Chapter 19
In the realm of computer security, one of the most common and critical mistakes administrators make is to confuse the presence of security features with a secure system. It's not enough to piece protocols, methods, and algorithms together into a collage of security. In such environments, the weakest link usually goes unnoticed until it's too late. To be effective, system security must be applied as a whole, and it needs to be well designed, complete, and easy to maintain.
Well-designed systems are accompanied by policies that dictate how, when, and at what level security is applied. Complete systems provide multilevel security that is both sound and as transparent to the user as possible. Easily maintained systems allow administrators to centrally manage security and keep track of critical events.
With features like security templates, public-key cryptography, Internet Protocol security (IPSec), and comprehensive auditing procedures, Microsoft Windows 2000 makes it easy to apply security policies to individual computers or to scale them to domains or entire enterprises.
Real World
Security Checklist
Implementing computer and network security is like staying healthy—it's not a matter of just popping some pills or working out regularly; a full-body approach is necessary. As such, Microsoft makes some specific recommendations for keeping systems secure, which we've listed here (for a detailed explanation of these suggestions, see http://www.microsoft.com/technet/security/tools/chklist/w2ksvrcl.asp, or refer to the appropriate sections of this book):