Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2003 : Understanding Security Considerations

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
11/10/2011 11:37:13 AM
Most small- and medium-size businesses have several issues to keep in mind when securing their configurations. Some of these might include the following:
  • The organization comprises multiple servers, and many have distinct and independent roles. It is difficult to be consistent and strict enough with a security policy when multiple machines are performing different functions, each with its own security requirements.

  • Older operating systems and applications are in use. Older programs and systems often use programming and communication techniques that, although secure enough when they were developed, can be exploited easily by today's automated attacks. It can be problematic to ensure these older platforms are supported correctly and are protected adequately from a constant security threat.

  • In some markets and professions, you must deal with legal procedures, protections, and consequences. For instance, in the medical profession, the Health Insurance Portability and Accountability Act (HIPAA) has presented some challenges regarding data privacy and safekeeping that are making life more "interesting" (in the ancient-Chinese-curse sense of the term) for IT personnel. Such legislation and regulation can alter your security policy in specific situations.

  • There might be a lack of physical security at the site, which makes moot any computer-based security configurations you plan to make. After all, if someone can make off with your domain controller, all bets are off.

  • There might be a lack of security expertise among the technical employees at your company. Constructing and then implementing a security policy is a challenging task that requires patience and knowledge. Lacking these two qualities can make for a painful process.

  • There might be threats—internal, external, or even accidental—that could damage your systems or harm the valuable data contained therein. Take a hurricane, for example. What happens when looters grab the backup tape from the regional bank whose walls have collapsed during the storm? What kinds of bad things might those thieves do with that information?

  • Finally, the most common scenario, there are limited resources—in terms of both money and labor—to implement secure solutions.

Of course, not all of these conditions apply to all businesses, but it's very likely that each is an obstacle that most organizations run into.

1. Principles of Server Security

Server security operates off the CIA principle , which is depicted in Figure 1.

Figure 1. The CIA principle of server security

CIA stands for confidentiality, integrity, and availability. Confidentiality is the concept that information access is protected and restricted to only those who should have access. Integrity is the concept that information is protected from being tampered with or otherwise modified without prior authorization. And availability refers to ensuring that access to the information is available at all times, or at least as often as possible.

Keeping the CIA framework in mind, you can take a number of different security approaches at the server level. One of the most successful methods of preserving confidentiality, integrity, and availability is the layered approach, which both reduces an attacker's chance of success and increases his risk of detection. The layered approach comprises seven layers, each with its own methods and mechanisms for protection.


Data level

The data level guards against malicious activity performed on the actual data. Protection at the data level includes ACLs and encrypting file systems. Safeguards at this level cover the confidentiality and integrity levels of the CIA triangle.


Application level

Application-level security protects individual programs from attack. Security at this level can include hardening the applications themselves, installing security patches from the vendors, and activating antivirus software and performing regular scans. Safeguards at this level cover the integrity and availability levels of the CIA triangle.


Host level

Protection at the host level secures the computer and its operating system from attack, which nearly eliminates the potential for attack on the data and application levels. Protection at this level includes hardening the operating system itself , managing security patches, authentication, authorization, and accounting, and host-based intrusion detection systems. Safeguards at this level cover the integrity and availability levels of the CIA triangle.


Internal network level

The organization's network is the next level, which protects against intruders entering at the perimeter and sniffing traffic, looking for keys to accessing levels higher than this one. Protection at this level includes segmenting your network into subnets, using IP Security (IPSec), and installing network intrusion detection systems. Safeguards at this level include all facets of the CIA triangle: confidentiality, integrity, and availability.


Perimeter level

The perimeter is where the internal network connects to other external networks, including those to other branches of the same corporation and connections to the Internet. Perimeter-level protections might include firewalls and quarantining virtual private network (VPN) and dial-up access. Safeguards at this level include all facets of the CIA triangle: confidentiality, integrity, and availability.


Physical security level

The physical security level involves protecting the real estate in which the business practices. Guards, locks, and tracking devices all comprise protection at this level. Safeguards at this level cover the confidentiality and integrity levels of the CIA triangle.


Policies, procedures, and awareness level

This level involves educating users as to best practices and acceptable and unacceptable methods of dealing with information technology. Safeguards at this level can include all facets of the CIA triangle: confidentiality, integrity, and availability.

Other -----------------
- Microsoft Content Management Server : Moving Postings
- Microsoft Content Management Server : Copying Postings
- Upgrading to Systems Management Server 2003 - Upgrading a Primary Site & Upgrading a Secondary Site
- Exchange Server 2007 : Securing Access to ActiveSync Using Internet Security and Acceleration (ISA) Server 2006
- Exchange Server 2007 : Working with ActiveSync Policies
- Microsoft Lync Server 2010 Edge : Reverse Proxy Configuration (part 3)
- Microsoft Lync Server 2010 Edge : Reverse Proxy Configuration (part 2)
- Microsoft Lync Server 2010 Edge : Reverse Proxy Configuration (part 1) - Create Web Listener
- InfoPath Designer 2010 : Create an InfoPath 2010 Add-In & Create a Custom Task Pane
- InfoPath Designer 2010 : Access Your Form Within a Visual Studio Workflow
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server