Introduction to Security in Windows Server Server 2003
Good news, at last Microsoft are serious about security in Server 2003. With NT 4.0 and even Windows 2000, ease of use has been the watchword, but now in Server 2003, security is top of the agenda.
My goal in this section is to give you an insight into the range of improvements to security in Server 2003. The pages are full of tips and explanations of how to configure the settings.
Security Topics in Windows Server 2003
- Indications that Microsoft are serious about security
- Accounts Authentication (Logon)
- Active Directory
- Auditing – Tracking Event IDs
- Certificates – Choosing the best system
- IPSEC – Configuring
- L2TP and Certificates – getting it to work
- Kerberos – Theory and practical
- ObserveIT – Auditing and session recording
- Security Snap-in – Use the built-in templates
- Sundry Security improvements
- Syslog Analyzer – Free Utility
- Web Application Scanning
The list below is not meant to be exhaustive, I selected the topics to show the variety of ways that Microsoft are implementing security in Server 2003.
CRL – (Common Runtime Language)
I have chosen CRL first not because its the best security feature, but because it encapsulates the spirit of security in Windows Server 2003. CRL makes a dry run before the code actually executes. It checks that a program can run without errors before actually executing.
Kerberos security deals with all aspects of authenticating users. In practical terms I could break NT 4.0 passwords with a freely available program called L0PHTCrack but Thanks to Kerberos, Windows 2000 and Server 2003 passwords are immune from such attacks. I have a whole page on the concept and configuration of Kerberos Security.
SolarWinds have produced three Active Directory add-ons. These free utilities have been approved by Microsoft, and will help to manage your domain by:
- Seeking and zapping unwanted user accounts.
- Finding inactive computers.
- Bulk-importing new users. Give this AD utility a try, it’s free!
Microsoft claim to have examined every line of code
Just in case you always think I take Microsoft’s side, my view is it would be better if Microsoft allowed open access to the code rather like the Linux model. Nevertheless it is reassuring that they have re-checked the code to look for security flaws.
In IE 6.0 for Windows Server 2003, the Security Level is set to high by default. This is an example of more security making it more difficult to use. In fact I found I had to add a server on my network to the Trusted Zone before I could open an access database across the network.
The default NTFS permissions ins Server 2003 are: Users Read and Execute, Administrators Full control, this is much better than the old system where the group Everyone had Full Control.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
If you like this page then please share it with your friends
- 7 Reasons to Upgrade to Windows Server 2003
- Active Directory DNS
- Migrate v Upgrade
- Active Directory Attributes
- .NET Explained
Train Signal have an excellent Windows Server 2008 course. You get over 70 hrs instruction with Ed Liberman and Ben "Coach" Culbertson. Try their step-by-step videos and master Windows Server 2008 Enterprise Admin.
The package includes the Transcender exams, which are the key to gaining the coverted Microsoft Certified IT Professional certification. However, the course also builds practical experience so that you can manage your network effectively once you complete the course.