Orange County Computer Consultant

My photo
Orange County Computer Consultant helps small businesses with networking, installations and small business software.

Thursday, November 24, 2005

Windows Server 2003 Security

Windows Server 2003 has some of the following feautres to help protect your corporate enviroment:

There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable thru Windows Server 2003 to allow for better and more secure authentication.

Credential Manager allows secure storage for usernames and passwords as well as certificates.

You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.

Systems administrators can disallow software to run, with the Software Restrcition Policy.

In Windows 2003 you can audit system alerts and even set up audits of individual users!

Account Management logs IP addresses and even calls for Logon and Logoff events.

You can now log security events in real time and export them to a SQL database to anaylze later.

PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate

Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.

Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication.I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.This provides great authetication for users on the move connecting to the corporate networks, or even home. I like open source solutions myself or even third party vendors for encryption such as RSA http://www.rsa.com.