4.3 IMPLEMENT THE INFRUSTRUCTURE, AUTHENTICATION, AUDITING of WINDOWS (4.3…
4.3 IMPLEMENT THE INFRUSTRUCTURE, AUTHENTICATION, AUDITING of WINDOWS
4.3.4 APPLY WINDOWS CERTIFICATION AUTHORITIES ON CLIENTS
Certificate authorities are a critical part of the internet's public key infrastructure (PKI) because they issue the Secure Sockets Layer (SSL) certificates that web browsers use to authenticate content sent from web servers.
A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.
4.3.3 EXPLAIN WINDOWS SERVER AUDITING and LOGGING
The Security Log is one of three logs viewable under Event Viewer.
The log and the audit policies that govern it are also favourite targets of hackers and rogue system administrators seeking to cover their tracks before and after committing unauthorized activity.
The Security Log is one of the primary tools used by Administrators to detect and investigate attempted and successful unauthorized activity and to troubleshoot.
Auditing allows administrators to configure Windows to record operating system activity in the Security Log.
Local Security Authority Subsystem Service writes events to the log.
The Security Log, in Microsoft Windows, is a log that contains records of login/logout activity or other security-related events specified by the system's audit policy.
4.3.2 USE THE FOLLOWING TOOLS IN WINDOWS SERVER TO MANAGE THE SET OF POLICIES
SECURITY CONFIGURATION EDITOR
• The second snap-in is the Security Configuration and Analysis snap-in which allows an administrator to analyse a systems security vis-à-vis a particular template
to provide a capability for security configuration and analysis of Windows 2000 operating systems
) GROUP POLICY MANAGEMENT CONSOLE (GPMC)
•have to be distributed throughout a system to effectively work to help administrators manage users and computers
• Group Policy Objects set controls for aspects of easier administration.
central resource for managing groups of Group Policy Objects (GPOs).
ACTIVE DIRECTORY USERS AND COMPUTERS
AD Users and Computers console, also shows the information regarding Domain Controllers and computers added in the domain.
contains information like security identifier and rights of these objects.
Microsoft Management Console (MMC) which get’s installed when a server is promoted as a Domain Controller
a) MICROSFT SECURITY CONFIGURATION WIZARD (SCW)
Security Configuration Database.
Microsoft Security Configuration Wizard (SCW) is a software program that allows administrators to easily change a server's default security settings
SCW consists of three main components:
4.3.1 WINDOWS SERVER AUTHENTICATION
• Windows authentication supports tow authentication protocols, Kerberos and NTLM.
• When windows authentication is enabled, a client browser send a strongly hashed version of the password in a cryptography.
• Provides almost all protocols in the TCP/IP suite because IPSecurity is applied transparently to applications.