4.3 IMPLEMENT THE INFRASTRUCTURE, AUTHENTICATION AND AUDITING OF WINDOWS…
4.3 IMPLEMENT THE INFRASTRUCTURE, AUTHENTICATION AND AUDITING OF WINDOWS
To help detect compromise, are intended
only to be a starting baseline guide
It is important to audit all user actions
concerning files and folders access
AUTHORITIES ON CLIENTS.
To push down the appropriate Secure Sockets Layer (SSL) certificates for account federation servers, resource federation servers, and Web servers to each client computer in the account partner forest by using Group Policy.
TOOLS IN WINDOWS
SERVER TO MANAGE
THE SET OF POLICIES
An interface that enables Active Directory administrators to manage Group Policy Objects (GPOs) from one console.
Combines the functionality of such tools as Active Directory Users and Computers, Active Directory Sites and Services, Resultant Set of Policy (RSoP), the Access Control List Editor and the GPMC Delegation Wizard.
Provides a view of all GPOs, organizational units, domains and sites across an enterprise and allows editing of settings within individual GPOs.
Moving computer objects.
Adding users to security groups.
An MMC snap-in that is a standard feature of Microsoft Windows Server operating systems.
Used to manage recipients.
The second snap-in is the Security Configuration and Analysis snap-in which allows an administrator to analyze a systems security vis-à-vis a particular template and apply the settings in a template to a system.
The first snap-in is the Security Templates snap-in which gives administrators a graphical way to manage the inf files used to apply security settings.
Consists of two Microsoft Management Console (MMC) snap-ins designed to provide a capability for security configuration and analysis of Windows operating systems.
Allows administrators to customize network security policies, audit policies, registry values and services.
Three main components:
1) A wizard interface
2) A command-line interface
3) A Security Configuration Database.
A software program that allows
administrators to easily change a server's
default security settings.
It supports two authentication protocols :
The client browser sends a strongly hashed version of the password in a cryptographic exchange with your Web server.
A secure form of authentication because the user name and password are hashed before being sent across the network.