In this chapter, we took a birds eye view of the process of securing a Windows Server 2003 enterprise network. As you can see, quite a bit of planning and preparation work needs to take place before you can dive right in and start recommending or configuring new technologies. Before you can get into these kinds of specifics, you should first analyze the organization that youre working with to determine what its security needs really are . Just as a house needs a proper foundation before it can support rooms, windows, and pretty colors on the walls and floors, designing a secure network requires you to start at the very beginning when working with any enterprise network.
When looking at an organizations security needs, you should begin with any existing security policies or procedures that the organization might already have in place. We started this chapter with an in-depth examination of how to analyze a companys business requirements for network and data security. This included looking at these existing security policies and procedures, either to incorporate them into a new security design, or to determine the kinds of changes they would need to work within a Windows Server 2003 network. Examining existing security policies extends to technical measures like analyzing security requirements for different types of data, since some kinds of data might be subject to specific security or retention policies, and some data is simply more mission-critical or sensitive than others. We also looked at administrative procedures such as being able to balance security and usability for users on a network, along with raising security awareness to better involve your user base in the security process. As a network administrator, you will need to balance the human and the technical in order to create the best security design for your organization.
After youve taken the crucial first step of determining your organizations security needs, the next thing you need to determine is what types of attacks your network will be subjected to. The bulk of this chapter dealt with many of the common attacks that an enterprise network will face, many of which youll even hear about on the evening news as large Internet-based attacks spread quickly and multiply at an unbelievable rate. And since even the most secure network can never be 100-percent free from security risks, we looked at ways to organize an Incident Response plan, and how to prioritize a limited security budget to offer the best and most cost-effective security for your network even when working on a fixed budget.
We closed this chapter with a discussion of interoperability concerns, and the challenges created by the integration of down-level or third-party operating systems and services into a Windows Server 2003 network. Most real-world enterprise networks require some level of support for heterogeneous computing systems, whether its NT4 client workstations that havent been upgraded, or a pre-existing UNIX infrastructure. Knowing how to integrate these technologies into your security design scheme will be a critical task in preparing for the 70-298 exam, as well as in your real-world adventures as an MCSE.