Tài liệu Module 9: Creating a Security Design for Data pptx

Contents Overview 1 Lesson: Determining Threats and Lesson: Designing Security for Data 7 Lab A: Designing Security for Data 15 Module 9: Creating a Security Design for Data... Stude

Contents

Overview 1

Lesson: Determining Threats and

Lesson: Designing Security for Data 7

Lab A: Designing Security for Data 15

Module 9: Creating a Security Design for Data

and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2002 Microsoft Corporation All rights reserved

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

The names of actual companies and products mentioned herein may be the trademarks of their respective owners

Instructor Notes

In this module, students will learn how to determine threats and analyze risks to data in an organization Students will learn how to design access control for files and folders in order to protect data that is stored on network servers Students will also learn about considerations for encrypting and managing data After completing this module, students will be able to:

„ Determine threats and analyze risks to data

„ Design security for data

To teach this module, you need the following materials:

„ Microsoft® PowerPoint® file 2830A_09.ppt

„ The animation How EFS Works, 2830A_09_A005_1875.htm, located in the

Media folder on the Web page on the Student Materials CD

It is recommended that you use PowerPoint version 2002 or later to display the slides for this course If you use PowerPoint Viewer or an earlier version of PowerPoint, all of the features of the slides may not be displayed correctly

To prepare for this module:

„ Read all of the materials for this module

„ Complete the practices

„ Watch the animation

„ Complete the lab and practice discussing the answers

„ Read the additional reading for this module, located under Additional

Reading on the Web page on the Student Materials CD

„ Visit the Web links that are referenced in the module

How to Teach This Module

This section contains information that will help you to teach this module

Lesson: Determining Threats and Analyzing Risks to Data

Use this slide as a refresher for the topic of access control from core courses This information is presented only as background knowledge regarding access control

This page is intended simply to give examples of vulnerabilities To elaborate attacks, draw upon your own experiences The next page deals with common vulnerabilities, so try not to skip ahead

Explain the vulnerabilities, but do not discuss how to secure against them The second lesson in the module covers that topic

Use the practice as an opportunity for discussion

Lesson: Designing Security for Data

This section describes the instructional methods for teaching this lesson

Use this slide as a refresher for the topic of access control from core courses Tell students that the lab focuses on creating an access control model for Contoso Pharmaceuticals

You can play the animation by clicking the arrow on the slide If necessary, elaborate on the difference between symmetric and asymmetric encryption Refer students to the white paper referenced on the page for more information about Encrypting File System (EFS)

Spend time on this slide to identify the different ways that data management can be a potential security issue, and discuss ways to ensure secure management

Assessment

There are assessments for each lesson, located on the Student Materials compact disc You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning

Steps for Designing an

Access Control Model

Multimedia: How EFS

Lab A: Designing Security for Data

To begin the lab, open Microsoft Internet Explorer and click the name of the lab Play the video interviews for students, and then instruct students to begin the lab with their lab partners Give students approximately 20 minutes to complete this lab, and spend about 10 minutes discussing the lab answers as a class

Regarding threats to the research scientist’s portable computers, students can use the R&D Portable Computer Threat Model and the Risk Statements for R&D Portable Computers documents from previous labs to identify threats to the scientists’ portable computers Be sure to emphasize that in this lab, the goal

is to determine how to counter the threats, rather than discussing the threats themselves

This lab can be difficult if students do not understand the scope of the lab or what you expect from them However, the subject matter of the lab should be prerequisite knowledge for most students

In this lab, students open a Microsoft Visio® spreadsheet named CP File Permissions Template.vsd They are encouraged to add information to it If students use the template, ensure that they rename the file and save the

spreadsheet to the Lab Answers folder on their desktops for discussion

Students are not required to use the Visio template; tell students that if they like, they can work with paper and pencil or pen Use the answers provided in the Lab section of this module to answer students’ questions about the scope of Ashley Larson’s request in her e-mail, and to help frame classroom discussion

Additional answers for this lab are located in the Lab 9 Finance Server File Permissions Answer.vsd and Lab 9 Security Groups Answer.vsd

files, located in the Answers folder under Webfiles on the Student Materials

CD Be sure to print the answers out and study them before you conduct the lab

For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for

facilitating the lab environment used in this course

Important

Important

General lab suggestions

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization

The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Automated Classroom Setup Guide for Course 2830A, Designing

Security for Microsoft Networks

Overview

In this module, you will learn how to determine threats and analyze risks to data

in an organization You will learn how to design access control for files and folders in order to protect data that is stored on network servers You will also learn about considerations for encrypting and managing data

After completing this module, you will be able to:

„ Determine threats and analyze risks to data

„ Design security for data

Introduction

Objectives

Lesson: Determining Threats and Analyzing Risks to Data

Securing data means controlling access to it You control access by using permissions Attackers who can subvert or override permissions may be able to access data on your network

After completing this lesson, you will be able to:

„ Describe access control for data

„ Explain why securing data is important

„ List common vulnerabilities to data

Introduction

Lesson objectives

Overview of Access Control

To control access to data, Microsoft® Windows® 2000 and Microsoft Windows XP use access tokens and discretionary access control lists (DACLs) Access tokens define the rights that a user account has DACLs control the permissions to Active Directory® directory service objects and the folder and file objects in NTFS file system (NTFS)

When a user’s credentials are validated during authentication, the user’s computer receives and stores an access token The access token contains the security identifier (SID) of the user account, the SID of each local and domain group that the user has membership in, and a list of the user rights for the user When a user attempts to access a resource, the SIDs in the access token are compared to the SIDs in the DACL The user receives the corresponding permissions to each matching SID in the access token and DACL The DACL

of the resource contains an access control entry (ACE) for each permission that

is assigned to the resource The ACEs define the protections that apply to an object

For more information about access control in Windows 2000 and Windows XP,

see Access Control Components, at:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/ Security/access_control_components.asp

Key points

Additional reading

Why Securing Data Is Important

Data is vulnerable to threats from both external and internal attackers For example:

An external attacker steals a laptop from an employee’s car Using a floppy disk

to boot the computer, the attacker replaces the password of the Administrator account in the local Security Accounts Manager (SAM) database The attacker then logs on to the laptop as Administrator and accesses the data

An internal attacker discovers a server running Windows 2000 that stores

confidential data in folders that are configured with default permissions The attacker copies the data and sells it to a competitor Because auditing was not configured, the IT staff cannot determine how the server was compromised or who stole the data

Common Vulnerabilities to Data

Data is vulnerable to three general threats:

„ Incorrect configuration of permissions A user is able to access data that

should be restricted

„ Physical security of data A user has local access and can defeat other

security measures or physically destroy data

„ Corruption of data For example, a virus or irreversible encryption can

corrupt data

When configuring physical and logical security of data, always assign the least amount of access and permissions that a user requires to complete her job duties

Key points

Practice: Analyzing Risks to Data

After examining threats to data, Northwind Traders determined that if it stores all user data on a central data server and installs antivirus software on all client computers, the organization will reduce its Annual Loss Expectancy (ALE) for data by $150,000

What are some other threats to data that may prevent Northwind Traders from reducing the ALE by the anticipated amount?

Answers may vary

There is no plan for installing antivirus software on the central data server The client antivirus software may not be kept up to date

The server permissions may be incorrectly configured

Users may continue to store data on their local computers

If Northwind Traders does not back up data on the central data server regularly or take other precautions to protect data, a hardware failure or natural disaster could cause Northwind Traders to lose all data, which could create a work stoppage for the organization

Introduction

Question

Lesson: Designing Security for Data

You can secure access to data by ensuring that users have appropriate

permission An access control model is a methodology for assigning

permissions to users and groups You can also secure data by using NTFS with share permissions or by using encryption

After completing this lesson, you will be able to:

„ Design an access control model

„ Describe considerations when using NTFS in combination with share permissions

„ Design an Encrypting File System (EFS) policy

„ List guidelines for designing security for data

Introduction

Lesson objectives

Steps for Designing an Access Control Model

In Windows 2000 and Windows XP, you can apply access control to data and

to the accounts that access data You can use an access control model on accounts to isolate the security of resources from individual accounts An access control model also greatly simplifies the application of security on resources

AGDLP (account, global group, domain local group, permissions) is an access control model that you can use to implement security based on user roles in your organization The AGDLP model places accounts in groups, places the groups in domain local groups, and then assigns permissions to the domain local groups

To design an access control model based on the principle of AGDLP, follow these steps:

1 Determine access control requirements:

a Identify the jobs and functional roles in your organization

b Determine the security levels for data on your network

2 Create the access control model:

a Create global groups that correspond to jobs or roles

b Create domain local groups and assign permissions to the groups

3 Implement the model:

a Put accounts in the appropriate global groups

b Put global groups in domain local groups, based on the security requirements of the global group

Key points

Considerations for Combining NTFS and Share Permissions

You can use NTFS and share permissions together to control the security of data NTFS permissions are in effect when a user accesses data on an NTFS volume locally or remotely Share permissions are in effect when the data is accessed remotely over a network

All files and folders stored on an NTFS volume have an owner, who always has the permission to control the permissions to the resource This ability can enable an owner to subvert a security policy enforced by an IT department For example, a user in the Finance group creates a spreadsheet on a Finance server, which has membership restricted by a security policy to only Finance users Because the owner of the spreadsheet has Full Control permissions on the spreadsheet, the owner could grant another user Full Control, even though that person might not belong to the Finance group

By granting Change permissions to the group All Finance Users on the shared folder on the Finance server, the owner can still create files on the Finance server but is prevented from assigning Full Control permissions on files to other users unless the owner has local access to the volume

For more information about NTFS and share permissions, see:

„ The white paper, Default Access Control Settings, under Additional

Reading on the Web page on the Student Materials CD

„ Q313398, HOW TO: Control NTFS Permissions Inheritance in Windows

„ Q318754, HOW TO: Use Xcacls.exe to Modify NTFS Permissions

„ Q301198, HOW TO: Share Files and Folders Over a Network (Domain) in

Windows 2000

Key points

Additional reading