Tools of the Trade - 01 Feb 2002

When Microsoft Chairman and Chief Software Architect Bill Gates launched his Trustworthy Computing initiative 2 weeks ago, he embraced a new sentiment that rings true throughout IT: Security is paramount. Whether you're leading the world's largest software company or just starting your IT career, you can no longer be complacent about security. Recently, while researching Windows 2000 network security, I found several tools and resources that will prove useful in your daily battles with the black hats and, if you're studying for certification exams, provide a wealth of valuable training information.

The first step in securing any network is to know what kind of traffic typically travels across the wire. If you're learning how to read network packets, I recommend that you load Network Monitor on a Win2K Server machine. Microsoft Systems Management Server's (SMS's) Network Monitor offers a few more features than Win2K's, but either version will get you started. Network Monitor is a great tool for beginners because it translates much of each packet into a format that anyone can understand. Have a good book about TCP/IP protocols on hand to help you interpret what you see.

For monitoring for outside activity on your lines, an Intrusion Detection System (IDS) is a better choice than Network Monitor because an IDS generates alerts when it finds suspicious traffic. Snort is a free IDS that lets you use an easy-to-learn syntax to create rules for triggering alerts. Snort can also create logs of all traffic on your network so that you can identify new attacks, which your current set of rules won't detect. A group of dedicated Snort users responds quickly with new rules when new attacks emerge on the Internet.

For servers that have direct access to the Internet (e.g., mail, Web, and IDS servers), you should implement a hardening process to eliminate potential access points and limit your vulnerability if an attacker does breach your defenses. Microsoft builds its OSs to serve as a platform for all its applications. This design means that many, often unnecessary services are enabled in a standard installation, which isn't good for Internet servers. Most of the process of securing a Windows server entails disabling all but the minimum required services. Other tasks include setting NTFS permissions on hard disks and changing registry values. Stefan Norberg's Securing Windows NT/2000 Servers for the Internet (O'Reilly and Associates, 2001) walks you through the necessary steps to secure Windows servers and explains why each step is necessary.

Another valuable resource is the Windows 2000 Server Resource Kit's "Microsoft Windows 2000 Server Distributed Systems Guide." Part 2, "Distributed Security," gives you a lot of details about how Active Directory (AD) handles authentication in a wide variety of areas. Pay special attention to the sections about Kerberos authentication and IP Security (IPSec), because both protocols are important tools for securing communications between clients and servers. If you're planning to take exam 70-220: Designing Security for a Microsoft Windows 2000 Network to fulfill your design exam requirement, plan to read through all of Part 2.

A benefit of working with the tools and resources I've mentioned is that you'll gain a greater understanding of what happens behind the scenes on a Win2K network. A Windows OS's greatest feature is the ease with which you can learn to use it, but its greatest flaw is that it hides many critical processes behind its GUI. Most users can learn to perform the basic tasks that the standard GUI tools support, but many people become lost when they face a problem that the tools aren't designed to handle. Learning network security will help you as you pursue certifications and as you work in the IT field.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish