-
8/22/2019 cis341_week10_ch10
1/12
CIS288 Security Design in a
Windows 2003 Environment
CIS288
Securing Network Clients
-
8/22/2019 cis341_week10_ch10
2/12
Objectives
When you complete this lesson you will be able to:
Design a strategy for securing client computers
Design a strategy for hardening client operating systems
Design a client authentication strategy
Analyze authentication requirements
Establish account and security requirements
Design a security strategy for client remote access
Design remote access policies
Design access to internal resources
Design an authentication provider and accounting strategy
forremote network access by using Internet Authentication, or
IAS
-
8/22/2019 cis341_week10_ch10
3/12
Securing Client Computers
Securing network clients is a critical
process.
Staying abreast of any new vulnerabilities
for your client computers and patching
those vulnerabilities in a timely and
efficient manner can mean the differencebetween a well-secured
network and a Code
Red infestation waiting to happen.
-
8/22/2019 cis341_week10_ch10
4/12
Hardening Client Operating Systems
Hardening client operating systems is a criticalfirst step in
safeguarding your client operatingsystems room internal or external
intrusion and
attackers. The hardening process will also ensure that all
necessary security features have been activatedand configured
correctly for any administrative or
nonadministrative user accounts used to gainaccess to the client
system, rather than simplyproviding easy access to an
Administratoraccount.
-
8/22/2019 cis341_week10_ch10
5/12
Enabling Patch Management
-
8/22/2019 cis341_week10_ch10
6/12
Restricting User Access to Operating
System Features Windows Server 2003 makes it a relatively
simple matter to lock down operating
system features using Group Policy Objects.You can restrict
access to items such as the
command prompt, the run line, and Control
Panel.
-
8/22/2019 cis341_week10_ch10
7/12
Designing a Client Authentication
Strategy Any network security design needs a client logon
strategy that addresses the following three topics:
Authentication Authorization
Accounting
This AAA Model is an Internet standard for
controlling various types of network access by end
users
-
8/22/2019 cis341_week10_ch10
8/12
Designing a Secure Remote Access
Plan When designing a network, most modern
corporations will need to include some
means of remote access for traveling andtelecommuting members of
their workforce.
There are two general options that you canchoose:
Direct-Dial Remote
VPN
-
8/22/2019 cis341_week10_ch10
9/12
Designing Remote Access Policies
When planning your remote access policy
strategy , you can use one of the following
three approaches: Common policy
Default policy
Custom policy
-
8/22/2019 cis341_week10_ch10
10/12
Providing Access to Internal
Network Resources The most convenient feature of remote
access in Windows Server 2003 is that your
clients, once granted access, will usestandard tools and
interfaces to connect tointernal network resources. Any
servicesthat are available to a user connected via the
LAN will be made available to RAS clientsby way of the RAS
authentication and logonprocesses.
-
8/22/2019 cis341_week10_ch10
11/12
Using Internet Authentication
Service The release of IAS included in Windows Server
2003 expands and improves the existing IAS
functionality, and includes connection options forwireless
clients, as well as authenticating network
switches and the ability to relay requests to remote
RADIUS servers.
The RADIUS support provided by the IAS serviceis a popular way
to administer remote user access
to an enterprise network.
-
8/22/2019 cis341_week10_ch10
12/12
Summary
Strategy for securing client computers
Client authentication strategy
Strategy for client remote access
