[ Pobierz całość w formacie PDF ]
.Read EarthWeb's privacy statement.http://corpitk.earthweb.com/reference/pro/1928994024/ch10/10-05.html (3 of 3) [8/3/2000 6:56:33 AM]Configuring Windows 2000 Server Security:Windows 2000 Server Security Fast TrackConfiguring Windows 2000 Server Securityby Thomas W.Shinder, M.D., MCSE, MCP+I, MCT, Debra Littlejohn Shinder, MCSE, MCP+I, MCT,D.Lynn White, MCSE, MCPS, MCP+I, MCTSyngress Publishing, Inc.ISBN: 1928994024 Pub Date: 06/01/99Search this book:Search TipsAdvanced SearchPrevious Table of Contents NextFinally, perhaps the most important is the social engineering aspect of the job.It is the responsibility of an ITTitlemanager to work with the management and executive staff to ensure that the security policy is understood byall members of the organization.Windows 2000 and Security Summary Points-----------Before we can discuss a product s ability or inability to deliver in the area of security, we must first have acommon set of terms and a framework for understanding what security is and why it is needed.Only thencan a conversation be held to determine security policy for an organization.This policy discussion needs tobe cross-functional, and it should involve as many stakeholders as possible.Once these questions areanswered on an individual organization basis, the IT group can then begin the process of evaluatingtechnological solutions and a process evangelism plan that will promote support of the security policies.Windows 2000 security inherits the strengths of Windows NT security.These strengths include the usabilityand integration features that are common to most Windows platforms.The learning curve should be shortand administration fairly straightforward.Some of the new features include a pervasive Kerberosauthentication mechanism that will become the core of Windows 2000 security from this point forward.Kerberos is a well-documented, secure, and mature method of authentication that should serve the needs ofthe Windows network community quite well.The addition of PKI and the Encrypted File System to promotedata integrity and privacy are welcome new features that make Windows 2000 a more plausible environmentin which to store data that might be security sensitive.All these features are either transparent to administrators, or are made easily manageable through the usualadministrator-friendly tools.After policies have been established and processes defined, administrators whodo not need to be security experts themselves should easily accomplish managing the daily administrationtasks.Distributed and partitionable management responsibilities via the MMC and Active Directory also go along way to promote simple manageability.On the downside, there exists the possibility of compromise due to the simple fact that Microsoft operatingsystems are so extensively used and documented.While there is really no way to determine the extent of thecompromise that will be seen, it is a fairly good bet that several thousand self-proclaimed hackers will behttp://corpitk.earthweb.com/reference/pro/1928994024/ch10/10-06.html (1 of 3) [8/3/2000 6:56:41 AM]Configuring Windows 2000 Server Security:Windows 2000 Server Security Fast Trackactively pursuing ways to attack Windows 2000 security features.This is an unfortunate side effect of beingone of the largest computer software manufacturers in the world.You can be assured that the Internet newsgroups, chat boards, and such will be full of ways to get around Windows 2000 security features withinminutes of its release.All the Black-Hats in the world will want to claim ownership of one or more ways tocompromise Windows 2000.FAQsQ: What is this Kerberos stuff, and where does it come from?A: Kerberos is an open specification for authentication.In the strictest sense, it is an algorithm.Itoriginated at MIT and has been widely used in large information systems.It is well tested, mature, andregarded as being very secure.In its complete implementation, it is also fairly complicated.The fullspecification can be found at http://nii-server.isi.edu/info/kerberos.Q: Can I let different administrators administer different security aspects of my environment?A: Yes! By using the MMC and creating custom MMC consoles for each administrator oradministrative role, you can allow different administrators to manage various aspects of your networkand its security policy.Q: We don t have a security plan.How can I get or make one?A: You might consider starting with the suggestions presented in this chapter, and seeing where thattakes you.There are more books on the subject of computer and information system security now thanhave been available before, and your local bookstore is a great place to start.If you have the budget,you might consider retaining a security consultant, even if just to look at your organization and makesuggestions.Full-service consulting organizations are a good place to go for this type of assistance,even if you are just looking for advice.If you find later that you are in over your head, you can alwaysgo back to the consulting firm as your needs arise.You might also want to take a look at the manynewsgroups that discuss security issues in general, and Windows security specifically.Q: How secure is IPSec, and can I trust my network if I use it?A: IPSec is a framework for implementing security components at several stages of the datatransmission process.If they are used diligently, IPSec specified techniques are not only a good idea,but an absolute must if you plan to conduct business across the Internet.It might be a good idea toconsider some of the ways IPSec architecture and techniques might be used inside your organization,behind your firewall as well.You need to understand what it is you are protecting, from whom, andwhy, before any security architecture will be of any benefit.Q: What is PKI?A: Public Key Infrastructure is a framework for providing a public/private encryption scheme
[ Pobierz całość w formacie PDF ]