Windows 2003 Security

Most users log on to their local or remote computer using a username and password. Even though there is new techniques of authenticating, such as smartcards, biometrics and on- time passwords, many organizations still rely on the traditional method.To impose password policies, strong passwords meeting a number of complexities must be enforced. The complexity is centered towards the length of the password and character categories. You log onto the machine using an account which has membership of the Domain Admins group. Open the administrative tools and then select active directory users and computers. Right click at the root container of the domain and select properties (Shinder 2003).  At the properties dialog box select the group policy tab and then create a new group policy object, give it a name and then close the window. Edit the group policy object by selecting the following varied options according to your level of enforcement: enforce password history; maximum password age, minimum password age, minimum password length, password must be able to meet complexity requirements and store passwords using reversible encryption.Strong persistent security policiesSecurity policy refers to a set of rules, objectives and requirements for systems. The rules are meant to guide the behavior of the user and the administrator A strong and persistent security policy is one which has hard properties to initially break and incase it that happens even harder properties are preserved at the subsequent steps. This is enforced by the separation of data based on confidentiality and integrity requirements. Concept of windows logon authenticationIt is an idea or generalization that was implemented in windows architecture to provide security and also verify access towards protecting critical areas of the system. This concept is timeless. It involves a window and some text boxes. It helps discover user identity and determine authenticity (Freud 1914).Authentication model used to secure data transmission involving users and IISWe have the basic authentication over SSL model. The model includes a request object which is received from browser’s end user. A response object sends information to the browser to be displayed to the user. A session object initiates and maintains information about current user. Application object manages states shared across various web class instances. Server object determines specific objects to be applied web class instances. Browser type object determines abilities of user browser and a decision is made depending on the information obtained. Another model is Kerberos-only version, digest authentication, NTLM and integrated windows authentication.Use of DMZ to protect a networkThe term DMZ refers to Demilitarized Zone. It is an area segment on a network used to act as a boundary between the internal network of an organization and external network. It consists of servers which provide services to internet users such as ftp, email (POP3, IMAP4, SMTP) web and DNS servers. To create DMZ you require a firewall with at least three or more network interfaces. Assign to each interface a specific role i.e. the internet (External un-trusted network), DMZ network and internal trusted network. Next you configure DMZ with firewall rules to protect internal network from the internet. This makes it difficult for an attacker to penetrate internal network because the furthest access he can get is the DMZ hosts.Connection Point ServiceA connection service point is an object class used in schema services. It supports services that need to publish themselves explicitly within the active directory. These services use abstraction such as RnR or RPC name Service. This service point is also used by a client to obtain the necessary information to bind the service.Securing an active directoryAn active directory is the database for all network resources and hence its security is of tantamount to importance. A breach of security can lead to loss of information or disclosure of very crucial information (Artol & Bartol 2005). There are common practices which when employed by the server administrator can be helpful in hardening the active directory. These are: protecting the default administrator account by renaming, securing the guest account, enabling group policy auditing, securing administrator work stations, controlling logon processes, manage delegation of tasks, minimizing number of administrator accounts just to name but a few.The practices listed above are attained by use of group policy, configuring IP security for active directory data replication and denial of anonymous user access. Through auditing we can see events happening on a network. In active the directory security we will audit privilege use access. If you have a domain controller you will audit user logon events (either logon failure or success depending on the number of users on the network).I will audit object access for fservers (Atkinson & Raynor1974).  Audit account management to prevent malicious privileged account creation. Auditing of both successful and failed policy change e.g. changes to user rights. Auditing of process tracking, directory service auditing, and event viewer auditing and finally auditing system events.Role-based access, Access group/resource group, Access group/ACL, User/ACLRole based access is granting a user access to certain resources on the network depending on the user’s role within the organization or an application. User/ACL is for management of basic access to limited resources for a small number of users and it only applies to principal accounts being added to ACL for a resource. Access group/resource group involves security groups being added to resource ACL and assigned a set of permissions. Access group/ACL occurs when users with similar roles are given permissions to perform carry out predefine tasks based on authorization rules (Adler1956).End to end encryptionEnd to end encryption refers to a technique where by an encrypted message is send from an origin point to destination. It is assumed that the recipient and sender of the message share a key and the recipient is able to decrypt the received information.SUS serverSUS refers to software update services. SUS server is a server that handles software patch database and it’s used to distribute the patches to client machines on the network according to the set configuration.Concept of Radius serversThis refers to a networking protocol that implements and permits remote access of resources. For example, a user sends a login request to a RADIUS client, the client sends the encrypted message to the RADIUS server which performs authorization and accounting and shares the secret information with the client   The server employs the concept of authentication, authorization and accounting. Due to its robustness it is used by wireless networks, ISPs, Access points, Network ports, integrated email and web servers.