Case Study

Previous page
Table of content
Next page

SCENARIO

ESSENCE OF THE CASE

Following are the essential elements in this case:

  • Security will be implemented in a hierarchical fashion using role-based security templates.

  • Only one forest and only one domain will be created. Organizational Units will thus be used to segment the specific server roles.

  • The FTP servers located in the DMZ will require extra security measures because they are susceptible to more types of attacks.

  • A more secure initial security plan can be implemented because there are no legacy clients to be supported.


You are a network security consultant who has been hired by the ACME Rocket Company to work with its in-house network administrators to plan, develop, and implement a hierarchical role-based server security plan.

When you meet with the company president, he gives you the following information: "I want you to help our administrators get a solid security plan in place for the network. After talking with the CIO, we both agree that the best way to implement security for our network is to assign servers specific tasks and secure them appropriately."

The CIO has the following additional information for you: "We are going to use a role-based approach to secure our network's servers. Each server will be assigned one specific role that will not change. We are implementing a completely new network using all Windows Server 2003 servers and all Windows XP Professional client workstations. We will have only one forest and one domain; all segmentation will need to be accomplished within this domain."

ACME Rockets has the following types of servers planned for its new network: domain controllers, file servers, print servers, IIS intranet servers, and FTP servers that will be located in the DMZ.

ANALYSIS

By default, all domain controllers will be automatically placed in the Domain Controllers OU.

Also, all client workstations will, by default, be placed in the Computers OU. You will want to create an OU called Member Servers and then create additional OUs inside it for the file servers, print servers, and intranet IIS servers. Lastly, you will need to create an OU in the domain root for the DMZ FTP servers.

You will next need to develop a Domain Baseline Security Policy that will be applied to the domain root itself. This security policy will be applied to all computers in the domain. Next , you will want to apply a Domain Controller Specific Security Policy that hardens your domain controllers. You should then apply a Member Server Baseline Security Policy to the Member Server OU that hardens all member servers. Lastly, you should develop and apply a High Security Policy to the DMZ server OU.


Previous page
Table of content
Next page
MCSE Windows Server 2003 Network Infrastructure (Exam 70-293)
MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)
ISBN: 0789736500
EAN: 2147483647
Year: 2003
Pages: 151
Authors: Will Schmied
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
MySQL Stored Procedure Programming
A Practitioners Guide to Software Test Design
101 Microsoft Visual Basic .NET Applications
File System Forensic Analysis
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy