1 / 18

Securing and Protecting the Network

Name: Hatem elbuhaisi Name no : 120100071 University of Palestine Miss : yasmen elboboo Chairing Information Technology. Securing and Protecting the Network.

devaki
Download Presentation

Securing and Protecting the Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Name: Hatemelbuhaisi • Name no: 120100071 • University of Palestine • Miss : yasmenelboboo • Chairing Information Technology Hands-On Microsoft Windows Server 2003 Active Directory Securing and Protecting the Network

  2. Explain basic security concepts in an Active Directory computer network, including discretionary access control lists (DACLs), system access control lists (SACLs), and security principals Demonstrate the use of DACLs to control access to objects in Active Directory Demonstrate the use of DACLs to control access to network resources Describe the user authentication process in an Active Directory domain Hands-On Microsoft Windows Server 2003 Active Directory Objectives

  3. Security principals can be given permissions to access a resource Groups can also be granted permissions A security principal can be a user, an InetOrgPerson object, a computer, or a security group A contact is not a security principal Hands-On Microsoft Windows Server 2003 Active Directory Security Principals

  4. Unique binary value • Often expressed in Security Descriptor Definition Language (SDDL) format • S-1-identifier authority-subauthority identifier-domain identifier-relative identifier Hands-On Microsoft Windows Server 2003 Active Directory Security Identifiers

  5. Same structure as a DACL Determines if the access is audited Can track changes and log ons Hands-On Microsoft Windows Server 2003 Active Directory System Access Control Lists (SACL)

  6. “Implicit deny” occurs when no ACE is found ACEs are normally used to grant access Deny is used to override an allow as a member of a group Owners always have access Hands-On Microsoft Windows Server 2003 Active Directory ACEs That Allow or Deny

  7. Permissions can be inherited from parent objects such as OUs Each ACE is marked to indicate whether it was directly applied or inherited Hands-On Microsoft Windows Server 2003 Active Directory Inheritance

  8. There is no good reason to grant permissions explicitly to individual users In a single-domain forest, use global groups Hands-On Microsoft Windows Server 2003 Active Directory Groups in Security

  9. If using machine local accounts, use machine local groups Hands-On Microsoft Windows Server 2003 Active Directory Groups in Security (continued)

  10. If using a small number of domains and one site • Assign users to global groups • Assign global groups to domain local groups • Grant permissions to the domain local groups Hands-On Microsoft Windows Server 2003 Active Directory Groups in Security (continued)

  11. Using only universal groups works well in single-domain environments, but not in a large forest Using domain local, global, and universal groups is the best approach for the same group to access resources in different domains Hands-On Microsoft Windows Server 2003 Active Directory Groups in Security (continued)

  12. Control can be delegated with precision using Active Directory Hands-On Microsoft Windows Server 2003 Active Directory Granular Control

  13. Used for every tasks Hands-On Microsoft Windows Server 2003 Active Directory Standard Permissions

  14. The exact and granular permissions available Hands-On Microsoft Windows Server 2003 Active Directory Special Permissions

  15. Protecting objects is essential Most protected resources use a DACL similar in format to Active Directory objects Hands-On Microsoft Windows Server 2003 Active Directory Protecting Network Resources

  16. Hands-On Microsoft Windows Server 2003 Active Directory Overview of the Kerberos Process

  17. Hands-On Microsoft Windows Server 2003 Active Directory The NTLM Authentication Process

  18. Three possible identification factors for authentication • Something you know • Something you have • Something you are • Two-factor authentication uses a password and an additional factor to increase security, such as • SecurID • Biometric devices • Smart cards Hands-On Microsoft Windows Server 2003 Active Directory Two-factor Authentication

More Related