Please enable JavaScript.
Coggle requires JavaScript to display documents.
4.3 IMPLEMENT THE INFRASTRUCTURE, AUTHENTICATION AND AUDITING OF WINDOWS…
4.3 IMPLEMENT THE INFRASTRUCTURE, AUTHENTICATION AND AUDITING OF WINDOWS
WINDOWS SERVER
AUTHENTICATION
A secure form of authentication because the user name and password are hashed before being sent across the network.
The client browser sends a strongly hashed version of the password in a cryptographic exchange with your Web server.
It supports two authentication protocols :
1) Kerberos
2) NTLM
TOOLS IN WINDOWS
SERVER TO MANAGE
THE SET OF POLICIES
Microsoft Security
Configuration
Wizard (SCW)
A software program that allows
administrators to easily change a server's
default security settings.
Three main components:
1) A wizard interface
2) A command-line interface
3) A Security Configuration Database.
Allows administrators to customize network security policies, audit policies, registry values and services.
Security
Configuration
Editor
Consists of two Microsoft Management Console (MMC) snap-ins designed to provide a capability for security configuration and analysis of Windows operating systems.
The first snap-in is the Security Templates snap-in which gives administrators a graphical way to manage the inf files used to apply security settings.
The second snap-in is the Security Configuration and Analysis snap-in which allows an administrator to analyze a systems security vis-à-vis a particular template and apply the settings in a template to a system.
Active
Directory
Users and
Computers
Used to manage recipients.
An MMC snap-in that is a standard feature of Microsoft Windows Server operating systems.
Adding users to security groups.
Moving computer objects.
Group Policy
Management
Console (GPMC)
Provides a view of all GPOs, organizational units, domains and sites across an enterprise and allows editing of settings within individual GPOs.
Combines the functionality of such tools as Active Directory Users and Computers, Active Directory Sites and Services, Resultant Set of Policy (RSoP), the Access Control List Editor and the GPMC Delegation Wizard.
An interface that enables Active Directory administrators to manage Group Policy Objects (GPOs) from one console.
WINDOWS CERTIFICATION
AUTHORITIES ON CLIENTS.
To push down the appropriate Secure Sockets Layer (SSL) certificates for account federation servers, resource federation servers, and Web servers to each client computer in the account partner forest by using Group Policy.
WINDOWS SERVER
AUDITING AND
LOGGING
It is important to audit all user actions
concerning files and folders access
To help detect compromise, are intended
only to be a starting baseline guide
to administrators.