With the rapid development of network technology and the increasing openness of internet, the type and importance of network application is growing and the network attack is increasing as well. In this situation, how to improve the security and stability of Windows 2003 becomes an important issue that all users should pay high attention to. In order to make better use of this operating system, administrators have to know clearly about all common security mechanisms in Windows 2003.
Security mechanisms in Windows 2003
There are so many security mechanisms in Windows 2003, so we can’t explain them one by one. As a result, we decide to talk about some common security mechanisms in Windows 2003: identity authentication mechanism, access control mechanism, audit policy mechanism, IP security policy mechanism and firewall mechanism.
- Identity authentication mechanism: in fact, identity authentication mechanism has been adopted in various systems as a basic measure to ensure data security. Identity authentication mechanism is mainly used to confirm the identity of any user who tries to access the system. Windows 2003 stores users’ account information in SAM database. The login ID and password that users input must be checked and matched in SAM database. In addition, administrators are advised to set the “Password Policy” in account policy settings of Windows 2003. In general, the identity authentication mechanism of Windows 2003 contains two aspects: interactive login and network authentication. Different authentication methods should be used in different fields according to real demands in order to confirm users’ identity effectively.
- Access control mechanism: as one of the most basic security mechanisms in Windows 2003, access control mechanism is used to limit users’ access to computer. Permission is a vital concept in access control mechanism and it is mainly used to decide the visitors’ access type. There are a lot of permissions in a system: file and folder permission, share permission, casino registry permission, service permission, assigned printer permission, management connection permission, WMI permission, active directory permission, etc. In addition to permission, the main concepts of access control mechanism also include user rights and object review.
- Audit policy mechanism: audit policy mechanism plays an important role in tracking potential security problems and it will provide evidence when safety violation emerges. Before the execution of audit policy, administrators need to create an audit plan so as to determine the resource and type of information that they want to obtain. When creating an audit policy, administrators should consider the number of possible audit, the quality of obtained information and the occupied system resources.
- IP security policy mechanism: Internet Protocol Security (IPSec) is a framework of open standards. The confidential and secure communications over IP network can be achieved through the use of encrypted security services. An IPSec security policy is made up of two parts: IP filter and filter action. IP filter determines which kind of message should attract the attention of IPSec security policy. Filter action refers to the “allowing” or “denying” of such message.
- Firewall mechanism: as a crucial network security mechanism, firewall builds up a security barrier between internal network and external network and machine and network. Actually, Windows 2003 has a built-in scalable enterprise-class firewall – ISA Server, which supports two levels of policy: array-level policy and enterprise-level policy.