratings yet
ESE 18 Cut Offs English PDF
Document1 page
ESE 18 Cut Offs English PDF
kishan singh
No ratings yet
Matthew Martin Resume 6-17-2009
Document1 page
Matthew Martin Resume 6-17-2009
mattyboync
100% (2)
Strps 15 3
Document2 pages
Strps 15 3
Akanksha Chattopadhyay
No ratings yet