Using Security Tools Tutorials

Host Security / Windows Host Lockdown Tools (SCAT) pt. 2

Loading the player ...

Subtitles of the Movie (Using Security Tools / Host Security / Windows Host Lockdown Tools (SCAT) pt. 2)

Let's go ahead and look actually at the security settings now. Let's go and click on account policies for example and the first thing we're going to see is password policy. Now, what you're going to see here is the settings we looked at earlier but here is the database setting and here is the computer setting. Now, the computer setting is what you're actually configured right now. The database settings is what the template is configured at right now. As you can see by little green checkmarks here and you can also look at the settings themselves, these match so right now your computer is configured to match that security template. Now, let's go ahead and look at other settings. Let's look at account policy. There are some things that are not defined or not analyzed and if we click on one of those, it shows that this setting was not analyzed by the database and we can define this policy if we like. Right now there's no policy set in other words. Let's go ahead and continue down and we'll look at local policies. We have audit policy, user right assignment and security options. We'll click on audit policy. We can see from the database settings and the computer settings, those match. Auditing is not defined and not turned On. We look at user rights assignments. Now we're starting to see some things. For the most part, a lot of these settings match; people who can access the computer from the network for example. The database setting shows that we have administrators, backup operators, power users, the users group and the everyone group. Computer setting is the same so these match. Where you see blanks is where it's not configured at all but they still match. Now look down here. Deny access to this computer from the network; there's a difference. The security template actually shows one thing and the computer is set for another. WE click on that, we see that right now the database setting is that it disallows access to the computer from the network using the guest account so someone can't use the built-in guest account, access it from the network from a different computer. The computer setting does not define that or is not denying that access so we might want to change that in the database if we so decide to do that. Anything you change you're only changing the database; you're actually not changing on the computer right now. Let's look at another one where they don't match. Log on as a service; right now there's nothing that's defined for the database setting for the template but the computer does define something so we can make a change. If we make a change, that will affect the database only. It will not affect the computer at all. Right now we're only affecting the template that's loaded so we can go through here and look at the various options if we like and look and see how some of those are configured. By and large a lot of these are either not defined, not configured rather or they match. There's a few in there so let's say if you imported this, this setup security template into your computer, you actually would not be changing a lot right now. Now, there's a couple different things we can do once we've analyzed and once we've changed some things in the database to suit our needs. Now that we've done that, what we might want to do is export this template out. We can get this template to actually match our computer or we can make it so it's changed and it's pretty much the way we want our computer configured. So we can go ahead and change that and make, we'll call this Test for example and save this and now we have another template that we could use if we like that we can go use on other computers once we have it configured the way we want it. Let's look at one more, one more option you can use here. We're going to right click on security configuration analysis and we also have the computer, configure computer now. If we make this change we're actually pulling the changes from the database into the computer. We're actually changing the computer settings at this point. When we did it analyze, we weren't doing that. We were just looking at things. Once we configure the computer, we're actually making those changes so you have to be careful. Before we do that, let's go ahead and look at another template. Let's go ahead and look at open database and let's go ahead and go with a different one. Let's go, let's look at a secure one. So we'll open up a secure database. We'll call it and let's look at a highly-secure workstation. Let's compare how a highly-secure workstation security settings should be compared to what we have and let's go ahead and right click on that, analyze the computer now. It's going to log and it's going to look at the settings. Now let's see what the differences are. Password policies; uh-oh. We're seeing some Xs here because a secure configuration is different than what we have. We're seeing where a secure configuration wants to remember 24 last passwords where as right now we don't remember passwords on our computer settings so a user could use the same passwords over and over. If we reconfigure that, they would not be able to use the last 24 words they've used. So that's a little bit more of a secure configuration. Other security configuration changes for higher security: minimum password age, minimum password length and so forth. So if we change these things in the database, we're actually lessening or changing the security level. Let's say we want to use the secure template but right now maybe we think that 24 is too long so let's change that to maybe ten. We only want to remember the past ten, not the past 24 so let's apply. Again, this only changes in the database so let's say we've made that change. Now we want to export that out to a template to use across our network. So let's call this VTC Secure and that's the template we're going to use to secure all our VTC computers in our VTC domain. So we save that and so now we can take that template and take it across the network to a different computer and apply it to different computers and it will have the secure settings plus the settings we changed. Now let's say we want to go ahead and apply that now. WE would click computer now. Again, I caution you on this. There's a lot of settings we didn't look at and some of those higher-security templates also configure the way our computers talk on the network so you actually may break things by increasing security through these templates. That's why you really have to test this and go through each node and look at what the differences are and how they might affect network communication, usability and functionality. Remember that it's a balance between security and functionality. The more secure something is, usually the less functional it is and vice-versa. So that's how you would actually look at that and make changes to your computer and then take those changes and propagate them out to many different computers on your network. So together those are the security configuration analysis tools. You've got the security templates and you've got the security configuration analysis tools so you've got some really good tools there that will help you configure host security and they're built into Windows and they're free to use of course and they're very easy to manage. You just have to take the time to go through the settings and understand how they're going to affect your computer and your network. So again, I recommend highly that you test these first before you actually click the configure computer button because it's hard to go back once you do that. So we, once we get done with this we can actually save this MMC so we can open it again later. It'll show up in our administrative tools now and we can save that now and so next time we need to open up this MMC, it will show up that way. So that is your host security configuration tools for Windows; the security configuration and analysis toolset.

Tutorial Information

Course:	Using Security Tools
Author:	Bobby Rogers
SKU:	34068
ISBN:	1-935320-88-2
Release Date:	2009-12-04
Duration:	9 hrs / 91 lessons
Captions:	No
Compatibility:	Vista/XP/2000, OS X, Linux QuickTime 7, Flash 8

VTC Sign up & Benefits

Unlimited Access
81,350 Video Tutorials (14,200 free)
Video Available as Flash or QuickTime
Over 715 Courses
$30 for One Month Access
Multi-User Discounts Available

Adobe

Apple

AutoCAD

Autodesk

CS4

CS5

Elements

Exam

Filemaker

Macromedia

Photoshop

Premiere

Pro

Studio

cs3

dreamweaver

flash

microsoft

server

windows

VTC Terms and Conditions

TERMS & CONDITIONS OF USE

BY SUBSCRIBING TO THIS SERVICE, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT, THE TERMS AND CONDITIONS OF WHICH SHALL PREVAIL IN GOVERNING YOUR RIGHTS OF USE. BY CLICKING THE "BECOME A MEMBER" BUTTON, THE INDIVIDUAL OR ENTITY LICENSING THE PRODUCT ("YOU") IS CONSENTING TO BE BOUND BY AND IS BECOMING A PARTY TO THIS AGREEMENT. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THE BUTTON INDICATING "BECOME A MEMBER" MUST NOT BE SELECTED, AND LICENSEE MUST NOT INSTALL OR USE THE SOFTWARE.

1. DEFINITIONS

"VTC" refers to Virtual Training Company, Inc.
"You" refers to the user or subscriber.
"Software" refers to the VTC training content and software.

2. LICENSE: VTC hereby grants to You a worldwide, non-royalty bearing, non-exclusive license to use the Software according to the provisions contained herein and subject to payment of the applicable subscription fees.

3. RESTRICTIONS: You may not do any of the following:

Save the Software to Your hard disk or other storage medium; permit others to use the Software except as specified by addendum; modify, reverse engineer, decompile, or disassemble the Software; make derivative works based on the Software; publish or otherwise disseminate the Software. VTC, Inc., VTC Online University, and the Virtual Training Company site is owned and operated by VTC, Inc. as a corporation of record.
All materials on this site are the property of VTC unless otherwise specified. No material from these pages may be copied, reproduced, republished, downloaded, uploaded, posted, transmitted, or distributed in any way. Modification of the materials or use of the materials for any other purpose is a violation of U.S. copyright law and other proprietary rights. For purposes of this Agreement, the use of any such material on any other web site or networked computer environment is prohibited.

4. FEES: The rights granted under this Agreement are effective only upon payment of the subscription fees, which are strictly non-refundable other than as expressly provided herein. The term "monthly subscription" is defined as any 30 day period. The term "yearly subscription" is defined as one 365 day period. A yearly subscription ends on the same numerical date as it began (example July 28, 2004 to July 28, 2005).

The VTC Online University is access to every VTC training tutorial in our library. You pay a flat fee for access to these titles. You are billed according to your renewal selection below, and can renew monthly, yearly, or in any other increment offered. If you choose to be billed monthly, you will be billed every 30 days for the subscription until you request the subscription be cancelled. Our terms of service state that you must cancel a monthly subscription at least two business days before your renewal date. These two days give us enough time to ensure that you will not be charged again.

5. LIMITED WARRANTY: VTC warrants that the Software, if operated as directed, will substantially achieve the functionality described. VTC does not warrant, however, that Your use of the Software will be uninterrupted or that the operation of the Software will be error-free or secure. In addition, the security mechanisms implemented by the Software have inherent limitations, and You must determine that the Software sufficiently meets Your requirements. VTC also warrants that the media containing the Software, if provided by VTC, is free from defects in material from the date You acquired the Software. VTC's sole liability for any breach of this warranty shall be, in VTC's sole discretion: (i) to replace Your defective media or Software; or (ii) to advise You how to achieve substantially the same functionality with the Software as described; or (iii) if the above remedies are impracticable, to refund the subscription fee You paid for the Software. Only if You inform VTC of Your problem with the Software during the applicable subscription period will VTC be obligated to honor this warranty. VTC will use reasonable commercial efforts to repair, replace, advise, or refund pursuant to the foregoing warranty within thirty (30) days of being so notified. If any modifications are made to the Software by You during the warranty period; if the medium is subjected to accident, abuse, or improper use; or if You violate the terms of this Agreement, then this warranty shall immediately terminate. This warranty shall not apply if the Software is used on or in conjunction with hardware or software other than the unmodified version of hardware and software with which the Software was designed to be used as described.

THIS IS A LIMITED WARRANTY, AND IT IS THE ONLY WARRANTY MADE BY VTC OR ITS SUPPLIERS. VTC MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF THIRD PARTIES' RIGHTS. YOU MAY HAVE OTHER STATUTORY RIGHTS. HOWEVER, TO THE FULL EXTENT PERMITTED BY LAW, THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, SHALL BE LIMITED TO THE ABOVE LIMITED WARRANTY PERIOD. MOREOVER, IN NO EVENT WILL WARRANTIES PROVIDED BY LAW, IF ANY, APPLY UNLESS THEY ARE REQUIRED TO APPLY BY STATUTE NOTWITHSTANDING THEIR EXCLUSION BY CONTRACT. NO DEALER, AGENT, OR EMPLOYEE OF VTC IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS LIMITED WARRANTY.

6. PROPRIETARY RIGHTS: VTC reserves all proprietary rights in and to the Software, is protected by copyright and other intellectual property laws and by international treaties. VTC, Inc.

Trademark Notice: VTC, Virtual Training Company, Inc., The VTC Logo, and VTC Online University, are trademarks of VTC, Inc. All other company and product names may be trademarks of their respective owners.
The information contained herein is subject to change without notice. Copyright © 1995 - 2005 VTC, Inc. All rights reserved.

7. TERMINATION: This Agreement shall automatically terminate if You fail to comply with the restrictions described herein. Your obligations to pay outstanding subscription fees shall survive any termination of this Agreement.

8. LIMITATION OF LIABILITY: UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL VTC OR ITS SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER, INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL VTC BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT VTC RECEIVED FROM YOU FOR A LICENSE TO THE SOFTWARE, EVEN IF VTC SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH
DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM VTC'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.

9. Links To Other Materials: Linked sites found at the VTC site are not under the control of VTC, and we are not responsible for the content of any linked site or any link contained in a linked site. VTC may change links based solely on our discretion, and we reserve the right to terminate any link or linking program at any time. VTC does not, by linking to sites, endorse companies or products to which it links and reserves the right to note as such on its web pages. If you decide to access any of the third party sites linked to this site, you do this entirely at your own risk.

Forums, and Chat are not always screened by VTC, and we are not responsible for the content of any public or open forum content at the site. VTC may change these public forums based solely on our discretion, and we reserve the right to terminate any forum at any time. VTC does not, by allowing these forums, endorse companies or products which may be mentioned in these forums, and reserves the right to note as such on its web pages. If you decide to access any of the public forums in this site, or linked to this site, you do this entirely at your own risk.

9. GOVERNING LAW & DISPUTE RESOLUTION: This Agreement is governed by Virginia law. All disputes between You and VTC shall be finally resolved through arbitration in Winchester, Virginia. This site is controlled by VTC from its offices within the United States of America. VTC makes no representation that materials in the site are appropriate or available for use in other locations, and access to them from territories where their content is illegal is prohibited. Those who choose to access this site from other locations do so on their own initiative and are responsible for compliance with applicable local laws. You may not use or export the Materials in violation of U.S. export laws and regulations. Any claim relating to the Materials shall be governed by the internal substantive laws of the Commonwealth of Virginia, USA.

VTC may revise these Terms at any time by updating this posting. You should visit this page from time to time to review the then-current Terms because they are binding on you. Certain provisions of these Terms may be superseded by expressly designated legal notices or terms located on particular pages at this Site.

If you have any questions regarding this policy, or your information specifically,
you may email us at:admin@vtc.com.

Using Security Tools Tutorials