USA: +1(669)289-8683 
Sign in
need 1 page Must be Original and i need it w
After you have read Chapter 1 and listened to the Chapter 1 lecture research defense in depth.
What is a defense in depth security strategy?
How is it implemented?
Describe the defense in depth strategy used by your company or by a company with which you are familiar.ithin 3 hrs from now NO COPY PASTE
Adjust your audio
This is a narrated slide show. Please adjust your audio so you can hear the lecture.
If you have problems hearing the narration on any slide show please let me know.
© ITT Educational Services, Inc. All rights reserved.
1
Security Strategies in Windows Platforms and Applications
Chapter 1
Microsoft Windows and the Threat Landscape
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
© ITT Educational Services, Inc. All rights reserved.
2
Learning Objective and Key Concepts
Learning Objective
Explain information security and how it applies to the Microsoft Windows operating systems.
Key Concepts
Information security
Microsoft Windows and the typical IT infrastructure
Anatomy of Microsoft Windows systems and their application vulnerabilities
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
3
Where You’ll Find Microsoft Windows
All vertical markets
90% workstation computers
50% server computers
9% mobile devices
1% super computers
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
4
Defense In Depth
The Total Environment
Physical Security
Desktop Security
Server Security
Network Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5
Security Controls
Administrative Controls
Technical Controls (logical)
Physical Controls
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
6
The C-I-A Triad
Confidentiality
Integrity
Availability
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
7
Seven Domains of a Typical IT Infrastructure
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
A Sample IT Infrastructure
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Common Windows Vulnerabilities
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
10
Access Control
Weak passwords
Weak permissions
Infrastructure
No firewall
Software
Unneeded software running
Shared user accounts
No malware protection
Weak security policy
Weak drive encryption
Unpatched software
Weak applications
Common Forms of Attacks in Windows Environments
Common attacks focus on common applications
Internet Explorer – most common Web browser
Internet Information Services (IIS) – most common Web server
Microsoft Office – most common productivity suit
Windows operating system
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Microsoft Windows – the most common workstation operating system
11
Common Forms of Attacks in Windows Environments
Windows is not the most insecure – just the most popular
Attackers search for:
Known Microsoft Windows vulnerabilities
Probability is that many lazy users are vulnerable
Microsoft’s weakness is due to its popularity
More Microsoft users means there are more vulnerable computers
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Discovery-Analysis-Remediation Cycle
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Realizing Threats
Steps attackers take to realize threats:
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Although every attacker is unique, attackers often follow a general sequence of steps when realizing threats against computers. The general steps start with discovery, then move on to research, and then on to planning and actually carrying out an attack. Here are the individual steps:
Search for accessible computers – The first step is to identify potential victims. Attackers will use various methods to identify computers that are both accessible and interesting.
Scan computers for running services/applications – The next step is to scan potential victim computers to find out what operating system and other software they are running.
Research potential vulnerabilities – The information from the previous step enables attackers to research vulnerabilities in the operating system and software the potential victim is running.
Develop attack plan – Based on the results of the research from the previous step the attacker will develop a plan for attacks with the highest probability of success.
Carry out the plan – Follow the attack plan and launch the attacks.
14
Search for accessible computers.
Scan computers for running services/applications.
Research potential vulnerabilities.
Develop attack plan.
Carry out attack.
Protecting from Threats
Steps you can take to protect from threats:
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Knowing generally how attackers work can help protect your computers from them. You can protect your environment from threats by deploying controls to foil an attacker’s activities. In general, the less you allow an attacker to learn about your environment the more likely that attacker will move on to another target.
Here are some high-level steps to protect your environment from threats:
Apply all available security patches – Current software patches include the latest fixes for known vulnerabilities. Ensuring you have the latest patches installed can stop an attacker from exploiting the vulnerability.
Use a firewall to protect and hide computers from external scans – Since an attacker’s first step is to identify potential victims, hiding your computers behind a firewall can discourage an attacker from selecting your computers as victims.
Disable unneeded services/applications – Reduce the number of services and applications an attacker can see by disabling the ones you don’t need.
Configure all necessary services and programs to limit access – Make it difficult for any unauthorized user to access your computers or resources.
Perform penetration tests to search for unprotected vulnerabilities – Act like an attacker and attempt to discover vulnerabilities.
15
Apply all available security patches.
Use a firewall to protect and hide computers from external scans.
Disable unneeded services and programs.
Configure all necessary services and programs to limit access.
Perform penetration tests to search for unprotected vulnerabilities.
Key Roles in Windows Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Solid security for Windows computers requires the efforts of several key team members. Members that contribute to establishing and maintaining security act in one of several roles. The key roles in Windows security include:
Management – The authority for developing and carrying out the security policy comes from management. Without management’s involvement and approval no action will take place that leads to secure environments.
IT Security Professional – Security professionals are responsible for specifying and enforcing the technical aspects security policy and ensuring necessary security controls are in place.
Human Resources – The HR department is responsible for all personnel related qualification, training, and any other controls that directly contribute to IT security.
Systems Administrator – System administrators handle the implementation details of deploying and maintaining security controls to computer systems.
Network Administrators – Network administrators handle the implementation details of deploying and maintaining security controls to network devices, software, systems, and infrastructure.
Information Systems Users – The users of an information system are responsible for adhering to the organization’s acceptable use policies and helping keep their environment secure.
16
Management
Information Technology (IT)
IT Security Professionals
Human Resource (HR)
Information Systems Users
Systems Administrator
Network Administrator
Summary
Features of a Windows system
Common Windows vulnerabilities
Windows users and groups
Use of Microsoft Windows
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
17
Summary
After you have listened to this lecture and read Chapter 1 in your text
Go to Discussion Board 1.2 and answer the discussion prompt
There is no quiz or lab assignment this week.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
18
