Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] - نسخه متنی

Roberta Bragg

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Windows Server 2003 Security: A Technical Reference

By Table of Contents | Index

If you''''re a working Windows administrator, security is your #1 challenge. Now there''''s a single-source reference you can rely on for authoritative, independent help with every Windows Server security feature, tool, and option: Windows Server 2003 SecurityRenowned Windows security expert Roberta Bragg has brought together information that was formerly scattered through dozens of books and hundreds of online sources. She goes beyond facts and procedures, sharing powerful insights drawn from decades in IT administration and security. You''''ll find expert implementation tips and realistic best practices for every Windows environment, from workgroup servers to global domain architectures. Learn how to: Reflect the core principles of information security throughout your plans and processes Establish effective authentication and passwords Restrict access to servers, application software, and data Make the most of the Encrypting File System (EFS) Use Active Directory''''s security features and secure Active Directory itself Develop, implement, and troubleshoot group policies Deploy a secure Public Key Infrastructure (PKI) Secure remote access using VPNs via IPSec, SSL, SMB signing, LDAP signing, and more Audit and monitor your systems, detect intrusions, and respond appropriately Maintain security and protect business continuity on an ongoing basis"Once again, Roberta Bragg proves why she is a leading authority in the security field! It''''s clear that Roberta has had a great deal of experience in real-world security design and implementation. I''''m grateful that this book provides clarity on what is often a baffling subject!"James I. Conrad, MCSE 2003, Server+, Certified Ethical Hacker James@accusource.net"Full of relevant and insightful information. Certain to be a staple reference book for anyone dealing with Windows Server 2003 security. Roberta Bragg''''s Windows Server 2003 Security is a MUST read for anyone administering Windows Server 2003."Philip Cox, Consultant, SystemExperts Corporation phil.cox@systemexperts.com"Few people in the security world understand and appreciate every aspect of network security like Roberta Bragg. She is as formidable a security mind as I have ever met, and this is augmented by her ability to communicate the concepts clearly, concisely, and with a rapier wit. I have enjoyed working with Roberta more than I have on any of the other 20 some odd books to which I have contributed. She is a giant in the field of network security."Bob Reinsch bob.reinsch@fosstraining.com"Windows Server 2003 Security explains why you should do things and then tells you how to do it! It is a comprehensive guide to Windows security that provides the information you need to secure your systems. Read it and apply the information."Richard Siddaway, MCSE rsiddaw@hotmail.com"Ms. Bragg''''s latest book is both easy to read and technically accurate. It will be a valuable resource for network administrators and anyone else dealing with Windows Server 2003 security."Michael VonTungeln, MCSE, CTT mvontung@yahoo.com"I subscribe to a number of newsletters that Roberta Bragg writes and I have ''''always'''' found her writing to be perfectly focused on issues I ''''need'''' to know in my workplace when dealing with my users. Her concise writing style and simple solutions bring me back to her columns time after time. When I heard she had written a guide on Windows 2003 security, I ''''had'''' to have it.Following her guidance on deployment, her advice on avoiding common pitfalls, and her easy to follow guidelines on how to lock down my network and user environments (those darned users!) has me (and my clients) much more comfortable with our Win2k3 Server deployments. From AD to GPO''''s to EFS, this book covers it all."Robert Laposta, MCP, MCSA, MCSE, Io Network Services, Sierra Vista AZrob.laposta@cox.net"Roberta Bragg has developed a ''''must have'''' manual for administrators who manage Microsoft Windows 2003 servers in their organizations. The best practices for strengthening security controls are well organized with practical examples shared throughout the book. If you work with Windows 2003, you need this great resource."Harry L. Waldron, CPCU, CCP, AAI, Microsoft MVP - Windows Security Information Technology Consultant harrywaldronmvp@yahoo.com"Roberta Bragg''''s Windows Server 2003 Security offers more than just lucid coverage of how things work, but also offers sound advice on how to make them work better."Chris Quirk; MVP Windows shell/user cquirke@mvps.org"This book is an invaluable resource for anyone concerned about the security of Windows Server 2003. Despite the amount and complexity of the material presented, Roberta delivers very readable and clear coverage on most of the security-related aspects of Microsoft''''s flagship operative system. Highly recommended reading!"Valery Pryamikov, Security MVP, Harper Security Consulting valery.pryamikov@harper.no"As long as you have something to do with Windows 2003, I have four words for you: ''''Order your copy now.''''"Bernard Cheah, Microsoft IIS MVP, Infra Architect, Intel Corp. bernard@mvps.org"Roberta Bragg has developed a ''''must have'''' manual for administrators who manage Microsoft Windows 2003 servers in their organizations. The best practices for strengthening security controls are well organized, with practical examples shared throughout the book. If you work with Windows 2003, you need this great resource."Harry L. Waldron CPCU, CCP, AAI Microsoft MVPWindows Security Information Technology Consultant
توضیحات
افزودن یادداشت جدید







Rule-Based Versus Role-Based Access Control Systems


Computer access control systems can be defined according to the way that they are used. The two most often specified access control systems are rule-based access control and role-based access control. Rule-based access control requires that specific rules be written that determine who can access what. An example of rule-based access control is the Access Control Lists (ACLs) written for firewall and router configurations that allow or deny access to networks. A rule-based system for users would include a multitude of rules or statements that would indicate which files, printers, or other resources a specific user could use. Rules might state things such as "JohnP can read the chapter_5.txt file, MaryJ can read and write the Septaccount.txt file, and AndrewJ can configure TCP/IP." Rule-based access control is difficult to implement as a management control for large numbers of users.

NOTE: MAC and DAC

Another way of looking at access control is by specifying the implementation of rules using either Discretionary Access Control (DAC), where access to resources is determined by resource owners, or Mandatory Access Control, where access to resources is determined by matching one's assigned level to the level assigned to the resource. Windows systems natively use DACs.

Role-based access control is based on the assumption that people use computer systems to do a job. If you can translate the job needs into computer-speak, you have defined a role and can implement it on a computer. For example:

The need to access a records room is translated into accessing a file server over the network.

The need to issue a check in payment is translated into the ability to run a specific computer program.

The need to access a group of documents is translated into granting file access permissions for the group of documents.


Implementing Role-Based Access Control in a Windows Server 2003 Network


A strict definition of role-based access control requires implementing the role by writing a script that assigns the rights and permissions needed by the role. Then, to give users the access they require, you administratively assign users to the role. While this method can be used in Windows Server 2003, role-based access control is more frequently implemented by using the following:Chapter 4, "Restricting Access to Software; Restricting Software's Access to Resources."Default Operating System User Roles." Each default Windows group has assigned rights and predefined object permissions. To assign an individual user to one of these roles, you simply make that person a group member.Chapter 11, "Securing Infrastructure Roles," provides information on how to secure these roles. Chapter 13, "Implementing a Secure PKI," defines Certificate Services roles and additional methods for securing a Certification Authority.

Custom roles are useful when the existing operating system roles may not be granular enough for your purposes. Perhaps you want a role, such as Help Desk Operators, that can reset users' passwords but that does not have full Administrator rights. Or perhaps applications that you need to run do not present defined roles for their use. For completeness, you can build additional roles either by creating custom groups or by writing applications that create their own roles.



Chaos Rules


There are other methods of managing access control for Windows systems. While doing a security review for a large enterprise, I found that access to systems and to resources was granted based on the last call to IT. In other words, if access to a resource was needed, a manager would call IT and ask for it. That was all that was necessary.

If someone found that he could not read a file, connect to a specific server, access systems remotely, or otherwise do something on the network, he simply requested the ability to do so. In most cases, his requests were granted without review. In a few cases, an ordinary user's request was ignored, but any management request was granted. Large numbers of ill-named (no idea what they were for) and ill-conceived groups existed, and there was no control over the rights and privileges granted to these groups. Some privileges and file access were also granted to individual accounts.

To be fair, in most cases, the owner of the resource was the one requesting access, and so the access was most likely granted to legitimate valid users.

However, because there was no real control over the process and no standard procedures for granting or applying permissions, there was really no good way to determine this. In addition, there was no reasonable way to remove access when an individual left the company or transferred to another job within the company.

Having no control, no approved policy or procedure, and no documentation that details what was done and by whose authority is not all that unusual.


/ 194