CIS288 Security Design in a Windows 2003 Environment

CIS288 Securing Network Clients

Objectives
When you complete this lesson you will be able to:
Design a strategy for securing client computers Design a strategy for hardening client operating systems Design a client authentication strategy Analyze authentication requirements Establish account and security requirements Design a security strategy for client remote access Design remote access policies Design access to internal resources Design an authentication provider and accounting strategy for remote network access by using Internet Authentication, or IAS

Securing Client Computers

Securing network clients is a critical process. Staying abreast of any new vulnerabilities for your client computers and patching those vulnerabilities in a timely and efficient manner can mean the difference between a well-secured network and a Code Red infestation waiting to happen.

Hardening Client Operating Systems

Hardening client operating systems is a critical first step in safeguarding your client operating systems room internal or external intrusion and attackers. The hardening process will also ensure that all necessary security features have been activated and configured correctly for any administrative or nonadministrative user accounts used to gain access to the client system, rather than simply providing easy access to an Administrator account.

Enabling Patch Management

Restricting User Access to Operating System Features

Windows Server 2003 makes it a relatively simple matter to lock down operating system features using Group Policy Objects. You can restrict access to items such as the command prompt, the run line, and Control Panel.

Designing a Client Authentication Strategy

Any network security design needs a client logon strategy that addresses the following three topics:
Authentication Authorization Accounting

This AAA Model is an Internet standard for controlling various types of network access by end users

Designing a Secure Remote Access Plan

When designing a network, most modern corporations will need to include some means of remote access for traveling and telecommuting members of their workforce. There are two general options that you can choose:
Direct-Dial Remote VPN

Designing Remote Access Policies

When planning your remote access policy strategy , you can use one of the following three approaches:
Common policy Default policy Custom policy

Providing Access to Internal Network Resources

The most convenient feature of remote access in Windows Server 2003 is that your clients, once granted access, will use standard tools and interfaces to connect to internal network resources. Any services that are available to a user connected via the LAN will be made available to RAS clients by way of the RAS authentication and logon processes.

Using Internet Authentication Service

The release of IAS included in Windows Server 2003 expands and improves the existing IAS functionality, and includes connection options for wireless clients, as well as authenticating network switches and the ability to relay requests to remote RADIUS servers. The RADIUS support provided by the IAS service is a popular way to administer remote user access to an enterprise network.

Summary
Strategy for securing client computers Client authentication strategy Strategy for client remote access