One of the biggest keys to effective security is the standardization of the application of security policies across the environment. Windows 2003 continues to support this concept with the use of the Security Configuration and Analysis MMC plug-in. This plug-in enables you to convert your own security policies into a template file that can be applied to other servers. This ensures that servers are configured identically. This can be exceptionally useful for systems configured to sit outside a firewall that are not members of an Active Directory domain and thus aren't managed by Group Policy Objects. Using the Security Configuration and Analysis ToolThe Security Configuration and Analysis tool, which is available in Windows 2003 from the MMC Snap-in, is designed to read specific security information from a server and compare it to a template file. This enables you to create standard templates and see whether servers in their environment conform to those settings. To perform an analysis of a system, do the following:
The system will display all local security settings and show the template recommendation from the database. By comparing local settings to a standard template created by the administrator, settings can be made consistent without steamrollering any required local security settings. Leveraging Secure TemplatesGroups such as the National Security Agency or the National Institute of Standards and Technology have built what they consider to be secure templates for such roles as Domain Controller, Web Server, Application Server, and others. By using these templates as a starting point, you can build customized templates that take NIST or NSA guidelines into account. This makes it much easier to build a secure template as these groups specialized in knowing and understanding computer security. |