Windows 2008
Páginas: 12 (2804 palabras)
Publicado: 27 de marzo de 2012
Christian Linacre – Microsoft Chile Luis Montenegro – Microsoft MVP
Introducción Mejoras de Seguridad
Bitlocker
NAP Hardening de Windows 2008
Windows Server 2008
Full Installation Core Installation
RTM: Disponible en Enero Lanzamiento en Chile: Abril Virtualización: RTM + 180 días
Setup Sistema Operativo
Configuración Inicial Server Manager
Roles de Servidor Standard yEnterprise TS IAS Web Share Etc… Server Point
Roles de Servidor de Server Core Server con WinFx, Shell, Tools, etc. DNS DHCP File AD
Server Core Security, TCP/IP, File Systems, RPC, y otros Core Server Sub-Systems
GUI, CLR, Shell, IE, Media, OE, Etc.
Configurar contraseña admin
192.168.0.1
Configurar direción IP estática Unirse a dominio existente
Activar el servidorConfigurar el firewall
Reduce el tamaño de los niveles de alto riesgo Segmenta los servicios Incrementa el número de niveles
Service … Service A
Service D D Service … 2 Service 3
D
Service 1
Service B
D Kernel Drivers D User-mode Drivers
D
D
D
Protege servidores y computadores móviles
Protege los datos mientras el sistema está offline Asegura la integridad al bootConfigurable por política de grupo
BitLocker
*TCG Software Stack
Feature Map
TPM Admin Tools BitLocker TPM WMI Provider TSS* Third-Party Applications
Windows Server 2008
TPM Base Services Windows Vista TPM Driver
Trusted Platform Module (TPM)
Christian Linacre Microsoft Chile
2000 & antes
Active Directory
2003
2005
2006
2008
AD Domain Services
AD ApplicationMode 1.0
AD Application Mode SP1
AD Lightweight Directory Services
AD Federation Services
AD Federation Services
2000 & antes
Windows Server 2000
2003
Windows Server 2003
2004
2005
Windows Server 2003 R2
2006
2008
Windows Server 2008
Certificate Services
Certificate Services
AD Certificate Services (ADCS)
Right Management Services (RMS)
RightManagement Services SP1
AD Right Management Services (ADRMS)
Meta-Directory Services 2.2 (MMS)
Identity Integration Feature Pack
Identity Integration Feature Pack SP1
Identity Integration Feature Pack SP2
Identity Integration Feature Pack
Seguridad
DNS and DC Support Active Directory Roles for Server Core Common Criteria Auditoría Read-Only Domain Controller
Dominioreiniciable Más de una password policy por dominio Servicios independientes por cada feature
ADDS ADFS ADCS ADRMS ADLDS
Christian Linacre Microsoft Chile
Policy Servers
Qué es Network Access Protection? Validación de la Política de Salud
Windows Client DHCP, VPN Switch/Router NPS
Policy compliant Not policy compliant
such as: Patch, AV
Cumplimiento de la Remediation Política de SaludServers
Restricted Network
Example: Patch
Capacidad de proveer acceso limitado Incrementar el valor al negocio
Seguridad Incrementada
Corporate Network
Integración Cisco y Microsoft
Policy Servers
such as: Patch, AV
3
1
2
Not policy compliant
4
Windows Client
DHCP, VPN Switch/Router
Remediation Servers
Example: Patch
NPS
Policy compliant
5Restricted Network
5 4 3 2 1
If not policy compliant, client is put in a restricted Client VPN or Server to fix relays full access If policy Policy access to is up resources status Networkcompliant, clientnetwork and against to DHCP,and given access(NPS)granted health to IT- to VLAN requests Switch/Routervalidates presents current health policy corporate patches, defined healthstateconfigurations, signatures Microsoft Network Policy Server (RADIUS) download network (Repeat 1 - 4)
Corporate Network
No Policy Authentication Optional Authentication Required
May I have a health certificate? Here’s my SoH.
You don’t get a health certificate. Here’s your health certificate. Go fix up. I need updates.
Client ok? Yes. Issue No. Needs fix-up. health certificate.
Client
HRA...
Introducción Mejoras de Seguridad
Bitlocker
NAP Hardening de Windows 2008
Windows Server 2008
Full Installation Core Installation
RTM: Disponible en Enero Lanzamiento en Chile: Abril Virtualización: RTM + 180 días
Setup Sistema Operativo
Configuración Inicial Server Manager
Roles de Servidor Standard yEnterprise TS IAS Web Share Etc… Server Point
Roles de Servidor de Server Core Server con WinFx, Shell, Tools, etc. DNS DHCP File AD
Server Core Security, TCP/IP, File Systems, RPC, y otros Core Server Sub-Systems
GUI, CLR, Shell, IE, Media, OE, Etc.
Configurar contraseña admin
192.168.0.1
Configurar direción IP estática Unirse a dominio existente
Activar el servidorConfigurar el firewall
Reduce el tamaño de los niveles de alto riesgo Segmenta los servicios Incrementa el número de niveles
Service … Service A
Service D D Service … 2 Service 3
D
Service 1
Service B
D Kernel Drivers D User-mode Drivers
D
D
D
Protege servidores y computadores móviles
Protege los datos mientras el sistema está offline Asegura la integridad al bootConfigurable por política de grupo
BitLocker
*TCG Software Stack
Feature Map
TPM Admin Tools BitLocker TPM WMI Provider TSS* Third-Party Applications
Windows Server 2008
TPM Base Services Windows Vista TPM Driver
Trusted Platform Module (TPM)
Christian Linacre Microsoft Chile
2000 & antes
Active Directory
2003
2005
2006
2008
AD Domain Services
AD ApplicationMode 1.0
AD Application Mode SP1
AD Lightweight Directory Services
AD Federation Services
AD Federation Services
2000 & antes
Windows Server 2000
2003
Windows Server 2003
2004
2005
Windows Server 2003 R2
2006
2008
Windows Server 2008
Certificate Services
Certificate Services
AD Certificate Services (ADCS)
Right Management Services (RMS)
RightManagement Services SP1
AD Right Management Services (ADRMS)
Meta-Directory Services 2.2 (MMS)
Identity Integration Feature Pack
Identity Integration Feature Pack SP1
Identity Integration Feature Pack SP2
Identity Integration Feature Pack
Seguridad
DNS and DC Support Active Directory Roles for Server Core Common Criteria Auditoría Read-Only Domain Controller
Dominioreiniciable Más de una password policy por dominio Servicios independientes por cada feature
ADDS ADFS ADCS ADRMS ADLDS
Christian Linacre Microsoft Chile
Policy Servers
Qué es Network Access Protection? Validación de la Política de Salud
Windows Client DHCP, VPN Switch/Router NPS
Policy compliant Not policy compliant
such as: Patch, AV
Cumplimiento de la Remediation Política de SaludServers
Restricted Network
Example: Patch
Capacidad de proveer acceso limitado Incrementar el valor al negocio
Seguridad Incrementada
Corporate Network
Integración Cisco y Microsoft
Policy Servers
such as: Patch, AV
3
1
2
Not policy compliant
4
Windows Client
DHCP, VPN Switch/Router
Remediation Servers
Example: Patch
NPS
Policy compliant
5Restricted Network
5 4 3 2 1
If not policy compliant, client is put in a restricted Client VPN or Server to fix relays full access If policy Policy access to is up resources status Networkcompliant, clientnetwork and against to DHCP,and given access(NPS)granted health to IT- to VLAN requests Switch/Routervalidates presents current health policy corporate patches, defined healthstateconfigurations, signatures Microsoft Network Policy Server (RADIUS) download network (Repeat 1 - 4)
Corporate Network
No Policy Authentication Optional Authentication Required
May I have a health certificate? Here’s my SoH.
You don’t get a health certificate. Here’s your health certificate. Go fix up. I need updates.
Client ok? Yes. Issue No. Needs fix-up. health certificate.
Client
HRA...
Leer documento completo
Regístrate para leer el documento completo.