Chapter 1. Planning and Implementing Server Roles and Server Security

O BJECTIVES

Starting a text devoted to networking with a chapter on security might seem odd, but only if you are still working with the assumption that security is only for secret government research laboratories. Security is now front and center in Windows Server 2003, permeating it from front to back, top to bottom. Thus, it is only fitting that we discuss security and server roles before anything else in this training guide.

Microsoft defines the "Planning and Implementing Server Roles and Server Security" objectives as follows :

Configure security for servers that are assigned specific roles.

• The key to configuring and implementing role-based server security is to recognize the different levels at which security must be implemented. Servers should be grouped in Organizational Units (OU) by role for the purpose of applying security settings to them in an administratively efficient manner.

Plan a secure baseline installation.

• Plan a strategy to enforce system default security settings on new systems.

• Identify client operating system default security settings.

• Identify all server operating system default security settings.

• Windows Server 2003 is the most secure network operating system, out of the box, ever produced by Microsoft. While planning and implementing your overall network security plan, you need to be able to identify and, if necessary, enforce the default security settings on servers and client computers.

Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.

• Deploy the security configuration for servers that are assigned specific roles.

• Create custom security templates based on server roles.

• Not all servers are created alike; this simple fact has been proven time and again to administrators who got caught with their proverbial pants down. To effectively secure servers with varying roles, you need to identify the threats and vulnerabilities that each server faces.

Evaluate and select the operating system to install on computers in an enterprise.

• Identify the minimum configuration to satisfy security requirements.

• A default, out of the box, installation of Windows Server 2003 may not be the best choice for your particular security requirements. Being able to identify the best operating system and the optimal security configuration for that operating system is an important part of your overall network security plan.

O UTLINE

Introduction

Implementing Enterprise Security

Planning Secure Baseline Installations

Identifying Windows Server 2003 Default Security Settings

Identifying Windows XP Professional Default Security Settings

Selecting Secure Operating Systems

Planning and Implementing Role-Based Security Using Security Templates

Introducing the Windows Server 2003 Security Templates

Using the Security Configuration Manager Tools

The Security Configuration and Analysis Snap-in

The Security Templates Snap-in

Group Policy Security Extensions

secedit.exe

Using Role-Based Security Templates

Chapter Summary

Apply Your Knowledge

Exercises

Review Questions

Exam Questions

Answers to Review Questions

Answers to Exam Questions

Suggested Readings and Resources

S TUDY S TRATEGIES

• Become familiar with the topics presented in this chapter, including security templates, Group Policy, and hierarchical organizational systems. All these topics will be important as you plan and implement a security solution for your network.

• Understand the strengths and weaknesses of the different security configuration tools available to you. Each has a specific purpose and can be used to secure your network.

• Get your hands dirty. The Step by Steps throughout this book provide plenty of directions and exercises, but you should go beyond these examples and create some of your own. If you can, experiment with each of the objectives to see how they work and why you would use each one.