Security considerations for Windows systems

Loading...

From the course by University of Colorado System

Windows Server Management and Security

38 оценки

University of Colorado System

Windows Server Management and Security

38 оценки

Course 2 of 4 in the Specialization Computer Security and Systems Management

Microsoft Windows has been at the forefront of enterprise computing for several decades. What most office workers see is the desktop side – such as Windows 7, 8 or 10. This course explores what it takes to design and build the server side of Windows in an enterprise environment. This course will explore everything from Windows Server installation to configuring users, to hardening the server operating system itself. This course is the second course in the System Management and Security Specialization focusing on enterprise system management. The first week of this course provides an overview of how Windows operates in an enterprise environment and what it may look like in the real world. Week 2 of the course will show you how Windows users interact with the system. At the end of Week 2, you will be able to demonstrate how Windows authentication works at the end of Week 2. Week 3 will explore authorization in a Windows environment. At the end of Week 3, you will be able to differentiate between different authorization mechanisms and use different technologies to secure data within the environment. Week 4 explores built in security features of Windows and demonstrates how to use each technology effectively and in what circumstances you would use what technology for what purpose. At the end of week 4, you will be able to determine which technology is the best technology to use to secure certain portions of the Windows operating system.

From the lesson

Securing Windows in the enterprise

Security within Windows is generally pretty good, however, windows needs to be configured in order to increase overall system security.

Built in security controls9:02

Restricting access to software and resources10:50

Security considerations for Windows systems8:06

Windows and Encryption6:15

Meet the Instructors

Greg Williams
Lecturer
Department of Computer Science

Today's lesson covers security considerations for Windows.

We're going to discuss the concepts where it may not be so obvious to secure

a Windows environment and explain why it's

a good idea to build in a layered security approach into our environment.

We're going to discuss points, in my experience,

that has told me to go further than completely relying just on technology itself.

Consideration one: assessing your environment.

Windows can't protect you from everything.

No matter how much you configure Windows to protect you,

you still rely on the end-user to help you with security.

Whether you're in a small organization,

whether you're just a home user,

you can't just configure your system to protect you.

You have to have something guarding yourself at the edge,

which is knowledge and the end-user knowledge of security.

Even with these security enhancements, over the years,

that Windows has built in,

security is still a problem.

Somebody inevitably installs an older piece of software

that they forgot about and we need to monitor for that,

we need to assess for that, okay?

An example of this would be patches.

We need to have something that is looking at our patch levels,

make sure that we are adequately applying updates to our system.

Several years ago, we actually did this at

the University and realized that we were missing some updates even

though Windows Update Server said that we were completely up to date on patches.

So make sure you have something assessing your environment that is from the outside;

not from the inside out.

Consideration number two: what I just said a minute ago, monitoring.

Something needs to be monitoring your environment,

something needs to be looking at security logs.

The security logs are a mess.

So, if we go to Windows Event Viewer,

we see a bunch of different... Well,

the four Event logs that we can actually look at.

But if we break those down and we look at how many security events a day,

we have thousands and thousands of security events.

We have to understand what is important to us to look at.

Those are generally security events,

they could be Windows errors,

they could be system update errors,

they could be application crashes.

You may not know that you even have a problem until you start looking at the data.

Use another system to monitor that critical infrastructure.

What happens if a Server gets taken over by an attacker and wipes out all the logs?

How do you know what that system did?

How did they get in?

So we monitor from an external source.

This is very easy to do;

there are plenty of programs out there to send that kind of information.

How do you know something is working or not working?

We have to look at logs to determine that information.

Here at the University, we use Splunk.

Splunk provides us information on a lot

of different Windows Servers that we have running.

Consideration number three: use a layered security approach.

This means security in-depth.

So we use Windows Firewall,

we use Windows Defender,

we use the knowledge that we shouldn't have

all kinds of applications running on our system.

A firewall can't protect us from everything,

just like we can't expect anti-virus to protect us from all viruses out there,

so we need multiple layers.

I haven't used this in this class,

but when I talk about a layered security approach,

think about your residence.

I'll give you an example of my residence, okay?

I've got a security alarm,

I've got a front door, I've got a screen door,

I've got two dogs that bark at absolutely everything if they hear it outside.

So those security approaches,

think of those as layers of your computer.

So your front door is your password.

Okay? Your screen door may be your firewall blocking things from coming in.

The windows that you have on the outside of your house may be open ports, okay?

And the dogs are the anti-virus.

Okay? They're protecting you against what may harm you.

For example, password security policies may actually have

the opposite effect that you want to have.

Let me explain this a little bit.

Several years ago, we actually - not password policies per se - but we put in

a security policy that basically said you must have Windows updates turned on,

all patches must be applied before you can get on the network.

It was very restrictive and users found a way around it.

So if we use a layered security approach,

which also includes making sure security isn't cumbersome for users,

then we have better security in general.

Is security consideration number four: your end-users need your help.

Okay? Providing help or assistance to users when they need

it is ultimately the best thing that you can do.

Tell them when they're doing something wrong or provide them guidance,

train them to understand why we do things certain ways,

explain why we need a 14 character password instead of

an 8 character password because it's going to protect them better.

Not everything is intuitive like Microsoft thinks it is.

If we run a help desk or if we run

Windows Servers that you turn on remote desktop services,

you know, these are intuitive things for us maybe,

but not to a layman.

While some decisions may seem obvious to you,

they may not seem obvious to someone else.

So explain the decisions that you make when you're considering

any security features for Windows or

password policies or any technical policies for that matter.

Make sure that you explain things to users in a concise way.

They will go very far in your lack of a next data brief.

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play