|< Day Day Up >|| |
Different computers must be secured in different ways, depending on their roles. Public Web servers must allow incoming requests from browsers and should allow anonymous users on the Internet to retrieve files. Domain controllers, on the other hand, should never accept requests from anonymous users. Therefore, by tuning a server’s security settings to its role, you can reduce the possibility of a security compromise. This chapter shows you how to customize and maintain both network and system security to minimize risks, while still allowing legitimate users to access the services on your network.
Similar considerations must be made for client systems. Your desktop computer should have different security settings than your CEO’s laptop computer, because the CEO stores confidential documents, travels with the computer, and may need to connect to wireless networks outside of the company’s intranet. Sometimes hardening a client computer involves more than restricting access from attackers; it can require ensuring limited access to legitimate users. Many organizations choose to restrict which applications a user can run and what settings a user can change. While users enjoy having the freedom to perform any task on their computers, restricting their activities makes the computers more reliable and decreases help desk costs. This chapter will show you how to configure security for common client computer roles.
After you determine how each computer role should be configured, you must deploy that configuration and then audit your computer systems to ensure that the desired settings are taking effect. Understanding the tools used for analyzing configurations is important, both for maintaining a secure environment and for passing this exam. This chapter provides detailed instructions for validating security settings and critical updates on both client and server computers.
This chapter presents the skills and concepts that are required to configure and manage security settings for common client and server computer roles. If you fulfilled the requirements for previous chapters, then you already have the necessary hardware and software configured. You can use the computers in the state they were in after completing any of the previous chapters, or you can install the software from scratch. To do the practices, examples, and lab exercises in this chapter, you must have:
A private, non-routed network.
Two computers. On the first computer, perform a Microsoft Windows Server 2003 installation with default settings, and assign the computer name Computer1. Add the domain controller role using the default settings, and specify the domain name cohowinery.com. On the second computer, perform a Windows Server 2003 installation with default settings, and assign the computer name Computer2.
|< Day Day Up >|| |