Module 1: Introduction to Designing Security Table of Contents Module Overview 1-1 Lesson 1: Overview of Designing Security for Microsoft Networks 1-2 Lesson 2: Introducing Contoso Pharmaceuticals: A Case Study 1-11
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2007 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, ActiveX, BitLocker, BizTalk, Brute Force, Internet Explorer, MS-DOS, Outlook, PowerPoint, SQL Server, Visual Studio, Windows, Windows Live, Windows Mobile, Windows NT, Windows Server and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Version 1.2
Module 1: Introduction to Designing Security 1-1 Module Overview A security design is a comprehensive plan that guides the implementation of security policies and procedures for an organization. A security design helps an organization to organize its assets to implement security in a consistent and effective manner. This module describes the basic framework for designing network security and introduces key concepts used throughout the course. It also introduces a fictional organization, Contoso Pharmaceuticals, which the labs in the course use as an ongoing case study. You will become familiar with the network security issues that confront Contoso Pharmaceuticals. Objectives After completing this module, you will be able to: Provide an overview of designing security for Microsoft networks. Describe the components of the case study for this course.
1-2 Module 1: Introduction to Designing Security Lesson 1: Overview of Designing Security for Microsoft Networks Many organizations underestimate the value of their information technology (IT) environment, often because they exclude substantial indirect costs. If there is a severe attack on the servers in the IT environment, it could significantly damage the entire organization. For example, an attack in which your organization s Web site is brought down could cause a major loss of revenue or customer confidence, which could affect your organization s profitability. An effective security design helps an organization to protect its assets. Objectives After completing this lesson, you will be able to: Explain why organizations invest in network security. Describe the key principles of security. Explain the relationship between security design and security implementation. Describe the elements of a Microsoft network that should be secured. Describe the general organization of information in this course.
Module 1: Introduction to Designing Security 1-3 Why Invest in Network Security? Organizations invest in network security to protect their assets from threats. Assets on a computer network can include such items as e-mail messages, intellectual property like trade secrets or source code, customer databases, and e-commerce transactions. A threat is a danger or vulnerability to an asset. Threats to assets include attackers trying to steal information, software applications that lack the latest security updates, and natural disasters such as fires or floods. Every organization has its own unique mix of clients, servers, and user requirements that make planning a comprehensive, secure environment a major challenge. Without a consistent approach to risk management, some areas of the network may benefit from extremely rigorous security while others are only minimally secured. Risk Management A security design uses the concept of risk management to determine appropriate security responses to threats. Risk management is a careful study of criteria, for example, the likelihood of a threat occurring, the impact of the threat, the value of an asset to your organization, and the cost of a security solution. After you perform risk management, you can decide on an appropriate response to a threat. Data collected during risk management is also useful to present to upper management and key stakeholders to persuade them of the importance of network security and its value to your organization.
1-4 Module 1: Introduction to Designing Security What Are the Key Principles of Security? Security planning is based on two principles: Users must have access to resources. This access can be very basic, including only desktop logon and the availability of access control lists (ACLs) on resources. This access can also include optional services such as remote network logons, wireless network access, and access for external users such as business partners or customers. The network requires a secure, shared IT infrastructure. This infrastructure includes comprehensive physical security, effective security boundaries, secure servers and services, secure networking, and an effective plan for delegating administration. Defense in Depth Defense in depth refers to a combination of people, operations, and security technologies. Defense in depth provides multiple layers of protection to a network by defending against threats at multiple points in the network. A single layer is often ineffective against multiple attacks. By using defense in depth, if an attack breaks through one point of defense, other defenses provide additional protection to the asset. Least Privilege Least privilege refers to granting a user, resource, or application the least amount of privilege or permissions necessary to perform the required task. Practices such as using default or full-control permissions on resources, or giving administrator rights to user accounts, simplify administration to a dangerous degree. Granting excessive permissions can introduce numerous vulnerabilities that attackers can easily exploit. Minimized Attack Surface The concept of an attack surface refers to points of entry that an attacker can exploit to penetrate the network. A network that has a minimum of exposed areas or points that are
Module 1: Introduction to Designing Security 1-5 vulnerable to attack has a minimized attack surface. A network that has several unprotected connections to the Internet has a larger attack surface than a small, isolated network that has a single, secured connection to a branch office.
1-6 Module 1: Introduction to Designing Security The Relationship Between Security Design and Implementation As a designer of network security, you must understand the difference between security design and security implementation, which are related but different processes. Security Design Security design ensures that an organization has a logical and carefully planned strategy for securing its assets. For example, not all assets are of equal value. In some cases, the cost of protecting an asset may exceed the value of the asset. Security design balances these and other considerations to ensure that security is applied throughout the organization in a controlled and logical manner. Security design can be a difficult endeavor, particularly in large networks that have distributed administration or various, disconnected interests. Ensure that you include representatives from various departments of your organization in your design. The goal of security design is to create security policies and procedures. Security Implementation Security implementation applies the policies and procedures that you created during the design and ensures that they are deployed consistently throughout the organization. For example, security implementation ensures that individual computers receive the appropriate security templates and that computers are correctly configured to achieve the level of security that a specific security policy requires.
Module 1: Introduction to Designing Security 1-7 Typical Elements That Require Security in Microsoft Networks There are many forms of assets that require protection, and they can be located in many places on a network. When you design security for a network, ensure that you create policies and procedures to protect each area of your network from the threats and vulnerabilities that can occur in that area. Elements in a Microsoft Network Element Physical security Computers Accounts Authentication Data Data transmission Considerations Poorly secured buildings. Data links. Theft of hardware. Attacks during initial installation. Incorrectly configured baseline security. Incorrect privileges. Misuse of administrator accounts. Weak passwords. Interception of passwords. Incompatibility with software. Weak encryption. Configuration of permissions. Failure of hardware. Corruption of data. Attackers monitoring network. Address spoofing. Data modification. Denial of service.
1-8 Module 1: Introduction to Designing Security Element Network perimeters Considerations Exposure of network information. Lack of control over infrastructure. Exposure of computers to attack.
Module 1: Introduction to Designing Security 1-9 Designing Security The modules in this course present the process for designing security in several phases. Process for Designing Security 1. Create a security design team. Ensure that your design is the product of various perspectives so that all vulnerabilities and threats may be discovered. A design team also helps to ensure representation of a cross-section of employees in the design and can help to ensure compliance with the policies and procedures that the team designs. 2. Perform threat modeling. This predicts threats to a given asset or resource. Knowing the threats that affect an asset helps you to design countermeasures to protect the asset. 3. Perform risk management. This analyzes the likelihood of a threat occurring and the potential damage that a threat may cause. Risk management is a valuable tool that can help you to convince management that security measures are necessary to adequately defend a resource against a threat. 4. Design security measures for your network elements. Use the knowledge and skills from your threat modeling and risk management phases and apply them to the following elements of a Microsoft network: physical security, hosts, accounts and services, authorization, data, data transmission, and network perimeters. Identify common vulnerabilities to assets in each area and create security policies that protect each area. 5. Detect and react. Identify ways to detect intrusions and respond to security incidents in a controlled manner. Early detection of an attack is vital to limiting the damage that the attack may cause. Careful and thoughtful response can make recovery easier and can also prevent mistakes that may make the situation worse.
1-10 Module 1: Introduction to Designing Security 6. Manage and review network security on a continual basis. Create, implement, and review policies for acceptable use, network management, and the secure operation of a network.
Module 1: Introduction to Designing Security 1-11 Lesson 2: Introducing Contoso Pharmaceuticals: A Case Study This course presents a case study of a fictional company, Contoso Pharmaceuticals. The labs in each module focus on the challenges facing Contoso Pharmaceuticals and its efforts to design security for its network. Objectives After completing this lesson, you will be able to: Describe Contoso Pharmaceuticals. Describe the consultant role in Contoso Pharmaceuticals. Identify key personnel at Contoso Pharmaceuticals. Identify key features of the course labs.
1-12 Module 1: Introduction to Designing Security Introduction to Contoso Pharmaceuticals Contoso Pharmaceuticals produces prescription drugs for a worldwide market. Despite becoming a large company over the years through numerous mergers and acquisitions, the organization has never been able to implement a standardized network design. As a result, Contoso Pharmaceuticals has inconsistent and in some places nonexistent security on its network. As part of reforming its IT department, Contoso Pharmaceuticals has hired a new chief information officer (CIO) to direct security efforts for the company s network. The CIO has hired you as a consultant to design security for Contoso Pharmaceuticals.
Module 1: Introduction to Designing Security 1-13 The IT Security Consultant Role You have been hired as an IT Security Consultant for Contoso Pharmaceuticals. Contoso Pharmaceuticals has: A headquarters in Chicago, Illinois. All company executives and management live and work in the Chicago area, although they frequently travel to other Contoso Pharmaceuticals locations, business partners, and clients. There are 7,028 employees at the Contoso Pharmaceuticals headquarters. Two main research and development facilities that work together closely with several local universities and colleges. All pharmaceuticals research and development is in San Francisco, California. All biotechnology research and development is in Geneva, Switzerland. There are 1,100 employees in San Francisco and 430 in Geneva. Several large regional offices that cooperate with national and international regulatory agencies on the approval and distribution of its products. Approximately 700 employees work at each regional office. The regional offices are located in: New York, USA London, United Kingdom Paris, France Oslo, Norway Brussels, Belgium Toronto, Canada
1-14 Module 1: Introduction to Designing Security Key Personnel at Contoso Pharmaceuticals During the labs in this course you will interview appropriate Contoso Pharmaceuticals employees. The security issues that employees discuss pertain to the labs. The employees perform various roles and have varying interests. They represent just a few of the roles that security designers work with to create a security design for an organization. You will hear from the following employees: Garth Fort. As the chief executive officer (CEO) of Contoso Pharmaceuticals, Garth often provides business motivations for decisions. Ellen Adams. As the new CIO, Ellen has hired you to assist in designing security for Contoso Pharmaceuticals. In each lab, you will obtain your instructions from Ellen. Thomas Hamborg. Thomas is the chief financial officer (CFO). He provides business information for design decisions that you must make. John Y. Chen. John is one of the IT administrators for Contoso Pharmaceuticals. He offers technical details about the security of the network. Susan Burk. Susan is vice president (VP) of the research and development department and an executive stakeholder. Michiko Osada. Michiko is a business analyst and represents the end user in the organization.
Module 1: Introduction to Designing Security 1-15 Introduction to the Lab Environment Each lab contains some of the following elements: Interviews. Company officials describe the scenario and problems with network security at Contoso Pharmaceuticals. E-mails. Messages contain detailed information for each lab scenario. The e-mails that you receive from Ellen contain the goals. Intranet. Background information about the company, such as an organizational chart and company history. Network files. A file server that contains folders that include relevant documents that you may require to complete a lab.