StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Performance and Security of Windows Server - Case Study Example

Cite this document
Summary
The paper 'Performance and Security of Windows Server' presents Windows Server 2003 which is the next generation of server operating systems. It is more scalable and delivers better performance as compared with previous server products from Microsoft…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.5% of users find it useful
Performance and Security of Windows Server
Read Text Preview

Extract of sample "Performance and Security of Windows Server"

Windows 2003 Server Security Windows Server 2003 is the next generation of server operating systems. It is more scalable and delivers better performance as compared with previous server products from Microsoft. By default the server components of Windows Server 2003 are disabled for security purposes. It is also compatible with older applications. It also has an enhanced Active Directory compatibility. The IIS web server has improved performance and security. Windows Server 2003 also allows multiple DFS roots to be installed and configured on a single server. Microsoft has paid more attention to security in Windows Server 2003. One of the key features of Windows Server 2003 security is the Common Language Runtime software engine. It ensures that programs can be run with the proper permissions and without any errors. It also allows the sharing of encrypted files which allows the person who encrypts any file to give other people the ability to decrypt the file. Offline files can also be encrypted by EFS. Another security feature of Windows Server 2003 is the ability to restrict the software running on any machine using software restriction policies. They can be applied at any level. They are beneficial in preventing the running of malicious programs like viruses and Trojans. Authentication support for Extensible Authentication Protocols has also been provided in the operating system. Further certificates can be enrolled and renewed automatically to deploy smart cards. Other new security features of Windows Server 2003 are the integration of Passport with Active Directory. The operating system also supports the mapping of Active Directory user accounts to passport accounts. Windows Sever 2003 has been designed to provide multiple levels of security to protect data and control the ability of users to access resources. The operating system allows the setting of permissions at File Level, Shared Folder and Active Directory level. NTFS level permissions are set on the files and folders which are present on the server’s disk system. Only authenticated users can access the file system. Shared Folder permissions are accessed by users through shares. These permissions determine the level of access that the user has to the data accessed through the share. They are applied together with NTFS permissions. Permissions can also be set for the share object in the Active Directory. This is done to control access to the share object. Several default permissions are assigned directly to the object once the shared folder is created in the Active Directory (Shinder). Setting user rights and privileges is another way to control access to resources and is one of the key security features of Windows Server 2003. User rights are inherited from parent objects. User rights affect how a user logs on to a system and who can shut down a server. User rights, NTFS and Shared Folder permissions are usually set for an entire group instead of for one single user. Windows Server 2003 offers a variety of permissions and user rights for administrators to configure for different users and organizations. Windows Server 2003 Group Policy Object Editor is a powerful and versatile tool for assigning multiple levels of security according to the users and requirements of an organization. Windows Server 2003 has more security features for IIS 6.0. It disables internet access, scripts and FrontPage extensions by default. No websites are allowed because internet explorer access is restricted to High Security Zone. Authentication settings for IIS control the access of users. It can be configured to enable anonymous access which enables users to access the site without logging on. Another way of authentication is integrated Windows authentication which is secure and hashes the user name and password for network transmission. Digest authentication for Windows domain servers is another security feature of Windows Server 2003. .NET Passport Authentication is a new form of authentication which is a feature of IIS 6.0 (Melber). Windows Server 2003 has many security policies. Account policy allows the administrator to define password requirements and Kerberos key policies. Audit policy protects the computer from failed logon attempts and allows access to specific resources. Another type of security policy is cryptographic policy which gives administrators the ability to control the algorithms used by TLS/SSL. Server 2003 also has domain and firewall policies which allow adding and removing computers and setting standard policies for Windows firewall. Server 2003 also allows the use of smart card usage policy which allows smart cards to be used for authentication. PKI policy allows Server 2003 to support digital certificates issued by the Windows Server 2003 certification authority. EFS is also extensively available in Windows Server 2003. In order to encrypt files and folders, a user must have a valid X.509 certificate. EFS generates a self signed certificate. Server 2003 also has support for IPv6 addressing which uses 128 bit addressing. It also provides better security and performance for IP communications. The large address space of Ipv6 provides extra security by making it time consuming for potential attackers to make network scans of possible addresses. This is a very basic level of security which nevertheless provides some measure of security that is aimed at slowing down any potential intruder. It also has built in support for IP Security Protocol. IPSec provides data confidentiality and authentication using encapsulating and authentication headers. IPv6 also provides support for temporary address support. This can enhance security by providing anonymity for users who access the internet (Melber). Server 2003 has a Security Configuration Wizard which provides a flexible process to reduce any attacks on servers. SCW is a collection of tools which are combined with an XML rules database. Using SCW, administrators can test and deploy security policies. This tool can also roll back security policies and provides native support for security policy management on servers. SCW can be used to determine which services are required, which services need to be run and which services can be disabled. It also can manage network port filtering and control IIS Web extensions which are allowed for Web servers. It can also create audit policies to capture network events. Security policies can be created and tested using SCW. These policies can be for a single server or for groups of servers. Policies can be managed from a single location. These policies allow the hardening of servers from potential security threats. SCW is integrated with IPsec and Windows Firewall. SCW can be used to create port filters and custom scripts to set or modify IPsec. Server 2003 allows the application of Group Policy security settings at the Domain Level. This addresses the account and password policies which must be enforced for all servers in any domain. Group Policy objects allow configuration management solutions to be implemented. Account policies like password policy, account lockout policy and Kerberos policy security settings can be implemented at the Domain Level. Account lockout policies allow the administrator to track the number of failed and successful logon attempts which resulted in the initiation of account lockouts. Password policy settings can also be implemented at the Domain Level. Strong security policies are required for the setting of passwords. Enforce password history is a policy which determines the number of unique new passwords which must be associated with a user account. The default value for setting passwords in Windows Server 2003 is a maximum of 24 passwords. Maximum password age is a policy sets a specific number of days in which a password expires. This makes it difficult for crackers to access a computer before the password has expired. Another policy which can be configured is that of minimum password age which determines the number of days that a password must be used before a user can change it. Minimum password length ensures that passwords have at least a specified number of characters. Another security feature of Server 2003 is that the password must meet complexity requirements. This policy checks all new passwords and ensures that they meet the complexity requirements. Audit policies are another feature of Windows Server 2003. They aim to enhance security by allowing network events to be audited. Audit policies also record user and computer activities in specified categories. Administrators can monitor security objects, users that attempt to log on to any computer and any changes made in audit policy. Audit policies are an integral feature of any comprehensive security plan. They offer a versatile tool for administrators to monitor and track security breaches. Audit account logon events determine whether to audit each instance of a user who logs on to or off from another computer that validates the account. Authentication of a domain user account on a domain controller generates an account logon event that is logged in the domain controller's Security log. Authentication of a local user on a local computer generates a logon event that is logged in the local Security log. No account logoff events are logged. This policy can be effective in configuring various baseline policies. It also effectively logs success and failure events for audit policies (Bird). Audit account management determines whether to audit each account management event on a computer. Organizations need to be able to determine who creates, modifies, or deletes both domain and local accounts. Unauthorized changes could indicate mistaken changes made by an administrator who does not understand how to follow organizational policies, but could also indicate a deliberate attack. This policy allows administrators to check the success values for baseline policies. Audit account management policies are very crucial for network and server security. The NTFS file system with its default permissions and rights has been modified and improved under Microsoft Windows Server 2003. Additional restrictions to execute certain tools have also been added to NTFS file system. These restrictions are helpful as they prevent any potential attacker with privileges to execute any Trojans or malicious software. Several user accounts are built in Windows Server 2003. Guest account is disabled by default during installation of member servers and domain controllers. The built in Administrator account is also renamed to prevent potential attackers from trying to compromise the server. The Windows 2003 server consist of a number of command-line utilities, visual basic scripts, GUI based applications, and documents - all of which you must install from a separate application. The Support Tools are not automatically installed when you install Windows 2003; their installation isn’t an option in the Windows 2003 setup. In order to install it requires approximately 24MB of free space for a full installation. This tools consist of a number of command-line utilities, visual scripts, GUI based applications, and documents. One of the recommended practices for administrators is that the default port numbers for applications should be changed. The Security Event Viewer is another feature of Windows Server 2003 which allows logon auditing. By default Windows Server 2003 disables unnecessary services during installation. However it is also recommended by Microsoft that once the server is fully operational all extra and unnecessary services must be disabled to prevent potential attackers from exploiting vulnerabilities (Bird). Windows Server 2003 offers a versatile and unique way of securing your system. It has many new enhanced security features. Server 2003 also has support for IPv6 addressing which uses 128 bit addressing. It also provides better security and performance for IP communications. The large address space of Ipv6 provides extra security by making it time consuming for potential attackers to make network scans of possible addresses. This is a very basic level of security which nevertheless provides some measure of security that is aimed at slowing down any potential intruder. Windows Sever 2003 has been designed to provide multiple levels of security to protect data and control the ability of users to access resources. The operating system allows the setting of permissions at File Level, Shared Folder and Active Directory level. NTFS level permissions are set on the files and folders which are present on the server’s disk system. Only authenticated users can access the file system. Shared Folder permissions are accessed by users through shares. Server 2003 has a Security Configuration Wizard which provides a flexible process to reduce any attacks on servers. SCW is a collection of tools which are combined with an XML rules database. Using SCW, administrators can test and deploy security policies. This tool can also roll back security policies and provides native support for security policy management on servers. SCW can be used to determine which services are required, which services need to be run and which services can be disabled. It also can manage network port filtering and control IIS Web extensions which are allowed for Web servers. It can also create audit policies to capture network events. Works Cited: Bird, Drew. "Eight Steps to a More Secure Win2k3 Server." Enterprise networking Planet. 2004. 25 Jan 2008 . Shinder, Deb. "Implementing EFS in a Windows Server 2003 Domain." WindowsSecurity.Com. 2006. WindowsSecurity.Com. 25 Jan 2008 . Melber, Derek. "Securing Windows Member Servers." WindowsSecurity.Com. 2006. WindowsSecurity.Com. 25 Jan 2008 . Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Performance and Security of Windows Server Case Study, n.d.)
Performance and Security of Windows Server Case Study. Retrieved from https://studentshare.org/information-technology/1711484-microsoft-server-2003-security
(Performance and Security of Windows Server Case Study)
Performance and Security of Windows Server Case Study. https://studentshare.org/information-technology/1711484-microsoft-server-2003-security.
“Performance and Security of Windows Server Case Study”. https://studentshare.org/information-technology/1711484-microsoft-server-2003-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Performance and Security of Windows Server

Windows Server Deployment: New Features of Windows Server 2012

It includes New Features of windows server 2012, Deployment and Server Editions, Active Directory, DNS and DHCP, Application Services.... hellip; According to (Schaefer 112-140) the new features of windows server 2012 that WAI can take advantages of are.... According to (Schaefer 112-140) the new features of windows server 2012 that WAI can take advantages of are.... This paper shows windows server Deployment Proposal.... Storage Spaces: This is a new feature in windows server 2012 that enables one to use cheap hard drives to make a storage pool which is then divided into spaces used like physical disks....
7 Pages (1750 words) Assignment

New Features of Windows Server

windows server 2012 R2 has an internal database (Windows Internal Database) which can be used by IPAM .... This is possible with Windows PowerShell which is By using windows server 2012, Worldwide Advertising Inc.... because of its support for windows server 2012 and its network operability.... (Stanek, 2013) The network infrastructure will use windows server 2012 R2 Datacenter Edition.... Windows Automated Installation Kit (WAIK) will be used in the installation of windows System Image Manager (WSIM) which in turn will install all the answer files....
4 Pages (1000 words) Term Paper

Securing Windows and Unix/Linux Servers

It is mentioned that operators of windows and Unix Linux servers, which provide network services, should always ensure the servers' security because of the servers' vulnerabilities.... Although network administrators often overlook it, physical security of network servers should always be addressed just like other security issues.... trong passwords are vital in maintaining the security of network servers and are ones that are hard to guess....
3 Pages (750 words) Case Study

Group Policy Software Deployments and GPOs, and Active Directory Maintenance and Disaster Recovery

The paper "Group Policy Software Deployments and GPOs, and Active Directory Maintenance and Disaster Recovery" discusses that the process of restoring a deleted file in windows 2008 is simplified in such a way that the procedures that are tedious in the previous versions of windows are eliminated.... The objects that are deleted are kept in a recycle pin for the rest of the server's lifetime so that any time that the user needs he or she can get it.... In addition, it serves a very crucial role in determining and providing security needs in all the phases of SDLC....
10 Pages (2500 words) Assignment

Inclusion of Windows Deployment Services

ifferent versions of windows server 2012 are available from which different persons and organizations opt for their business and personal needs.... For years, Microsoft has released different versions of their windows server.... The release of the windows server 2012 brought about increased functionality in terms of deployment in which deploying the system is eased.... The Windows Deployment Service is a feature that has greatly revolutionized the windows server functionality and performance....
10 Pages (2500 words) Case Study

Cloud Computing - Windows Server 2012

The author of this paper "Cloud Computing - Windows Server 2012" discusses the release of windows server 2012, the issues and consequences, providing for the administrators and users, the domain design, the main group policy, the DNS servers, file services, and remote services.... This has been marked with the release of windows server 2012, a version that came out with a mix of editions targeting various segments of their customers.... For years, Microsoft has released different versions of their windows server....
10 Pages (2500 words) Assignment

Basic Operating System Security for Spark Computer

… The paper “security of a Computer in a Network, Basic Operating System Security for Spark Computer” is a comprehensive example of an essay on information technology.... The paper “security of a Computer in a Network, Basic Operating System Security for Spark Computer” is a comprehensive example of an essay on information technology.... This paper will try to expound and check into the various ways that can and times be used so in maintaining a secure system that maybe can vary from some strong passwords and some other kind of rules that will assist to enhance the security of the system....
12 Pages (3000 words) Essay

Installing and Managing a Server the Global Solutions Pty Ltd

Back up a recovery strategy The security of the company's data is very critical.... The Global Solutions Pty Ltd which is a marketing company, the security of its data should be enhanced such that it cannot be easily hacked into, and if so, then a chance to retrieve the data should be available.... … The paper " Installing and Managing a server the Global Solutions Pty Ltd" is a good example of a case study on information technology....
7 Pages (1750 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us