Chapter Scenario: Market Florist

Previous page
Table of content
Next page

Market Florist, an Internet–based company, plans to design the application of consistent security settings to all Windows 2000–based computers on its network. A recent attack on its Web site revealed that some of the servers in the Web farm weren't properly secured. An attacker used the vulnerable servers to falsify flower orders.

Market Florist Domain Structure

Market Florist has three domains within their Active Directory directory service structure, shown in Figure 8.1: marketflorist.tld, ca.marketflorist.tld, and mx.marketflorist.tld. Computers in the Seattle and San Francisco locations have their computer accounts stored in the marketflorist.tld domain, the computers in the Winnipeg office are in the ca.marketflorist.tld domain, and the computers in the Monterrey office are in the mx.marketflorist.tld domain.

Figure 8.1 The Market Florist domain structure

Market Florist Computers

Market Florist is moving toward a pure Windows 2000 network. The progress of the migration is as follows:

  • All servers on the Market Florist network are running fresh installations of Windows 2000. All previous servers have been removed from the network.
  • All client computers are being upgraded to Windows 2000 from previous operating systems. The upgrades to the remaining computers are expected to be completed within the next month.
  • All new computers will arrive with Windows 2000 preinstalled to ensure that the network has only Windows 2000–based computers.
  • All laptop computers were acquired in the last month and were shipped with Windows 2000 preinstalled.

Computer Roles

Market Florist has identified the following roles that Windows 2000–based computers will play on the network, shown in Table 8.1.

Table 8.1 Windows 2000–based Computer Roles for Market Florist

Computer Type Numbers and Locations
Domain controllers (DCs)

Three DCs for the marketflorist.tld domain in Seattle.

Two DCs for the marketflorist.tld domain in San Francisco.

Three DCs for the ca.marketflorist.tld domain in Winnipeg.

Two DCs for the mx.marketflorist.tld domain in Monterrey.
File and print servers

Four file and print servers in the Seattle office. Configured as members of the marketflorist.tld domain.

Two file and print servers in the San Francisco office. Configured as members of the marketflorist.tld domain.

Two file and print servers in the Winnipeg office. Configured as members of the ca.marketflorist.tld domain.

One file and print server in the Monterrey office.
Configured as a member of the mx.marketflorist.tld domain.
SQL servers

Three SQL servers are in the Seattle office. Two are used for internal database applications and the third is used as the database for the Internet Web site.
External Web servers

The ww.marketflorist.tld Web site is hosted by four Web servers configured as a Windows 2000 Network Load Balancing Service (NLBS) cluster to provide high availability. These Web servers are members of a workgroup.
Client computers running Windows 2000 Professional (new installations)

700 client computers in the Seattle office configured as members of the marketflorist.tld domain.

100 client computers in the San Francisco office con– figured as members of the marketflorist.tld domain.

300 client computers in the Winnipeg office configured as members of the ca.marketflorist.tld domain.

100 client computers in the Monterrey office config– ured as members of the mx.marketflorist.tld domain.
Client computers running Windows 2000 Professional (upgraded from Microsoft Windows 95)

200 client computers in the San Francisco office configured as members of the marketflorist.tld domain.

300 client computers in the Monterrey office configured as members of the mx.marketflorist.tld domain.
Client computers running Windows 2000 Professional (upgraded from Windows NT 4.0)

300 client computers in the San Francisco office configured as members of the marketflorist.tld domain.

200 client computers in the Winnipeg office configured as members of the ca.marketflorist.tld domain.
Laptop computers running Windows 2000 Professional (new installations) 300 client laptop computers in each of the three domains used by the remote sales force.

Security Requirements

Market Florist wants to ensure the highest level of security on the internal network. Once the upgrades to Windows 2000 are completed on the client computers, Market Florist wants to prevent down-level clients' computers from accessing resources on the network.

For the external Web site, Market Florist wants to ensure that only necessary services are running on the Web servers in the NLBS cluster. Market Florist wants to use security templates to disable unnecessary services on the Web servers.

The Flower Power Application

Market Florist has developed an application that allows customers to create and then reference user accounts when purchasing flowers over the Internet. To access the software, the customer must complete a form on the ww.marketflorist.tld Web site and provide credit card information. Once the form is completed and the customer information is verified, the customer is able to download the Flower Power application. The application, an ActiveX Control launched within the Web page, allows customers to order flowers quickly without providing credentials other than their customer numbers.

The Flower Power back-end application is installed on the external Web servers. The application requires additional NT file system (NTFS) permissions to be defined for the Flower Power folder structure and for the registry entries created by the Flower Power application.

Additionally, the Flower Power application provides the ability to change the port that the application listens on for connections. Periodically, Market Florist will want to change the port that the Flower Power application listens on for connections. The change will only be made in conjunction with an update to the ActiveX control. Once clients have downloaded the updated ActiveX control, they will connect using the newly defined port.

The port definition is stored in the registry in the following location:

 HKEY_LOCAL_MACHINE\Software\MarketFlorist\FlowerPower\Parameters

Within the Parameters key, the value Port will be used to define the listening port for the Flower Power application. The Port value is a REG_DWORD value type.

Security Requirements for the Internal Network

Although computers with different roles on the network require different security settings, the Market Florist IT department wants all computers with similar roles to have the same security configurations. They don't want inconsistent security configurations like those discovered on the external Web site.


Previous page
Table of content
Next page
Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172
Authors: Microsoft Corporation
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
The Complete Cisco VPN Configuration Guide
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
PMP Practice Questions Exam Cram 2
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy