IT442 – Fall 2010 Bruce Mahfood Project 2 Part 1 – Windows Server Security Concepts Objectives: Learn how to allow only the access that is necessary from external and internal sources. Users need only so much access to do their jobs. The server configuration will focus on authentication and authorization. Microsoft started as a company that made things very easy to use. Starting with Server 2003 Service Pack 2 (SP2) Microsoft started locking things down. They learned the lesson that making the system simple to use can cause many security holes. Book references: The reading for this project is found in Chapter 3, pp. 37-54. Lab activities: Start Windows Update and update the computer. If the update window says that the system is up to date, click on “Check for updates” to make sure. If no updates, then continue. Complete all activities given in the chapter, following them step by step. We will cover the command line in more detail in Project 4, but please complete the command line activity as it is given. o NOTE: Use the password “d4f5g6!7&8*9(“ for the user Joe. For one thing, the password given in the book doesn’t work on this system, and also, this is a much better example of a good password. In this case, it’s not something you remember as a phrase, but as a pattern for your fingers. o NOTE: Some things are slightly different with the version of WS2008 used in the book and the one that we have installed. You will have noticed this already from project 1. On page 51, the author gives an example of a filled out SACL list, but the window he has us open up is empty. Go ahead and click Add, enter the object name Everyone in the object name area, and click Ok. Don’t bother to actually select any options in the resulting window, but this gives you a better view of what will be shown in the SACL list. o Pull down the “Apply onto” list to see the ways that you can apply these settings to the folder chosen. 1 On page 53, go to Server Manager > Configuration > Local Users and Groups > Groups to see a list of available groups on the system. If you click on Users, you will see the list of users defined. In either of these you can right click within the right panel to create new objects as needed, whether user or group. Now go ahead with step 9, a, b, and c, on page 53, adding and removing users and groups that are defined on your system. Useful information: Microsoft was faced with a serious problem concerning how to provide security over the network. Information needs to be accessed by different types of personnel within an organization. Different people need different levels of access. Human Resources needs access to employee data, while Accounting needs access to financial information. Microsoft tackled the two main challenges of authentication and authorization by use of a security system called Kerberos (named after the three-headed dog guarding Hades who was able to look in multiple directions at the same time. The Kerberos security that Microsoft implemented attempts to provide multiple checks at the same time. Written Assignment – Part 1: For this assignment, a written narrative will be turned in next Monday at the beginning of class. This is to be a separate document to the written assignment for answering questions that will come with Part 2. 2