Chapter 11: Planning, Implementing, and Maintaining a Security Framework


Introduction

Security is one of the most important issues facing network administrators today. Windows Server 2003 contains many features and technologies that can be used to create a more secure networking environment. In this chapter, we’ll look at several aspects of creating an effective security framework for an organization’s network. First, we’ll look at how to plan and implement Active Directory (AD) security. This includes such measures as physically securing domain controllers, securing the schema, managing cross-forest security relationships, account security, and implementing AD access controls.

Next, we’ll discuss the issues and procedures involved in planning and implementing wireless security. We’ll provide an overview of the terminology and concepts relating to 802.11 wireless technologies, and you’ll learn about authenticators and supplicants, as well as how wireless networking works “under the hood.” We’ll discuss authentication methods for wireless networks, including authentication subtypes such as open system and shared key. You’ll learn about the protocols generally used for wireless authentication, including the Extensible Authentication Protocol (EAP), EAP-Transport Layer Security (EAP-TLS), EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MS-CHAPv2), and the Protected Extensible Authentication Protocol (PEAP). We’ll also talk about using Internet Authentication Service (IAS) with wireless. We’ll address wireless security issues such as common insecure default settings (administrative password, service set identifier, and Wired Equivalent Privacy settings) and the weaknesses of Wired Equivalent Privacy (WEP) protocol encryption, as well as how WEP can be made more secure.

We’ll then move onto discuss security monitoring, and we’ll address object-based access control and security policies, including password policies, Kerberos policies, account lockout policies, user rights, and security templates. We’ll also talk about security auditing, and you’ll learn how to set the auditing policy, modify the security log settings, and audit objects such as files or folders. In the next section, you’ll learn about planning a change and configuration management framework. We’ll walk you through the steps of using the Security Configuration Manager tool, as well as command-line tools included with Windows Server 2003. We’ll also discuss security analysis and configuration best practices.

Finally, we’ll take you through the process of planning a security update infrastructure. You’ll understand the importance of regular security updates, and you’ll learn how to use the Microsoft Baseline Security Analyzer (MBSA) and Microsoft Software Update Services (SUS) tools to ensure that your Window Server 2003’s security features are always current.




MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure. Exam 70-293 Study Guide and DVD Training System
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System
ISBN: 1931836930
EAN: 2147483647
Year: 2003
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net