CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [122]
Real World Scenario
Security from a Windows Server 2003 Administrator’s View
As a security administrator, you’ll need to evaluate the security issues for Windows Server 2003:
1. Go to http://www.microsoft.com/technet/security/prodtech/windowsserver2003/W2003HG/SGCH00.mspx.
2. Beneath the Download link (on the right), choose Get the Windows Server 2003 Security Guide. Read it and pay particular attention to the Threats and Countermeasures discussion.
3. Go to http://www.microsoft.com/technet/community/columns/sectip/st0805.mspx and read the Security and Compliance Solutions Guidance list posted there. Clicking on Security Tip of the Month columns will open up a plethora of useful articles.
It cannot be overstated enough—the network is only as strong as its weakest component. If users can install software, delete files, and change configurations, then the actions they perform can also be performed by illicit software programs such as viruses and malware as well.
Hardening the OS and NOS
Any network is only as strong as its weakest component. Sometimes, the most obvious components are overlooked, and it’s your job as a security administrator to make certain that doesn’t happen. You must ensure that the operating systems running on the workstations and on the network servers are as secure as they can be.
Hardening an operating system (OS) or network operating system (NOS) refers to the process of making the environment more secure from attacks and intruders. The following sections discuss hardening an OS and the methods of keeping it hardened as new threats emerge. They will also discuss some of the vulnerabilities of the more popular operating systems and what can be done to harden those OSs.
The current exam doesn’t test specifics of operating system hardening. However, you should know and understand the general principles of hardening. Each product has a different set of procedures and methods to accomplish this. Review your software and hardware vendors’ websites, literature, and installation documentation to more fully understand these procedures.
Configuring Network Protocols
Configuring an OS’s network protocols properly is a major factor in hardening. PC systems today primarily use TCP/IP, but for the exam, you should pretend that they use three primary network protocols:
■ NetBIOS Extended User Interface (NetBEUI)
■ Transmission Control Protocol/Internet Protocol (TCP/IP)
■ Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)
Each of these protocols can transport the Microsoft native networking protocol Network Basic Input/Output System (NetBIOS) across networks. NetBIOS protocol-enabled systems periodically announce names, service types, and other information on the networks bound to them. NetBIOS is also used for programming interfaces and other purposes.
For several years, Microsoft has been suggesting that TCP/IP be the primary network protocol used in networks. The company is concentrating more effort in making this protocol secure.
In looking at the large picture, don’t overlook the simple things. Applications such as Netscape, Internet Explorer, and Office are susceptible to exploitation. Make sure that all your applications are up to the current release level and that all security patches have been installed.
Firefox is a browser gaining market acceptance because there are currently fewer exploits for it than other browsers.
In the following sections, we’ll look at how network protocols are configured, how they’re installed, and how they operate in a PC environment.
Network Binding
Binding is the process of tying a network protocol to another network protocol or to a network interface card (NIC). In a Microsoft network, NetBIOS can be bound to any of the three protocols mentioned in the previous section.
For example, binding NetBIOS to TCP/IP encapsulates NetBIOS messages into TCP/IP packets. TCP/IP can then be used to send NetBIOS traffic across the network. This binding process is where you’ll find