Windows Server 2008 and Security
Windows Server 2008 security adheres to several significant principles, chief among which is access control. Access control depends on user identity, and normally attaches to user accounts. To access a Windows Server 2008 computer or network, users must possess a user account with a valid username and password. But then, anyone who knows a valid username and password combination can gain access. Thus, both usernames and passwords for user accounts must be protected.
Windows Server 2008 includes several new features and functions to help make it more robust, secure, and reliable than its predecessors. Its services can be componentized into discrete roles necessary to sustain specific network functions such as DHCP or DNS, and they're hardened against various forms of remote attack. Windows Server 2008 also incorporates Network Access Protection, Federated Rights Management, and Read-Only Domain Controller capability to further strengthen its security posture to help protect your organizational assets.
Let's briefly define what some of these features do:
- Network Access Protection isolates noncompliant computers that violate organizational policy to provide restriction, remediation, and enforcement.
- Federated Rights Management services provide persistent protection for sensitive information, reduce risk, enable compliance, and deliver comprehensive data protection.
- Read-Only Domain Controller capability enables Active Directory Domain Services deployments with restriction to replication of the full Active Directory database for stronger protection against data theft.
The following paragraphs define and detail the fundamental principles, policies, and procedures behind a solid security posture. These apply equally to any organization, no matter how large or small its operational capacity.
Usernames are more than just names
Protecting usernames isn't always simple, but a little effort subverts easy attacks. Here are a few precautions you can take:
- Make usernames complex: Don't create usernames that employ just the first or last name of a person. Combine two or more elements to create a name, such as first name, last name, initials, department code, or division name. You should also avoid using users' e-mail addresses to name accounts. This makes guessing user names a bit more difficult. Even if a hacker knows your naming convention, making usernames complex makes brute-force attacks, in which every likely or possible password is attempted, more difficult.
- Rename common accounts: These include the Administrator, Guest, and IUSR_<servername> (created by Internet Information Services, or IIS) accounts. Rename these to something descriptive but not easily guessed. Then, create new dummy accounts with the original names that have absolutely no access. This serves as a decoy for hackers, effectively wasting their time and giving you more opportunity to discover who they are. You can even monitor access to these accounts to observe when would-be attackers are seeking unauthorized access.
- Include a restriction to prevent users from employing their network logon usernames as logon names anywhere else: In other words, a user's network logon name shouldn't be used as a logon name for Web sites, File Transfer Protocol (FTP) sites, or other external systems. If users don't use the same logon names everywhere, they'll be less tempted to use the same passwords everywhere as well.
Even with these precautions, usernames can be discovered. The important issue here is to make obtaining any data item needed to log on to your network as difficult as possible. After a username is known, the responsibility of protecting your network rests on the strength of its associated password.