Designing Security for a Microsoft Windows 2000 Directory
Windows 2000 Security Expert Roberta Bragg discusses how to design security for a Windows 2000 Directory.
Some of the following material was abstracted from an online course being produced for Seattle Pacific University. Courses are a combination of text, rigorous offline practical exercises and online discussion, chat, and media.
Like building architects, artists, and other creators of environments, security architects would prefer blank canvases. The lure of the latest technology, especially that which promises the tightest security, beckons. It would be best if we could pick the products and methodologies that would serve the security goals of our paranoid fantasies, but it would be naïve to do so. Few, if any, organizations have the financial resources to offer this—or, more importantly, the time and effort required to rip out existing systems and put devices in place for our pleasure. Our security design, in most cases, must spring forth from the existing systems and applications. We can replace, upgrade, insert, and migrate, but we cannot ignore the current status quo. In fact, our design can reap great benefits from our knowledge of existing systems. We can move to protect the most sensitive systems or we can protect internal weaknesses by securing the perimeters, but first we have to know what they are. Additionally, we cannot ignore planned upgrades and rollouts. Politics, commitments, and financial impediments to stopping all but the worst assaults on secure practices will force you to factor these systems into your security design.
As a Windows professional, you have already invested time in studying the assessment and mapping of current information systems, technologies, and organizational structures. Now it's time to learn how to take that information and begin to place it within the security framework. Specifically, you want to be able to zero in on the strengths and weaknesses inherent in these existing units. To do so, you must have an overall plan or security policy to follow. Needless to say, many other people in the organization join you in taking security seriously, including the management team.