Tape backups are the most common form of fault tolerance.
Chapter 10: Windows Security
This chapter will provide you with all the information you need to understand the major Windows security mechanisms in the Windows NT2000XP family, along with some management advice and practical walkthroughs. But no single chapter, and perhaps not even a single book, could cover the wide array of Windows security mechanisms in complete detail. Once you’ve read this chapter and used the information presented herein to design a security architecture for your network, consult the Internet RFCs upon which most of these standards are based for technical details of their operation. Microsoft’s Resource Kits and Training Kits are the authoritative source for the Microsoft implementation of these mechanisms and should be consulted for configuration- specific information. Windows Local Security Windows security is based on user authentication. Before you can use a Windows computer, you must supply a username and a password. The logon prompt provided by the WinLogon process identifies you to the computer, which then provides access to resources you are allowed to use and denies access to things you aren’t. This combination of a user identity and password is called a user account. logon prompt The interface through which users identify themselves to the computer. user account The association between a user account name, a password, and a security identifier. Note Windows 9598Me has no significant security mechanisms to speak of, and these systems are not in themselves secure, so no information in this chapter applies to them. It is possible for a computer to be set up to automatically log on for you, using stored credentials or an account that has an empty password as is the case by default in Windows XP Home, but an account is still logged on, and the security that applies to that account is used to manage permissions for that user session. Windows also provides Security Groups. When a user account is a member of a security group, the permissions that apply to the security group also apply to the user account. For example, if a user is a member of the “Financial” security group, then the permissions of the Financial security group are applied to the user account. User accounts may be members ofParts
» The process of determining the identity of a user is called authentication.
» Using unpredictable sequence numbers secures sessions against hijacking.
» Biometric authentication includes the use of fingerprints, speech patterns, facial features,
» Connecting to executable content like ActiveX or Java controls that can exploit the
» Why doesnt a digital signature mean that an ActiveX control is secure?
» A security policy describes security rules for your computer systems and defends against
» The first step in establishing a security policy is to establish functional requirements,
» Automated security policies avoid the weakness of having to be enforced by humans.
» Users should not be required to change passwords often; rather, they should select
» Why is it important that every firewall on your network have the same security
» The most important border security measure is to control every crossing.
» Your effective border security is the lowest common denominator amongst the policies
» Theres no way to address computers directly since the public address connection has to use
» What common sense measure can you take to ensure the reliability and speed of a
» What encryption algorithm is specified for L2TP?
» The three fundamental methods implemented by VPNs are encapsulation, authentication,
» IKE enables cryptographic key exchange with encryption and authentication protocol
» Use the same or the fewest possible ISP for all VPN endpoints.
» The most common VPN protocol is IPSec with IKE.
» Are VPNs always the most secure way to provide remote access to secure
» VPN connections are potentially dangerous because the VPN endpoint could be exploited,
» Laptops are easy to steal and may contain all the information necessary to connect to the
» Laptops the most likely source of virus infection in a protected network because they are
» Using NAT devices or light firewall devices is the best way to protect home computers
» Encrypting documents stored on the laptop reduce the risk posed by lost information when
» Storing data on removable flash media in encrypted form that is not stored with the laptop
» No. Opening a single secure protocol to direct access is usually more secure than allowing
» Where do viruses come from? 2. Can data contain a virus?
» Do all viruses cause problems? 4. What is a worm?
» If you run NT kernel-based operating systems, do you still need anti-virus
» Where is anti-virus software typically installed?
» Hackers write viruses. Virus Protection
» No. Pure data can be corrupted by a virus, but only executable code can contain a virus.
» No. Only applications that allow you to write macros and which contain a scripting host
» Microsoft Outlook and Outlook Express are susceptible to e-mail viruses.
» Yes. NT kernel-based operating systems are only immune to executable viruses when run
» Why is RAID-0 not appropriate as a form of fault tolerance?
» What are the two common types of clustering?
» The hard disk is the most difficult component to replace in a computer.
» Deployment testing is the easiest way to avoid software bugs and compatibility problems.
» Strong border security, permissions security, and offline backup are the best ways to
» Tape backups are the most common form of fault tolerance.
» An incremental backup contains all the files changed since the last incremental backup,
» RAID-1 and RAID-0 are combined in RAID-10.
» Since you have to leave 1 disk for parity information, the storage available would be 5-1
» Yes. Share security works on FAT file system shares.
» What is the primary security mechanism in Unix? 6. Which component stores permissions?
» Which two commands are typically used to modify ownership and permissions on
» ATT essentially lost control of its development of Unix when they gave it away to
» File system permissions are the primary security mechanism in Unix.
» File inodes store permissions in Unix.
» The GID of the wheel or superuser group is 0.
» Read, Write, and Execute are the basic permissions that can be set in an inode.
» Nothing. Daemons are standard executables that run using SetUID permissions.
» What do IPChains and IPTables provide? 11. What functionality does FWTK provide?
» PAM provides a standardized method for services to authenticate users against a wide
» Yes, Samba passwords are encrypted by default in Windows, and encryption can be
» TCP Wrappers provides protection by replacing the service executable with a service that
» IPChains and IPTables provide TCPIP packet filtering.
» FWTK provides protocol level filtering and a proxy service.
» How do you configure Apache?
» What is taint? Web Server Security
» Microsoft Internet Information Services and Apache serve over 90 percent of the public
» The bugs in the operating system or web server software are the most threatening security
» Closed source and open source operating systems are about equally secure.
» Websites should only be deployed on dedicated web servers, because general purpose
» SSL encrypts web data flowing between the browser and the server.
» You can secure intranet servers by placing them inside a VPN and not making them
» The universal encrypted authentication mechanism is using SSL to secure basic
» Illegal spammers use open relays, relays that will relay mail from any host rather than just
» To close an open relay, require some form of authentication from those who want to send
Show more