Tải bản đầy đủ - 0 (trang)
Chapter 1. Introduction to Windows Server 2003 Security

Chapter 1. Introduction to Windows Server 2003 Security

Tải bản đầy đủ - 0trang

1.1WhatIsSecurity?

TohaveameaningfuldiscussionofsecurityinWindowsServer

2003,weshouldfirstestablishwhatsecurityis.Adictionary

definitionmightrefertosecurityas"measuresadoptedto

providesafety."Forthepurposesofthisbook,thatdefinition

willworkverywell.

Computersecurityisnotnormallydefinedasastateofsafety.

Rather,itisdefinedasthecollectionofprotectivemeasures

(includingtechnology-basedandnon-technology-based

measures)thatprovideadefinedlevelofsafety.Whensecurity

ismentionedthroughoutthebook,youshouldkeepthis

definitioninmind.Securityisneitherasingleprotective

measurenoracompleteprotectionagainstallattacks.Itisa

setofmeasuresthatprovidethedesiredlevelofprotection.

Manyreadersmaysay"Iwantcompletesecurityformydata

againstallattacks.Tellmehowtodothat."Theonlysolution

thatprovidescompletesecurityistoputthatdataonahard

drive,incineratethedriveuntilitiscompletelyturnedtovapor,

andthenrandomlymixtheharddrivevaporwithoutsideair

untilcompletelydissipated.Anythinglessisacompromiseof

securityintheinterestofanotherbusinessfactorsuchas

usabilityorcost.Theneedforsuchcompromisesisacommon

themethroughoutallcomputersecuritytopicsandisdiscussed

ineverychapterofthisbook.



1.2WhatIsWindowsServer2003?

WindowsServer2003initsseveraleditionsisthelatest

generationoftheMicrosoftfamilyofserveroperatingsystems,

incorporatingtheadvancesachievedbytheearlierWindowsNT

andWindows2000Serverfamiliesofproducts.Theseoperating

systemshavebeentestedandprovensince1993tobeasolid

platformforapplicationsandserver-basedfunctions.

WindowsXPisalsoderivedfromthesamecodebaseas

WindowsServer2003.Thiscommonbaseensuresthatthecore

functionalityofthetwooperatingsystemsremainsidentical.

Thenumerousbenefitsthisapproachprovidesincludethe

following:



Commondevicedrivers

Ifyou'veevergonesearchingforadevicedriverfora

specificoperatingsystem,youcanimmediatelyrecognize

thisbenefit.Hardwarevendorsneedtowriteonlyone

devicedriverthatwillworkonbothoperatingsystems.



Softwarecompatibility

IfsoftwareworksonWindowsXP,it'llworkonWindows

Server2003.



Morestablecore

AlltheworkdonetomakeWindowsXPasolidandstable

operatingsystembenefitsWindowsServer2003,asit's



simplyanextensionofthatwork.WindowsServer2003

benefitsfromhavinghadanadditionalyearof

bulletproofingdoneontopoftheenormousworkalready

doneonWindowsXP.Inaddition,manyflawsdiscoveredin

WindowsXPwerefixedinWindowsServer2003beforeit

evenshipped.



Unifieduserinterfaceandexperience

Althoughsomeofthe"pretty"featureshavebeenremoved

fromWindowsServer2003togainperformancebenefits,

anadministratorwhoiscomfortableworkingwithWindows

XPwillimmediatelyfeelathomewiththeserverversion.

Almostalluserinterfaceobjectsareinthesameplace,

whichdecreasesthetimeneededtomasterthedifferences.

WindowsServer2003istheoperatingsystemplatformthatis

usedbyMicrosoftandothercompaniestorunserver-based

softwaresuchasMicrosoftSQLServerandMicrosoftExchange

Server.ThisrequiresWindowsServer2003tobescalablewhile

achievingthestabilityneededtoprovidecriticalbusiness

servicesandthenecessaryuptime.WindowsServer2003

deliversinalltheseareas.Thisisincontrasttootherserver

operatingsystemsthatusuallyfocusononlyoneofthe

followingareas:rawhorsepower,usability,security,andthe

like.Windowsprovidesstrengthinalltheseareaswithout

significantlydetractingfromanyothers.Inthisbook,I'llfocus

onsecurityandshowhowthebuilt-infeaturesofWindowscan

helpprovideverysecuresolutionswithoutsacrificingtheother

benefitsoftheoperatingsystem.



1.3SecurityDesigninWindowsServer2003

TheWindowsNTandWindows2000operatingsystemswere

designedfrominceptiontobesecure.Bothenforceuserlogon

andensurethatallsoftwarerunswithinthecontextofan

account,whichcanberestrictedorpermittedappropriately.

Windowssecurityisnotlimitedtouserlogon-basedsecurity,

butextendstoallobjectswithintheoperatingsystem.Fileson

theharddrive,entriesintheregistry,softwarecomponentsall

theseelementshaveasecurityaspect.Operatingsystem

componentscanaccessobjectsonlywiththeappropriate

permissionsandcredentials.Thiscanbebothabenefitanda

detriment.

Enforcingsecurityrestrictionsoneverycomponentofthe

operatingsystemcanseemdaunting.Accesschecksmustoccur

whenoneWindowscomponenttalkstoanother.Theseinclude

programs,devicedrivers,coreoperatingsystemcomponents,

andsooninshort,everything.Settingappropriatesecurity

permissionsisataskthatrequiresdetailedknowledgeofthe

subjectandtheinteractionbetweenthecomponentsbeing

configured.Misconfigurationofthesepermissionscouldcause

undesirablebehaviorranginginseverityfromaminorand

easilyfixedproblemtoacompleteandirreversiblelossof

functionality.

Thefactthatthisdauntingsecurityenvironmentispartofthe

fundamentaldesignofWindowsServer2003isabig

advantage.Ifstrongandpervasivesecurityisnotdesignedinto

thecoreofanoperatingsystem(forexample,Windows95),it

isnearlyimpossibletoadditlater.Developersandtestersmay

findholesormakecompromiseswhentheypatchsecurityinto

anoperatingsystem.Legitimatecomponentsmayalreadybe

designedtotakeadvantageofthelackofsecurity.The

environmentwouldnecessarilybelesssecurethanone

designedforsecurityfromthebeginning.



1.4SecurityFeaturesintheWindowsServer

2003Family

Comparedtotheirpredecessors,WindowsNTandWindows

2000providednumeroussecurityfeatures.Infact,sincethe

inceptionofWindowsNTAdvancedServer3.1in1993,the

WindowsNTfamilyhasalwaysprovidedasuiteofsecurityfocusedfeatures.Overtheyears,subsequentreleaseshave

addednewsecurityfeaturesandexpandedexistingones.

Justaswithearlierreleases,WindowsServer2003improveson

previousoperatingsystemreleasesbyenhancingexisting

securityfeaturesandaddingnewones.Someofthesecurity

featuresthatarecarriedforwardfrompreviousversions

include:



Kerberosauthentication

Kerberosisastandardizedandwidelyusednetwork

authenticationprotocol.Originallyincorporatedinto

Windows2000,Kerberosprovidesproofofidentityfor

users,computers,andservicesrunningonWindows2000,

WindowsXPProfessional,andWindowsServer2003.Prior

totheuseofKerberosinWindows2000,NTLMwasusedas

theauthenticationprotocol.WhileNTLMisstillauseful

protocolformaintainingcompatibilitywitholderoperating

systems,itisnotasefficientorinteroperableasKerberos.

NTLMalsohassomesecurityshortfallsthatKerberosdoes

not.KerberosandNTLMaredescribedindepthinChapter

7.



IPSecurity



TCP/IP'susehasbecomewidespread.WhileTCP/IPprovides

enormousbenefitsoverothernetworkprotocols,itisnot

desirablefromasecuritystandpoint.Datasentovera

networkwiththissuiteofprotocolsisnotdesignedtobe

secureandcanbeeasilyinterceptedanddecoded.IP

Security(IPSec)isasetofRFC-basedstandardsthat

defineshowdatacanbesentsecurelyviaTCP/IP.Datacan

beencrypted,digitallysigned,orbothusingIPSec.Many

hardwaredevices,suchasroutersandfirewalls,support

IPSeccommunications.IPSecisavailableinWindows2000,

WindowsXPProfessional,andWindowsServer2003family

products.It'sincorporatedrightintothenetworkingdrivers,

whichallowsittointegratesmoothlywiththeexisting

TCP/IPsoftware.Theimplementationiscompliantwith

establishedstandards,whichallowsWindowsServer2003

tocommunicatewithotherproperlyequippednetwork

devicesviaIPSec.IPSecisdescribedindepthinChapter8.



EncryptingFileSystem

Filesonaharddrivemaybecompromisedwhenthe

physicalsecurityofacomputeriscompromised.Because

physicalsecuritycannotalwaysbeguaranteed,an

additionalmeasureofsafetycanbetakentosafeguard

againstdatastolenfromaharddrive.TheEncryptingFile

System(EFS)canbeusedtoencryptthedatawrittento

theharddrive.Thisensuresthatonlytheuserholdingthe

appropriatedecryptionkeycanretrievethedata.Ifthe

harddriveiscompromisedandthedecryptionkeyisnot

storedonthatharddrive,thedataisnotreadable.EFSis

describedindepthinChapter4.



GroupPolicy



Whenyoucreateasecurityinfrastructure,youwantthe

abilitytomakeconfigurationsettingsforallobjectswithin

thatinfrastructure.Thesesettingsoftenincludeminimum

passwordrequirements,usersessionrestrictions,andso

on.GroupPolicyprovidesamechanismtotransparently

configurecomputerswithinanenterprisewithalldesired

securitysettings.You,asanadministrator,canforceusers

andcomputerstousethesettingsyouwant.Thisallows

youtokeepyourusersmoresecureandprotectthem

againstamultitudeofattacks.Usersdonotknowhowthey

receivethesecuritysettings,andthesettingscannotbe

overriddenwithouttheappropriateprivilege.GroupPolicyis

describedindepthinChapter5.



CertificateServices

Useofpublickeycryptographyhasbecomecommonacross

awidevarietyofapplicationsandservices.Publickey

certificatesareessentialtoprovidingandtrustingthese

keysacrossorganizationsandaroundtheworld.Certificate

Servicesprovidesasoftwareapplicationthatreceives,

approves,issues,andstorespublickeycertificates.This

bookexaminesboththecryptographybehindthe

certificatesandexactlyhowtoplananddeployapublickey

infrastructure(PKI).Publickeycryptographyisdiscussedin

depthinChapter2.Becauseofthecomplexityand

importanceofCertificateServices,itiscoveredindepthin

Chapter9.



Smartcardsupport

AllsecurityinWindowsisbasedontheconceptofauser

context.Thisusercontextisusuallyproventothelocaland

remotecomputerswiththeuseofausernameand



passwordsuppliedbytheuserorsoftwarecomponent.

Becausetheusernameandpasswordarebitsofinformation

auserenters,theycanbereplicatedorstoleninavariety

ofways.Requiringsomephysicalcomponentinadditionto

theusernameandpassworddataaddsagreatdealof

securitytothatusercontext.Smartcardsaredevicesthat

aredesignedtostoreinformationthat,inconjunctionwitha

personalidentificationnumber(PIN),takestheplaceofthe

usernameandpassword.Ifyourequiretheuseofsmart

cards,ausercannotprovehisidentitywithoutboththe

physicalcardandthecorrespondingPIN.Smartcardsare

discussedindepthinChapter10.



1.4.1SecurityEnhancementsinWindowsXP

andtheWindowsServer2003Family

DuringthedevelopmentofWindowsXPandWindowsServer

2003,Microsoftgaveclosescrutinytoallsecuritycomponents.

Thisscrutinyculminatedinamonths-longhalttothe

developmentofWindowssothatMicrosoftcouldtakethetimeit

neededtoexamineexistingcode,processes,andfeaturesfor

vulnerabilitiesandweaknesses.Thesewereanalyzedand

addressedinamethodicalfashion.Occasionallythisreview

borderedonthebrutalinitsresults,withentirefeaturesbeing

removedfromtheoperatingsystemwhentheycouldnotbe

madereasonablysecure.Somelessfrequentlyusedormore

vulnerablefeatureswerenotremoved,althoughtheir

configurationwaschangedtomakethemdisabledornot

installedbydefault.Althoughthiseffortdiddelaythe

productionofWindowsServer2003,itwascertainlyavaluable

investmentoftimeandresources.

BecauseWindowsXPandWindowsServer2003sharemany

commonsoftwarecomponents,someofthesecurity

improvementsaffectbothversionsinthesameway.Besidesthe



strongunderlyingsecurityarchitecture,youcandirectly

observeandconfigureseveralimprovements.Afewofthebig

onesinclude:



EncryptingFileSystem(EFS)improvements

InWindows2000,EFSprovidedencryptionforfileswiththe

DESXencryptionalgorithm(astrongervariantoftheData

EncryptionStandardDES).Thisalgorithmprovidesbetter

dataprotectionthanthegenericDESalgorithm,butseveral

strongeroptionsareavailable.InWindowsXPandWindows

Server2003,EFScannowencryptfilesusingthetriple-DES

(3DES)encryptionalgorithm.Thisimprovementprovides

168-bitencryptionfordata,whichisreasonablyresistantto

mostcurrentattacks.AnotherimprovementtoEFSisthe

removaloftherequirementforadatarecoveryagent.This

allowsyoutoconfigureEFSwithfeweroptionsfor

recoveringdatabutincreasesthelevelofdatasecurity.In

addition,youcanaddmorethanoneusertoanEFSfileto

allowmultipleuserstodecryptthecontents.Thisenables

moresecurefilesharingbothlocallyandoverthenetwork.



Smartcardsupport

Windows2000providedafoundationforsmartcard

support.However,itsusewassomewhatrestrictedtologon

operationswithinanActiveDirectorydomain.Acommon

administrativescenariothatwasnotaddressedbyWindows

2000smartcardsupportwasusingsmartcardcredentials

torunspecificapplicationswhileremainingloggedinasa

differentuser.ThisscenarioisaddressedinWindowsXPand

WindowsServer2003andallowsanadministratorto

remainloggedinasastandarduserwhileproviding

specific,isolatedadministrativefunctionsusingcredentials



fromthesmartcard.



IPSecurity

WhiletheunderlyingcomponentsofIPSecremainlargely

thesameasWindows2000,asignificantimprovementis

introducedforitsmonitoringandtroubleshooting.In

Windows2000,astandalonetoolcalledIPSecMonwasthe

onlywaytodiscoverwhatIPSecwasdoing.InWindowsXP

andWindowsServer2003,anewMicrosoftManagement

ConsoletoolisavailabletomonitorIPSec.CalledIPSecurity

Monitor,itprovidesdetailabouttheoperationofIPSecand

canhelpassessmisconfigurations.IPSecurityMonitor

workswellasacomplementtoothertoolssuchas

ResultantSetofPolicy(RSoP),Netdiag,NetworkMonitor,

andtheIPSeclogstohelpensurethatyourIPSec

communicationsareindeedsecure.



1.4.2SecurityEnhancementsinWindowsServer

2003,StandardServerEdition

WindowsServer2003StandardServeristhefoundationofthe

WindowsServer2003serverarchitecture.Thisversionof

WindowsServer2003issuitableforawiderangeof

applicationsinaserverenvironment,providingservicesfrom

filestoragetouseraccountmanagementtoHTTP.Becauseitis

likelytobeusedformanydifferenttasks,numeroussecurity

improvementsweremadetoWindowsServer2003Standard

Server,including:



EvenstrongerencryptionforEFS



BecauseEFSisastrongmethodofprotectionagainst

physicalcompromiseofacomputer,youwanttousethe

strongestpossibleencryptionavailable.Therecently

finalizedAdvancedEncryptionStandard(AES)algorithm

wasdesignedasareplacementfortheDESsuiteof

algorithms.EFSsupportsfileencryptionwiththisnewAES

algorithm,whichusesa256-bitkey.



EnhancedGroupPolicy

GroupPolicyremainstheeasiestandmostpowerfulwayto

restrictandconfigureauser'sexperience.Because

numerousfeatureshavebeenaddedtoWindowsXPand

WindowsServer2003,newgrouppolicysettingswere

addedtoconfigurethem.Thisallowsthesenewfeaturesto

beusedexactlyasyouwantacrosstheorganizationor

disabledentirelywhenappropriate.Andproper

configurationofallfeaturesthroughrichGroupPolicyis

essentialtodeployingandconfiguringmoresecureclient

andserverenvironments.



SoftwareRestrictionPolicy

Usersrunningarbitrarysoftwarefromunsafesourcesare

someofthebiggestsecurityrisksyouwillfaceasan

administrator.Ensuringtheyareprotectedfromemail

attachmentsandsoftwaresentonCD-ROMorother

removablemediaiscritical.Virusscannersareoften

effectiveincombatingthisissue,butnewvirusvariantsand

methodsappearalmostdaily.Tohelpstoptheproblemat

itssource,WindowsServer2003StandardServerprovides

aspecifictypeofgrouppolicyrestrictioncalledthesoftware

restrictionpolicy(SRP).Thisallowsyoutodescribewhat

programsuserscanorcannotrun.Userswhotrytorun



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 1. Introduction to Windows Server 2003 Security

Tải bản đầy đủ ngay(0 tr)

×