Đang chuẩn bị liên kết để tải về tài liệu:
Course 2830: Designing security for Microsoft networks - Module 9

Module 9 - Creating a security design for data. In this module, you will learn how to determine threats and analyze risks to data in an organization. You will learn how to design an access control model for files and folders in order to protect data that is stored on network servers. You will also learn about considerations for encrypting and managing data. | Module 9: Creating a Security Design for Data Overview Determining Threats and Analyzing Risks to Data Designing Security for Data Lesson: Determining Threats and Analyzing Risks to Data Overview of Access Control Why Securing Data Is Important Common Vulnerabilities to Data Practice: Analyzing Risks to Data Overview of Access Control Domain\User 1 S-1-5-21-14654234 Domain\Managers: S-1-5-21-14625585 EVERYONE: S-1-1-0 User Rights: SeChangeNotifyPrivilege - (attributes) 3 SeSecurityPrivilege - (attributes) 0 User1 attempts to access data on a server The server compares the DACL with the access token to determine User1’s rights User1 1 DACL SID User SID Group ACE Access Allowed User 1 Read 2 2 1 Access Token Read access granted Why Securing Data Is Important Attacker Threat Example External Theft of laptop An attacker steals a laptop from an employee’s car, boots the laptop by using a floppy disk, and changes the Administrator password. The attacker uses the account to access files on the laptop. Internal Default permissions used and auditing not enabled A network folder configured with default permissions contains a confidential file. An attacker copies the data and sells it to a competitor without being detected. Corporate Headquarters Internal Attacker Extracts data External Attacker Changes password Common Vulnerabilities to Data Vulnerability Example Configuration of permissions Computers running Windows 2000 and Windows XP use default NTFS and share permissions Permissions are assigned incorrectly Administrators and users have improper rights Physical security of data Computers are stolen Hardware fails A disaster destroys data Corruption of data A virus corrupts or deletes data Hardware fails and corrupts data A user irreversibly encrypts a file A user tampers with data Practice: Analyzing Risks to Data Read the scenario Answer the questions Discuss answers as a class 1 2 3 Analysis Lesson: Designing Security for Data Steps for Designing an Access . | Module 9: Creating a Security Design for Data Overview Determining Threats and Analyzing Risks to Data Designing Security for Data Lesson: Determining Threats and Analyzing Risks to Data Overview of Access Control Why Securing Data Is Important Common Vulnerabilities to Data Practice: Analyzing Risks to Data Overview of Access Control Domain\User 1 S-1-5-21-14654234 Domain\Managers: S-1-5-21-14625585 EVERYONE: S-1-1-0 User Rights: SeChangeNotifyPrivilege - (attributes) 3 SeSecurityPrivilege - (attributes) 0 User1 attempts to access data on a server The server compares the DACL with the access token to determine User1’s rights User1 1 DACL SID User SID Group ACE Access Allowed User 1 Read 2 2 1 Access Token Read access granted Why Securing Data Is Important Attacker Threat Example External Theft of laptop An attacker steals a laptop from an employee’s car, boots the laptop by using a floppy disk, and changes the Administrator password. The attacker uses the account to access files