Chapter 19 - Implementing Security

Chapter 19

In the realm of computer security, one of the most common and critical mistakes administrators make is to confuse the presence of security features with a secure system. It's not enough to piece protocols, methods, and algorithms together into a collage of security. In such environments, the weakest link usually goes unnoticed until it's too late. To be effective, system security must be applied as a whole, and it needs to be well designed, complete, and easy to maintain.

Well-designed systems are accompanied by policies that dictate how, when, and at what level security is applied. Complete systems provide multilevel security that is both sound and as transparent to the user as possible. Easily maintained systems allow administrators to centrally manage security and keep track of critical events.

With features like security templates, public-key cryptography, Internet Protocol security (IPSec), and comprehensive auditing procedures, Microsoft Windows 2000 makes it easy to apply security policies to individual computers or to scale them to domains or entire enterprises.

Real World

Security Checklist

Implementing computer and network security is like staying healthy—it's not a matter of just popping some pills or working out regularly; a full-body approach is necessary. As such, Microsoft makes some specific recommendations for keeping systems secure, which we've listed here (for a detailed explanation of these suggestions, see http://www.microsoft.com/technet/security/tools/chklist/w2ksvrcl.asp, or refer to the appropriate sections of this book):

  • Implement appropriate physical security for servers and network hardware (and desktops as necessary).
  • Eliminate FAT (make sure all hard disk partitions are using NTFS).
  • Rename the Administrator account, and create a strong password for it (use a different password for each server).
  • Set appropriate password policies and account lockout policies for your network.
  • Disable unnecessary services, especially IIS. If not doing file or printer sharing, disable the Server service.
  • Don't install unnecessary applications such as e-mail, Microsoft Office, or utilities.
  • Disable unnecessary accounts.
  • Check folder permissions.
  • Disable the Guest account.
  • Protect the registry from anonymous access.
  • Apply appropriate registry ACLs.
  • Restrict access to the Local System Authority (LSA).
  • Remove unnecessary file shares.
  • Install antivirus software and the latest virus definition files.
  • Install the latest service pack.
  • Install security hot fixes, as appropriate for your network.



Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net