Security in Windows Server 2003

Guy Recommends

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

---

---

OpusFlow Exchange
Group Calendar

Introduction to Security in Windows Server Server 2003

Good news, at last Microsoft are serious about security in Server 2003.  With NT 4.0 and even Windows 2000, ease of use has been the watchword, but now in Server 2003, security is top of the agenda.

My goal in this section is to give you an insight into the range of improvements to security in Server 2003.  The pages are full of tips and explanations of how to configure the settings.

Security Topics in Windows Server 2003

• Indications that Microsoft are serious about security
• Accounts Authentication (Logon)
• Active Directory
• Auditing - Tracking Event IDs
• Certificates - Choosing the best system
• IPSEC - Configuring
• L2TP and Certificates - getting it to work
• Kerberos - Theory and practical
• Security Snap-in - Use the built-in templates
• Sundry Security improvements
• Web Application Scanning

Indications that Microsoft are serious about security

The list below is not meant to be exhaustive, I selected the topics to show the variety of ways that Microsoft are implementing security in Server 2003.

CRL - (Common Runtime Language)

I have chosen CRL first not because its the best security feature, but because it encapsulates the spirit of security in Windows Server 2003.  CRL makes a dry run before the code actually executes.  It checks that a program can run without errors before actually executing.

Kerberos Security

Kerberos security deals with all aspects of authenticating users.  In practical terms I could break NT 4.0 passwords with a freely available program called  L0PHTCrack but Thanks to Kerberos, Windows 2000 and Server 2003 passwords are immune from such attacks.  I have a whole page on the concept and configuration of Kerberos Security.

Network security is complex.  As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Network Security or go for a combination of modules.  See more about Network Security training here

Microsoft claim to have examined every line of code

Just in case you always think I take Microsoft's side, my view is it would be better if Microsoft allowed open access to the code rather like the Linux model.  Nevertheless it is reassuring that they have re-checked the code to look for security flaws.

Internet Explorer

In IE 6.0 for Windows Server 2003, the Security Level is set to high by default.  This is an example of more security making it more difficult to use.  In fact I found I had to add a server on my network to the Trusted Zone before I could open an access database across the network.

Default Permissions

The default NTFS permissions ins Server 2003 are:  Users Read and Execute, Administrators Full control, this is much better than the old system where the group Everyone had Full Control.

More Topics on Security in Server 2003

• Accounts Authentication (Logon)
• Active Directory
• Auditing - Tracking Event IDs
• Certificates - Choosing the best system
• IPSEC - Configuring
• L2TP and Certificates - getting it to work
• Kerberos - Theory and practical
• Security Snap-in - Use the built-in templates
• Sundry Security improvements

 .