Contents Overview 1 Lesson: Determining Threats and Analyzing Risks to Data 2 Lesson: Designing Security for Data 7 Lab A: Designing Security for Data 15 Module 9: Creating a Security Design for Data Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2002 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Module 9: Creating a Security Design for Data iii Instructor Notes In this module, students will learn how to determine threats and analyze risks to data in an organization. Students will learn how to design access control for files and folders in order to protect data that is stored on network servers. Students will also learn about considerations for encrypting and managing data. After completing this module, students will be able to:  Determine threats and analyze risks to data.  Design security for data. To teach this module, you need the following materials:  Microsoft® PowerPoint® file 2830A_09.ppt  The animation How EFS Works, 2830A_09_A005_1875.htm, located in the Media folder on the Web page on the Student Materials CD. It is recommended that you use PowerPoint version 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all of the features of the slides may not be displayed correctly. To prepare for this module:  Read all of the materials for this module.  Complete the practices.  Watch the animation.  Complete the lab and practice discussing the answers.  Read the additional reading for this module, located under Additional Reading on the Web page on the Student Materials CD.  Visit the Web links that are referenced in the module. Presentation: 60 minutes Lab: 30 minutes Required materials Important Preparation tasks iv Module 9: Creating a Security Design for Data How to Teach This Module This section contains information that will help you to teach this module. Lesson: Determining Threats and Analyzing Risks to Data Use this slide as a refresher for the topic of access control from core courses. This information is presented only as background knowledge regarding access control. This page is intended simply to give examples of vulnerabilities. To elaborate attacks, draw upon your own experiences. The next page deals with common vulnerabilities, so try not to skip ahead. Explain the vulnerabilities, but do not discuss how to secure against them. The second lesson in the module covers that topic. Use the practice as an opportunity for discussion. Lesson: Designing Security for Data This section describes the instructional methods for teaching this lesson. Use this slide as a refresher for the topic of access control from core courses. Tell students that the lab focuses on creating an access control model for Contoso Pharmaceuticals. You can play the animation by clicking the arrow on the slide. If necessary, elaborate on the difference between symmetric and asymmetric encryption. Refer students to the white paper referenced on the page for more information about Encrypting File System (EFS). Spend time on this slide to identify the different ways that data management can be a potential security issue, and discuss ways to ensure secure management of data. Answers may vary. Use the security responses that students give to generate classroom discussion. Use this page to review the content of the module. Students can use the checklist as a basic job aid. The phases mentioned on the page are from Microsoft Solutions Framework (MSF). Use this page to emphasize that students must perform threat analysis and risk assessment on their own networks for the topic covered in this module, and then they must design security responses to protect the networks. Assessment There are assessments for each lesson, located on the Student Materials compact disc. You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning. Overview of Access Control Why Securing Data Is Important Common Vulnerabilities to Data Practice: Analyzing Risks to Data Steps for Designing an Access Control Model Multimedia: How EFS Encr y pts Data Steps for Designing EFS Policies Guidelines for Managing Data Securel y Practice: Risk and Response Security Policy Checklist Module 9: Creating a Security Design for Data v Lab A: Designing Security for Data To begin the lab, open Microsoft Internet Explorer and click the name of the lab. Play the video interviews for students, and then instruct students to begin the lab with their lab partners. Give students approximately 20 minutes to complete this lab, and spend about 10 minutes discussing the lab answers as a class. Regarding threats to the research scientist’s portable computers, students can use the R&D Portable Computer Threat Model and the Risk Statements for R&D Portable Computers documents from previous labs to identify threats to the scientists’ portable computers. Be sure to emphasize that in this lab, the goal is to determine how to counter the threats, rather than discussing the threats themselves. This lab can be difficult if students do not understand the scope of the lab or what you expect from them. However, the subject matter of the lab should be prerequisite knowledge for most students. In this lab, students open a Microsoft Visio® spreadsheet named CP File Permissions Template.vsd. They are encouraged to add information to it. If students use the template, ensure that they rename the file and save the spreadsheet to the Lab Answers folder on their desktops for discussion. Students are not required to use the Visio template; tell students that if they like, they can work with paper and pencil or pen. Use the answers provided in the Lab section of this module to answer students’ questions about the scope of Ashley Larson’s request in her e-mail, and to help frame classroom discussion. Additional answers for this lab are located in the Lab 9 Finance Server File Permissions Answer.vsd and Lab 9 Security Groups Answer.vsd files, located in the Answers folder under Webfiles on the Student Materials CD. Be sure to print the answers out and study them before you conduct the lab. For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for facilitating the lab environment used in this course. Important Important General lab su gg estions vi Module 9: Creating a Security Design for Data Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization. The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the end of the Automated Classroom Setup Guide for Course 2830A, Designing Security for Microsoft Networks. Lab Setup There are no lab setup requirements that affect replication or customization. Lab Results There are no configuration changes on student computers that affect replication or customization. Important Module 9: Creating a Security Design for Data 1 Overview ***************************** ILLEGAL FOR NON-TRAINER USE****************************** In this module, you will learn how to determine threats and analyze risks to data in an organization. You will learn how to design access control for files and folders in order to protect data that is stored on network servers. You will also learn about considerations for encrypting and managing data. After completing this module, you will be able to:  Determine threats and analyze risks to data.  Design security for data. Introduction Ob j ectives 2 Module 9: Creating a Security Design for Data Lesson: Determining Threats and Analyzing Risks to Data ***************************** ILLEGAL FOR NON-TRAINER USE****************************** Securing data means controlling access to it. You control access by using permissions. Attackers who can subvert or override permissions may be able to access data on your network. After completing this lesson, you will be able to:  Describe access control for data.  Explain why securing data is important.  List common vulnerabilities to data. Introduction Lesson ob j ectives Module 9: Creating a Security Design for Data 3 Overview of Access Control ***************************** ILLEGAL FOR NON-TRAINER USE****************************** To control access to data, Microsoft® Windows® 2000 and Microsoft Windows XP use access tokens and discretionary access control lists (DACLs). Access tokens define the rights that a user account has. DACLs control the permissions to Active Directory ® directory service objects and the folder and file objects in NTFS file system (NTFS). When a user’s credentials are validated during authentication, the user’s computer receives and stores an access token. The access token contains the security identifier (SID) of the user account, the SID of each local and domain group that the user has membership in, and a list of the user rights for the user. When a user attempts to access a resource, the SIDs in the access token are compared to the SIDs in the DACL. The user receives the corresponding permissions to each matching SID in the access token and DACL. The DACL of the resource contains an access control entry (ACE) for each permission that is assigned to the resource. The ACEs define the protections that apply to an object. For more information about access control in Windows 2000 and Windows XP, see Access Control Components, at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/ Security/access_control_components.asp. Key points Additional readin g 4 Module 9: Creating a Security Design for Data Why Securing Data Is Important ***************************** ILLEGAL FOR NON-TRAINER USE****************************** Data is vulnerable to threats from both external and internal attackers. For example: An external attacker steals a laptop from an employee’s car. Using a floppy disk to boot the computer, the attacker replaces the password of the Administrator account in the local Security Accounts Manager (SAM) database. The attacker then logs on to the laptop as Administrator and accesses the data. An internal attacker discovers a server running Windows 2000 that stores confidential data in folders that are configured with default permissions. The attacker copies the data and sells it to a competitor. Because auditing was not configured, the IT staff cannot determine how the server was compromised or who stole the data. Key points External attacker scenario Internal attacker scenario [...]... data Use auditing to ensure that access to data remains secure Use management permissions to ensure the secure administration of data Also determine an appropriate length of time that your organization retains data and how you use redundant hardware and hardware replacement schedules to protect against loss of data due to hardware failure Additional reading For more information about managing data securely,... Reading on the Web page on the Student Materials CD 12 Module 9: Creating a Security Design for Data Guidelines for Managing Data Securely *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points A proactive management strategy for data helps ensure that your data remains protected Create policies to manage how your organization stores data and backs up data. .. physically destroy data Corruption of data For example, a virus or irreversible encryption can corrupt data When configuring physical and logical security of data, always assign the least amount of access and permissions that a user requires to complete her job duties 6 Module 9: Creating a Security Design for Data Practice: Analyzing Risks to Data *****************************ILLEGAL FOR NON-TRAINER... DL_Finance_Files_Read, and DL_Finance_Share_Change • Domain local groups for each department For example, for the Payroll department, create a domain local group named DL_Payroll_Modify • A global group for finance directors named GG_All_Finance_Directors • A global group for each division, for example GG_All_Payroll • A global group for the finance administrators, named GG_All_Finance_Administrators Next, assign... Denial of service, and Elevation of privilege) and life cycle threat models Manage risks Qualitative and quantitative risk analysis Phase Task Details Building Create policies and procedures for: Using an access control model Implementing share and NTFS permissions Encrypting data using EFS Ensuring the secure management of data Module 9: Creating a Security Design for Data 15 Lab A: Designing Security. .. Introduction After examining threats to data, Northwind Traders determined that if it stores all user data on a central data server and installs antivirus software on all client computers, the organization will reduce its Annual Loss Expectancy (ALE) for data by $150,000 Question What are some other threats to data that may prevent Northwind Traders from reducing the ALE by the anticipated amount? Answers may... answers as a class Important In this lab, you can use a Microsoft Visio® file named CP File Permissions Template.vsd and add information to it If you choose to use the template, rename the file and save it to the Lab Answers folder on your desktop for discussion 16 Module 9: Creating a Security Design for Data Lab A: Designing Security for Data Lab Questions and Answers Answers may vary The following are.. .Module 9: Creating a Security Design for Data 5 Common Vulnerabilities to Data *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Data is vulnerable to three general threats: Incorrect configuration of permissions A user is able to access data that should be restricted Physical security of data A user has local access and can defeat other security measures... natural disaster could cause Northwind Traders to lose all data, which could create a work stoppage for the organization Module 9: Creating a Security Design for Data 7 Lesson: Designing Security for Data *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can secure access to data by ensuring that users have appropriate permission An access control... designing security for data 8 Module 9: Creating a Security Design for Data Steps for Designing an Access Control Model *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points In Windows 2000 and Windows XP, you can apply access control to data and to the accounts that access data You can use an access control model on accounts to isolate the security of resources . Threats and Analyzing Risks to Data 2 Lesson: Designing Security for Data 7 Lab A: Designing Security for Data 15 Module 9: Creating a Security Design. Administrator account in the local Security Accounts Manager (SAM) database. The attacker then logs on to the laptop as Administrator and accesses the data. An