To wrap up our preparations for the 70-298 exam, we closed with an overview of improving the security of client workstations. Because client workstations often prove to be the point of entry for many attacks and attackers , whether its through a weak password, a laptop, or desktop session thats left unattended, or through a user opening an infected e-mail attachment, planning for client security is a critical piece of any network security design. Patching and updating servers and services is clearly only one piece of the security puzzle; including workstation security concerns in your security design will be crucial to its overall success. To help you in this, we examined various ways to improve or maintain the overall security of the workstations on your network, including ways to secure the client operating system and enforce anti-virus protection for all of your users. We also looked at patch management, which has become a hot topic for security-conscious administrators everywhere.
Another issue to consider when securing your network clients is that of authentication protocols. While wed obviously all like to mandate strongest level of authentication available across the board, that wish can be less than feasible in a large environment supporting many different flavors of client operating systems. We looked at the various authentication protocols available for your use, and talked about how to choose the best one to fit the needs of your enterprise, whether that choice was Kerberos, NTLM authentication, Digest authentication for Web applications, or a combination of all three. We also discussed ways to improve the overall security of your user accounts, including the use of the Syskey utility to lock down the authentication process to a degree not previously available.
Finally, we closed with a discussion of remote access, and how to secure this process for your end users. While we already covered VPN technologies earlier in the 70-298 guide, here we talked about the ways that your remote access choices ultimately affect your end users. This extends to your choice of remote access medium, remote access protocols, and the use of remote access policies to restrict and secure remote access attempts. We closed with a discussion of Internet Authentication Service, or IAS, which is Windows Server 2003s RADIUS implementation for large-scale or heterogeneous remote access deployments, as well as some new features in Windows Server 2003 that greatly improve your ability to administer and secure the remote access process.