CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [125]
The restrictions you set come from choices within template files and can be as simple as not allowing the user to access Solitaire, to removing their ability to access the other networks. Security templates are those template files that hold Registry setting choices that relate to security settings.
The Microsoft Windows Group Policy FAQ, which can be found at http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx, is highly recommended reading for the real world.
Not every configuration setting needs to be downloaded through the domain. Every current Microsoft operating system also includes local policies—settings that apply to the workstation when the user has yet to authenticate with the network. The purpose of these policies are to restrict the user locally, just as you would across the network, when they have yet to log into the domain. To see the local polices, choose Start Run and type secpol.msc.
You should routinely monitor the settings made throughout your network in local and Group Policies and tweak them as needed.
Hardening Microsoft Windows 2000
Windows 2000 entered the market at the millennium. It includes workstation and several server versions. The market has embraced these products, and they offer reasonable security when updated. Windows 2000 provides a Windows Update icon on the Start menu; this icon allows you to connect to the Microsoft website and automatically download and install updates. A large number of security updates are available for Windows 2000—make sure they’re applied.
In the Windows environment, the Services manager or applet is one of the primary methods (along with policies) used to disable a service.
The server and workstation products operate in a manner similar to Windows NT 4. These products run into the most security-related problems when they’re bundled with services that Microsoft has included with them. Some of the more attack-prone services include Internet Information Server (IIS), File Transfer Protocol (FTP), and other common web technologies. Make sure these services are disabled if they aren’t needed, and keep them up-to-date with the most recent security and service packs.
Many security updates have been issued for Windows 2000. The Microsoft TechNet and Security websites provide tools, white papers, and materials to help secure Windows 2000 systems.
You can find the Microsoft TechNet website at http://technet.microsoft.com/default.aspx. This is one of the first places to turn for technical information on Microsoft products.
Windows 2000 includes extensive system logging, reporting, and monitoring tools. They help make the job of monitoring security fairly easy. In addition, Windows 2000 provides a great deal of flexibility in managing groups of users, security attributes, and access control to the environment.
The Event Viewer is the major tool for reviewing logs in Windows 2000. Figure 5.3 shows an example Event Viewer. Using Event Viewer, an administrator can log a number of different types of events and configure the level of events that are logged.
FIGURE 5.3 Event Viewer log of a Windows 2000 system
Another important security tool is Performance Monitor. As an administrator of a Windows 2000 network, you must know how to use Performance Monitor. This tool can be a lifesaver when you’re troubleshooting problems and looking for resource-related issues.
Windows 2000 servers can run a technology called Active Directory (AD), which lets you control security configuration options of Windows 2000 systems in a network. Unfortunately, the full power of AD doesn’t work unless all the systems in the network are running Windows 2000 or higher.
Hardening Unix/Linux
The Unix environment and its derivatives are some of the most-installed server products in the history of the computer industry.