Chapter 1: Designing a Secure Network Framework

Introduction

Securing a Windows Server 2003 enterprise network is hardly a small undertaking, but it becomes quite manageable if you approach it in an organized and systematic way. Before we can get into the specifics of configuring software, services, and protocols to meet an organization s security needs, we first need to determine what those needs are. In the first chapter of this guide, we discuss the importance of understanding the Why? of the security design process before plunging headlong into the What? and How.

In attempting to answer that all-important Why? we open this chapter with a look at analyzing a company s business requirements for securing its network and data. This includes examining any existing security policies and procedures with an eye toward how they might be incorporated into the new design, or how they might need to change to accommodate a new security framework. This step includes technical elements such as analyzing security requirements for different kinds of data ”some financial or medical data might be subject to specific security or retention policies that a network administrator will need to address ”and more human elements such as managing user expectations of security versus usability, and designing security awareness training to transform a user base from obstacle to ally.

Once you ve determined your organization s security needs, your next questions is, Whom are we securing our data against ? ( Knowing your enemy is a mantra to live by, whether you re Sun Tzu or a network security administrator.) This chapter delves into the kinds of common attacks that an enterprise network might face, and what motivates both internal and external attackers . We also look at the steps needed to create a workable Incident Response Plan. After all, no matter how well you design your security system, you will almost certainly find yourself the victim of some type of security incident; it s how you respond to such an incident that can make or break a company s network.

As a final note, we discuss the challenges that interoperability presents to the creation of a security plan. In a perfect world, we d certainly all like to be using nothing but the latest and greatest operating systems and hardware, but reality is often far different. Real-world security planning will often require you to integrate earlier Microsoft operating systems into your design scheme, as well as non-Microsoft and third-party systems and services. Because of this, understanding how Windows Server 2003 can enhance the security of both homogeneous and heterogeneous networks is a fundamental part of preparing for the 70-298 exam.