Server Security Management - Case Study Example

Server Security Management Inserts Inserts Grade Inserts 5th November, Introduction Networkadministrators need to have a way of putting in place some controls to help them manage the users of computer systems as well as network resources. This is usually achieved by use of group and user profiles on the server operating systems. A Group Policy Object (GPO) is often used to create rules that are used to manage groups and users on a local area network. The GPO rules will give the administrator reliable and easy control of the work stations, the domains as well as some organizational units (Winkelman, 2009). The concept of roaming user profiles allows users to have the same settings available to a user irrespective of the computer they log on as long as the computer seats on the same domain on the local area network. Once group policies and domain/user rights have been set by the administrator, the user will typically customize his/her account to suit his/her preferences. For instance, a user may make some desktop settings, hide some toolbars and make other changes. The Windows NT group of server operating systems is an example of an operating system that allows for roaming user profiles. Network administrators usually employ a variety of mechanisms to implement the group and user profiles. Mechanisms for implementing group and user policies Access Control List (ACL) ACL is an access control list which houses information that specifies whether or not a user or group has certain accesses and privileges. Network administrators usually make use of ACLs to manage user privileges on a system/network. For instance, a user may be denied the right to download and install software on his workstation or make certain system changes (Strebe, 2004). Group policies The use of group policy administration is the easiest way to implement administrative policies. Users that have the same needs are categorized in groups and the administrator simply manages one group. The changes made on the group will automatically affect the members of the group. When a new user is added to the group, the settings of the group automatically apply to his/her user profile (Strebe, 2004). Password policy Password policy is simply the set of written rules that are part of a security policy that dictate specific password requirements of both device and user passwords. This usually involves a minimum length, special characters, maximum password age, and so on. Think of a Windows OS system which requires at least an 8 character length password. Some websites require passwords with upper and lowercase letters along with a special character. Domain password policy The domain password policy is the password policy that is set within a Group Policy Object. It is a feature that works on the windows server operating systems. After the network administrator sets up a domain password policy, it is replicated to all the domains on the local area network via the Microsoft Active Directory to the domain and subsequently to all the users (Strebe, 2004). User names and passwords This is a technique used by administrators to ensure the security of the user profiles and accounts. Ideally, a user name and a user profile should meet a certain criteria for it to qualify as a valid username or password. For instance, the user name and password might need to fulfill a certain length and the password might need to have a combination of letters, numbers and special characters. As a precautionary measure, some operating systems allow for expiration of passwords. The administrator will set when and if the password is bound to expire after which period the user will have to change his/or her password. Some systems don’t allow for a user to revert to an earlier password as that will pose a security threat. All password resets have to be new and unique (Amoroso, 1994; Crispin et al., 1999). Time of day restrictions This mechanism is used by organizations that have a predefined time for the employees to access the computer system. The administrator will set the time that the system can be logged on to and after the official hours, the system will no longer be available. The idea is to limit any possible attack whether external or internal (Amoroso, 1994). Account expiration Network administrators should set an expiry point for all accounts. For instance, if there is an intern at the organization who will be there for a period of six months, his/her account should not last more than six months. That way, even past employees will not have access to the system. Each and every account on a network needs to have an expiration date. The administrator may also set a rule that will force accounts that are dormant for a given number of days to expire. Part of the clearing process of persons leaving the organization should include manual closing of one’s account by the network administrator if the account had not already expired (Strebe, 2004). Comparison of some server operating systems Windows Server 2003 Windows server 2003 was built as an improvement of windows server 2000. It performs the functions of windows 2000 but does that in a way that is easier to deploy, manage and use. The operating system also has tools for ensuring security, availability, scalability and reliability. One of the important additions that Windows Server 2003 had was the addition of the Microsoft.NET which allows for the interconnection of users, devices and systems. Windows Server 2003 R2 was released in 2005 and it came with the added functions of active directory and other useful user and group management templates (Dundas and Watts, 2004; Hyens, 2006). Novell Netware Novell Netware is thought by many experts to be the best Server Operating System for file and print authentication. It is also less prone to most of the security threats that are characteristic with other operating systems like windows. The operating system is also stable, fast and has a relatively extensible platform. These characteristics are the main reasons why Novell Netware became the only operating system among its peers to survive Microsoft’s monopoly. All the others like Pathworks, 3Open LANtastic and vines collapsed thanks to Microsoft. Netware has increased its integration with Linux as well as a way to support multi boot which makes it to have a strong future as a preferred Server operating system (Al-Shawakfa and Evens, 2001). UNIX UNIX was originally a command prompt language and it was developed in the early 1960s. There are many versions of UNIX like debian, Ubuntu and Suse that now have a Graphical User Interface. Even thought the later UNIX versions have a windows environment, knowledge of the underlying UNIX commands is still needed in order to use the operating system optimally, fact that makes most novice and even some advanced users prefer windows. UNIX is a stable, multitasking, multiuser operating system. UNIX is said to be the most stable operating system. It is less prone to crashing and does not suffer from virus attack since it does not run .exe files. These qualities make UNIX a favorite operating system for many network administrators (Bodenstab, et al., 1994; Alpern and Schneider, 1995). Samba Samba has often been described as an operating system that does what UNIX does but now on a windows kind of platform. The Graphical User interface makes the operating system more user friendly. Just like UNIX, Samba is an open source operating system. Samba offers most of the protocols that are offered on windows 2003 and later servers like file and print sharing as well as user and group policy management. What makes Samba unique is that it can interoperate with other domain servers since it supports active directory protocol. In other word, one can use a standard Microsoft client and TCP/IP. This is desirable since most clients typically run on windows operating system. Samba is also available for Amiga, Open VMS, IBM MVS and even OS/2 (Hunter, P., 2005). AppleShare Appleshare is an embodiment of the widely respected AppleTalk. This makes it the de facto Sever operating system for Mac uses that have not shifted to OS X server. AppleShare also incorporates systems to support windows clients on the network. Apart from the advantage of supporting both Macs and PCs, AppleShare also comes with the functionality of supporting both IMAP and POP for web and email services. OS/2warp OS/2 warp is a product of IBM and is in fact the operating system that inspired Microsoft’s Windows NT family of operating systems. The operating was designed to multitask and that it does very well. It is also a very stable operating system. OS/2 was abandoned by most users when Windows NT came into the market and it seems IBM gave up on future releases but it is still in use and IBM still offers support to its users IBMs OS/2warp is the operating system that Windows NT was designed to copy. Its stable and multitasks well because it was designed from the ground up for it. Windows Server 2008 Like all its predecessors, Windows Server 2008 is built on the Windows NT 6.0 kernel. It comes with most of the administrative functions seen in vista like native IPv6, security and speed advancements, better image-based installation, monitoring, better diagnostics, and native wireless, better tools for event logging and reporting, as well as deployment and recovery. The operating system also has Bit Locker security feature and a much more improved firewall. Other additions include the .Net Framework technologies which are fundamental for message queuing and general windows workflow (Tamara, 2009). Reasons for choosing Windows 2008 Even though Microsoft’s server products are not very popular on the online community, they are still being widely used in the enterprise sector. In spite of the many limitations and shortcomings in the previous windows servers, the introduction of Microsoft windows server 2008 has changed the landscape of computer networks. The network operating system is based on windows 7 which is by far the best operating system that Microsoft has ever had. It is not only very stable but it also uses fewer resources. Actually, the operating system itself uses less that 512 MB of RAM. The other important advantage of the operating system is that supports almost any advanced technology that you can come up with and the best part for system administrators is that it is very easy to manage (Tamara, 2009). Another reason for choosing windows server is that MSSQL is by far the fastest database application on the market today. In fact IIS 7 web server will easily serve up to twice as many concurrent users than Apache. The main reason why people may prefer not to use Microsoft products over Linux products is the fact that Microsoft’s products are not open source which makes it almost impossible to customize them. However, the operating system has been made in such a way that most of the solutions one wants are already provided and if one needs to extend the operating system, there are many extensions, plug-ins and loads of software that are now available to choose from to make the operating system meet ones unique needs to a very great degree. For instance, the “Automate 7BPA server automation tool“is very easy to use and it comes with lots of features to help the administrator manage the windows server more efficiently (Tamara, 2009). Another important reason for choosing windows server is if you intend to run some ASP.NET applications. The language was created by Microsoft and it runs best on a windows server platform. ASP.NET is a very robust programming/scripting language and it is actually faster than most of its counterparts like java and PHP. In addition, the windows server 2008 R2 has the advantage of remote desktop utility. The administrator can be able to log into the server remotely and do all administrative tasks with a speed of 6Mbit download and 1Mbit upload only. Even though Linux also has RDP tools as well, the disadvantage that Linux presents is that there tools are often too difficult to configure unlike the Microsoft one (Tamara, 2009). Conclusion While most of the server operating systems discussed above have their own distinct advantages, windows server 2008 R2 stands out as a preferable operating system for implementation of group and user profiles with roaming profiles. Not only does the operating system have robust security and management capabilities, but it is also easy to deploy and use as compared to UNIX which would be its closest rival. Windows server 2008 is also fast and reliable since it uses up very little resources. While the initial cost of acquisition may be fundamentally higher, it will eventually be cost effective due to its reliability, scalability and robust nature. References Alpern, B., and Schneider, B., 1995.Defining Liveness. Information Processing Letters, 21(4):pp181-185. Al-Shawakfa, E., and Evens, M., 2001. The Dialoguer: An Interactive Bilingual Interface to a Network Operating System. Expert Systems, 18(3) pp.19, 131. Amoroso, E., 1994.Fundamentals of Computer Security Technology. Englewood Cliffs, NJ: Prentice Hall. Bodenstab, T., et al., 1994. UNIX Operating System Porting Experiences. AT&T Bell Laboratories Technical Journal. 63(8), p.9. Crispin C., et al., 1999.SubDomain: Parsimonious Server Security. [Online] Available at [Accessed on 5th Nov. 2011] Dundas, P., and Watts. 2004. Tuning Windows Server 2003 on IBM System x Servers. Available through IBM Red books. [Accessed on 5thNov. 2011] Tamara, D., 2009. Network Operating Systems. Network+ Guide to Networks, 421(483). Hunter, P., 2005.Network operating systems: making the right choices. New York: Addison-Wesley. Hyens, B., 2006. The future of windows. [Online] [Accessed on 5th Nov. 2011] Strebe, M., 2004. Network security foundations. New York: John Wiley & Sons. Winkelman, R., 2009. An Educators Guide to School Networks. [Online] Available at < http://fcit.usf.edu/network/> [Accessed on 4th Nov. 2011] Read More