Foreword


by Tony Redmond

There is no doubt that Windows has accumulated a bad reputation for security since Windows NT made its debut as Microsoft’s enterprise operating system. Microsoft is partially to blame because its coding practices and development methodologies led to holes that hackers exploited. But perhaps the industry itself is also to blame because all of us have forgotten that computers are complex devices that need to be properly managed before they can provide reliable and secure service. To a large degree, PCs are easy to set up, and it takes only a few minutes to install and deploy software. The same is true of servers, so as Windows NT and later Windows 2000 took more market share, I think we were lured by ease of use and ignored best system management practices built over many years in mainframe and minicomputer environments.

Knowledge is key to developing best practice. If you don’t know your subject inside out, you can’t know how to best take advantage of the features of any tool. Computers are no different, and you cannot expect to approach any aspect of computer infrastructures without knowledge.

Security is possibly one of the most difficult subjects to master, if only because it is so easy to make mistakes and end up with a computer that is insecure and data that is open to all. Windows is no different from other operating systems. It has features that allow you to secure computers, if you want to— and know how to.

Ever since I have known Jan, I’ve admired his dedication in mastering all aspects of Windows security. He has played a key role in educating his colleagues in HP Services through the programs we have to train our Windows technical community, especially in how to develop and implement best practices for security within large-scale corporate infrastructures. His experience is not just theoretical because Jan has had the opportunity to put his knowledge to the test in some of the largest deployments of Windows technology worldwide. He has taken his experience of teaching others and combined it with his knowledge of how things work in real life to produce this book, which I think is an extremely valuable contribution.

Windows 2003 is absolutely the best and most secure operating system Microsoft has released to date, but like anything else, it can always use some help to be even better. No book is ever perfect, but this is probably the best guide you can find to the essentials of securing a Windows infrastructure. It will certainly point you to where you need to do extra research or what you need to concentrate on to deploy best practices within your own infrastructure.

Enjoy!

Tony Redmond
Vice President and Chief Technology Officer
HP Consulting and Integration

by Mark Mortimore

Security is a critical component in delivering on the vision of trustworthy computing. Understanding how to secure and manage access to systems, networks, and data is currently the most sought-after information for IT professionals managing connected infrastructures. For technical professionals, especially in recent years, security is repeatedly identified as the most important area for improvement in terms of how applications are designed, deployed, and maintained. There are several reasons for this need. Most important is the ubiquitous nature of technology in running businesses today. For most businesses, electronic communication, digital information, and technical infrastructure have become the foundation on which business processes are built.

Threats from malicious insiders, cyberterrorists, virus writers, and even unintentional misuse must be prevented to maintain the integrity of these systems. Threats from malicious sources are increasing in frequency and in sophistication. These threats are also being developed and released more rapidly after vulnerabilities are first discovered. Although in most cases remediation is available to counter the threat, the race to deploy these mitigations is producing a burden on IT professionals and unprotected systems that can expose key assets to malicious intent.

At the same time, our data center boundaries are expanding to include distributed servers, broad network accessibility, remote access, wireless networks, mobile and handheld devices, and interconnected business-to-business and business-to-consumer capabilities. In many cases, these distributed systems must have access to data and resources that used to sit safely inside isolated data center cores. I recently had a customer demonstrate a compelling application that allowed him to connect to sensitive customer data and inventory management systems via his mobile phone. Although opportunities for revolutionary advances in productivity, accessibility, and functionality are emerging, the security challenges these advances produce are formidable.

The days where IT professionals can achieve career success by stubbornly isolating data center resources has ended. Businesses require agility and accessibility to remain competitive. IT professionals must architect, deploy, and develop systems that support compelling new functionality and simultaneously safeguard critical systems and data.

Defense-in-Depth methodologies are built on the concept of layered defenses. This means designing systems that are resilient and protected at many levels. This balancing act between providing ever-increasing accessibility while simultaneously protecting critical assets requires considerable technical depth and a solid understanding of how systems work and how the connections between these systems function.

Bill Gates kicked off the Trustworthy Computing Initiative at Microsoft several years ago, and the industry has rallied around this commitment. Across the industry, and around the globe, no one can deny the breadth and importance of this effort. In Microsoft, this has produced waves of enlightenment and sustained growth in awareness and skill. This has resulted in development, deployment, and default configurations that are built around security. In Windows Server 2003, Microsoft has delivered tremendous new functionality enabling powerful new scenarios. For example, multifactor authentication scenarios are made easier than ever to deploy, and hardware and software advances are enabling business to authenticate users by who they are, what they know, and attributes or objects that only authorized personnel possess. Tremendous advances in the infrastructure to secure data and communications are built into the operating system. Another example of advanced functionality includes powerful advances in Active Directory that support more robust authentication and authorization scenarios.

In this book, IT professionals, advanced application developers, and security specialists will find a wealth of information about an array of key security topics. In particular, readers will find deep technical detail here regarding security administration and management, PKI and certificates, authentication, and access control. This information is based on the author’s years of study and experience with leading-edge technologies. This experience is extended through engagements with Microsoft, customers, and an extended team made up of among the most experienced and technically capable specialists in the industry.

The details and specific implementations described here will be of keen interest to technical professionals. What makes this information especially valuable is the integration of technical detail with years of enterprise experience in managing secure infrastructures in the largest and most technically advanced deployments in the world. This real-world experience provides an insight into the practical reality of architecting, deploying, maintaining, integrating, and evolving systems so that these systems are as secure as possible, and stay secure over time.

The importance of deep technical knowledge, architectural depth, and real-world experience can not be overstated. Technical professionals must continue to invest in their education and training to effectively utilize and integrate new technology. This investment will result in an immediate payoff in specific solutions being developed now and deployed locally. Over time, the investment, attention, and diligence of technologists will result in infrastructures that will allow businesses and consumers to move forward with confidence and trust into an era of new opportunity.

Achieving this vision will require diligence and sustained effort. I encourage you to make the investment in developing practical skills, technical depth, and real-world experience. In making this effort we take important steps toward a shared goal.

Mark Mortimore
Senior Technologist
Security and Trustworthy Computing
Microsoft Corporation




Windows Server 2003 Security Infrastructures. Core Security Features of Windows. NET
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net