While SMS can be used to enforce proper security on your network, in this context we are talking about properly configuring the product's security configurations. If your SMS 2003 installation were to become compromised it would not be pretty, potentially exposing every machine SMS communicates with on your network. In order to properly configure your SMS environment, you need to understand all of the involved components of a typical SMS system and their corresponding security considerations. We will briefly review the following technologies and how they support the SMS 2003 security environment:
Operating system security
SQL server security
SMS 2003 runs on the operating system (OS) as well as using its file-sharing capabilities to communicate between SMS sites, component servers, and clients. You should understand accounts, groups, and domains. SMS services and components can use a variety of OS accounts for their security context. For more information, see the Windows integrated help system or any Windows OS security document.
Windows 98 is not considered to be a secure OS; thus, the client side of the SMS security model is not applicable to clients running Windows 98.
SQL Server provides SMS with its site databases. As with any other application connecting to SQL Server you can opt for either integrated security or SQL server security. These days SQL Server security is discouraged but still an option. For more information see SQL Server Books Online (BOL).
A common reason to still use SQL Server Authentication is when clients are running on Windows 95/98.
SMS utilizes WMI for several tasks, including the following:
Performing hardware inventory on client machines
As an interface to the site databases for both the server and the client
Storing configuration data
When a user requests WMI resources, WMI security authenticates the user for both local and remote resources. On Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, a user can specify another credential for remote resources. You can configure local or remote WMI properties via the MMC snap-in, wmimgmt.msc. For more information see http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_wmi_control.mspx.
SMS uses IIS to support its management point, server locator point, and reporting point sites. Thus, it is beneficial to understand basic IIS security. While IIS security is important for SMS regardless of the configuration, when you have advanced security mode–based sites (see the "SMS Security Enhancements" section) the importance is escalated because:
The site server's computer account has administrative privileges on other machines.
The SMS site server manages its local files and registry entries via the Local System account. Any software that runs in the Local System context of IIS has equal access to those same entities.
IIS offers three varying levels of application protection modes: low, medium, and high. SMS 2003 uses the high application mode. With the arrival of IIS 6 came the idea of application pools; basically, application pools allow individual web sites to operate autonomously. Thus, if one site experiences problems, those problems would not affect the entire IIS server. Microsoft recommends using the latest version of IIS available. (At the time of this writing, IIS 6 is the latest production web server.) Disable IIS functions you do not require (this is good practice in general as well), including the usage of the IIS Lockdown tool. For more information, see http://www.microsoft.com/WindowsServer2003/iis/default.mspx.
Network security is beyond the scope of this book, but that does not diminish its importance. You should have a solid understanding of network security concepts to ensure network traffic between SMS sites, systems, and clients are secure. SMS can use encryption, hashing, and signing algorithms to encrypt network traffic.
One of the most, if not the most overlooked aspect of information system security in general is physical security. IT professionals (including yours truly) will spend countless hours doing their best to ensure their systems are secure, only to leave the server room unlocked after they're done working. One of the designs behind SMS is to not assume client machines are physically secure; thus SMS clients have no capability to compromise SMS's security model. Excluding SMS clients, the following SMS entities could compromise the entire SMS security model:
You should ensure that physical access to the preceding nodes is restricted to only those who require it. SMS is a network management product; it only makes sense to restrict who can access it. We will not go into details about physical security but the list that follows contains some of the more common forms of physical security in a data center:
Typical door lock
Badge with "swiper"