Tài liệu Module 8: Creating a Security Design for Authentication docx

Contents Overview 1 Lesson: Determining Threats and Analyzing Risks to Authentication 2 Lesson: Designing Security for Authentication 8 Lab A: Designing Authentication Security 23

Contents

Overview 1

Lesson: Determining Threats and

Analyzing Risks to Authentication 2

Lesson: Designing Security for

Authentication 8

Lab A: Designing Authentication Security 23

Module 8: Creating a Security Design for Authentication

and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2002 Microsoft Corporation All rights reserved

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

The names of actual companies and products mentioned herein may be the trademarks of their respective owners

Instructor Notes

In this module, students learn how to determine threats and analyze risks to authentication Students learn how to design security for authenticating local users, remote users, and users who access their networks across the Internet Students also learn when to choose multifactor authentication for additional

security

After completing this module, students will be able to:

„ Determine threats and analyze risks to authentication

„ Design security for authentication

To teach this module, you need Microsoft® PowerPoint® file 2830A_08.ppt

It is recommended that you use PowerPoint version 2002 or later to display the slides for this course If you use PowerPoint Viewer or an earlier version of PowerPoint, all of the features of the slides may not be displayed correctly

To prepare for this module:

„ Read all of the materials for this module

„ Complete the practices

„ Complete the lab and practice discussing the answers

„ Read the additional reading for this module, located under Additional Reading on the Web page on the Student Materials CD

„ Visit the Web links that are referenced in the module

How to Teach This Module

This section contains information that will help you to teach this module

Lesson: Determining Threats and Analyzing Risks to Authentication

This section describes the instructional methods for teaching this lesson

This slide is presented in several other modules It is not meant as a realistic network, but as a conceptual picture to represent different parts of a network Use the slide as well as your knowledge and experience to explain the concepts and to generate discussion

This page is intended simply to give examples of vulnerabilities To elaborate attacks, draw upon your own experiences The next page deals with common vulnerabilities, so try not to skip ahead

Explain the threats, but do not discuss how to secure against them The second lesson in the module covers that topic

This practice involves a qualitative risk analysis Answers may vary

Lesson: Designing Security for Authentication

This lesson contains numerous Web links that you will find valuable in preparing to teach this module

Answers may vary Use the rankings provided and the security responses that students give to generate classroom discussion

Use this page to review the content of the module Students can use the checklist as a basic job aid The phases mentioned on the page are from Microsoft Solutions Framework (MSF) Use this page to emphasize that students must perform threat analysis and risk assessment on their own networks for the topic covered in this module Students must then design security responses to protect the networks

Assessment

There are assessments for each lesson, located on the Student Materials compact disc You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning

Lab A: Designing Authentication Security

To begin the lab, open Microsoft Internet Explorer and click the name of the lab Play the video interviews for students, and then instruct students to begin the lab with their lab partners Give students approximately 20 minutes to complete this lab, and spend about 10 minutes discussing the lab answers as a class

Use the lab answers provided in the Lab section of the module to answer student questions about the scope of Ashley Larson’s e-mail request, and to lead classroom discussion after students complete the lab

If students ask about John Chen’s video interview, explain that by removing the Microsoft Windows® 95-based and Apple Macintosh-based computers, Contoso Pharmaceuticals is able to standardize on Internet Explorer

as the company’s Web browser

For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for

facilitating the lab environment used in this course

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization

The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Automated Classroom Setup Guide for Course 2830A, Designing

Security for Microsoft Networks

Overview

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

In this module, you will learn how to determine threats and analyze risks to authentication You will learn how to design security for authenticating local users, remote users, and users who access your network across the Internet You

will also learn when to choose multifactor authentication for additional security

After completing this module, you will be able to:

„ Determine threats and analyze risks to authentication

„ Design security for authentication

Introduction

Objectives

Lesson: Determining Threats and Analyzing Risks to

Authentication

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Authentication validates that a user possesses the correct credentials that are associated with an account In a Microsoft® Windows® network, the

authentication methods that are used to verify logon credentials are based primarily on how and where an account is accessing the network If incorrect configurations or incompatibilities with applications exist, attackers may be able to intercept or impersonate authentication information

After completing this lesson, you will be able to:

„ Describe authentication in general terms

„ Explain why authentication is important

„ List common vulnerabilities of authentication

Introduction

Lesson objectives

Overview of Authentication

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

When designing security for authentication, consider all types of authentication that your network uses, including applications that use their own authentication protocols On a Microsoft network, different authentication methods are used, depending on whether a user is directly connected to the local area network (LAN), accessing the network remotely, or accessing the network over the Internet

Key points

Why Authentication Security Is Important

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

While using a friend’s home computer, an external attacker discovers that the computer has Remote Access Service (RAS) credentials to the internal network that are persistently stored on the computer The attacker successfully

authenticates to the network using the credentials, and then gains access to

network resources

An internal attacker installs network monitoring software that operates in promiscuous mode to intercept authentication packets After intercepting packets in an authentication sequence, the attacker performs a brute force attack

on the password hash that is retrieved from a packet and determines the user’s password The attacker later uses the intercepted account name and password to access the network

External attacker

scenario

Internal attacker

scenario

Common Vulnerabilities of Authentication

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

After an attacker penetrates a network, one of the first things that he will do is attempt to obtain domain logon credentials Ensure that you design an

authentication strategy that minimizes exposure to vulnerabilities of passwords, compatibility with older or non-Microsoft software, and encryption

After an account is successfully authenticated, it is very difficult—in some cases impossible—to detect whether the person using the account is the user who has been assigned that account or an attacker Often, you can only make the determination after the attacker has caused damage

Key points

Practice: Analyzing Risks to Authentication

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Northwind Traders has 10,000 users who work in a single office complex

Everyone uses computers running Microsoft Windows NT® version 4.0 or Windows 2000 that are members of an Active Directory® directory service domain Hubs connect the network The account lockout policy threshold is set

to 10 incorrect logon attempts Administrators must use smart cards to be authenticated

Management has asked you to perform a qualitative risk analysis of items in the table For each threat, assign a probability and impact value between 1 and 10, and then multiply the two values to compute the relative risk Then, answer the question

Threat Probability Impact Relative risk

1 Attacker intercepts packets that contain password hashes and attempts to break them offline

4 Attacker exploits authentication protocols that are designed for use with older operating systems

5 Attacker looks over the shoulder of

a user as she enters her password

Introduction

(continued)

Threat Probability Impact Relative risk

6 Attacker steals the smart card of an administrator and succeeds in guessing the PIN (personal identification number)

7 Attacker performs a brute force attack on a user account by using a script

What two threats present the greatest relative risk? Why?

Note: Answers in the table may vary

Threats 1 and 5 likely present the greatest risk An attacker can perform threat 1 passively from any place on the network, potentially intercept all authentication packets that use NTLM or LAN Manager, and then attack the password hashes offline Threat 5 is easily carried out with little skill required Both attacks enable an attacker to obtain a valid user account and password combination with little effort Both attacks are also very difficult to detect

Question

Lesson: Designing Security for Authentication

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

To secure authentication, you secure user access to the network from local, remote, and Web-based clients Authentication security also depends on the types of computers and software on your network For example, a network of similar or heterogeneous clients that all use the same operating system has different requirements than a network made up of several different operating systems or different versions of the same operating system

After completing this lesson, you will be able to:

„ Determine authentication requirements for your network

„ Describe LAN authentication protocols and considerations for authenticating accounts on a LAN

„ Describe considerations for authenticating Web users

„ Describe considerations for authenticating RAS users

„ Explain multifactor authentication

„ Describe considerations for authenticating applications and network devices

Introduction

Lesson objectives

Steps for Determining Authentication Requirements

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

To determine authentication requirements:

1 Analyze business and technical requirements for authentication security

Your organization may have specific authentication requirements, such as compliance with government regulations or protection against exposure to unique threats Your organization may also have different requirements for various types of accounts, such as Administrator accounts

2 Identify compatibility requirements of older operating systems If you do not

use older operating systems, such as MS-DOS®, Windows 95, or Windows 98, disable any authentication protocols that are used only for older operating systems In general, these protocols are weaker than newer protocols

3 Identify compatibility requirements of applications Enterprise applications

and other line-of-business applications may have their own authentication protocols or specific authentication requirements

4 Identify authentication requirements of third-party applications and

operating systems You must ensure authentication compatibility with

non-Microsoft applications and operating systems Also consider how accounts

on network devices are authenticated

5 Design an implementation strategy for authentication After gathering the

information in steps 1 through 4, you will be able to design an implementation strategy to authenticate accounts securely

Key points

LAN Authentication Protocols

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Windows 2000 and Windows XP support several methods for authentication on

a LAN As part of your security design, you must determine which authentication methods to support Generally, newer authentication methods are stronger but may not be compatible with older applications or operating

systems

In Windows 2000 and Windows XP, the Security Support Provider Interface (SSPI) determines which of the following authentication protocol to use to validate authentication credentials:

authentication protocol, which is the least secure challenge and response authentication protocol in Windows 2000 and Windows XP Use LAN Manager authentication if computers must connect to files stored on computers running MS-DOS, Windows 95, or Windows 98

securely NTLM is the default authentication protocol in Microsoft Windows NT 4.0 domains and for local accounts in Windows 2000 and Windows XP

authentication protocols in Windows 2000 and Windows XP is NTLM v2 It

is also available for earlier operating systems if you install the Active Directory client extensions for Windows 95, Windows 98, or Windows NT 4.0 NTLMv2 performs mutual authentication and can be further secured by adding session security

Key points