Expert answer:Windows Networks

Solved by verified expert:Book: Solomon, M. G. (2014). Security
Strategies in Windows Platforms and Applications (2nd ed.). Burlington,
MA: Jones & Bartlett Learning. ISBN-13: 9781284031652 – CHAPTER 9 & 10 (Attached)Microsoft Windows computers can be very useful by themselves, but
they are far more effective when they are able to communicate with one
another. In an essay, address the following:Discuss the techniques that many organizations use to ensure that their Windows networks are secure.Additionally, examine how to connect computers together without
risking your organization’s information to loss, alteration, or
disclosure.Provide an example of how each principle of the CIA triad can be used to secure the networkProvide information from your readings to support your statements.Deliverables:Your well-written essay should be three & four pages in length,
incorporating at least two academic sources. Avoid writing in first person like “I recommend, I suggest”. Cite all sources using academic writing standards and APA style guidelines, citing
references as appropriate. Similarity less than 15%.
ch9.pdf

ch10.pdf

Unformatted Attachment Preview

CHAPTER
9
Microsoft Windows
Network Security
M
icrosoft Windows computers can be very useful by themselves,
but they are far more effective when they are able to communicate
with one another. Windows computers that can communicate
and exchange information have the ability to assume specific roles that
make your organization’s computing environment more efficient and effective.
Unfortunately, connecting computers also makes accessing your organization’s
information easier for unauthorized users as well as authorized users. That means
you have to be diligent to ensure the confidentiality, integrity, and availability
of your data.
In this chapter, you’ll learn about techniques that many organizations use
to ensure that their Windows networks are secure. You’ll learn how to connect
computers together without risking your organization’s information to loss,
alteration, or disclosure.
Chapter 9 Topics
This chapter covers the following topics and concepts:
• What network security is
• What the principles of Microsoft Windows network security are
• What Microsoft Windows security protocols and services are
• How to secure Microsoft Windows environment network services
• How to secure Microsoft Windows wireless networking
• What Microsoft Windows desktop network security is
• What Microsoft Windows server network security is
• What best practices for Microsoft Windows network security are
190
Chapter 9 Goals
When you complete this chapter, you will be able to:
• Describe goals for securing Microsoft Windows networks
• Secure Microsoft Windows networking services
• Secure Microsoft Windows wireless networks
• Secure Microsoft Windows workstations and servers
Network Security
Today’s IT environments include components connected to form a network, or
multiple networks. A network is a collection of computers and devices joined by
connection media. Network components work together to support an organization’s
business functions. This makes information available for various uses and many
users. As networks grow and become more functional, they can become complex
to manage. One way to help organize network components and keep your network
simple is to categorize components by function. One way to organize components
is to use an IT Infrastructure approach to group components into functional areas,
or domains. Figure 9-1 shows an IT infrastructure with seven domains. These are
the domains you’ll commonly encounter as you study IT environments.
In a general network perspective, users generally use their workstations to access
other resources that are connected to an organization’s local area network (LAN),
a metropolitan area network (MAN), or even a wide area network (WAN). Table 9-1
lists each of the basic three network types and their characteristics.
Organizations rely on networked resources more than ever in today’s environments. Networks make it possible to share expensive resources. Examples of shared
resources are color printers, high-performance disk subsystems, and applications.
Networks increase efficiency in critical business functions by supporting faster
information transfer and resource sharing. These benefits often result in direct cost
reductions and productivity increases. Organizations rely on network resources
to maintain cost-efficient operations. Protecting the network-based resources and
services directly affects cost and efficiency. Implementing the controls necessary
to support your security policy and protect your networks makes your organization
more secure and effective.
9
Network Security
191
7-Domains
of a Typical IT Infrastructure
192   
PART 2 | Managing and Maintaining Microsoft Windows Security
Figure 9-1
LAN Domain
LAN-to-WAN Domain
The seven domains of
a typical IT infrastructure.
Server
User
Domain
Firewall
Workstation
Domain
Computer
Hub
Router
Firewall
Remote Access Domain
Mainframe
Application &
Web Servers
Computer
System/Application
Domain
Table 9-1
Network types.
Network type
Size
Description
Local area network
(LAN)
A LAN covers a small physical
area, such as an office
or building.
LANs are common in homes and
businesses and make it easy to share
resources such as printers and
shared disks.
Metropolitan area
network (MAN)
A MAN connects two or more
LANs but does not span an area
larger than a city or town.
MANs are useful to connect multiple
buildings or groups of buildings
spread around an area larger than
a few city blocks.
Wide area network
(WAN)
WANs connect multiple LANs
and WANs and span very
large areas, including multiple
country coverage.
WANs provide network connections
among computers, devices, and other
networks that need to communicate
across great distances. For example,
the Internet is a WAN.
CHAPTER 9 | Microsoft Windows Network Security
193
There are other types of networks, and you may see a few more terms used to describe
networks. These terms aren’t in widespread use but they do describe specific types of networks.
Other types of networks include:
• Personal area network (PAN)—A PAN consists of one or more workstations and
its network devices, such as printers, network disk systems, and scanners. A PAN refers
to the networked devices one person would likely use and normally does not span
an area larger than an office or cubicle.
• Campus area network (CAN)—A CAN is larger than a LAN but generally smaller
than a MAN. CANs are useful to connect the LANs across multiple buildings that are
all in fairly close proximity to one another.
• Global area network (GAN)—A GAN is a newer term for a super-WAN. A GAN
is a collection of interconnected LANs, CANs, MANs, and even WANs that span
an extremely large area.
Network Security Controls
Network security controls often focus on limiting access to remote resources.
A local resource is any resource attached to a local computer—the same computer
to which the user has logged on. A remote resource is any resource attached to another
computer on a network that is different from the computer to which the user is logged on.
The user’s computer and the remote computer must be connected to a network to provide
access to the remote resource. Many of the security controls you’ll find to protect network
resources are similar to controls found protecting local resources. You’ll learn more
about how each type of control works in a Microsoft Windows network environment
in this chapter. The main types of network security controls include:
• Communication controls to limit the spread of malicious software and traffic
• Anti-malware software on all computers in the network to detect and
eradicate malware
• Recovery plans, including backups, for all computers and devices in the network
• Procedures to control network device configuration changes
• Monitoring tools and other detective controls to help detect and stop suspicious
network activity
• Software patch management for all computers and devices in the network
Network Security
• Access controls for protected resources, such as printers and shared folders
9
194   
PART 2 | Managing and Maintaining Microsoft Windows Security
Principles of Microsoft Windows Network Security
A secure Microsoft Windows network allows access on demand to resources
for authorized users while denying access for unauthorized users. While the goal
is similar to securing a single computer, putting that goal into practice involves more
types of controls. Setting up a network exposes all resources in the network to security
threats. Securing a Microsoft Windows network requires attention to three main types
of vulnerabilities:
• Physical and logical access—Locate important computers and devices in physically
secure areas and limit access to them. Separate networks logically into smaller
segments to control resource access. Logically separating networks is beneficial when
you need to keep groups of devices separate. This is common in larger networks.
• Traffic flow—Use firewalls and other types of filters to discard unauthorized traffic
on a network. Filters should exist at all network boundaries and between segments
to control network ingress and egress.
• Computer and device security—Ensure each computer and device on the network
is prepared to handle any known attack. Any computer or device that does not
have proper security controls deployed poses a threat to the entire network.
Securing a Microsoft network involves deploying controls that protect all network
components from all known threats. Although that may sound like a large goal, it’s
manageable when you approach it in a structured manner. The first step in understanding
how to secure a network is to explore the most common components of networks.
Common Network Components
The main purpose of any network is to provide users with the ability to access and
share remote resources. Networks use three main types of components to meet this goal.
These components work together to allow users to share resources and reduce the need
for multiple dedicated resources such as printers, file storage systems, and backup devices.
The three main types of components in networks include:
• Connection media—The adapters and wires that connect components together. Not
all connection methods use wires. With wireless devices, radio waves transmit data.
So, connection media also includes wireless adapters.
• Networking devices—Hardware devices that connect other devices and computers
using connection media.
• Server computers and services devices—Hardware that provides one or more
services to users, such as server computers, printers, and network storage devices.
Many physical devices found in networks are actually combinations of several types of
components. These components should work together to provide easy access to desired
resources and still maintain the security of an organization’s information. Figure 9-2
shows common network components.
CHAPTER 9 | Microsoft Windows Network Security
195
Connection
Connection
Connection
Media
Media
Media
Networking
Devices
Networking
Networking
Devices
Devices
Servers
Servers
Servers
and
and
and
Services
Services
Services
Unshielded
Unshielded
Unshielded
Twisted
Twisted
Twisted
Pair
Pair
Pair
(UTP)
(UTP)
(UTP)
Shielded
Shielded
Shielded
Twisted
Twisted
Twisted
Pair
Pair
Pair
(STP)
(STP)
(STP)
Coaxial
Coaxial
Coaxial
Fiber
Fiber
Fiber
Optic
Optic
Optic
Wireless
Wireless
Wireless
Hub
Hub
Hub
Switch
Switch
Switch
Router
Router
Router
Gateway
Gateway
Gateway
Firewall
Firewall
Firewall
File
File
File
Server
Server
Server
Print
Print
Print
Server
Server
Server
Data
Data
Data
Access
Access
Access
Application
Application
Application
Server
Server
Server
Firewall
Firewall
Firewall
Figure 9-2
Common components found in networks.
Connection Media
The purpose of any network is to allow multiple computers or devices to communicate with
each other. By definition, networked computers and devices are connected to one another
and have the necessary software to communicate. In the past, networked computers and
devices were connected using cable. Today’s networks contain a mix of cables and wireless
connections. While the technical details of network connections are beyond the scope of
this discussion, it is important to have a general understanding of a network’s components.
There are two options to establish network connections between computers and devices.
You either build your own network or pay another organization to allow you to use their
network for your purposes. The following sections that cover connection media assume you
own the connection media and are installing the hardware necessary to establish network
communications. The following network connection media options appear most commonly
in LANs, CANs, and MANs, but may be used in other networks as well.
Wired Network Connections
Wireless Network Connections
Wireless connections are very popular in today’s network environments, where flexibility
is an important design factor. Wireless connections allow devices to connect to your
network without your having to physically connect to a cable. This flexibility makes it easy
to connect computers, or devices, in situations where running cables is either difficult
or not practical for temporary connections. The Institute of Electrical and Electronics
Engineers (IEEE) defines standards for many aspects of computing and communications.
The IEEE 802.11 defines standards for wireless local area network (WLAN) communication
protocols. A protocol is a set of rules that govern communication.
9
Network Security
There are four basic cabling options for most physical network connections, including
coaxial cable. Each option has its own advantages and disadvantages. If you choose to
use physical cables for part or all of your network, you will have to run cables to each
device. Running cables between devices takes careful planning. Make sure when you
explore cabling options you evaluate the cost of installing all of the cables and connection
hardware to support both your current and future needs. Table 9-2 lists the four basic
cable options, along with the advantages and disadvantages of each one.
196   
PART 2 | Managing and Maintaining Microsoft Windows Security
Basic network cabling options.
Table 9-2
Cable type
Description
Advantages and
Disadvantages
Unshielded twisted
pair (UTP)
The most common type of network
cable, UTP generally consists of two
or four pairs of wires. Pairs of wires
are twisted around each other to reduce
interference with other pairs. The most
common type of UTP is Category 5 UTP,
which supports 100 megabits per second
(Mbps) for two pairs of wires and
1,000 Mbps for four pairs.
• Lowest cost
• Ease of installation
•  Susceptibility to
Same as UTP, but with foil shielding
around each pair and optionally around
the entire wire group to protect the
cable from external radio and electrical
interference.
• Low cost
• Ease of installation
•  Greater resistance to
Shielded twisted pair
(STP)
interference
•  Limited transmission
speeds and distances
interference than UTP
•  Same speed limitations
as UTP but support for
longer run lengths
Coaxial cable
A single copper conductor surrounded
with a plastic sheath, then a braided
copper shield, and then the external
insulation.
•  Higher cost
• Difficult installation
•  Strong resistance to
interference
•  Higher speeds and longer
run lengths
Fiber optic cable
A glass core surrounded by several layers
of protective materials.
• Highest cost
•  Ease of running cable
•  Special tools needed to
install end connectors
•  Immunity to radio and
electrical interference
•  Extremely high speeds
and long run lengths
There are four main protocols currently in the 802.11 standard. There are also two
emerging protocols that will likely play a role in future wireless networks. As with the
discussion of wired network connections, the technical details are beyond the scope of
this discussion, but it is important to know the basic differences between different wireless
protocols. Table 9-3 lists the most common current and emerging wireless protocols.
CHAPTER 9 | Microsoft Windows Network Security
197
Communication Protocol
A communication protocol isn’t as complex as the name implies. The technical details
of each protocol can be quite complex but the concept is pretty simple. A protocol is just
a set of rules parties use to communicate. You use protocol rules every day. For example,
suppose you want to invite a person to attend a meeting. If that person is a close friend,
you would use an informal greeting and style of conversation. If, on the other hand,
the person is an elected official, you would likely use a far more formal greeting and
choice of words. You decide how to communicate based on your own protocol rules.
You’ll learn more about computer communication protocols later in this chapter.
Generally, hardware that supports protocols with faster
speeds with longer range costs more than hardware with
slower protocols. Your choice of wireless protocols will likely
be based on cost, transmission speed requirements, and other
devices that may cause interference in a specific frequency.
Bluetooth is a popular wireless protocol for connecting
devices over short distances. The most popular use of
Bluetooth is to create PANs of devices that communicate
with a computer or device. Headsets, mice, and printers
are some examples of devices that commonly support
the Bluetooth protocol. From a security perspective,
it is important to consider Bluetooth support for your
computers and devices when you are developing wireless
policies and controls. Bluetooth-enabled computers are
vulnerable to several types of wireless attacks unless
you protect all wireless connections.
Common current and emerging 802.11 wireless standards.
Protocol
Maximum
Transmission Speed
Range (ft)
indoor/outdoor
Frequency
802.11a
54 Mbps
115 / 390
5 GHz
802.11b
11 Mbps
125 / 460
2.4 GHz
802.11g
54 Mbps
125 / 460
2.4 GHz
802.11n
150+ Mbps
230 / 820
2.4 GHz / 5 GHz
802.11ac (draft)
866.7 Mbps
(not determined)
5 GHz
802.11ad (WiGiG)
7,000 Mbps
(not determined)
2.4 / 5 / 60 GHz
9
Network Security
Table 9-3
! WARNING
In all cases, allowing wireless
connections to your network
increases the potential for
unauthorized users to access
network resources. If you choose
to implement wireless connections,
you must ensure you are using
strong access controls and strong
wireless encryption. In other words,
use Wi-Fi Protected Access (WPA)
as opposed to Wired Equivalent
Privacy (WEP).
198   
PART 2 | Managing and Maintaining Microsoft Windows Security
Printer
Figure 9-3
Simple network
with a single hub.
LAN Hub
File Server
Print Server
Printer
Desktop PC
Desktop PC
Networking Devices
Once you decide on the types of connections you’ll use for your network, you have to
decide how your components connect to one another. Only the simplest networks with
very few devices have every component connected. With more than just a few devices,
this arrangement would make managing your network connections extremely difficult.
Networks in today’s environments use several types of devices to keep connections
manageable. You’ll see many different types of devices, but the following two sections
discuss the ones you’ll most commonly use.
Hub
The simplest network device is a hub. A hub is simply a box with several connectors,
or ports, that allows multiple network cables to attach to it. Common hubs have 4, 8,
16, or 32 ports. A hub is a hardware repeater. A hub takes input from any port and
repeats the transmission, sending it as output on every port, including the original input
port. Hubs make it easy to connect many devices to a network by connecting each device
to the hub. Figure 9-3 shows a simple network created using a single hub.
Switch
Hubs are inexpensive devices used to connect many computers and devices to a network.
One problem with hubs is that they repeat all network traffic to all ports. This can cause
message collisions and a frequent need to resend messages. Hubs also tend to contribute
to network congestion since every computer and device receives all network traffic.
Networks are designed to handle collisions and congestion but at the cost of high performance. A switch can help avoid many collision and congestion issues and actually speed
up networks. A switch is a hardware device that forwards input it receives only to the
appropriate output port.
For example, if Computer A wants to send a message to Computer B, a switch will
send the message from Computer A’s port only to Computer B’s port. No other computers
CHAPTER 9 | Microsoft Windows Network Security
199
ever see the message. As an additional benefit, i …
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades