Chapter 5: Securing Network Services and Protocols

Introduction

In the early days of computer networks, when users and resources were situated in a single location with no connections to the outside world, protecting a company s data was simply a matter of securing the files and folders that resided on the network servers and client computers. It was a simple matter of ensuring that your internal users had access to the resources they required to do their jobs, without being able to get into areas that they shouldn t. However, as networks have grown in complexity and connectivity, the need to protect network information as it traverses the network has become an increasingly critical issue. Security administrators quickly discovered that data traveling from one location to another ( especially if it traveled over a public medium like the Internet) was at risk of being stolen, altered , or intercepted by a third party. We quickly realized that we needed a way to secure data as it traveled over a network in order to protect its confidentiality and integrity. Windows Server 2003 provides a number of options for securing data as it traverses a network; we ll discuss the most prevalent of these technologies here.

The most exciting advance in Windows Server security in recent years has doubtless been the introduction of IP Security, or IPSec, support within Windows 2000 and Windows Server 2003. IPSec can be implemented at both the server and client level to encrypt data as it traverses even public networks like the Internet, allowing business in multiple locations to transmit data in a secure fashion. We ll take a look at the inner workings of IPSec, and how to implement it within the enterprise using policies that can be applied to an entire Windows Server 2003 domain. We ll also look at how IPSec can effectively function as a firewall within the Windows operating system to perform port filtering or enforce packet signing across a network. We ll also look at ways to secure the Domain Naming System (DNS) service, another common attack vector that needs to be secured on a modern network.

Finally, we ll discuss ways to secure wireless network traffic. Wireless technologies are growing in popularity for both private and public networks, and present their own unique challenges to network security. We ll look at some common vulnerabilities of wireless transmissions, and ways to design a secure wireless LAN for your organization. True, we re covering a lot of material here, but it will certainly illustrate some exciting ways to secure your enterprise network using Windows Server 2003. Developing a firm grasp on the technologies discussed in this chapter will make you a better security administrator, and will be invaluable as you prepare for the 70-298 exam.