1 / 19

Securing Windows Networking

Securing Windows Networking. Risk Analysis & Access Control. Topics. Risk Analysis Mapping Your Network Services Understanding Your Traffic Controlling Network Access Access Control Restricting Physical Access Account Management Questions. Risk Analysis. Mapping Your Network Services

menefer
Download Presentation

Securing Windows Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Windows Networking Risk Analysis & Access Control

  2. Topics • Risk Analysis • Mapping Your Network Services • Understanding Your Traffic • Controlling Network Access • Access Control • Restricting Physical Access • Account Management • Questions

  3. Risk Analysis • Mapping Your Network Services • Logical Diagram • IP addresses of all devices • Physical Location • Networks/Masks • Identify Ingress/Egress points • Identify Critical Services • Living Document

  4. Risk Analysis • Mapping Your Network Services (cont.) • Services List • All services, by subnetwork • All services that cross subnetwork boundaries • What does it look like now? • Request NERDC scanning service to provide an external view • Use port scanner to provide internal view

  5. Risk Analysis • Understanding your traffic • NBTstat • Netstat • SMS Network Monitor • Collect traffic sample from each subnetwork • Determine protocol distribution (IP, IPX, ARP, BPDUs, etc.) • Note IP addresses, services • Reevaluate periodically

  6. Risk Analysis • Controlling Network Access • Convert shared media to switched • Separate servers from workstations by placing them in different subnetworks • Restrict management access of network hardware to trusted network or addresses

  7. Risk Analysis • Controlling Network Access (cont.) • Disable IP source-routing on routers • Make sure RIP routing is disabled on systems with RRAS • Use TCP/IP Advanced Security

  8. Risk Analysis • Controlling Network Access (cont.) • Use router access lists to filter outbound traffic from each subnetwork, at a minimum: • NetBus (t-12345/12346), Back Orifice (u-31337), NetBus Pro (t-20034) • ICMP types 9 & 10 (IRDP) • Proper Source Addresses

  9. Risk Analysis • Controlling Network Access (cont.) • Use router access lists to filter inbound traffic at the peering point, at a minimum: • No packets sourced with internal addresses • NetBus (t-12345/12346), Back Orifice (u-31337), NetBus Pro (t-20034) • ICMP types 9 & 10 (IRDP) • ICMP to any internal broadcast addresses • SNMP, if appropriate

  10. Questions?

  11. Access Control • Controlling Physical Access • Critical Systems • Secure behind a locked door • Lockable cases • Backup power • Backup solution w/central storage • Use BIOS passwords • Disable floppy boot

  12. Access Control • Controlling Physical Access (cont.) • Critical Systems (cont.) • Use password protected screensaver whenever unattended • Secure network connection • NT caches credentials of last 10 users • MAC address locking • No uncontrolled modems

  13. Access Control • Account Management • Use Strong Passwords • Password Filtering - PASSFILT.DLL • minimum length • character class restrictions • no name or full name • policy customizable • Avoid Clear-Text Passwords • Use Only Windows NT as a client

  14. Access Control • Account Management • Define Strong Account Policy • Maximum Age - 180 days or less • Minimum Age - 5 days or more • Minimum Length - 6 characters or more • Uniqueness - Last 36, or (Age-max/Age-min) • Account Lockout - 5 bad attempts within 30 min • Lockout Period - 30 minutes or more

  15. Access Control • Account Management (cont.) • Define Strong Account Policy (cont.) • User must logon to change password • Use logon hours • Forcibly disconnect users, if appropriate • Restrict User Rights • Access this computer from network • Log on locally - admin only • Manage auditing and security log - admin only

  16. Access Control • Account Management (cont.) • Restrict User Rights (cont.) • Take ownership of files/objects - admin only • Change system time - admin only if possible • Force shutdown from remote system • Shutdown locally, what’s appropriate?

  17. Access Control • Account Management (cont.) • Special Accounts • Administrator - Change name • Create dummy administrator account, monitor • Guest Account - Disable • Use dedicated service accounts • Monitor unusual behavior in IUSR_ accounts

  18. Access Control • Account Management (cont.) • Winlogon Considerations • Use logon banners which state at a minimum: • Logon is restricted to authorized users only • All subsequent actions are subject to audit • Edit HKLM\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\Winlogon Registry Keys with notice • Hide the username of the last user • DontDisplayLastUserName (REG_SZ, 1) • Use roaming profiles

  19. Questions?

More Related