08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Session 9 Tp 9
1. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 1 of 38
Session 9
Planning a Secure
Baseline Installation
2. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 2 of 38
Windows Server 2003 provides two tools to
analyze the server performance:
Performance Console
Network Monitor
The types of counter logs are:
trace
counter
Alert
Review
3. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 3 of 38
Review Contd…
Two filters provided by the Network monitor are
Capture Filter
Display Filter
Network services are applications that always run in the
background
Four services that enable us to monitor the network
server are:
DHCP
DNS
WINS
Routing and Remote Access
4. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 4 of 38
Review Contd…
DNS server hosts the information that enables
client computers to resolve memorable,
alphanumeric DNS names to the IP addresses that
computers use to communicate with each other
WINS uses a distributed database that is
automatically updated with the names of computers
currently available and the IP address assigned to
each one
5. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 5 of 38
Objectives
Select Computers on a Network
Select Operating System in Network
Discuss security issues
Set permissions
Work with Group Policy Object
Explain domain controller
Secure servers
6. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 6 of 38
Selecting Computers in a
Network
Each machine in a network performs a certain
role
Standardizing the hardware and software
depending on the roles of computer in the network
enables:
Administration of several computers manageable in a
network
Easier to troubleshoot the network
Computers in a network are classified as:
Server
Desktop Workstation
Portable Workstation
7. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 7 of 38
Server
Server is a centralized computer in a network which
performs different roles on a network
Server is a computer having a faster processor,
larger memory size, and hard disk space
Depending on the roles servers on a network are
classified as follows:
Backup server
Database server
Domain Controller
Web server
E-mail server
File and Print server
Infrastructure server
8. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 8 of 38
Hardware Specifications for
the Server
Depends on the requirements and capabilities of
the applications that will be running on the server
Computers designed to be a server usually have
more robust power supplies than personal
computers or workstations
9. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 9 of 38
Desktop
Desktop workstation can have a wide range of
roles ranging from simple systems designed to
run one or two small applications to high-
powered computers performing complex
graphics, video and computer-aided functions
Workstation may work without CD-ROM and
floppy disk drives. Such workstation cannot
install their own applications.
10. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 10 of 38
Hardware Specifications for
the Desktop
While designing the hardware
specifications for a desktop workstation,
the objective is to create hardware
specifications suitable for a wide variety
of jobs
11. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 11 of 38
Selecting Operating System
While selecting the operating system in a
network, we must match up it with the hardware
specifications
Some of the important factors are as follows:
Application Compatibility
Support issues
Security features
Cost
12. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 12 of 38
Security Design Team
Security team must be a well balanced team consisting
of people from technical, management, and financial
backgrounds
Security team should consider the following issues:
Identifying the most valuable resources
Identifying danger to the resources
Significant resources
Analyzing different security resources available
Deciding the security features
Impact of the security features on the administrator, managers,
and the users
13. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 13 of 38
Security Life Cycle
The security life cycle consists of the following:
Security Infrastructure
Access Control
Auditing
Authentication
Encryption
Firewalls
Implementation of security features
Security Management
14. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 14 of 38
Managing Security
Managing the security in a network is
continuous process
Network must after a certain period of time the
network according to the latest technology
available
Administrator must monitor the user accounts
Network traffics must be maintained
If several users on a network try to access the
network, sometimes the network may crash due
to heavy traffic
15. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 15 of 38
Modifying Permissions of a File
or Folder
We can set different
permissions for a file
File permissions serve
as an important security
tool on a network
16. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 16 of 38
Sharing File Permissions
We can assign permissions
to the desired group or users
When the Windows 2003
operating system is installed,
the windows share program
creates administrative share
by default
17. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 17 of 38
Registry Permissions
Registry gets modified when
we install different
applications
Registry also gets modified if
we configure the operating
system
We can also manually edit this
registry
Administrator has the rights to
modify the contents of the
registry
18. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 18 of 38
Group Policy Object
Group policy Object enables us
to configure the security
parameters
It performs the functions such as
distributing new software for
configuring system settings and
remapping directories
Group Policy Object is
associated with an Active
Directory container object
19. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 19 of 38
Event Log
Event log enables us to control the log
performance
20. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 20 of 38
System Services
Certain programs are
continuously running at
the background
Windows 2003 assigns
default values to the
services
21. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 21 of 38
Domain Controller
Requires more security, as the failure of domain
controller may be a disaster to the network
Performs the following functions:
Provides authentication
Stores group policies
Distributes group policies
To provide security these domain controllers must be in
a secured location
We must provide a password for domain controller, so
that unauthorized users will not get access to the domain
controller
22. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 22 of 38
Debug Programs
Debug Programs provides a
debugging tool
This tool enables the software
developers to debug
applications during process of
creating
It enables us to access any
process on the computer. We
can even access the kernel of
the operating system.
23. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 23 of 38
Services for a Domain
Controller
Domain controller requires additional
services along with the member services
These services are as follows:
Distributed file system
File replication service
Intersite messaging
Kerberos key distribution center
Remote procedure call locator
24. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 24 of 38
Adding Workstations to the
Domain
Authenticated users have the rights to add
computers to the domain up to 10 ten
computers to an Active Directory
25. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 25 of 38
Allow Log On Locally
Facilitates users and groups to log on
the computer from the console
Users having this right also have the
right to access some of the important
operating system elements
26. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 26 of 38
Shut Down the Domain
Controller
It is necessary to carefully shut down the
system as this would affect the systems over
the network
Default Domain Controller grants this right to
the following groups:
Administrators
Backup operators
Print operators
Server operators
27. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 27 of 38
Securing Infrastructure
Servers
Infrastructure servers are the computers that run
network support services such as, DNS, DHCP, and
Windows Internet Name Service.
Services that we must include using the automatic
startup type are as follow:
DHCP server
DNS server
NT LM security support provider
Windows internet name service
28. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 28 of 38
Configuring DNS Security
DHCP servers centrally manage IP
addresses and related information and
provide it to clients automatically
If you want this computer to distribute IP
addresses to clients, then configure this
computer as a DHCP server
29. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 29 of 38
Protecting Active Directory-
Integrated DNS
When we create Active Directory-
integrated zones on the DNS server, the
zone database is stored as part of the
Active Directory database
Groups such as, DnsAdmins, Domain
Admins, and Enterprise Admins groups
have full permission for the MicrosoftDNS
container
30. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 30 of 38
Protecting DNS Database
Files
Active Directory does not have all the DNS
zones integrated. For such DNS zones the
zone databases are simple text files.
System creates DNS logs files
There are no file system permissions to
maintain the DNS zone databases using the
DNS zone databases using the DNS console
or for accessing DNS server information
using a client
31. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 31 of 38
Configuring DHCP Security
Several techniques can be used against
denial of service attacks, they are as
follows:
Use the 80/20 address allocation method
Create a DHCP server cluster
32. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 32 of 38
Monitoring DHCP Activity
We are able to monitor the activity of a DHCP
sever with the help of different tools
Performance console and Network Monitor tools
enables to monitor the activity of the DHCP
server
Windows 2003 server operating system directly
integrates the DHCP audit log facility. We can
enable DHCP audit logging using group policies.
33. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 33 of 38
Summary
We can categorize the computers in a network as
follows:
Server
Desktop workstation
Portable workstation
While selecting the operating systems consider
the following:
Application compatibility
Support issues
Security features
Cost
34. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 34 of 38
Summary Contd…
The security team should identify the
following issues:
Identify the most valuable resources
Identify danger to the resources
Analyze different security resources
available
Decide the security features
Impact of the security features on the
administrator, managers, and the users
35. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 35 of 38
Summary Contd…
File permissions serve as an important
security tool on a network. Suppose that an
organization stores the information of a
customer in a particular file.
Registry of windows gets modified when we
install different applications. It also gets
modified if we configure the operating system.
36. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 36 of 38
Summary Contd…
Group policy Object enables us to configure
the security parameters
We can configure the Windows Server 2003
operating system to audit the events
Active directory permission enables us to
modify the permissions for accessing and
managing objects in the Active Directory
database
37. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 37 of 38
Summary Contd…
Most important server on the windows 2003
server operating system using the active
Directory is the domain controllers
Domain controller requires more security, as
the failure of domain controller may be a
disaster to the network
38. Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 9 / Slide 38 of 38
Summary Contd…
Authenticated users have the rights to add
computers to the domain. They can add up to
10 ten computers to an Active Directory
Infrastructure servers are the computers that
run network support services such as, DNS,
DHCP, and Windows Internet Name Service