CyberSecurity Institute

For too long now we’ve seen security threats have a negative impact on internal networks, and as a result, a harmful effect on employee and company productivity. And for far too long, enterprises of all sizes have neglected to focus enough resources and energy on securing these valuable internal network resources. And this year, the information technology industry will see this phenomenon further evolve as organizations begin to focus on securing their internal networks with the same vigor they have applied at the perimeter.

Internal security refers to a focused effort to secure resources on internal networks, or LANs. These resources can include applications, data, servers, and endpoint devices.

Meta Group has observed that “only 10-20 percent of organizations with relatively mature security programs have managed to address internal security to a meaningful extent.” Why is internal security finally becoming a priority?

First, there are business drivers prompting more focus on internal security. Around the globe, companies are being forced to comply with regulations that ensure the privacy of customer data and the security of intellectual property that resides on internal networks. These regulations drive an increased need for internal security.

Second, there is increased awareness about internal hacking. Organizations can no longer take a “don’t look, don’t tell” approach. Instead, many are now required to provide proof that they are continuously looking for internal hackers. How large has the internal hacking threat become? The CSI/FBI Computer Crime and Security Survey showed that 66 percent of organizations suffered an insider attack in 2003.

At the same time, the financial impact of worm and other new types of destructive threats has increased and become more visible in the industry. Having the ability to protect against and contain worms, is perhaps the No. 1 problem driving the investment in internal security solutions. It is estimated that the Slammer worm alone resulted in more than $1billion in damage, for example.

Furthermore, as security vulnerabilities in software have become more proactively communicated by Microsoft (Nasdaq: MSFT) and other sources, the timeline from vulnerability to exploit is shrinking. The time to patch the announced security holes remains ever-present — and just takes too long. So companies are searching for ways to protect their LAN resources during this period of susceptibility – until the holes can be filled with properly patched software.

Lastly, IT organizations have realized that endpoint devices — whether a personal computer, PDA or other device, must be as secure on LANs as they are when connecting from outside the perimeter (such as on a VPN connection.) Once these endpoints are secure internally as well as externally, they will no longer inadvertently introduce malicious code and other security threats.

Companies of all sizes are beginning to shift their attention to the topic of internal security. They are starting to initiate change in how they protect resources on the LAN, and in turn, protect their employees’ productivity.

2005 is the year of internal security.

A combination of business and technology drivers are triggering this revolution, including worm outbreaks, privacy regulations, reduced windows of time to react and a multitude of new types of threats. There are simple steps organizations can take to get started on protecting their internal network resources. For the organizations who make these moves, in 2005 they will reap the benefits of having more secure and stable LANs, and in turn, a more productive workforce.

http://www.technewsworld.com/rsstory/42227.html

See Terms of Use and Privacy notice.

You need to decide how you will get from where you are now, possibly a Windows NT domain(s), to Windows 2000 or Server 2003 Active Directory domain(s). The pressure and work that goes along with moving from one network operating system to another network operating system can be intense. You will be required to make many decisions during your journey.

Will you have Windows 2000 or Windows Server 2003 domain controllers?
Will you run some of each type of domain controller?
What client operating system will you run for the IT staff, executives, and other employees?
How many Active Directory domains will you end up with?
How many Active Directory forests will you end up with?
How will you get from your Windows NT domains to Windows Active Directory domains?
What tools will you use to get to your Windows Active Directory domains?
Are there any security concerns that you need to consider during your move to Windows Active Directory?

It is this last question that is focus in this article. They discuss the primary options for going from Windows NT domains to Windows Active Directory domains. It then talks about each of the options, focusing on the different security considerations that you need to contemplate. When you are done reading this article, you should be able to pinpoint the key security considerations that you will face along your journey.

You have two primary options for moving from Windows NT domains to Windows 2000 or Server 2003 Active Directory domains. The second option is to perform a migration. A migration is more complex than an upgrade. With a migration, you will need to create your Active Directory domain(s) in conjunction with your Windows NT domain(s). This will require that you purchase additional hardware and server licenses.

The overall concept of the migration is to gradually move objects (user, group, and computer accounts) from Windows NT to Windows Active Directory.

An upgrade is much simpler in all aspects. With an upgrade you work with the existing Windows NT domain and domain controllers. You will take the Windows 2000 Server or Windows Server 2003 installation CD and place it in the Windows NT Primary Domain Controller. You follow the steps in the wizard and when the computer restarts, you have a Windows Active Directory domain. All of the objects that were once in the Windows NT domain have completely been retained and are immediately available in the Windows Active Directory domain.

If you choose to perform a migration, you most likely are consolidating multiple Windows NT domains into a few (hopefully one) Windows Active Directory domains. It is the method that is available for moving accounts from multiple domains into just a few domains. However, as you perform your migration, you will have unique security concerns that you need to consider during the process.

Here are some of the most prominent security concerns that you will run into.
As you migrate user accounts from NT to Active Directory, you will end up with duplicate user accounts, with one in each domain. Most tools will allow you to control the state of both of the accounts after the migration. There might be times when you want the source user account to be active, and other times when the target user account should be active.
Regardless of your decision, you need to be aware that there are two user accounts in two domains.

When you migrate a user account from NT to Active Directory, you need to consider how the new user account will continue to access resources that exist in the Windows NT domain. This new property is referred to as SIDHistory. During a migration, the primary objects that you will migrate include user, group, and computer accounts, as well as trusts. However, the other configurations that you once had in Windows NT are not transposed to the Active Directory domain. This includes the account policy settings, which include the password min age, max age, min length, and password complexity.

Derek Melber manages http://www.auditingwindows.com, the first dedicated Web site for Windows auditing and security.

http://www.windowsecurity.com/articles/Security-Concerns-Migrations-Upgrades-Windows-Active-Directory.html