Tài liệu Module 6: Creating a Security Design for Computers ppt

Contents Overview 1 Lesson: Determining Threats and Analyzing Risks to Computers 2 Lesson: Designing Security for Computers 8 Lab A: Designing Security for Computers 23 Module 6: Cr

Contents

Overview 1

Lesson: Determining Threats and

Analyzing Risks to Computers 2

Lesson: Designing Security for Computers 8

Lab A: Designing Security for Computers 23

Module 6: Creating a Security Design for Computers

and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2002 Microsoft Corporation All rights reserved

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

The names of actual companies and products mentioned herein may be the trademarks of their respective owners

Instructor Notes

In this module, students will learn how to determine threats and analyze risks to computers in an organization Students will also learn how to design security for computers throughout the computers’ life cycles, from initial purchase to decommissioning

After completing this module, students will be able to:

„ Determine threats and analyze risks to computers

„ Design security for computers

To teach this module, you need the following materials:

„ Microsoft® PowerPoint® file 2830A_06.ppt

„ The animation Microsoft Software Update Services,

2810A_03_A005_1952.htm, located in the Media folder on the Web page

on the Student Materials CD

It is recommended that you use PowerPoint version 2002 or later to display the slides for this course If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly

To prepare for this module:

„ Read all of the materials for this module

„ Complete the practices

„ Complete the lab and practice discussing the answers

„ Watch the animation

„ Read the additional reading for this module, located under Additional

Reading on the Web page on the Student Materials CD

„ Visit the Web links that are referenced in the module

How to Teach This Module

This section contains information that will help you to teach this module

Lesson: Determining Threats and Analyzing Risks to Computers

This section describes the instructional methods for teaching this lesson

Emphasize that students are responsible for the security of a computer at each stage in its life cycle

This page is intended simply to give examples of vulnerabilities To elaborate attacks, draw upon your own experience The next page deals with common vulnerabilities, so try not to skip ahead

Explain the threats, but do not discuss how to secure against them The second lesson in the module covers that topic Emphasize that off-site repair of computers is also a risk that students may need to protect against If an attacker has physical control of a user’s computer, the user has lost the security battle Ask students what recommendations they would make to the government agency in the scenario

Lesson: Designing Security for Computers

This section describes the instructional methods for teaching this lesson

Emphasize that students must understand what the implications of an update are

to a system before they install or deploy the update to their networks

Encourage students to test all updates before deployment

You can play the animation by clicking the arrow on the slide

Use this page to review the content of the module Students can use the checklist as a basic job aid The phases mentioned on the page are from Microsoft Solutions Framework (MSF) Use this page to emphasize that students must perform threat analysis and risk assessment on their own networks for the topic covered in this module, and then they must design security responses to protect the network

Assessment

There are assessments for each lesson, located on the Student Materials compact disc You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning

The Security Life Cycle

Lab A: Designing Security for Computers

To begin the lab, open Microsoft Internet Explorer and click the name of the lab Play the video interviews for students, and then instruct students to begin the lab with their lab partners Give students approximately 20 minutes to complete this lab, and spend about 10 minutes discussing the lab answers as a class

Use the answers provided in the Lab section of this module to answer student questions about the scope of Ashley Larson’s request in her e-mail

For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for facilitating the lab environment used in this course

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization

The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Automated Classroom Setup Guide for Course 2830A, Designing

Security for Microsoft Networks

Overview

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

In this module, you will learn how to determine threats and analyze risks to computers in an organization You will also learn how to design security for computers throughout their life cycles, from initial purchase to

decommissioning

After completing this module, you will be able to:

„ Determine threats and analyze risks to computers

„ Design security for computers

Introduction

Objectives

Lesson: Determining Threats and Analyzing Risks to

Computers

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

The computers on your network present many opportunities for attackers to access your organization’s data Ensuring that your computers are secured and updated throughout their operational lives is essential to maintaining a secure network

After completing this lesson, you will be able to:

„ Describe the security life cycle of a computer

„ Explain why securing computers is important

„ Describe common threats to computers

Introduction

Lesson objectives

The Security Life Cycle of a Computer

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

The security life cycle of a computer includes the following phases:

„ Initial installation During the initial installation of an operating system and

applications, viruses and configuration errors can compromise the security

of a computer Be sure to set the password for the built-in Administrator account during the initial installation

„ Baseline configuration After initial installation, configure the baseline

configuration settings for security that your organization requires for computers

„ Role-specific security Computers that have specific roles, such as Web

servers, require additional configuration beyond the baseline security configuration to ensure that they are protected against threats that are specific to the computer’s role

„ Application of security updates During the computer’s lifetime, service

packs and security updates for the operating system and applications will be released To maintain the baseline security configuration, install the service packs and security updates

„ Decommissioning At the end of a computer’s operational lifetime, dispose

of it in a way that makes it impossible for attackers to obtain information on the hard disk or media devices

Key points

Why Security of Computers Is Important

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

When a network administrator installs software on new computers for the Sales department, a virus infects the computers before the administrator can install a service pack that protects against the virus The virus exploits a known vulnerability and installs a Trojan horse application The administrator deploys the computers to users without realizing that the computers have been

compromised by an external attacker

During an unattended installation of an operating system over the network, the local Administrator account’s password is configured and sent in plain text over the network An internal attacker who is sniffing packets on the network intercepts the password The attacker discovers that the password also works with the Administrator account on his manager’s computer He uses the account

to access confidential data on his manager’s computer

External attacker

scenario

Internal attacker

scenario

Common Threats to Computers

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Although technical security measures are essential for securing computers in your organization, the majority of threats to computers are from people and flawed processes For example, an attacker physically attacks a computer’s hard disk, or a process in an organization omits the application of service packs before deployment

For more information about change management, see Appendix C, “Designing

an Operations Framework to Manage Security.”

Key points

Additional reading

Practice: Analyzing Risks to Computers

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Northwind Traders recently signed a contract with a government agency to perform confidential research for a national security project The government will supply Northwind Traders with 100 government computers that the agency has collected from various internal departments

Northwind Traders proposes to hire Consolidated Messenger, a publicly held shipping company, to pick up the computers from a secure government facility and ship them to the Northwind Traders headquarters The IT staff at

Northwind Traders will install antivirus software and the research application that is required for the project

Northwind Traders’ research facility is still under construction and will be ready in three weeks In the interim, Consolidated Messenger will store the computers at a warehouse that Northwind Traders shares with Coho Vineyard

1 What are the potential threats to the computers and to Northwind Traders?

The computer hardware could be tampered with and compromised when in the possession of Consolidated Messenger or while stored at the warehouse An attacker could install keyboard monitoring equipment, other types of hardware eavesdropping devices, or malicious software Northwind Traders has no plans for performing an initial installation

or creating a secure baseline for the computers Although its plan to install antivirus software is a good idea, it likely will not provide sufficient security Also, because the agency is collecting computers from various departments, the computers may also be configured for different roles and, therefore, may not be properly secured for their new role as research computers

Introduction

Questions

2 Do these threats pose a significant risk?

Yes, the research is highly confidential and involves national security Therefore, the potential impact of the threats is great enough that the risk in this plan is significant and must be avoided

3 What actions would you recommend that Northwind Traders take to secure the computers?

Northwind Traders should transport the computers, rather than hiring

a third party It can store the computers in a secure facility, erase and reformat the computers, and perform an initial installation of necessary software in a secure, offline environment

Lesson: Designing Security for Computers

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Every computer on your network goes through various stages in its life cycle Your security design must manage security for each stage in the life cycle, and also ensure that computers stay secure as they move from stage to stage After completing this lesson, you will be able to:

„ Secure an initial installation

„ Create a secure baseline configuration

„ Design security for specific computer roles

„ Explain methods for applying security updates

„ Assess the security of computers

„ Decommission computers securely

Introduction

Lesson objectives

Common Methods for Performing an Initial Installation Securely

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

When you perform the initial installation of an operating system and applications on a computer, do the following:

„ Implement secure default configurations of the operating system and applications

„ Install only required services and applications for the computer’s role

„ Configure default accounts and passwords securely

„ Ensure that you use uncompromised files to install the operating system and applications

„ Use trusted personnel to perform initial installations

You can use several methods to perform an initial installation, including isolated networks, updated media, custom scripts, hard disk imaging, and Remote Installation Services (RIS) You can combine methods to achieve the level of security that you require For example, you can create a custom installation script for all Web servers and install the operating system on an isolated network by using installation media that is updated with the latest security updates and service packs

One of the most important tasks that you perform during the initial installation

is creating the password for the built-in Administrator account When you install the operating system by using unattended installation scripts, the password for this account in stored in plain text To protect the password, only use unattended text files on isolated networks

Performing the initial installation on an isolated network also helps ensure that the computer does not become exposed to known viruses on your network until after you have installed virus protection software and the latest service packs and hotfixes

Key points