Scribd
Upload
75 views17 pages

Windows Security: Fore Academy Security Essentials (V)

The document discusses the Windows security infrastructure and provides an overview of different Windows operating systems including Windows 9x/Me, NT 4.0, 2000, XP, and Server 2003. It covers key aspects of each OS such as security features, supported hardware, and differences between standard, advanced, and datacenter server editions. Workgroups are also summarized, noting benefits like simplicity but also drawbacks like lack of centralized management and inconsistent permissions compared to domains.

Uploaded by

andy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
75 views17 pages

Windows Security: Fore Academy Security Essentials (V)

The document discusses the Windows security infrastructure and provides an overview of different Windows operating systems including Windows 9x/Me, NT 4.0, 2000, XP, and Server 2003. It covers key aspects of each OS such as security features, supported hardware, and differences between standard, advanced, and datacenter server editions. Workgroups are also summarized, noting benefits like simplicity but also drawbacks like lack of centralized management and inconsistent permissions compared to domains.

Uploaded by

andy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

FORESEC Academy

FORESEC Academy Security Essentials (V)

W IN D O W S S EC U R ITY
FORESEC Academy

Agenda

Chapter 25: The Windows Security


Infrastructure
Chapter 26: Permissions and User Rights
Chapter 27: Security Templates and Group
Policy
Chapter 28: Service Packs, Hotfixes, and
Backups
Chapter 29: Securing Windows Network
Services
Chapter 30: Automation and Auditing
FORESEC Academy

FORESEC Academ y Security Essentials (V)


The Windows Security Infrastructure
FORESEC Academy

W indow s O perating System s

Windows
9x/Me
Windows NT
Windows
2000
Windows XP
Windows
2003
FORESEC Academy

W indow s 9x/M e (1 of2)

Not designed for security and cannot


be secured, period.
- No filesystem security
- Can't really require initial logon
- Weak authentication protocol (LM)
- Extremely vulnerable to DoS attacks
- Virtually no logging capabilities
- Prone to lock-ups and crashes
- Boot into other OS to circumvent everything
FORESEC Academy

W indow s 9x/M e (2 of2)

But if youre stuck with 9x/Me, then:


- Use them as thin clients to
Terminal
Services or Citrix servers
- Keep all mail on Exchange
Server, not
in local personal storage files
(.PST)
- Store all documents on servers
- Install ADCE for NTLMv2 support
FORESEC Academy

W indow s N T 4.0

Windows NT is dead, Dead, DEAD.


Service Pack 6a is the last one.
Was at least intended to be secure:
- User-based access control
- Domain controllers, trusts, and single sign-
on
- NTFS and NTLM
- Detailed logging
- Protected memory spaces in OS
- VMS pedigree
FORESEC Academy

W indow s 2000 (1 of2)

It's more like


Windows
NT version 9.0:
- Active Directory
- Group Policy
- Kerberos
- IPSec
- PKI & Smart Cards
- EFS
- Scriptability & CMD Tools
FORESEC Academy

W indow s 2000 (2 of2)


Standard Advanced Datacenter
Server Server Server
Max CPUs 4 8 32
Max RAM 4 GB 8 GB 32 GB
Load- n/a 32-Node 32-Node
Balancing
Cluster n/a 2-Node 4-Node
Nodes
FORESEC Academy

W indow s XP

A better Windows 2000 Professional...


XP Professional vs. Home Edition
Only with XP Professional:
- Ability to join a domain
- Encrypting File System
- Editable file ACLs
- Remote Desktop support
- Roaming user profiles
- Dual CPU support
FORESEC Academy

W indow s Server 2003 (1 of3)

Successor to Windows 2000 Server


- Not intended for desktops.
- Mostly an incremental upgrade to
Win2000.
- Scalability and fault-tolerance
enhancements.
Cross-forest trusts.
You can mix-and-match your Windows
2000 and 2003 Servers fairly easily.
FORESEC Academy

W indow s Server 2003 (2 of3)

Standard Advanced Datacenter


Server Server Server
Max CPUs 4 8 32
Max RAM 4 GB 8 GB 32 GB
Load- n/a 32-Node 32-Node
Balancing
Cluster n/a 8-Node 8-Node
Nodes
64-bit CPU No Yes Yes
FORESEC Academy

W indow s Server 2003 (3 of3)

Windows Server 2003 Web


Edition
- Dedicated-purpose operating system
- Not available through retail channels.
- Intended for ISP.s and ASP.s.
- Intended for turn-key hardware
appliances.
Only supports two 32-bit CPUs and
no more
than 2 GB of RAM. (Why???)
FORESEC Academy

W orkgroups (1 of3)

- No domain controllers! -Users are typically local


- Stand-alone computers only. administrators of
- Local accounts and local their own machines.
accounts -A workgroup administrator
databases only. simply has
- Permissions can be assigned a separate administrative
to local users and groups only. account on
- Local groups cannot have every machine.
users from other machines. -Workgroups tend to be small, e.g.,
- User names may be identical less
across machines, but their than 100 boxes.
SIDs are different (more on -You can have stand-alones or
this in just a moment). entire
workgroups in the midst of
domain
members, e.g., IIS servers on a
service
subnet.
FORESEC Academy

W orkgroups (2 of3)

Benefits of workgroups:
- Conceptual simplicity.
- Lower initial cost.
- Each computer protects itself.
- Each user is typically an administrator
of his or her own machine, allowing
personal creative expression and joy.
FORESEC Academy

W orkgroups (3 of3)

Drawbacks of workgroups:
- Users are insane.
- Workgroup = Anarchy
Very difficult to manage a large
number
of stand-alones (no scalability).
- No single sign-on without great
effort.
- No consistent permissions or rights.
FORESEC Academy

M anage LocalAccounts

Windows NT
- User Manager
Windows 2000/XP/2003
- User Accounts applet in control
Panel.
- Computer Management snap-in in
Administrative Tools folder.
- NET.EXE

You might also like