Module 2: Introduction to Windows Security Fundamentals

Windows Security refers to the built-in features, tools, and best practices provided by Microsoft Windows operating systems to protect data, manage access, and defend against internal and external cyber threats.

Network Protection

  • Windows Defender Firewall with advanced security

  • IPSec for encrypted communication

  • Network Access Protection (NAP) (legacy) or Conditional Access in modern environments

Threat Detection and Response

  • Windows Defender Antivirus

  • Microsoft Defender for Endpoint (enterprise-grade threat detection)

  • SmartScreen, Exploit Guard, and Credential Guard

Microsoft's Defense-in-Depth Security Model:

A multi-layered approach that protects:

  1. Physical layer

  2. Network perimeter

  3. Operating system and application layer

  4. Identity and access

  5. Data and content

  6. User awareness

Introducing Security Features in Active Directory

Authentication and Authorization

  • Uses Active Directory, Kerberos, NTLM, and Azure AD

  • Controls who can access what and under what conditions

  • Enforced using Group Policy, role-based access control (RBAC)

  • Active Directory Hierarchical Structure
  • Defining Security Boundaries Using Domains
  • Supporting Security Settings Using OUs
  • Providing Delegation of Administration
Active Directory Hierarchical
  • Trust Relationships
Trust Relationships
  • Administration Using Group Policy
Using Group Policy

How to Authenticate User Accounts in Windows Server: Methods and Best Practices

Authenticating user accounts in Windows Server refers to the process of verifying the identity of a user attempting to access a network resource. This ensures only authorized users can log in or perform specific actions. Authentication methods include password-based login, smart cards, biometrics, and multi-factor authentication using protocols like Kerberos or NTLM.

  • Using Kerberos V5 Authentication
  • Defining Security Boundaries Using Domains
  • Supporting Security Settings Using OUs
  • Providing Delegation of Administration
Active Directory Hierarchical
  • Using Certificate-based Authentication
  • Map Certificates to Active Directory Accounts
  • Implement Smart Card Authentication
Authenticate user accounts
  • Using NTLM Protocol for Authentication
Windows Server authentication

Securing Access to Resources in Windows Server: Best Practices for Network Security

Securing access to resources in Windows Server involves implementing security measures that control how users and groups interact with files, folders, printers, and other network services. It includes setting NTFS permissions, configuring shared access controls, applying Group Policy, and using role-based access to ensure only authorized users can access sensitive data or perform specific actions.

Access Control Mechanisms

  • NTFS Permissions for files and folders

  • User Account Control (UAC) to prevent unauthorized changes

  • Audit Policies for tracking access and changes

  • Describing Security Identifiers
  • Automatically Created When an Object Is Added
  • Identify Users, Groups, or Computers
  • Used to Grant Access Rights and Permissions to Resources
Network resource protection
  • Controlling Access to Resources
DACLSACL
Specifies Access Permissions for a ResourceSpecifies Users or Groups to Be Audited
ACEs List Actions That Users or Groups Can PerformACEs List Events to Be Audited Based on Successes or Failures
  • Defining Security Groups for Resource Access
  • Domain Local Groups
  • Global Groups
  • Universal Groups
File and folder permissions
  • Discussion: Authentication and Access Control
File and folder permissions
Introducing Encryption Technologies
Data Protection

  • BitLocker Drive Encryption for protecting drives

  • EFS (Encrypting File System) for securing individual files

  • Windows Information Protection (WIP) for business data isolation

  • Using Symmetric Key Encryption
  • Encrypting Application Data
  • EFS
  • S/MIME
  • Encrypting Communication Protocols
  • IPSec
  • TLS
Using Symmetric Key Encryption
  • Using Public Key Encryption
Using Public Key Encryption
  • Using Digital Signatures
Encrypting Stored and Transmitted Data

In the context of Windows Security Fundamentals, encrypting stored and transmitted data refers to the process of converting sensitive information into an unreadable format to protect it from unauthorized access—both when saved on disk (data at rest) and when being sent over a network (data in transit).

This ensures confidentiality, integrity, and security of critical files, user credentials, emails, and other data assets within a Windows-based infrastructure.

  • Encrypting Stored Data Using EFS
  • EFS Protects Stored Data
  • The File Encryption Key Encrypts the Data
  • The File Encryption Key Is Encrypted By:
  • Encrypting Transmitted Data
  • IPSec Encrypts Data at the IP Layer
  • SSL Encrypts Data at the Application Layer
  • TLS Encrypts Data at the Application Layer
  • Discussion: Encrypting Data
Encrypting Data
Introducing Public Key Infrastructure (PKI) Technology

In Windows Security Fundamentals, Public Key Infrastructure (PKI) is a framework that uses asymmetric cryptography (a public and private key pair) to secure communications, authenticate identities, and enable digital signatures.

It plays a key role in certificate-based security—such as enabling HTTPS, securing emails, and managing access in Windows environments through certificates issued by Certificate Authorities (CAs).

  • Describing PKI Components
  • Using Digital Certificates for Authentication
Using Digital Certificates
  • Describing Certification Authorities
Describing Certification

Add comment

Your email address will not be published. Required fields are marked

Quick Links

ADDITIONAL LINKS

Categories

Subscribe Now!

get 20% Off on courses collection Now!

© 2024 SkillPoint IT. All rights reserved.