• DISCOVER
  • CREATE
IN-FOCUS
CONCEPTS
PROCESS
ROLES
CONTEXT
RATIONALE
HANDS-ON LAB
CHALLENGE
CONTRIBUTING FACTORS
COURSE OF ACTION
Key Concepts:
  • Anatomy of Microsoft Windows systems and their application vulnerabilities
  • Purpose of access control, authentication, and creating users and groups
  • Security features of directory services

Security Strategies
in Windows Platforms
and Applications

Microsoft Windows Security Features

Microsoft Windows Security Features
Common Vulnerabilities in Windows
Windows is a complex environment, and any complex environment has various weaknesses. Common areas of vulnerabilities in a Windows operating system include access control, infrastructure, and software vulnerabilities. Click each vulnerability. Then, position the mouse pointer over each keyword under that image to learn more about common Windows vulnerabilities. Next, click the ACTIVITY button to attempt an exercise on common vulnerabilities in Windows.
Access control vulnerabilities
Infrastructure vulnerabilities
Software vulnerabilities
Weak passwords
Weak permissions
Shared user accounts
Lack of a firewall
No malware protection
Weak security policy
Weak drive encryption
Unneeded software running
Unpatched software
Weak applications
Management of Threats
Although every attacker is unique, attackers often follow a general sequence of steps when carrying out threats against computers. Knowing how attackers work can help you protect your computers against potential attacks. You can protect your environment from threats by deploying controls to foil an attacker's activities. In general, the less you allow an attacker to learn about your environment, the more likely that the attacker will move on to another target. Let's assess the attack and protection processes for a Windows environment.
Realizing threats
Here are the steps an attacker follows to exploit a Windows system:
  • Search for accessible and interesting computers that can act as potential victims.
  • Scan potential victim computers to find out what operating system and other software they are running.
  • With the help of the information obtained in the first two steps, identify vulnerabilities in a target operating system and software.
  • Against the attacks, develop a plan with the highest probability of success.
  • Launch the attacks.
Protecting from threats
Here are some high-level steps to protect your Windows environment from threats:
  • Apply all available latest security patches to stop an attacker from exploiting a known vulnerability.
  • Use a firewall to protect and hide computers from external scans and reduce probability of becoming potential attack victims.
  • Disable the services not needed in the operating system and close redundant applications to reduce an attacker's options.
  • Configure all necessary services and programs to limit unauthorized access.
  • Perform penetration tests to identify unprotected vulnerabilities.
Key Roles in Windows Security
Several key team members need to pitch in to ensure the optimal security for Windows computers. Click each role to find out the responsibilities each executes to secure the Windows system. After you go through the key roles, click the ACTIVITY button to attempt an exercise on key roles in Windows security.
Management
Human resources (HR)
IT security professionals
Information systems users
Network administrator
System administrator
The authority for developing and implementing the security policy comes from the management. Without management’s committed involvement and approval, the security guidelines and policies will not be robust.
The HR department is responsible for all personnel related qualification, training, and any other controls that directly contribute to information technology (IT) security.
IT security professionals are responsible for specifying and enforcing the technical aspects of security policy and ensuring necessary security controls are in place.
The users of an information system are responsible for adhering to the organization’s acceptable use policies and helping keep their environment secure.
The network administrator manages the deployment and maintenance of security controls on network devices, software, systems, and infrastructure.
The system administrator manages the deployment and maintenance of security controls on computer systems.
Microsoft Windows Market Segments
Windows is the most common operating system used today. More than 90 percent of workstation computers use a Windows operating system. Microsoft provides operating system.

Microsoft provides operating system software for a wide variety of solutions, including both client and server computers. Click each user segment to analyze the usage of Windows. Next, click the ACTIVITY button to attempt an exercise on the usage of the Windows environment.
  • Vertical markets
  • Workstation computers
  • Server computers
  • Mobile devices
  • Supercomputers
Vertical markets are those defined by the type of customer or the type of industry rather than the type of product. All vertical markets prefer Windows to other operating systems because it is easy to use and provides comprehensive features, familiar Microsoft development tools, free evaluation kits, and access to a large network of community support. Windows platforms and technologies offer an end-to-end solution for device manufacturers in vertical markets such as retail, manufacturing, and surveillance.
Almost 90 percent of workstation computers use Windows because of the versatility and scalability of the features of Windows. The user-friendly features along with the security features make Windows the most preferred operating system.
About 50 percent of server computers use Windows because it offers the following features customized for server appliances:
  • Scalability
  • Integrated management features allowing easy remote management
  • Robust networking and support for large storage
  • User-friendly design and development products offering easy and cost-effective solutions
Only about 9 percent of mobile devices use Windows as an operating system because Windows Mobile devices do not have a hard disk drive and use random access memory (RAM) to store application programs and data and for program processing. Most Windows Mobile devices do not have the option of adding additional RAM. Therefore, there is a limit on how many applications and datasets you can store in RAM and still have sufficient RAM free for program processing. Another limitation is that RAM requires power to maintain its contents. In addition, only a limited number of applications support Windows Mobile.
Only 1 percent of supercomputers use Windows as operating systems. High performance markets, such as supercomputers, prefer open source software that allows high-speed calculations and integration capabilities with cluster architectures.
Importance of Windows Access Control and Authentication
Windows grants or denies access to resources based on the permissions defined for each user or group. When you create a new user account, Windows assigns the account a unique security identifier (SID). Windows uses the SID, not the user name, to identify the user. If you create user accounts with the same name on different stand-alone computers, the user SIDs will be different. Look at the importance of access control and authentication in securing a Windows environment. Next, click the ACTIVITY button to attempt an exercise.
Access control ensures that only authorized users can access protected resources. "Access control" generally means defining rules that limit which users can access which resources. Windows uses identification and authentication to ensure that a user logs on with a valid account. It is also important to track all activities being performed in Windows. Windows examines the security access token (SAT) attached to a process to determine "who" is trying to access resources.

When a process attempts to carry out an action or access a resource, Windows decides whether or not the action is authorized. Windows examines the SAT and refers to access control lists (ACLs) for the user, groups, and affected object. The operating system then decides if the current user is permitted to carry out the requested action. This process is called authentication—an important step to determine whether a requested action is permitted. Robust authentication requires verified users and defined access control rules. Without access control and authentication, it would be difficult to protect sensitive resources and administrators would have a difficult time making resources available only to authorized users.

In this section, you will have an opportunity to practice the concepts and processes that you have explored in this lesson.

The Hands-On Lab provides you with an engaging learning experience that is diagnostic and flexible. Following the instructions provided in the Lab Manual, you will be able to practice the steps IT Security Specialists perform on a daily basis and develop the skills required for effective execution and management of IT Security operations.

In this section, you will have an opportunity to apply what you’ve learned in this lesson in the context of analyzing a business situation. Although simplified, a problem scenario provided here depicts the challenges often faced by professionals in the workplace.

In this interactive case study, you will explore a business situation, review critical information related to the problem discussed in the case, decide on the course of action, and receive a decision analysis summary that discusses the implications of your decision. Once you analyze the impact of your decision, explore alternative solutions to learn about other potential ways to address the issue in the case. Complete your work on the case by submitting the graded assignment that will reflect on your process of analyzing the business situation and defining an appropriate course of action.

You work as the system administrator for Ken 7 Windows Limited. Ken 7 has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer responsiveness. You receive an e-mail message from the chief information officer, Jason, and presume that it is regarding some new tasks that the ERP implementation team has suggested. Click the e-mail icon to read Jason’s message.

After you have gone through the challenge, navigate to Contributing Factors from the panel at the top of your screen.
Hi,

The ERP implementation team has suggested adding Active Directory on the existing access controls in our network. Prior to implementing the Active Directory environment, the senior management wants us to assess the features and impact of adding Active Directory to our system.

I want you to collate as much information as you can on Active Directory. After your research is complete, we can discuss the key points tomorrow. The discussion will enable you to prepare the executive summary report, to be presented to senior management, on adding Active Directory to our network.

Regards,
Jason

Contributing Factors
You are through with your analysis on Active Directory and now head towards the meeting room to meet Jason and Jonathan, the IT security practitioner in Ken. Let's see how Jason and Jonathan review your analysis. After you have gone through the contributing factors, navigate to Course of Action from the panel at the top of your screen.

Attend a Meeting
Research the Internet

Select the icons from the top to receive additional
information related to the situation

Click each person to review the inputs.


Jason
Jonathan
You should consider the major concerns raised by the ERP implementation team on access of restricted data by the accounting and purchasing users. I also recommend that you include the advantages and disadvantages of adding Active Directory to the existing access controls in our network. In addition, you should mention in the report how access controls will be handled differently in Active Directory as opposed to the workgroup computers.
I think that you should consider how user accounts are created and maintained in the workgroup computers and how that will change with Active Directory. You should also focus on what will happen to the existing user accounts after they are moved into the Active Directory environment. You also need to focus on how multiple users defined on separate computers will be handled. The executive summary report based on your analysis should clearly bring out the pros and cons of changing from the workgroup environment to the Active Directory environment.
Research the Internet to find information on Windows Active Directory. You need to understand the technical aspects of adding Active Directory to any network already having access controls in place. The following keywords will help you in your research:
  • Active Directory
  • User accounts
  • Access control policy
  • Workgroup users
  • Workgroup computers
Course of Action
Use the following checklist as a guide to complete this assignment. Note that the tasks that you have completed are already checked in the list.

Tasks

  • Read the e-mail from Jason.
  • Attend the meeting with Jason and Jonathan.
  • Research the Internet on information about Active Directory.
  • Explain how Active Directory impacts the Ken 7 Windows Limited environment.
  • Submit the executive summary report to the instructor.
At the end of this lesson, you should be able to:
  • Assess the features of a Windows system.
  • Analyze common vulnerabilities in Windows.
  • Enumerate the general steps for protecting Windows systems from threats.
  • Identify the roles and responsibilities associated with Windows security.
  • Evaluate the importance of Windows access control and authentication.
Microsoft Windows is a popular operating system used worldwide. In this lesson, you will review the security features associated with Windows. You will also learn about the common vulnerabilities in Windows, the steps that an attacker follows to exploit a system, and the countermeasures for these attacks. In addition, you will learn about the various roles and responsibilities associated with Windows security and the importance of Windows access control, authentication, and directory services.