In the course of expanding of the availability of data networks, systems and applications in various organizations, it turns out to be more challenging to make sure that the network infrastructure is secure.
Advances in security technologies in Microsoft Windows Server 2003 operating software allow various organizations to protect their network infrastructure in a better way. This paper through qualitative analysis of legitimate websites and published work is going to outline the roles of Windows 2003 security policy. An overview of the way these security policies can be used to secure a system will also be provided.1. The roles of Windows 2003 security policyMicrosoft Windows Server 2003 security policies, according to Rampling (2003) takes care of primary security needs, which ensures that the complex security requirements of organizations are met.
Microsoft Windows Server 2003 security policies are grounded on a number of principles. The first one is identification, which ensures that only authorized users and computers have access to resources. Users and computers on a certain network are first identified through setting up as well as maintaining account data for individuals and computers in an easy to access location. The other principle is authentication; a process whereby the information of a user or a computer is validated against the data in a database (Microsoft Corporation, 2003). After verification, the operating system examines the privileges that a user account is assigned to. Data associated with a certain user in the account database is utilized in creating an entry token. Authorization and access control is the other principle.
The rights to have entry to a particular resource, as pointed out by Rampling (2003), are verified in accordance with access control lists related to the resource. The information contained in the access token is compared with the information contained in the authorization and access control lists so as to find out the rights of a user with reference to the resource. The most appropriate site for storing identity information, in Microsoft Windows operating system, is the local security authority. Microsoft Windows Server 2003 comprises of a variety of authentication protocols including secure channel, passport, digest, Kerberos v5 authentication, and NTML (Microsoft Corporation, 2003). These protocols allow for authentication of users as well as computers and other services in a variety of network scenarios. Microsoft Windows Server 2003 security policies makes it easy to apply a single user identity across a local network through locally caching user identification to offer single sign-in during authenticating to system resources on servers that rely on the user’s account domain.
Authentication in Microsoft Windows Server 2003 also comprise of two factor authentication such as smart cards. Smart cards are tamper proof and portable. They help execute a variety of operations including client authentication, code signing, and entry to windows server 2003 domain, in addition to helping secure e-mails (Maiwald, 2003).Confidentiality, the other principle, plays a major role in preventing intentional or unintentional revelation of data as well as of other activities that a user may be carrying out on the data. Integrity of Microsoft Windows Server 2003 makes sure that information contained in a particular file cannot be altered as it crosses exposed portions of network. Nonrepudation is the other principle on which Microsoft Windows Server 2003 is based on.
It ensures that users cannot deny the fact that they sent a particular message and also provides prove that a particular message was sent and delivered on the other end (Microsoft Corporation, 2003).The Microsoft Windows Server 2003 security policy comprises of a variety of components. These include: logon and authentication technologies, authorization and access control technologies, data security technologies, Group Policy technologies, Trust technologies, and public key infrastructure (PKI) technologies (Microsoft Corporation, 2003).
Trust technologies are set up between domains so as to enhance security in addition to business processes for intricate organizations. Group policy technologies comprise of software restriction and security policies that improve security management. Logon and authentication technologies are part of the Microsoft Windows Server 2003 security policy (Rampling, 2003).
These technologies employ built-in aspects of the operating system in order to carry out authentication, a process that is vital to system security. Authentication determines the right of a user or computer to have access to certain resources in the network. Authorization as well as restriction of access in windows is grounded on the rights and permission of users. The rights of users provide specific privileges in addition to logon rights to users in the computing environment.
Permissions describe the kind of access provided to a user to certain resources.As compared to other operating systems, Microsoft Windows Server 2003 provides enhanced security as well as file in addition to web server performance. Microsoft Windows Server 2003 security policy manages the permission as well as the rights of users in accordance with authentication control lists based impersonation model and the novel roles-based safeguarded subsystem model (Danseglio and Allen, 2005). Authentication control lists based impersonation model allows for users and computers to be put in such a way as to manage the rights in addition to permissions of a variety of users and computers concurrently. The new roles-based protected subsystem model assigns users to roles as well as the security setting that give them permission to execute a variety of tasks in accordance with authorization rules that enable users to make use of finely grained control over access restriction. Microsoft Windows Server 2003 security policies provide a base on which administrators can give an account of configurations both for servers and user machines (Microsoft Corporation, 2003).
These policies also enable single to many management of computers and users in a network setting. They offer a base for enforcement of information technology policies. They guarantee a consistent implementation of security setting across the network. They offer a base on which standard computing setting, for users and computers, is efficiently established. These policies also allow for centralization of a variety of duties as well as support tasks that require administrative overhead in addition to resources when operating on other options.
Microsoft Windows Server 2003 group policy technologies, as pointed out by Microsoft Corporation (2003), allows for efficient management of users and computers through making up group policy objects as well as connecting them to an organization domain. Group policy in Microsoft Windows Server 2003, incorporates extensions for security setting, administrative templates, software installation and restrictions, wireless network policies, and remote installation services. Microsoft Windows Server 2003 security policies can be employed as part of general security discharge to assist domain controllers, users, servers and other resources in the organization.
These security policies can be used to take care of network aspects including user authentication to a computer, access to a variety of resources, and membership in a group (Danseglio and Allen, 2005).2. Overview of the use of the policies to secure a systemMicrosoft Corporation (2003), states that if an organization has got active directory, it can act as the central location for managing as well as administering membership of security groups, user accounts, and a variety of security policies in additional to the resources of the organization such as the computers, printers, and servers. If an organization uses active directory as the solid store for credentials, authentication and authorization information can lengthen this restrictive control structure to other applications through Lightweight Directory Access Protocol (Danseglio and Allen, 2005). Following the production of a security context by authentication package, the security context can be provided for use in accessing resources to a variety of applications or services (Rampling, 2003).
Applications provided with the security context can make use of the user’s security context to access resources rather than using the application’s own context. Applications, as indicated by Jones and Rouse (2003), make use of authentication in addition to authorization data to either permit or disallow access to a user. The requirements of various organizations, nevertheless, make additional security strategies necessary. Information technology professionals can make use of information security technologies in Microsoft Windows Server 2003 security policies to compliment various protective aspects that are coded into a particular application (Jones and Rouse, 2003). Encryption is one of the strategies through which data, as is passes through exposed portions of the network, can be protected. System key utility, the other protective strategy, offers additional safeguard against password cracking software.
It makes use of strong encryption methodologies to safeguard account password content that is stored in the directory services. Additional features of the Microsoft Windows Server 2003 security policy can safeguard network information as it passes in an out of site. Internet authentication programs in Microsoft Windows Server 2003 offers safeguard as well as verification for dial in users and for local networks Microsoft Corporation (2003).Microsoft Windows Server 2003 security policies can be employed to improve an organizations capacity of enforcing security policy on its network through reducing the opportunities for malevolent codes to access an operating system and negatively impact on an organization (Danseglio and Allen, 2005). Attackers can make use of hostile codes and social engineering modalities such as worms and viruses to confuse users, making them to activate their malicious code. To safeguard network systems from a hostile attack, administrators can use Microsoft Windows Server 2003 software restriction policies to define the type of applications that are allowed to run on a particular computer as well as those that are not allowed.
Administrators can make use of Microsoft Windows Server 2003 software restriction policies to execute a variety of tasks including counteracting computer viruses, locking down a computer, and running digitally signed scripts (Microsoft Corporation, 2003).