The key to a successful implementation of secured wireless technologies is to begin with the end in mind. Never use a wireless LAN without some type of encryption, and be mindful of the type of encryption you plan to use. The standard WEP encryption should be the minimum level of encryption
When planning a wireless LAN implementation, an RF site survey can validate the number of access points needed to achieve the appropriate coverage in the facilities being used. Look at end
Because Windows Server 2003 has built-in 802.1x encrypted wireless support, it requires the client system to be running Windows XP Service Pack 1 or later. The existing system configurations become important in the implementation of a secured wireless environment. An organization has the choice of lowering security to the
Lastly, creating wireless access policies and enforcing the policies becomes extremely important. Keep your network secure by keeping everyone informed of the security risks of setting up their own rogue access points. Perform periodic network
By designing a secure network, and then monitoring and managing the secured infrastructure, an organization can improve its level of security support throughout the organization.
Chapter 3. Integrating Smartcard and Secured Access Technologies
In this Chapter
Smartcards and other security hardware have been around for several
Windows Server 2003 has made the deployment of such security devices much more straightforward. The incorporation of Group Policy templates,
Maximizing Certificate Services Implementations
Creating a Public Key Infrastructure (PKI) environment takes quite a bit of time and planning to build and effort to maintain. Administrators often have to plan well beyond the current levels of hardware and software available to them at the time of implementation. If the company's PKI infrastructure was built on Windows 2000 the administrators may want to improve their environment with new functionality built in to Windows Server 2003.
With the advancements in Windows Server 2003's Certificate Services and Group Policies much of the administrator's time, planning, effort, and wishes will finally pay off. Creating and issuing certificates to computers and users has become much easier to deploy and ultimately to maintain and manage.
Using Windows Server 2003 Updates
Administrators have at their disposal a very
Choosing the CA Roles
Administrators have many choices in their enterprise security architecture. One of the choices
The Server Does Not Have to Be a Domain Controller
Administrators can install an Enterprise CA on any domain member server. The server does not have to be a domain controller. This practice is
The most important CA role, as it
For Administrators to Enable Support of Certificate Autoenrollment...
For administrators to enable support of certificate autoenrollment, the Enterprise CA must be installed on either a Windows Server 2003 Enterprise or Datacenter Edition server.
Using the Web Enrollment Site to Obtain Certificates
Users and computers that are not domain
The Enterprise CA is an ideal solution for a network with a Windows Server 2003 domain. All domain members can be assigned certificates via Group Policy “based certificate autoenrollment. You can limit the scope of autoenrollment by assigning permissions to the certificate template.
By using the security access philosophy of "Something you know, something you have, and something you are," information technology administrators can significantly increase their network security. The more you can do to keep people from impersonating valid log-in attempts, the more secure the data and network resources will become. To detail the best practices that lead to secured information system access, the three items are as follows:
End users in a less than secure environment can easily use someone else's username and password. This is especially
By using a physical device such as a smartcard, secure ID, or other device, administrators can be more assured that users are actually who they say they are when they log-in.
The machines that are authenticated in Active Directory are usually known entities. This piece of information gives you a good idea of where the user is logging in from.
Sending certified, or signed, e-mail in an application such as Outlook can be performed using smartcards. Using certificates stored on the smartcard to sign the end-user's e-mail enables the recipient to know that the sender is who he actually says he is. Certificates can also be used to make sure that only the intended recipient can open and read the e-mail sent.
Encrypted File System (EFS) can be employed to secure sensitive company data. This is especially critical for administrators who are tasked with protecting data on laptops and other portable devices.
Windows Server 2003 now supports EFS on offline folders and multiple user access. It is also harder for unauthorized recovery of EFS folders by third parties. EFS
Smartcards can be incorporated into a company's identity badge that has a radio frequency identification (RFID) capability. Card readers can be installed on the exterior, or on critical access internal doors.
Maintaining an accurate record of smartcard holders and what level of access they have can be extremely useful. All entry