The security built around Active Directory and Windows Server 2003 was designed to protect valuable network assets and address many of the common security problems inherent in Windows NT 4.0. Windows Server 2003 expands on these security capabilities and was specifically designed to address issues such as the problems in Internet Information Server (IIS) that were exploited by viruses such as Code Red and Nimbda. Development of Windows Server 2003 security has also been affected by the Trustworthy Computing initiative by Microsoft, which changed the primary focus of Microsoft products to security. In a nutshell, Microsoft is more focused than ever before on the security of its products, and all new features must pass a security litmus test before they can be released. This initiative has affected the development of Windows Server 2003 and is evident in the security features. Kerberos AuthenticationKerberos was originally designed at M.I.T. as a secure method of authenticating users without actually sending a user password across the network, encrypted or not. Being able to send a password this way greatly reduces the threat of password theft because malicious users are no longer able to seize a copy of the password as it crosses the network and run brute-force attacks on the information to decrypt it. The actual functionality of Kerberos is complicated, but essentially what happens is the computer sends an information packet to the client that requires authentication. This packet contains a "riddle" of sorts that can be answered only by the user's proper credentials. The user applies the "answer" to the riddle and sends it back to the server. If the proper password was applied to the answer, the user is authenticated. Although used in Windows Server 2003, this form of authentication is not proprietary to Microsoft, and is available as an Internet standard. For a greater understanding of Kerberos security, see Chapter 12, "Server-Level Security." Understanding Why Internet Information Server v6 Is Disabled by DefaultOne of the chief criticisms of Microsoft's Internet Information Server and Microsoft products in general, for that matter, is a lack of security built into the products, both right out of the box and during standard operations. Components of IIS, especially Index Server, have proven to be vulnerable to virus and hack techniques such as those demonstrated by the infamous Code Red and Nimbda viruses. For these reasons, Microsoft disabled the Internet Information Server component in Windows Server 2003 by default. In addition, even when it is turned on, certain risky HTML verbs and other types of commonly used IIS exploit commands are disabled. Taking Additional Security PrecautionsActive Directory implementations are, in essence, as secure as the Windows Server 2003 environment in which they run. The security of the Active Directory structure can be increased through the utilization of additional security precautions, such as secured server-to-server communications using IPSec or the use of smart cards or other encryption techniques. In addition, the user environment can be secured through the use of group policies that can set parameter changes such as user password restrictions, domain security, and logon access privileges. |