Project 2 Part 2
Windows Server Security Concepts
Learn how to allow only the access that is necessary from external and internal sources.
Users need only so much access to do their jobs.
The server config
uration will focus on authentication and authorization.
Microsoft started as a company that made things very easy to use. Starting with Server
2003 Service Pack 2 (SP2) Microsoft started locking things down. They learned the
lesson that making the system
simple to use can cause many security holes.
The reading for this project is found in Chapter 3, pp. 37
(25 points) Answer the following about authentication and authorization:
What is the difference be
tween the two practices?
Why is it necessary to have both of these practices implemented on a server
What would happen if the server was only set to authenticate users?
Is it possible to remove authentication and still have authorization
services on a
server? If so, how, and what would be the difference in how it functioned. If not
In your own words, give a definition for biometric authentication, and say whether
its use for server login would make a system more secure. If so,
how? If not,
(10 points) Every time a client asks for data from a Windows 2003 / 2008 server, the
server makes sure it is sending that data to an authenticated client. What does Kerberos
do that makes it possible for such a client to securely receive
data without sending a
password over the internet for each call? Why does this ensure that the data access is
(15 points) What is a SAM file on a Windows server? What
file is it (which is a
different question from asking
it is)? Wh
at two methods, other than the original
definition of hashing, does Windows employ to make sure that SAM is a very secured
file on the system?