254
Networking: A Beginner's Guide
I
nstalling and setting up Windows Server 2008 is only the tip of the iceberg. Far
more important and time-consuming is the process of administering the server. This
process includes regular and common duties such as adding new users, deleting old
users, assigning permissions to users, performing backups, and so forth. These topics
are covered in this chapter. Good administration habits will ensure that the network
and the server remain productive and secure.
Thinking About Network Security
Before delving into the administrative activities discussed in this chapter, you should
spend some time thinking about network security and how it relates to your specific
company. Administering a server must be predicated on maintaining appropriate
security for your network.
The key here is to remember that every network has an appropriate level of security.
The security requirements for a Department of Defense (DoD) contractor that designs
military equipment will be different from the security requirements for a company that
operates restaurants.
Many beginning network administrators think they need to set up their networks
to follow the strongest security measures available. The problem with this approach
is that these measures almost always reduce the productivity of people using the
network. You need to strike a balance between productivity and security in accordance
with the needs of your company.
For example, Windows Server 2008 enables you to set various security policies that
apply to users. These include forcing password changes at specified intervals, requiring
that passwords be a certain minimum length, disallowing reuse of old passwords, and
so on. For example, you could set up policies to require passwords that are at least
20 characters long and that must be changed weekly. In theory, these settings should be
more secure than shorter, less-frequently changed passwords. A 20-character password
is virtually impossible to crack using standard methods, and weekly password changes
reduce the chance that someone else will discover a user's password and be free to use
it for an extended period of time.
One problem with such strict policies is that users may resort to writing down
their passwords so they can remember them from week to week. A written password
is far less secure than one that is remembered, because someone else can find the
written password and bypass security easily after doing so. Another problem is that
users might frequently forget their passwords, which will lead to them being locked
out of the system for periods of time. This means they will require a lot of help from
the network administrator (you!) to clear up these problems each time they occur. For
a DoD contractor, these trade-offs might be worthwhile. For the restaurant operator,
however, they would be inappropriate and would end up hurting the company more
than they help.