Microsoft Virtual Academy

Microsoft Technology
Associate
98-367: Security Fundamentals

Christopher Chapman | Content PM , Microsoft

Thomas Willingham | Content Developer, Microsoft
Course Topics

98-367: Security Fundamentals

01 | Understanding Security Layers
02 | Authentication, Authorization and Accounting
03 | Understanding Security Policies
04 | Understanding Network Security
05 | Protecting Servers and Clients
Setting Expectations

• Target Audience
• IT Help Desk staff interested in moving into Network/Systems Administration
• Anyone interested in learning more about networking

• Suggested Prerequisites/Supporting Material

• 40349A: Windows Operating System Fundamentals: MTA Exam 98-349
• 40366A: Networking Fundamentals: MTA Exam 98-366
• 40365A: Windows Server Administration Fundamentals: MTA Exam 98-365
• Exam 98-349: Windows Operating System Fundamentals
• Exam 98-366: Networking Fundamentals
• Exam 98-365: Windows Server Administration Fundamentals
Microsoft Virtual Academy
®

Module 1
Understanding Security Layers

Christopher Chapman | Content PM , Microsoft

Thomas Willingham | Content Developer, Microsoft
Module Overview

• Core Security Principles

• Physical Security
Core Security Principles
Security

• What you are trying to protect

• Why does it needs to be protected
• Why you are protecting
Confidentiality, Integrity, Availability (CIA)

• Confidentiality
• Integrity
• Availability
Confidentiality, Integrity, Availability (CIA)

• Confidentiality
• Confidentiality is the characteristic of a resource ensuring access is restricted to
only permitted users, applications or computer systems.
• Confidentiality deals with keeping information, networks, and systems secure
from unauthorized access. This can be achieved by using encryption,
authentication, and access control.
• There are several technologies that support confidentiality in an enterprise
security implementation.
➢ Strong encryption

➢ Strong authentication
➢ Strong access controls
Confidentiality, Integrity, Availability (CIA)

• Integrity

• Integrity is defined as the consistency, accuracy, and validity of data or

information. This can be achieve by using hashing.

• One of the goals of a successful information security program is to ensure that

data is protected against any unauthorized or accidental changes.
Confidentiality, Integrity, Availability (CIA)

• Availability

•Availability describes a resource being accessible to a user, application, or

computer system when required.

➢ In other words, availability means that when a user needs to get to

information, he or she has the ability to do so.

• Typically, threats to availability come in two types: accidental and deliberate.

Risk Management

• Risk management is the process of identifying, accessing, and

prioritizing threats and risks.
• A risk is generally defined as the probability that an event will occur.
• A threat, which is defined as an action or occurrence that could result in
the breach, outage, or corruption of a system by exploiting known or
unknown vulnerabilities.
• The goal of any risk management plan is to remove risks when possible
and to minimize the consequences of risks that cannot be eliminated.
• Risk assessments are used to identify the risks that might impact your
particular environment.
Risk Management

• After you have prioritized your risks, you are ready to choose from
among the four generally accepted responses to these risks.
• Responses include:
• Avoidance
• Acceptance
• Mitigation
• Transfer
Risk Management

Risk
Analyze and
Identify Statement
Prioritize
(If/then)

Master Risk
ListN Plan and
Control Top
Schedule
risks

Risk Track and

Learn
database Report
Least Privilege, Attack Surface, and Social Engineering

• Least Privilege

• The principle of least privilege is a security discipline that requires that a particular
user, system, or application be given no more privilege than necessary to
perform its function or job.
Least Privilege, Attack Surface, and Social Engineering

• Attack Surface

• An attack surface consists of the set of methods and avenues an attacker can use
to enter a system and potentially cause damage.

• The larger the attack surface of a particular environment, the greater the risk of a
successful attack.
Least Privilege, Attack Surface, and Social Engineering

• Social Engineering

• Social engineering is a method used to gain access to data, systems, or networks,

primarily through misrepresentation.

• This technique typically relies on the trusting nature of the person being attacked.
Security and Cost

• Security costs money.

• you should also strive to make the security measures as seamless as
possible to authorized users who are accessing the confidential
information or resource.
• If security becomes a heavy burden, users will often look for methods
to circumvent the measures you have established.
• Training goes a long way in protecting your confidential information
and resources because it shows users what warning signs to watch for.
Physical Security
Physical Security

• Physical Security is the First Line of Defense.

• There are a number of factors to consider when designing,

implementing, or reviewing physical security measures taken to protect
assets, systems, networks, and information.

• These include understanding site security and computer security;

securing removable devices and drives; access control; mobile device
security; disabling the Log On Locally capability; and identifying and
removing keyloggers.
Access Control

• Access control is the process of restricting access to a resource to only

permitted users, applications, or computer systems.
Defense in depth

• Defense in depth means using multiple layers of security to defend your

assets.

• That way, even if an attacker breaches one layer of your defense, you
have additional layers to keep that person out of the critical areas of
your environment.
Defense in Depth

External Perimeter
Internal Perimeter
Secure Area
Servers
Racks
Goals in Physical Security

• There are several other goals to keep in mind when designing a

physical security plan:
• Authentication: Site security must address the need to identify and
authenticate the people who are permitted access to an area.
• Access control: Once a person’s identity has been proven and
authenticated, site security must determine what areas that person has
access to.
• Auditing: Site security must also provide the ability to audit activities
within the facility. This can be done by reviewing camera footage,
badge reader logs, visitor registration logs, or other mechanisms.
Physical Premises

• For the purposes of this lesson, we will break the physical premises into
three logical areas:
• The external perimeter
• The internal perimeter
• Secure areas
External Perimeter Security

• The external security perimeter is the first line of defense surrounding

your office.

• Common security measures you may encounter with respect to an

organization’s external perimeter include the following:
• Security cameras
• Parking lot lights
• Perimeter fence
• Gate with guard
• Gate with access badge reader
• Guard patrols
 Internal Perimeter Security

• The internal security perimeter starts with the building walls and exterior doors and includes any internal
security measures, with the exception of secure areas within the building.

• Some of the features you may use to secure an internal perimeter include the following:
• Locks (on exterior doors, internal doors, office doors, desks, filing cabinets, etc.)
• Keypads
• Security cameras
• Badge readers (on doors and elevators)
• Guard desks
• Guard patrols
• Smoke detectors
• Turnstiles
• Mantraps
Secure Areas

• Areas that not only to restrict external attackers, but also to limit
internal employee access.

• Secure area security technologies include the following:

• Badge readers
• Keypads
• Biometric technologies (e.g., fingerprint scanners, retinal scanners, voice recognition systems, etc.)
• Security doors
• X-ray scanners
• Metal detectors
• Cameras
• Intrusion detection systems (light beam, infrared, microwave, and/or ultrasonic)
Computer Security

• Computer security consists of the processes, procedures, policies, and

technologies used to protect computer systems.
• Servers
• Desktop computers
• Mobile computers
Device Security

• Servers
• Locked in data centers (secure area)

• Desktops
• Secured to desks

• Mobile Devices
• Docking stations
• Laptop security cables
• Laptop safes
• Theft recovery software
• Laptop alarms
Mobile Devices

• Mobile Devices are one of the largest challenges facing many security
professionals today.
• Mobile devices such as laptops, PDAs, and smartphones are used to
process information, send and receive mail, store enormous amounts
of data, surf the internet, and interact remotely with internal networks
and systems.
• Docking stations
• Laptop security cables
• Laptop safes
• Theft recovery software
• Laptop alarms
Removable Devices

• A removable device or drive is a storage device that is designed to be

taken out of a computer without turning the computer off.

• Include memory cards, flash drives, floppy disks, CDs, and DVDs.

• Removable devices typically connect to a computer through a drive,

through external communications ports like USB or Firewire, or, in the
case of the memory cards, through built-in or USB-based readers.
Removable Devices

• There are three basic types of security issues associated with removable
storage:
➢Loss
➢Theft
➢Espionage
Keylogger

• A keylogger is a physical or logical device used to capture keystrokes.

• An attacker will either place a device between the keyboard and the
computer or install a software program to record each keystroke taken,
and then he or she can use software to replay the data and capture
critical information like user IDs and passwords, credit card numbers,
social security numbers, or even confidential emails or other data.
 Summary

• Before you can start securing your environment, you need to have a
fundamental understanding of the standard concepts of security.

• CIA, short for confidentiality, integrity, and availability, represents the core
goals of an information security program.

• Confidentiality deals with keeping information, networks, and systems

secure from unauthorized access.

• One of the goals of a successful information security program is to ensure

integrity, or that information is protected against any unauthorized or
accidental changes.
Summary

• Availability is defined as the characteristic of a resource being

accessible to a user, application, or computer system when required.

• Threat and risk management is the process of identifying, assessing, and

prioritizing threats and risks.

• A risk is generally defined as the probability that an event will occur.

• Once you have prioritized your risks, there are four generally accepted
responses to these risks: avoidance, acceptance, mitigation, and transfer.
Summary

• The principle of least privilege is a security discipline that requires

that a user, system, or application be given no more privilege
than necessary to perform its function or job.

• An attack surface consists of the set of methods and avenues an

attacker can use to enter a system and potentially cause damage.
The larger the attack surface of an environment, the greater the
risk of a successful attack.

• The key to thwarting a social engineering attack is employee

awareness. If your employees know what to look out for, an
attacker will find little success.
Summary

• Physical security uses a defense in depth or layered security

approach that controls who can physically access an organization’s
resources.

• Physical premises can be divided into three logical areas: the external
perimeter, the internal perimeter, and secure areas.

• Computer security consists of the processes, procedures, policies,

and technologies used to protect computer systems.
Summary

• Mobile devices and mobile storage devices are among the biggest
challenges facing many security professionals today because of their
size and portability.

• A keylogger is a physical or logical device used to capture

keystrokes.
Additional Resources & Next Steps
www.microsoft.com/learning
Books
• Exam 98-367 Security
Fundamentals
• Exam 98-366: MTA
Networking Fundamentals
• Exam Ref 70-410: Installing
and Configuring Windows
Server 2012
Instructor-Led Exams &
Courses Certifications
• 40349A: Windows • Exam 98-367: Security
Operating System Fundamentals
Fundamentals: MTA Exam • Exam 98-349: Windows
98-349 Operating System
• 40366A: Networking Fundamentals
Fundamentals: MTA Exam • Exam 98-366: Networking
98-366 Fundamentals
• 40365A: Windows Server • Exam 98-365: Windows
Administration Server Administration
Fundamentals: MTA Exam Fundamentals
98-365 • Exam 70-410: Installing
• 20410C: Installing and and Configuring Windows
Configuring Windows Server 2012
Server 2012