|
Windows 2003 Server, its workstation cousin Windows XP, and its predecessor, Windows 2000, all bring substantial advances in both reliability and security compared to Windows NT 4.0. However, Windows security has so many different components that just learning them all can be a major conceptual challenge. Additionally, the number and variety of threats to computer security are increasing daily, and the cost of lost, damaged, or compromised data can be very high.
This briefing lays out the main security features in the Windows 2003 operating system family, and puts them all into a "big picture" context. It is intended for any person who must plan, implement, manage, or administer Windows 2003 family security for networked desktop computers, notebook computers, or stand-alone systems. It is not intended as an exhaustive treatment of all the possible security breaches that a Windows network administrator may face, but rather as a framework for understanding, planning, and discussing specific security features, as well as organizational policies and procedures.
A. Pre-Logon Security: Computer Accounts
The first category of Windows security measures is one that a networked computer bumps into shortly after being powered on. Before you even see the logon dialog box, the computer has already "checked in" with a Windows 2000 or 2003 server by means of a computer account. That is, regardless of who logs on to that PC, the server can apply some restrictions to the machine through the use of Registry-modifying policies. (Windows 95 and 98 do not have computer accounts.)
You can think of computer accounts as analogous to a locked gate in front of your house's driveway. Nobody can even get to the front door and present himself for identification before he gets through the front gate. Computer accounts are the first line of defense against harm -but note that they are only effective in a Microsoft network environment.
When you first install a Windows 2000 or XP Professional workstation into a networked environment by joining the computer to a domain, you must do one of two things: Create a computer account for the PC ahead of time (e.g. in Active Directory Users and Computers), or, during the installation, provide (when prompted) the user name and password of a user (such as a domain administrator) with authority to create a computer account on the domain.
To control the operations that any user can perform at any given computer, regardless of the account that the user logs in with, open Active Directory Users and Computers, right-click the domain or Organizational Unit of interest, and choose Properties. Click the Group Policy tab and double-click the entry for the policy object (for example, Microsoft supplies a default domain policy). All of the settings that appear under the node "Computer Configuration" are policy settings that you can make for all computers in the domain. For example, under Computer ConfigurationAdministrative TemplatesSystem, you could set the Disable Autoplay policy to prevent CD-ROMs from running automatically after being inserted into the drive.
B. Logon Security: Getting in the Door
Logon security is the second type of security (the second line of defense, after computer accounts, against both intentional and unintentional harm) that Windows 2000/2003/XP lets you configure. The default behavior is to require a user name and password before you can log on. You can change that behavior for a stand-alone Windows 2000 or XP PC, but think twice before you do. Removing that protection makes your PC much less secure. You can think of logon security and user authentication as a locked front door on your house, with a peephole to identify visitors.
Windows 2000/2003/XP can use various technologies to authenticate a network user's logon request: Kerberos (the default "behind-the-scenes" technology), certificates (optional for secure identification of workstation users), and smart cards (such as SecurID, which require the user to have both a physical credit-card size device and know a password to log on).
B-1. User Names
Every Windows user account must have a user name and a password. A cracker would have to know both the user name and the password to gain access to a system or network. Therefore, choosing a user name has security implications. The less obvious the user name, the harder it is for someone else to guess it.
|
