Introduction to Security in Windows Server Server 2003
Good
news, at last Microsoft are serious about security in Server 2003. With
NT 4.0 and even Windows 2000, ease of use has
been the watchword, but now in Server 2003, security is top of the agenda.
My goal in this section is to give you an insight into the range of
improvements to security in Server 2003. The pages are full of tips and
explanations of how to configure the settings.
The list below is not meant to be exhaustive, I selected the topics to show the variety of ways that Microsoft are implementing security
in Server 2003.
CRL - (Common Runtime Language)
I have chosen CRL first not because its the best security feature, but because it
encapsulates the spirit of security in Windows Server 2003. CRL makes a
dry run before the code actually executes. It checks that a program can
run without errors before actually executing.
Kerberos Security
Kerberos security deals with all aspects of authenticating users. In practical terms I could break NT 4.0 passwords with
a freely available program called L0PHTCrack
but Thanks to Kerberos, Windows 2000 and Server 2003 passwords are immune from such attacks.
I have a whole page on the concept and configuration of Kerberos Security.
Guy
recommends: The SolarWinds ipMonitor
I am attracted to
ipMonitor
because it inhabits that zone of part work, part play; Guy just could not put
the dashboard away. This excellent performance monitor will get you
started in the quest to remove bottlenecks on your network. SolarWinds
provides this fully-functioning product free for 21 days. So download and
install ipMonitor, then start scrutinizing your computers CPU, memory and disk
performance.
Installing ipMonitor is a breeze, but learn from gung-ho Guy's mistake, and
install SNMP on each computer that you wish to monitor. What sealed my
unreserved recommendation of SolarWinds is their support team, you will get
expert help even when you are evaluating the ipMonitor.
Microsoft claim to have examined every line of code
Just in case you always think I take Microsoft's side, my view is it would be
better if Microsoft allowed open access to the code rather like the Linux model.
Nevertheless it is reassuring that they have re-checked the code to look for
security flaws.
Internet Explorer
In IE 6.0 for Windows Server 2003, the Security Level is set to high by
default. This is an example of more security making it more difficult to
use. In fact I found I had to add a server on my network to the Trusted
Zone before I could open an access database across the network.
Default Permissions
The default NTFS permissions ins Server 2003 are: Users Read and Execute, Administrators
Full control, this is much better than the old system where the group Everyone
had Full Control.
Network security is complex. As an MCT trainer, I can thoroughly recommend
TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example
Network Security or go for
a combination of modules.
See more about Network Security training here
