Information Technology Reference
In-Depth Information
As an IT Director and Microsoft Trainer, I can explain the
importance of every chapter in this topic, but some chapters
are more important for real-world use. This is one of them.
Setting up security so that only people who need access to resources are the ones who
get access to those resources is one of the most important jobs an IT member can have.
This helps protect your data from hackers and, believe it or not, your own users.
In this chapter, you will learn how to protect data on your network. I will also discuss
how to protect your individual system by using Windows Firewall.
Managing Security
One of the fundamental design goals for Active Directory is to define a single, centralized
repository of users and information resources. Active Directory records information about
all of the users, computers, and resources on your network. Each domain acts as a logical
boundary, and members of the domain (including workstations, servers, and domain
controllers) share information about the objects within them.
The information stored within Active Directory determines which resources are
accessible to which users. Through the use of
permissions
that are assigned to Active
Directory objects, you can control all aspects of network security.
You should be sure that you have implemented appropriate access control settings for
the file system, network devices, and other resources. Let's look at the various components
of network security, which include working with security principals and managing security
and permissions, access control lists (ACLs), User Account Control (UAC), and access
control entries (ACEs).
When you are setting up a network, you should always keep in mind that
90 percent of all hacks on a network are internal. This means internal per-
missions and security (as well as external security) need to be as strong as
possible while still allowing users to do their jobs.
Understanding Security Principals
Security principals
are Active Directory objects that are assigned
security identifiers (SIDs)
.
An SID is a unique identifier that is used to manage any object to which permissions can be
assigned. Security principals are assigned permissions to perform certain actions and access
certain network resources.
Search WWH ::
Custom Search