Objectives:

Learn how to allow only the access that is necessary from external and internal sources.

Users need only so much access to do their jobs.

The server configuration will focus on authentication and authorization.

Microsoft started as a company that made things very easy to use. Starting with Server
2003 Service Pack 2 (SP2) Microsoft started locking things down. They learned the lesson that making the system simple to use can cause many security holes.
Book references: The reading for this project is found in Chapter 3, pp. 37-54.
Written Assignment – Part 2:
1) (25 points) Answer the following about authentication and authorization: a. What is the difference between the two practices? b. Why is it necessary to have both of these practices implemented on a serverlevel computer? c. What would happen if the server was only set to authenticate users? d. Is it possible to remove authentication and still have authorization services on a server? If so, how, and what would be the difference in how it functioned. If not so, why? e. In your own words, give a definition for biometric authentication, and say whether its use for server login would make a system more secure. If so, how? If not, why?
2) (10 points) Every time a client asks for data from a Windows 2003 / 2008 server, the server makes sure it is sending that data to an authenticated client. What does Kerberos do that makes it possible for such a client to securely receive data without sending a password over the internet for each call? Why does this ensure that the data access is secure?
3) (15 points) What is a SAM file on a Windows server? What type of file is it (which is a different question from asking what it is)? What two methods, other than the original definition of hashing, does Windows employ to make sure that SAM is a very secured file on the system?
1