NETWORK SECURITY

  • A secure baseline or build involves installing the operating system, applying service packs and hot fixes, and configuring various operating system settings.

  • Service packs and hot fixes eliminate security issues on an operating system.

  • There are risks associated with installing service packs. They should be tested before being deployed in a production environment.

  • System hardening refers to configuration changes made to make an operating system more secure.

  • Windows Server 2003 does not allow you to create non-complex passwords.

  • The principle of least privilege is based on the idea that a user who is logged on should have only the minimum privileges required to perform a task.

  • The Security Configuration and Analysis tool can be used to compare the existing security settings configured on a server against those settings within a template.

  • A security template holds a number of security settings considered to be appropriate for a server, domain controller, or workstation. Windows Server 2003 ships with predefined templates, or custom templates can be created.

  • Security templates can be deployed locally or through group policy.

  • Security settings are automatically refreshed on a domain controller every 5 minutes. Security settings are automatically refreshed on a server or workstation every 90 minutes.

  • The GPUPDATE command can be used to manually refresh security settings.

  • Software Update Services (SUS) is used to distribute software updates to servers and workstations.

  • The updated version of automatic updates can be installed on Windows 2000, Windows XP, and Windows Server 2003.

  • As part of managing and maintaining network security, administrators can use the IP Security Monitor tool to ensure that communication between hosts is indeed secure.

  • The version of IP Security Monitor included with Windows Server 2003 cannot be used to monitor computers running Windows 2000.

  • Network Monitor is used to capture and analyze network traffic. The information can be used to troubleshoot and optimize network traffic.

  • Network Monitor consists of two components : the network monitor driver and network monitor tools.

  • Capture filters can be defined to specify the type of network traffic that should be captured.

  • netsh is a command-line utility that can be used to view or modify the network configuration of the local computer or a remote computer.



Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291)
MCSA/MCSE 70-291 Exam Cram: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)
ISBN: 0789736187
EAN: 2147483647
Year: 2002
Pages: 118
Authors: Diana Huggins

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net