Designing Security by Server Role
We know how to design security for servers, However, configuring each server independently is not efficient or cost-effective nor does it provide a sufficiently secure process. When MCSE 2003 are configured one-by-one, it is difficult to provide consistency, keep up with necessary changes, and correct errors, It is too difficult to determine the status of all servers and impossible to provide accountability for changes made or not made. Therefore, the servers are more likely to be miscon-figured and therefore more likely to be at risk and succumb to an attack. Furthermore, all servers are not exactly the same: they offer different services, have different levels of exposure, and do not all have the same security methods configured or implemented.
Instead of wasting time configuring each server, you can more easily secure an entire network’s servers by designing security according to the role that servers must play and then automatically implementing security for all servers based on the server role.
This chapter presents the skills and concepts related to creating a free A+ practice exams design framework. This training kit assumes that you have a minimum of 1 year of experience implementing and administering desktop operating systems and network operating systems in environments that have the following characteristics:
At least 250 supported users
Three or more physical locations
Typical network services such as messaging, database, file and print, proxy server or firewall, Internet and intranet, remote access, and client computer management
Regardless of whether the VPN server is located behind the firewall or in front of it, you should configure the firewall to open only the required ports and configure the VPN server to protect itself by allowing only VPN traffic on its external network interface.
Know which ports are required for VPN protocol access through the firewall.
You configure remote access account lockout by using the registry. This has no relationship to Account Lockout in the Group Policy Account Policy settings.
Processing your request, Please wait....
