Please enable JavaScript.
Coggle requires JavaScript to display documents.
4.3 IMPLEMENT THE INFRUSTRUCTURE, AUTHENTICATION, AUDITING of WINDOWS (4.3…
4.3 IMPLEMENT THE INFRUSTRUCTURE, AUTHENTICATION, AUDITING of WINDOWS
4.3.1 WINDOWS SERVER AUTHENTICATION
• Provides almost all protocols in the TCP/IP suite because IPSecurity is applied transparently to applications.
• When windows authentication is enabled, a client browser send a strongly hashed version of the password in a cryptography.
• Windows authentication supports tow authentication protocols, Kerberos and NTLM.
4.3.2 USE THE FOLLOWING TOOLS IN WINDOWS SERVER TO MANAGE THE SET OF POLICIES
a) MICROSFT SECURITY CONFIGURATION WIZARD (SCW)
SCW consists of three main components:
Wizard interface,
Microsoft Security Configuration Wizard (SCW) is a software program that allows administrators to easily change a server's default security settings
Command-line interface
Security Configuration Database.
ACTIVE DIRECTORY USERS AND COMPUTERS
Microsoft Management Console (MMC) which get’s installed when a server is promoted as a Domain Controller
contains information like security identifier and rights of these objects.
AD Users and Computers console, also shows the information regarding Domain Controllers and computers added in the domain.
) GROUP POLICY MANAGEMENT CONSOLE (GPMC)
central resource for managing groups of Group Policy Objects (GPOs).
• Group Policy Objects set controls for aspects of easier administration.
•have to be distributed throughout a system to effectively work to help administrators manage users and computers
SECURITY CONFIGURATION EDITOR
to provide a capability for security configuration and analysis of Windows 2000 operating systems
• The second snap-in is the Security Configuration and Analysis snap-in which allows an administrator to analyse a systems security vis-à-vis a particular template
4.3.3 EXPLAIN WINDOWS SERVER AUDITING and LOGGING
The Security Log, in Microsoft Windows, is a log that contains records of login/logout activity or other security-related events specified by the system's audit policy.
Local Security Authority Subsystem Service writes events to the log.
Auditing allows administrators to configure Windows to record operating system activity in the Security Log.
The Security Log is one of the primary tools used by Administrators to detect and investigate attempted and successful unauthorized activity and to troubleshoot.
The log and the audit policies that govern it are also favourite targets of hackers and rogue system administrators seeking to cover their tracks before and after committing unauthorized activity.
The Security Log is one of three logs viewable under Event Viewer.
4.3.4 APPLY WINDOWS CERTIFICATION AUTHORITIES ON CLIENTS
A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.
Certificate authorities are a critical part of the internet's public key infrastructure (PKI) because they issue the Secure Sockets Layer (SSL) certificates that web browsers use to authenticate content sent from web servers.