Chapter 7. Planning, Implementing, and Maintaining Security Infrastructure

Terms you'll need to understand:

Authentication protocols
Point-to-Point Tunneling Protocol (PPTP)
Rivest Shamir Adleman (RSA)
Microsoft Point-to-Point Encryption (MPPE)
Security Association (SA)
Encryption
Layer Two Tunneling Protocol (L2TP)
IP Security (IPSec)
Encapsulating Security Payload (ESP)
Software Update Services (SUS)
Microsoft Baseline Security Analyzer (MBSA)
Background Intelligent Transfer Service (BITS)
Remote Procedure Calls (RPC)
Public Key Infrastructure (PKI)

Techniques you'll need to master:

Planning a security update infrastructure
Understanding the concepts of MBSA
Understanding the concepts of Software Update Services

To keep desktop and server operating systems in an enterprise (or in a user 's home, for that matter) up to date with the latest software updates from Microsoft, administrators and end users were tasked with monitoring the Windows product pages at the Microsoft Web site for individual updates as they were released and then manually downloading them when they were available. This often resulted in security hotfixes that were not deployed in a timely fashion or, in the worst-case scenario, not at all.

Many enterprises waited for semiregular Service Releases or Service Rollup Patches for updates to their systems, and some waited even longer, deploying updates and upgrades to their standard operating system deployment standards only when Service Packs were released. Although all these efforts are better than performing no updates at all, they were not the best security practices that could have been followed.

Microsoft has been shifting away from ease of use toward securing the platform over the past couple of years as part of its secure computing initiative. Windows Server 2003 is all about being more secure, from services being disabled or not installed by default to assisting users or system administrators with their efforts at keeping their systems up to date and patched.